8dbe95021e8e3fec2696c2ba3f9b323c1b4035775150d3828b0bbd835b49143c

Analysis

max time kernel
299s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2023, 22:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1146106239529525449.html
Size

9KB
MD5

df14b0b05ef44c2a978d787c9ca4ab86
SHA1

2281e1d467274228dcb54c3654cffdd59eeadcfa
SHA256

8dbe95021e8e3fec2696c2ba3f9b323c1b4035775150d3828b0bbd835b49143c
SHA512

1408ce030d2f275de161bc027462f63365ef4bde77fffc858e090251cc655378e957f31eea403693feb6e282ceaff7d46b89666be3502e6f6d3b30a8e0e20fad
SSDEEP

96:nSTQBu8ufRrkzrRe5oacbryPd64pza1NzND03ApWAeRko6eMeq9yTMQrSSCw:SMBuBRrkceyIlNzR0OWA+MeWyThrSSCw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a2e44decddd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1294014928"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31055340"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000776f9e01abbbd44483f1dd33e709243e0000000002000000000010660000000100002000000084cfc4c837f01f98e71db20994b5bc39d38a45329acbf2754611c59b9e151450000000000e8000000002000020000000aba2c6b0926b9de6d3e45316e51e4d4d190307a1bf56cb545a919bd3cafee7992000000096954968b7d2968edd61d88cddd4741fcf50abd34e653e0825231820c353dcb7400000006c9d9e59bfb68b8a0cef4f8ac94050b9176f7a80a1e7e92e6a29dd61343ccc378a544046762230597c61390f28999789a67cd16d1cad5d9052fa2e3faf229752	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7797AFF0-49DF-11EE-A3D1-4E8EE27A950C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1294014928"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000776f9e01abbbd44483f1dd33e709243e0000000002000000000010660000000100002000000060a3d2c615b46afb8e8985017cb93acc9cb647f41bfaeaa63836699395d69592000000000e800000000200002000000090f51f827f51d299ff3adc934e20bf8cfa8b2957a28be24061658569aaf2ab3820000000bfe0c9197efd37687f639ee514b118379c4971db8efcdb3eb727f80195eada4c40000000b67b03593c31ef9e94d279ef5f909b64a579e2e7ab9d2b83083e83310c451bf84bfe2f92294a958ce7166921e1e48ea257127e2a858871fb4abe6a062408f96e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f08df74decddd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31055340"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133381670772308432"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3160	chrome.exe
3160	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
888	iexplore.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
888	iexplore.exe
888	iexplore.exe
4464	IEXPLORE.EXE
4464	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 4464	888	iexplore.exe	85
PID 888 wrote to memory of 4464	888	iexplore.exe	85
PID 888 wrote to memory of 4464	888	iexplore.exe	85
PID 3160 wrote to memory of 2612	3160	chrome.exe	89
PID 3160 wrote to memory of 2612	3160	chrome.exe	89
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 4444	3160	chrome.exe	92
PID 3160 wrote to memory of 4444	3160	chrome.exe	92
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1146106239529525449.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e5fb9758,0x7ff8e5fb9768,0x7ff8e5fb9778
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3244 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2960

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3373CDA1F51C683D299BDE21F47169F3; domain=.bing.com; expires=Thu, 26-Sep-2024 22:24:28 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8A50171F49774E52AB68081D8ED6213E Ref B: BER30EDGE1010 Ref C: 2023-09-02T22:24:28Z
date: Sat, 02 Sep 2023 22:24:27 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3373CDA1F51C683D299BDE21F47169F3

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2CFE19A7ED3B424681B20FE110291204 Ref B: BER30EDGE1010 Ref C: 2023-09-02T22:24:29Z
date: Sat, 02 Sep 2023 22:24:28 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3373CDA1F51C683D299BDE21F47169F3

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4688449029C46F2A4BC1337159B7263 Ref B: BER30EDGE1010 Ref C: 2023-09-02T22:24:30Z
date: Sat, 02 Sep 2023 22:24:29 GMT
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

