46b9742190bda8c4a1cd73c5b911a1cd668bf90c992b9e5afc718069cff0d23a

Analysis

max time kernel
1809s
max time network
1827s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 19:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxApp_client.exe
Size

10.5MB
MD5

4ea993a2a09585a906c94b7d918b60f1
SHA1

74f2560d41b6b7d721fc76b6cd1591a0e2c9d2b0
SHA256

46b9742190bda8c4a1cd73c5b911a1cd668bf90c992b9e5afc718069cff0d23a
SHA512

0f19587ee651fec58c9de040db5b29caacab836c53935057d4b10fe9b1fea846a48dcb7dfe8ff346cef98ce78ddd4dac0514b6cc073a86766686e4e457587e65
SSDEEP

98304:HlDTNcxnGodz+xUlWzuQdu9Gkyw1/UOD1GqbRScznrhbmMoKCAx:Hl0bxH1/PGqFSIr5oKBx

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\RobloxApp_client.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxApp_client.exe"
1⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:8
1⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:8
1⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:8
1⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:8
1⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=1524 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:1
1⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3736 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:1
1⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:8
1⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3776 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:1
1⤵
PID:1688

Network

DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.178.10
DNS

beacons.gcp.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.3
DNS

consent.google.com

Remote address:

8.8.8.8:53

Request

consent.google.com

IN A

Response

consent.google.com

IN A

142.250.178.14
DNS

consent.google.com

Remote address:

8.8.8.8:53

Request

consent.google.com

IN A
DNS

apis.google.com

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.253.116.139

plus.l.google.com

IN A

172.253.116.113

plus.l.google.com

IN A

172.253.116.101

plus.l.google.com

IN A

172.253.116.102

plus.l.google.com

IN A

172.253.116.100

plus.l.google.com

IN A

172.253.116.138
DNS

id.google.com

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

172.253.116.94
DNS

i.ytimg.com

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

216.58.212.238
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.16.226
DNS

static.doubleclick.net

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

172.217.16.230
DNS

jnn-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202
DNS

itch.io

Remote address:

8.8.8.8:53

Request

itch.io

IN A

Response

itch.io

IN A

173.255.250.29
DNS

static.itch.io

Remote address:

8.8.8.8:53

Request

static.itch.io

IN A

Response

static.itch.io

IN A

104.26.8.198

static.itch.io

IN A

104.26.9.198

static.itch.io

IN A

172.67.69.99
DNS

img.itch.zone

Remote address:

8.8.8.8:53

Request

img.itch.zone

IN A

Response

img.itch.zone

IN CNAME

img.itch.zone.edgesuite.net

img.itch.zone.edgesuite.net

IN CNAME

a262.dscb.akamai.net

a262.dscb.akamai.net

IN A

104.77.160.220

a262.dscb.akamai.net

IN A

104.77.160.201
DNS

apps.identrust.com

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.17.179.205

a1952.dscq.akamai.net

IN A

96.17.179.184
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

Remote address:

96.17.179.205:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 12 Jan 2024 20:06:40 GMT
Date: Fri, 12 Jan 2024 19:06:40 GMT
Connection: keep-alive
DNS

region1.google-analytics.com

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
DNS

beacons.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

172.217.169.35
DNS

sites.google.com

Remote address:

