hxxp://game-server[.]prod[.]royalmatch[.]drmgms[.]com

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2023, 09:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://game-server.prod.royalmatch.drmgms.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133306026730875631"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
452	chrome.exe
452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4040	452	chrome.exe	85
PID 452 wrote to memory of 4040	452	chrome.exe	85
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 236	452	chrome.exe	86
PID 452 wrote to memory of 3572	452	chrome.exe	87
PID 452 wrote to memory of 3572	452	chrome.exe	87
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88
PID 452 wrote to memory of 2472	452	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://game-server.prod.royalmatch.drmgms.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffb0b619758,0x7ffb0b619768,0x7ffb0b619778
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:2
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2848 --field-trial-handle=1820,i,16846553324042943947,7849159836162658040,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4272

Network

DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgekey.net

assets.msn.com.edgekey.net

IN CNAME

e28578.d.akamaiedge.net

e28578.d.akamaiedge.net

IN A

23.72.248.198

e28578.d.akamaiedge.net

IN A

23.72.248.225

e28578.d.akamaiedge.net

IN A

23.72.248.196

e28578.d.akamaiedge.net

IN A

23.72.248.214
DNS

198.248.72.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.248.72.23.in-addr.arpa

IN PTR

Response

198.248.72.23.in-addr.arpa

IN PTR

a23-72-248-198deploystaticakamaitechnologiescom
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

game-server.prod.royalmatch.drmgms.com

chrome.exe

Remote address:

8.8.8.8:53

Request

game-server.prod.royalmatch.drmgms.com

IN A

Response

game-server.prod.royalmatch.drmgms.com

IN A

54.92.160.216

game-server.prod.royalmatch.drmgms.com

IN A

34.235.202.248

game-server.prod.royalmatch.drmgms.com

IN A

52.205.83.254

game-server.prod.royalmatch.drmgms.com

IN A

3.93.244.141

game-server.prod.royalmatch.drmgms.com

IN A

3.223.42.71

game-server.prod.royalmatch.drmgms.com

IN A

52.206.159.164

game-server.prod.royalmatch.drmgms.com

IN A

3.91.128.242

game-server.prod.royalmatch.drmgms.com

IN A

75.101.175.225
GET

http://game-server.prod.royalmatch.drmgms.com/

chrome.exe

Remote address:

54.92.160.216:80

Request

GET / HTTP/1.1
Host: game-server.prod.royalmatch.drmgms.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404

Date: Wed, 07 Jun 2023 09:11:12 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 431
Connection: keep-alive
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Language: en
GET

http://game-server.prod.royalmatch.drmgms.com/favicon.ico

chrome.exe

Remote address:

54.92.160.216:80

Request

GET /favicon.ico HTTP/1.1
Host: game-server.prod.royalmatch.drmgms.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://game-server.prod.royalmatch.drmgms.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404

Date: Wed, 07 Jun 2023 09:11:12 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 431
Connection: keep-alive
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Language: en
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

216.160.92.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.160.92.54.in-addr.arpa

IN PTR

Response

216.160.92.54.in-addr.arpa

IN PTR

ec2-54-92-160-216 compute-1 amazonawscom
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

0.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.77.109.52.in-addr.arpa

IN PTR

Response

23.72.248.198:443

assets.msn.com

tls

3.3kB
29.2kB
36
34
54.92.160.216:80

http://game-server.prod.royalmatch.drmgms.com/favicon.ico

http

chrome.exe

1.3kB
1.7kB
9
7

HTTP Request

GET http://game-server.prod.royalmatch.drmgms.com/

HTTP Response

404

HTTP Request

GET http://game-server.prod.royalmatch.drmgms.com/favicon.ico

HTTP Response

404
54.92.160.216:80

game-server.prod.royalmatch.drmgms.com

chrome.exe

236 B
184 B
5
4
93.184.220.29:80

322 B
7
93.184.220.29:80

322 B
7
40.125.122.176:443

260 B
5
20.189.173.5:443

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
40.125.122.176:443

260 B
5
8.238.177.126:80

322 B
7
40.125.122.176:443

260 B
5
40.125.122.176:443

260 B
5
40.125.122.176:443

260 B
5
40.125.122.176:443

260 B
5

8.8.8.8:53

assets.msn.com

dns

60 B
198 B
1
1

DNS Request

assets.msn.com

DNS Response

23.72.248.198

23.72.248.225

23.72.248.196

23.72.248.214
8.8.8.8:53

198.248.72.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

198.248.72.23.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

game-server.prod.royalmatch.drmgms.com

dns

chrome.exe

84 B
212 B
1
1

DNS Request

game-server.prod.royalmatch.drmgms.com

DNS Response

54.92.160.216

34.235.202.248

52.205.83.254

3.93.244.141

3.223.42.71

52.206.159.164

3.91.128.242

75.101.175.225
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

216.160.92.54.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

216.160.92.54.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

0.77.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

0.77.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f6bff71cbbb45b4bbe45ba7210a3a960

SHA1
77babb8533a11d60ff076e4aa7e4fd01758446bd

SHA256
1ef6b0c1021ac3c0e0b86fdfa6ed195d5f0a179bf767f023b570047295b66cf5

SHA512
41a586dad732478d43c8d5fb02acc2d2fcad5f43b9fb33599a1e5260a8d7186fad2175f8b607181f9bb68505db776e59437067f0c836c2c5260242291e7c0ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5cc4b4bac7df3aff8caf71dde9480a28

SHA1
e8174a8c7e9bc5976b1a95c5869f56b784258066

SHA256
9631b1895e33c5f5453b9be82bb26310fa477da6779e8d38de9a47e64b03e1e1

SHA512
7a8f90c0b4973379d634018dbb2b364668fb6f52b8bc68a477f792ebcf61c6d920466d1108fecaae6c60f176317e6c8b52d54e59522690a205c49ded7af663bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5c725def9b637c863738971b3800457e

SHA1
051e44deb7835523c3df792f1527464c0aa223de

SHA256
63651fb00cbbba42e9b8b34aebc65599aeb2c9adc8cb15f0d46868e801ce8a67

SHA512
862daabdf134d206df4911a406f69ba34b04b860a6ac126555d58c43c212d71db2f308f67814c1714175ea4a5e112af5acef588c15a94de3adce6192a7f0e7a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
0246b473bb911f29ba707eda9adc5811

SHA1
d361cd03addbb0cb46f9bc888dcb9b5c9f27d2d9

SHA256
09bd006c0af36b1ff260e8570710914d548f42bd4b3cbbaa93d84b931dbc4034

SHA512
ead10f0ee8a92da2441d84495e7bbe60fc2e2b8cc3a79871f21bc9de18c9a527ddd3a917d00baaa685cb751ae6efe5d6857bf7853e7afd6e0560133fdf85034b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.