202.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.23.217.172.in-addr.arpa

IN PTR

Response

202.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f101e100net

202.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f10�I

202.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f202�I
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

Response

196.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f41e100net
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.251.36.46
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D2%2526e%253D1

chrome.exe

Remote address:

142.251.36.46:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D2%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

46.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.36.251.142.in-addr.arpa

IN PTR

Response

46.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f141e100net
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

200.81.21.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.81.21.72.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

126.22.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.22.238.8.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.48.227
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.48.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 281
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.48.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 852
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.48.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 274
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.48.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 336
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

227.48.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.48.178.192.in-addr.arpa

IN PTR

Response

227.48.178.192.in-addr.arpa

IN PTR

phx18s07-in-f31e100net
DNS

beacons2.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons2.gvt2.com

IN A

Response

beacons2.gvt2.com

IN A

216.239.32.117

beacons2.gvt2.com

IN A

216.239.38.117

beacons2.gvt2.com

IN A

216.239.36.117

beacons2.gvt2.com

IN A

216.239.34.117
OPTIONS

https://beacons2.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.117:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons2.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons2.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.117:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons2.gvt2.com
content-length: 404
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

117.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.32.239.216.in-addr.arpa

IN PTR

Response
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
OPTIONS

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
content-length: 408
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

tls, http2

1.9kB
9.3kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=08604527bec347768cbbdd9032fb1689&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

HTTP Response

204
142.251.36.46:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D2%2526e%253D1

tls, http2

chrome.exe

2.6kB
10.4kB
28
33

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D2%2526e%253D1
192.178.48.227:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

4.8kB
8.5kB
35
40

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
192.178.48.227:443

beacons.gcp.gvt2.com

tls

chrome.exe

701 B
132 B
4
3
192.178.48.227:443

beacons.gcp.gvt2.com

tls

chrome.exe

701 B
132 B
4
3
216.239.32.117:443

https://beacons2.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.8kB
7.9kB
25
30

HTTP Request

OPTIONS https://beacons2.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons2.gvt2.com/domainreliability/upload-nel
216.239.32.116:443

https://beacons4.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.6kB
8.1kB
22
26

HTTP Request

OPTIONS https://beacons4.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons4.gvt2.com/domainreliability/upload-nel

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

202.23.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

202.23.217.172.in-addr.arpa
8.8.8.8:53

196.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.168.217.172.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.251.36.46
142.251.36.46:443

clients2.google.com

https

chrome.exe

8.9kB
7
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

46.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

46.36.251.142.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

200.81.21.72.in-addr.arpa

dns

71 B
142 B
1
1

DNS Request

200.81.21.72.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

126.22.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

126.22.238.8.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.48.227
8.8.8.8:53

227.48.178.192.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

227.48.178.192.in-addr.arpa
8.8.8.8:53

beacons2.gvt2.com

dns

chrome.exe

63 B
127 B
1
1

DNS Request

beacons2.gvt2.com

DNS Response

216.239.32.117

216.239.38.117

216.239.36.117

216.239.34.117
8.8.8.8:53

117.32.239.216.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

117.32.239.216.in-addr.arpa
216.239.32.117:443

beacons2.gvt2.com

https

chrome.exe

6.4kB
5
8.8.8.8:53

beacons4.gvt2.com

dns

chrome.exe

63 B
79 B
1
1

DNS Request

beacons4.gvt2.com

DNS Response

216.239.32.116
8.8.8.8:53

116.32.239.216.in-addr.arpa

dns

73 B
101 B
1
1

DNS Request

116.32.239.216.in-addr.arpa
216.239.32.116:443

beacons4.gvt2.com

https

chrome.exe

6.4kB
5
192.178.48.227:443

beacons.gcp.gvt2.com

https

chrome.exe

6.4kB
5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8dc9f706241f28dfbd4c30d43151f29f