8.8.8.8:53

Request

sites.google.com

IN A

Response

sites.google.com

IN A

172.217.16.238
DNS

lh3.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.200.14
DNS

ssl.gstatic.com

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

216.58.212.195
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

216.58.201.110
DNS

lh4.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN A

Response

lh4.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
DNS

lh4.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN A
DNS

beacons2.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons2.gvt2.com

IN A

Response

beacons2.gvt2.com

IN A

216.239.32.117

beacons2.gvt2.com

IN A

216.239.34.117

beacons2.gvt2.com

IN A

216.239.38.117

beacons2.gvt2.com

IN A

216.239.36.117
DNS

beacons2.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons2.gvt2.com

IN A
DNS

beacons.gcp.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.67
DNS

clients2.google.com

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.200.14
DNS

beacons3.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons3.gvt2.com

IN A

Response

beacons3.gvt2.com

IN A

216.58.212.195

142.250.178.4:443

www.google.com

tls

999 B
4.8kB
9
9
142.250.200.42:443

content-autofill.googleapis.com

tls

3.2kB
8.0kB
28
30
192.178.49.3:443

beacons.gcp.gvt2.com

tls

839 B
1.6kB
7
5
192.178.49.3:443

beacons.gcp.gvt2.com

tls

9.9kB
8.7kB
49
39
142.250.178.14:443

consent.google.com

tls

3.3kB
12.7kB
31
31
172.253.116.94:443

id.google.com

tls

2.5kB
9.8kB
21
23
172.217.16.246:443

i.ytimg.com

tls

1.4kB
2.9kB
11
7
172.217.16.246:443

i.ytimg.com

tls

2.7kB
12.1kB
22
24
172.217.16.226:443

googleads.g.doubleclick.net

tls

2.0kB
7.2kB
19
20
172.217.16.230:443

static.doubleclick.net

tls

2.0kB
7.1kB
19
18
173.255.250.29:443

itch.io

tls

5.3kB
28.5kB
27
32
173.255.250.29:443

itch.io

tls

2.1kB
6.2kB
11
12
104.26.8.198:443

static.itch.io

tls

10.2kB
273.3kB
173
232
104.26.8.198:443

static.itch.io

tls

943 B
2.9kB
8
6
104.26.8.198:443

static.itch.io

tls

943 B
2.9kB
8
6
104.26.8.198:443

static.itch.io

tls

943 B
2.9kB
8
6
104.26.8.198:443

static.itch.io

tls

943 B
2.9kB
8
6
104.77.160.220:443

img.itch.zone

98 B
52 B
2
1
104.77.160.220:443

img.itch.zone

98 B
52 B
2
1
104.77.160.220:443

img.itch.zone

98 B
52 B
2
1
104.77.160.220:443

img.itch.zone

98 B
52 B
2
1
104.77.160.220:443

img.itch.zone

tls

23.7kB
880.8kB
454
701
104.77.160.220:443

img.itch.zone

tls

1.2kB
6.4kB
13
13
104.26.8.198:443

static.itch.io

tls

5.5kB
111.1kB
85
107
96.17.179.205:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

369 B
1.6kB
5
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
216.239.32.36:443

region1.google-analytics.com

tls

3.3kB
7.5kB
24
23
173.255.250.29:443

itch.io

tls

1.9kB
7.1kB
16
16
172.217.169.35:443

beacons.gvt2.com

tls

2.5kB
6.7kB
21
20
172.217.16.238:443

sites.google.com

tls

4.8kB
27.3kB
38
40
172.217.16.238:443

sites.google.com

tls

1.3kB
2.6kB
10
7
142.250.200.14:443

play.google.com

tls

1.8kB
1.8kB
11
8
216.58.201.97:443

lh3.googleusercontent.com

tls

2.1kB
1.0kB
9
6
142.250.200.14:443

play.google.com

tls

2.6kB
9.1kB
22
23
216.58.201.97:443

lh3.googleusercontent.com

tls

7.1kB
139.3kB
103
114
142.250.200.14:443

play.google.com

tls

1.3kB
9.3kB
15
12
216.58.201.110:443

google.com

tls

3.0kB
10.0kB
25
24
216.239.32.117:443

beacons2.gvt2.com

tls

1.3kB
1.6kB
9
6
216.239.32.117:443

beacons2.gvt2.com

tls

2.0kB
6.7kB
20
20

8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
224.0.0.251:5353

204 B
3
142.250.178.4:443

www.google.com

https

9.6kB
100.9kB
70
99
142.250.178.4:443

www.google.com

https

4.6kB
139.0kB
43
133
8.8.8.8:53

content-autofill.googleapis.com

dns

77 B
253 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.200.42

142.250.200.10

216.58.201.106

216.58.204.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

172.217.16.234

142.250.178.10
8.8.8.8:53

beacons.gcp.gvt2.com

dns

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.3
142.250.178.4:443

www.google.com

https

81.4kB
2.1MB
515
1924
8.8.8.8:53

consent.google.com

dns

128 B
80 B
2
1

DNS Request

consent.google.com

DNS Request

consent.google.com

DNS Response

142.250.178.14
8.8.8.8:53

apis.google.com

dns

61 B
178 B
1
1

DNS Request

apis.google.com

DNS Response

172.253.116.139

172.253.116.113

172.253.116.101

172.253.116.102

172.253.116.100

172.253.116.138
172.253.116.139:443

apis.google.com

https

5.1kB
51.0kB
30
44
142.250.200.42:443

content-autofill.googleapis.com

https

6.9kB
50.7kB
34
54
8.8.8.8:53

id.google.com

dns

59 B
75 B
1
1

DNS Request

id.google.com

DNS Response

172.253.116.94
8.8.8.8:53

i.ytimg.com

dns

57 B
265 B
1
1

DNS Request

i.ytimg.com

DNS Response

172.217.16.246

142.250.178.22

142.250.200.54

142.250.200.22

216.58.201.118

216.58.204.86

216.58.213.22

216.58.212.214

172.217.169.86

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246
8.8.8.8:53

www.youtube.com

dns

61 B
335 B
1
1

DNS Request

www.youtube.com

DNS Response

172.217.169.46

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

172.217.16.238

142.250.178.14

142.250.200.46

142.250.200.14

216.58.201.110

216.58.204.78

216.58.213.14

172.217.169.14

216.58.212.206

216.58.212.238
172.217.169.46:443

www.youtube.com

https

34.0kB
1.1MB
206
916
172.217.16.246:443

i.ytimg.com

https

3.0kB
6.7kB
7
7
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.16.226
8.8.8.8:53

