hxxps://cdn[.]discordapp[.]com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack[.]rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&

Analysis

max time kernel
1790s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
01/01/2024, 11:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133485833284560237"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
3864	chrome.exe
3864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 4712	2120	chrome.exe	16
PID 2120 wrote to memory of 4712	2120	chrome.exe	16
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 4936	2120	chrome.exe	30
PID 2120 wrote to memory of 880	2120	chrome.exe	29
PID 2120 wrote to memory of 880	2120	chrome.exe	29
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28
PID 2120 wrote to memory of 3256	2120	chrome.exe	28

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa79529758,0x7ffa79529768,0x7ffa79529778
1⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:1
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2440

Network

DNS

cdn.discordapp.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN A

Response

cdn.discordapp.com

IN A

162.159.134.233

cdn.discordapp.com

IN A

162.159.133.233

cdn.discordapp.com

IN A

162.159.130.233

cdn.discordapp.com

IN A

162.159.135.233

cdn.discordapp.com

IN A

162.159.129.233
DNS

ctldl.windowsupdate.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

96.17.178.180

a767.dspw65.akamai.net

IN A

96.17.178.194
DNS

42.169.217.172.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

42.169.217.172.in-addr.arpa

IN PTR

Response

42.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f101e100net
DNS

nexusrules.officeapps.live.com

chrome.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.19
DNS

11.179.89.13.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

11.179.89.13.in-addr.arpa

IN PTR

Response
DNS

11.179.89.13.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

11.179.89.13.in-addr.arpa

IN PTR
DNS

11.179.89.13.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

11.179.89.13.in-addr.arpa

IN PTR
GET

https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&

chrome.exe

Remote address:

162.159.134.233:443

Request

GET /attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b& HTTP/2.0
host: cdn.discordapp.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 01 Jan 2024 11:48:49 GMT
content-type: application/rar
content-length: 25341174
cf-ray: 83ea890f8fb163d4-LHR
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment;%20filename=Best_Of_Loot_Skin_Pack.rar
etag: "1a315a7a7a86140ca6716ac2206ddb24"
expires: Tue, 31 Dec 2024 11:48:49 GMT
last-modified: Thu, 28 Apr 2022 22:50:04 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1651186204988104
x-goog-hash: crc32c=5q+v5Q==
x-goog-hash: md5=GjFaenqGFAymcWrCIG3bJA==
x-goog-metageneration: 3
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 25341174
x-guploader-uploadid: ABPtcPrBCBM10qWhnjRAhXejbbPX4FhxiFpZplgKMEN1OPs4cPZTKKiEA_GBntWOewwZq5pA9Ms
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=yfRqpVgW1PK8vYaNtjYW3ZeUMRwCJIntjE9fSlzRIa0-1704109729-1-AVHY7cvJMMblfZPBlIux6/t+wnQGUZUBggGAHqGqZZqZFtltmuiD9DATNleoThl/DXsB+ymHTzPVImaAsSKy/Vw=; path=/; expires=Mon, 01-Jan-24 12:18:49 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iy39rwyRjqYJW8bKMsNTL2CbvHXXo67V8wE4GO38CYycauSGwl4KNvKDXYHEsZbKVOYaWX6B9Sr0b1eb2u02ZpZc6t0ydP9AO%2F6DhizqKgKioJRjpwISGpkn9lBPSeRQAWBPnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=UB.Z9TorfHSGPWZ7WSs19.lPDbpe1AXJCwRg4yf_Pno-1704109729676-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
DNS

233.134.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.134.159.162.in-addr.arpa

IN PTR

Response
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdcus15.centralus.cloudapp.azure.com

onedscolprdcus15.centralus.cloudapp.azure.com

IN A

13.89.179.11
DNS

ocsp.digicert.com

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.akadns.net

www.tm.lg.prod.aadmsa.akadns.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.83

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.21

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.149

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.84

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.147

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.85

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.82

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.177.19
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com

IN A

20.223.35.26
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR
DNS

83.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.177.190.20.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com