SHA1
2b5519d4e98d01305817c64b9d26ddeb9b722871

SHA256
f575d2aa384ac7082534b80c57a209b11c781331f7fa80c993a0778b1116d9cd

SHA512
9ed1d002dfffa067ab26029488124fb104892da919c7e8db9994749d5afdcf79a8d5928789add6fdb7bb22f19e4682dce72806869418393c8b28808943677c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5fd7279e86b518cb0499e85eaa557fab

SHA1
c6ecacf6d0bdc647fd8584a326dcd5295a167383

SHA256
cb7f5a6f1d588edc260be28d9f4ce0de4e0fab4d86f244b0cc98397f00aa7385

SHA512
ab640236a966dae3919992e7110ff8160aaaf182389ef401e9fe1375f828fad0dd85b4440f3fb831eadc4f1dac2f7c34e354b314e85435f8143de290ad5c06fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c3d1406d364fb69c7a34e2acd72c830b

SHA1
93e227f9f4826247dedc164f25f634e51d748baa

SHA256
0b1b3eb41819a3150571339d32897a37935058d68f1ede74a66acd4799629f22

SHA512
b6805d078dba1428ecc8434074a6557dfa78e22e73f34bb2bb96b53e14b0fb531c0d6932392743fedf2a7dc30c8514b3748a7726196a740c46cf90da51c42bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9375b4599513075686fa5bb90420a19

SHA1
3584391288780a4a9b6d8fb6a0b342fc3778e289

SHA256
b000f6575c3d75e0586982d21250521a8a01efcaed64a4f1a361afc5169f1bd5

SHA512
2857b1bda515b4bc3a99309ce2eaaf926bedcad6e9f555d1cae35efafadbdbc4731e84c62b2d105e802a8bb5b78fe1898e643e034af44fcb22e3c5cc86b978c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1190001f29a2d5ae75ea40267d07ec6b

SHA1
d980240a146d6473d0032b0e3258bd5fb449fed8

SHA256
81807646b02585cd7f6db981b07661d46f5f5525d883531d5decace8e9ab948b

SHA512
c12e61b435911878aa9085ebd957e64828a3f34f200724050311f69c9311f00b5a4a188e2ffff170c469a75da682960b3664b27f0ab169af23fadcb08cdbb3ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9367f8313fce9d56bf813cfbf2d7047a

SHA1
bea605a1621f0159e9d0c1d1e0e8ad82974b2d6d

SHA256
09c331077a6ca18b14ca1311f98df2d48b5f3782481dd8c5066555fcfe9d84f4

SHA512
10e7325577ef9213816351b4cc898bb9ab66bcabd16008c50fc24df519918f5cc7fcffc26a2b89045cd5a575176e443a57fef39fe163c79d0c896d16e8825c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a9308189f3aac5a0761142e3b108b9b5

SHA1
9847d4a29c5a082e890e8e1a9e234a2d6da98eed

SHA256
7c795000d9784047d0a26d3ea2ea5134f7b085c7fde887fa83c71c781bc0e820

SHA512
6f0e6902a3e7622e3cd5b4f8c740b189b224bedab49cef5f816166dce9c1c368736b2d770f15f248e4eed78b814073f567f0e960dfc0d1e20c3890ad3d92e152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
48a03de81ae1cfdb728a37d775bbdaad

SHA1
95619c609a47e403247efb64422524b470ffb866

SHA256
073e1d8e42b90b29555daf8170edac6b6c305bcb581141f0e002d2921b56f1c6

SHA512
86f3ebedba06f0552566c83810d41dd97362d6337e488665e08136b239e9ec8fa407cc797214b4f1d9338768b824c072987d40e5dced2593ba6efd842c03b512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
190KB

MD5
8cf185b44152f9e84e0a991da8833a57

SHA1
2129aae944540629011c9518ea2c0066ebea0374

SHA256
5f621ec3b18ebee2ec4ae56df0178cf33be0bbdd674e33cbb3e033bc73c87d21

SHA512
697a951fa197010f91a482a4999a9b4cc8a4feb744fb058cb0338b5d7dbebe856c1d75f0fd4b115a0eb0a958b249ffdd14d03f6f6e86cef0ca7f052ce5a600e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.