hxxp://adtrk[.]tw

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2023, 06:01 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://adtrk.tw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324921280747054"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
900	chrome.exe
900	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 1552	2460	chrome.exe	85
PID 2460 wrote to memory of 1552	2460	chrome.exe	85
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 1372	2460	chrome.exe	86
PID 2460 wrote to memory of 3764	2460	chrome.exe	87
PID 2460 wrote to memory of 3764	2460	chrome.exe	87
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88
PID 2460 wrote to memory of 1220	2460	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://adtrk.tw
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe743b9758,0x7ffe743b9768,0x7ffe743b9778
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:2
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4660 --field-trial-handle=1848,i,15611292537099248935,12007449438144607071,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:900

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4544

Network

DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

adtrk.tw

chrome.exe

Remote address:

8.8.8.8:53

Request

adtrk.tw

IN A

Response

adtrk.tw

IN A

52.8.50.214
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
GET

http://adtrk.tw/

chrome.exe

Remote address:

52.8.50.214:80

Request

GET / HTTP/1.1
Host: adtrk.tw
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Thu, 29 Jun 2023 06:02:05 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.applytracking.com/
DNS

www.applytracking.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.applytracking.com

IN A

Response

www.applytracking.com

IN A

20.45.1.46
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

250.255.255.239.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.255.255.239.in-addr.arpa

IN PTR

Response
DNS

138.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.179.250.142.in-addr.arpa

IN PTR

Response

138.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f101e100net
DNS

214.50.8.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

214.50.8.52.in-addr.arpa

IN PTR

Response

214.50.8.52.in-addr.arpa

IN PTR

ec2-52-8-50-214 us-west-1compute amazonawscom
DNS

46.1.45.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.1.45.20.in-addr.arpa

IN PTR

Response
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.251.36.46
DNS

46.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.36.251.142.in-addr.arpa

IN PTR

Response

46.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f141e100net
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

1.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.77.109.52.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

202.74.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.74.101.95.in-addr.arpa

IN PTR

Response

202.74.101.95.in-addr.arpa

IN PTR

a95-101-74-202deploystaticakamaitechnologiescom

8.238.177.126:80

322 B
7
52.8.50.214:80

http://adtrk.tw/

http

chrome.exe

791 B
680 B
8
7

HTTP Request

GET http://adtrk.tw/

HTTP Response

301
52.8.50.214:80

adtrk.tw

chrome.exe

282 B
224 B
6
5
20.45.1.46:443

www.applytracking.com

tls

chrome.exe

2.8kB
7.0kB
14
15
20.42.65.89:443

322 B
7
8.238.177.126:80

322 B
7
8.238.177.126:80

322 B
7
8.238.177.126:80

322 B
7
96.16.110.41:443

322 B
7

8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

adtrk.tw

dns

chrome.exe

54 B
70 B
1
1

DNS Request

adtrk.tw

DNS Response

52.8.50.214
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

www.applytracking.com

dns

chrome.exe

67 B
83 B
1
1

DNS Request

www.applytracking.com

DNS Response

20.45.1.46
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

250.255.255.239.in-addr.arpa

dns

74 B
131 B
1
1

DNS Request

250.255.255.239.in-addr.arpa
8.8.8.8:53

138.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

138.179.250.142.in-addr.arpa
8.8.8.8:53

214.50.8.52.in-addr.arpa

dns

70 B
131 B
1
1

DNS Request

214.50.8.52.in-addr.arpa
8.8.8.8:53

46.1.45.20.in-addr.arpa

dns

69 B
155 B
1
1

DNS Request

46.1.45.20.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.251.36.46
142.251.36.46:443

clients2.google.com

https

chrome.exe

3.9kB
8.3kB
14
13
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

46.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

46.36.251.142.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

1.77.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

1.77.109.52.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

202.74.101.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

202.74.101.95.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
18308948dfdeb015756940b9c1d28952

SHA1
547ebfebe51d882f6c0f5e895eb0f733573ae9ad

SHA256
7e31a00a0c3c9a2b4496abf715b3b769fe6355434e93cdd1c4a1272d46fcbd52

SHA512
a1f300024b8ac71cdc71e97703a4ad1c2a9455b93f0df4cdb784d6514fa165d23b70a48f4c4d43f287362811cac7d97865ec2931734b24a8fd35aee3e949db53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b426ff3095ca14c69c7e470c05b2bbb5

SHA1
ac25b25a87c213a6b6081956dcaf1a9d67cf71d7

SHA256
d2e72b63bdf7ec690f289ec86bb71d10ed15dc5333e88bb0ddc4e10d807ae45c

SHA512
9132d724abee4fe36a8dc53ea9aa3b6e27cd61edf9603c233cbc1e2f9928e6c9ed1aca130d3a086b1e70431c0276edbd6979ef3f8ffe8a216d6fba647736d46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
73df934ac21c7e1127265686941cfe2f

SHA1
a48f4931b2d42e4a0462c64619f48aa7afb8da01

SHA256
523adafd0846c32582250989a2417c17ea88bde0bd5e7eb6e092d0896511bd6f

SHA512
431c0efa27cdeb95e76e2c46114f1b4f5eb0da1d3838c56fffde40c61b7e2809a9cf3d50651259ddc173d957befdfc8f216c607b71d17f1722dc1a35d4237986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
3dac0be46714dd4e62a982f8104b2632

SHA1
12a1a04acbb0fc361e19b0ce5f69a89d5ffc8850

SHA256
88bc108fd483ed46a73a6b0b4fe26db103eef07a496084d78ffacc87e3bf03e7

SHA512
4655fa02532683001456c7089f52e6cef6e91caabb1e99c131b3133c86a1a021db4b6d6862cd389f597c4e5ebe4ccf5713a73da1e91863f68be8a9df69a89212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.