IN A

20.223.35.26
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351692118_169KB4Q73DAWIG1FE&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351692118_169KB4Q73DAWIG1FE&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 331750
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 753AA53725184CD5BF0BF8EFA235494A Ref B: LON04EDGE1109 Ref C: 2024-01-01T12:12:30Z
date: Mon, 01 Jan 2024 12:12:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 116063
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5CE4BDC43D0E4A20860BB583259DEE9C Ref B: LON04EDGE1109 Ref C: 2024-01-01T12:12:30Z
date: Mon, 01 Jan 2024 12:12:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 414644
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 379775D1F3EF4AE5BCF3408E6F969E30 Ref B: LON04EDGE1109 Ref C: 2024-01-01T12:12:30Z
date: Mon, 01 Jan 2024 12:12:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301382_102MDQ5FP4SB4LHSG&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301382_102MDQ5FP4SB4LHSG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 386754
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A3A9E936139749C1B4B4CD01192CE749 Ref B: LON04EDGE1109 Ref C: 2024-01-01T12:12:30Z
date: Mon, 01 Jan 2024 12:12:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300949_1EQXFS840H8YLYCLC&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300949_1EQXFS840H8YLYCLC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 400276
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 962B86A55AC948BD8B450928B7CB7785 Ref B: LON04EDGE1109 Ref C: 2024-01-01T12:12:30Z
date: Mon, 01 Jan 2024 12:12:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351692119_1TAMCATST9V8XN68S&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351692119_1TAMCATST9V8XN68S&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

162.159.134.233:443

https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&

tls, http2

chrome.exe

86.1kB
2.3MB
1370
1754

HTTP Request

GET https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
9.7kB
16
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239351692119_1TAMCATST9V8XN68S&pid=21.2&w=1920&h=1080&c=4

tls, http2

45.4kB
1.3MB
922
919

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351692118_169KB4Q73DAWIG1FE&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301382_102MDQ5FP4SB4LHSG&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300949_1EQXFS840H8YLYCLC&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351692119_1TAMCATST9V8XN68S&pid=21.2&w=1920&h=1080&c=4

8.8.8.8:53

cdn.discordapp.com

dns

chrome.exe

495 B
770 B
7
5

DNS Request

cdn.discordapp.com

DNS Response

162.159.134.233

162.159.133.233

162.159.130.233

162.159.135.233

162.159.129.233

DNS Request

ctldl.windowsupdate.com

DNS Response

96.17.178.180

96.17.178.194

DNS Request

42.169.217.172.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.19

DNS Request

11.179.89.13.in-addr.arpa

DNS Request

11.179.89.13.in-addr.arpa

DNS Request

11.179.89.13.in-addr.arpa
8.8.8.8:53

233.134.159.162.in-addr.arpa

dns

516 B
1.2kB
8
6

DNS Request

233.134.159.162.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Response

13.89.179.11

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

194.178.17.96.in-addr.arpa

DNS Request

login.live.com

DNS Response

20.190.177.83

20.190.177.21

20.190.177.149

20.190.177.84

20.190.177.147

20.190.177.85

20.190.177.82

20.190.177.19

DNS Request

arc.msn.com

DNS Request

arc.msn.com

DNS Request

arc.msn.com

DNS Response

20.223.35.26
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

180.178.17.96.in-addr.arpa

DNS Request

180.178.17.96.in-addr.arpa
224.0.0.251:5353

chrome.exe

136 B
2
8.8.8.8:53

83.177.190.20.in-addr.arpa

dns

406 B
821 B
6
5

DNS Request

83.177.190.20.in-addr.arpa

DNS Request

26.35.223.20.in-addr.arpa

DNS Request

arc.msn.com

DNS Response

20.223.35.26

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Request

54.120.234.20.in-addr.arpa

DNS Request

54.120.234.20.in-addr.arpa
8.8.8.8:53

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Best_Of_Loot_Skin_Pack.rar.crdownload

Filesize
893KB

MD5
1d224e79a4ca8b4dea17621522a22dac

SHA1
7dbe06abee3509938be531740afd718a82690ec8

SHA256
1c2432ecfe07075141511219342bdf9c93ff28a53b3996c90a5c7fc249913e2c

SHA512
02bdee50248fc39b63a222d72f661330eebd0ce06a8c6dbe7d6dcb1e0403377e4bb3ac9c5b054edd71754436b47992951894370b29833cff9817471f6cbc0190

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.