static.doubleclick.net

dns

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

172.217.16.230
8.8.8.8:53

jnn-pa.googleapis.com

dns

67 B
259 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.187.234

172.217.16.234

142.250.178.10

142.250.200.42

142.250.200.10

216.58.201.106

216.58.204.74

216.58.212.202

216.58.212.234

142.250.179.234

142.250.180.10

142.250.187.202
172.217.16.226:443

googleads.g.doubleclick.net

https

3.4kB
7.3kB
7
10
8.8.8.8:53

itch.io

dns

53 B
69 B
1
1

DNS Request

itch.io

DNS Response

173.255.250.29
8.8.8.8:53

static.itch.io

dns

60 B
108 B
1
1

DNS Request

static.itch.io

DNS Response

104.26.8.198

104.26.9.198

172.67.69.99
8.8.8.8:53

img.itch.zone

dns

59 B
163 B
1
1

DNS Request

img.itch.zone

DNS Response

104.77.160.220

104.77.160.201
8.8.8.8:53

apps.identrust.com

dns

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.17.179.205

96.17.179.184
8.8.8.8:53

region1.google-analytics.com

dns

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.32.36

216.239.34.36
8.8.8.8:53

beacons.gvt2.com

dns

62 B
78 B
1
1

DNS Request

beacons.gvt2.com

DNS Response

172.217.169.35
172.217.169.35:443

beacons.gvt2.com

https

2.8kB
8.7kB
11
13
8.8.8.8:53

sites.google.com

dns

62 B
78 B
1
1

DNS Request

sites.google.com

DNS Response

172.217.16.238
192.178.49.3:443

beacons.gcp.gvt2.com

https

7.6kB
10.1kB
21
16
216.239.32.36:443

region1.google-analytics.com

https

4.2kB
6.5kB
6
7
172.253.116.139:443

apis.google.com

https

8.4kB
129.4kB
66
107
8.8.8.8:53

lh3.googleusercontent.com

dns

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

216.58.201.97
216.58.201.97:443

lh3.googleusercontent.com

https

7.1kB
7.4kB
13
8
142.250.200.42:443

jnn-pa.googleapis.com

https

3.6kB
3.0kB
11
8
8.8.8.8:53

play.google.com

dns

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.200.14
172.217.16.238:443

sites.google.com

https

32.5kB
11.0kB
43
32
142.250.200.14:443

play.google.com

https

25.8kB
12.3kB
33
26
8.8.8.8:53

ssl.gstatic.com

dns

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

216.58.212.195
172.217.16.238:443

sites.google.com

https

27.0kB
22.6kB
54
51
172.253.116.139:443

apis.google.com

https

4.3kB
2.5kB
8
5
8.8.8.8:53

google.com

dns

56 B
72 B
1
1

DNS Request

google.com

DNS Response

216.58.201.110
192.178.49.3:443

beacons.gcp.gvt2.com

https

4.0kB
3.7kB
15
11
142.250.200.14:443

play.google.com

https

21.9kB
4.0kB
27
21
8.8.8.8:53

lh4.googleusercontent.com

dns

142 B
116 B
2
1

DNS Request

lh4.googleusercontent.com

DNS Request

lh4.googleusercontent.com

DNS Response

216.58.201.97
216.58.201.97:443

lh4.googleusercontent.com

https

7.1kB
132.1kB
65
107
8.8.8.8:53

beacons2.gvt2.com

dns

126 B
127 B
2
1

DNS Request

beacons2.gvt2.com

DNS Request

beacons2.gvt2.com

DNS Response

216.239.32.117

216.239.34.117

216.239.38.117

216.239.36.117
216.239.32.117:443

beacons2.gvt2.com

https

3.9kB
7.4kB
10
11
8.8.8.8:53

beacons.gcp.gvt2.com

dns

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.67
216.58.201.110:443

google.com

https

3.1kB
8.2kB
8
11
172.217.169.67:443

beacons.gcp.gvt2.com

https

4.1kB
7.4kB
11
11
8.8.8.8:53

clients2.google.com

dns

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.200.14
142.250.200.14:443

clients2.google.com

https

2.5kB
10.9kB
14
15
216.239.32.117:443

beacons2.gvt2.com

https

2.7kB
3.8kB
11
12
8.8.8.8:53

beacons3.gvt2.com

dns

63 B
79 B
1
1

DNS Request

beacons3.gvt2.com

DNS Response

216.58.212.195

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.