588178fd381b8616491f4830aab4c0520d83b2bc02b4484ec8a484b11923ed0b

Resubmissions

22/01/2024, 18:59 UTC

240122-xnavaschg6 10

22/01/2024, 18:56 UTC

240122-xlm2vacchp 3

22/01/2024, 18:52 UTC

240122-xjdemaccgm 4

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2024, 18:56 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GTA 5 Web Cursor.cur
Size

4KB
MD5

ff6de1c4f3bc8fec42883a51f23c9df7
SHA1

3297b0be81fa0cd2828412d625e5655b3c12b62d
SHA256

588178fd381b8616491f4830aab4c0520d83b2bc02b4484ec8a484b11923ed0b
SHA512

4cdd6b57a79498a0304fd08f2ae347d34702de0cc53d00a8524c1f5494588c6290949c93f845698bdc40ac347f5285785410a413160c596714d07a5af884b03b
SSDEEP

24:NYLM+Or3GqJF1pVu/2uEwuwLwuwuqVwuzwmwYwYwYwYwQDbqqqqc:NfzjGqtfI2SB8Bt2F5bbbbsbqqqqc

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504234216672835"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 2336	4688	chrome.exe	97
PID 4688 wrote to memory of 2336	4688	chrome.exe	97
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 3428	4688	chrome.exe	98
PID 4688 wrote to memory of 1840	4688	chrome.exe	99
PID 4688 wrote to memory of 1840	4688	chrome.exe	99
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100
PID 4688 wrote to memory of 4604	4688	chrome.exe	100

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\GTA 5 Web Cursor.cur"
1⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa4fbd9758,0x7ffa4fbd9768,0x7ffa4fbd9778
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:2
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3460 --field-trial-handle=1700,i,17872334164117161513,481181938566328971,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4040

Network

DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.204.68
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

216.58.204.68:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

195.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.187.250.142.in-addr.arpa

IN PTR

Response

195.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f31e100net
DNS

68.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.204.58.216.in-addr.arpa

IN PTR

Response

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f41e100net

68.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f4�G

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f68�G
DNS

74.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.169.217.172.in-addr.arpa

IN PTR

Response

74.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f101e100net
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.238
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D38%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D38%2526e%253D1

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D38%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D38%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

16.234.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.234.44.23.in-addr.arpa

IN PTR

Response

16.234.44.23.in-addr.arpa

IN PTR

a23-44-234-16deploystaticakamaitechnologiescom
DNS

147.166.122.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.166.122.92.in-addr.arpa

IN PTR

Response

147.166.122.92.in-addr.arpa

IN PTR

a92-122-166-147deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR

Response

173.178.17.96.in-addr.arpa

IN PTR

a96-17-178-173deploystaticakamaitechnologiescom
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.3
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 273
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

3.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.49.178.192.in-addr.arpa

IN PTR

Response

3.49.178.192.in-addr.arpa

IN PTR

phx18s08-in-f31e100net
DNS

90.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.65.42.20.in-addr.arpa

IN PTR

Response

20.231.121.79:80

156 B
3
216.58.204.68:443

https://www.google.com/async/ddljson?async=ntp:2

tls, http2

chrome.exe

1.7kB
7.5kB
16
18

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2
142.250.179.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D38%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D38%2526e%253D1

tls, http2

chrome.exe

2.1kB
9.9kB
18
20

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D38%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D38%2526e%253D1
192.178.49.3:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.0kB
7.1kB
15
15

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.204.68
216.58.204.68:443

www.google.com

https

chrome.exe

3.3kB
48.7kB
28
46
8.8.8.8:53

195.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.187.250.142.in-addr.arpa
8.8.8.8:53

68.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

68.204.58.216.in-addr.arpa
8.8.8.8:53

74.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

74.169.217.172.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.179.238
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

16.234.44.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

16.234.44.23.in-addr.arpa
8.8.8.8:53

147.166.122.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

147.166.122.92.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

173.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

173.178.17.96.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.3
8.8.8.8:53

3.49.178.192.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

3.49.178.192.in-addr.arpa
8.8.8.8:53

90.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

90.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d3f57b7bbd41c40beaa030c5a4537c0f

SHA1
f3885734ca37b183f00287a34b242da10687dd5b

SHA256
93b2bda2d956f48b7f0f2edee936e9792d6cff3ecca761994e0a59876bf2c8fe

SHA512
45c84e9dad29a220aae2d2f9d28100a83154fdab1a474e29e132c11f525dffb4616838aea854a43dbe3b69dd54691218d8733539ee78403dcb53c81b3221721f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0d5ca955b1bd60753d04d8a23103ac8

SHA1
2abcd72ea16a4a5303ef517c5d6cbe3e685fc16f

SHA256
88bdbf21b98c0897cae72380c0abbb913316dae2ce68f76fed543b1b4f7f420c

SHA512
4e356c252ea883f8b21e0a51056c31af2857735b77badb9029a9d2ff37f7094c73cc406c57e197dff2a22474914f900d4809ff49f1796e74f897e7c6bea355fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fc0ec8b596b3526a6fc3bcaae35ac81d

SHA1
5ade519812edff67de8d2a97b43db0c0f3ab7d12

SHA256
169a5e4aec30e3adb752ca1a0576fb3816fad5b54aab2bfd24b623bfbeb4cad8

SHA512
b213b086dc157b35296a99d3c18d1e032bb73abaa4e4644831f1aa7efe404e1da7235dcfd13b81bfcbdce4e945c0cc8b62a1c6fa2138951bfe60bd22ce4e69a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b89fa2a90521803f7790a7c5b38b182f

SHA1
72fd4ae79227a51b7b713a92933e3b32dc94b3c0

SHA256
b55cc6d77cd0a2ae606f1aba3f76278524144a8725500dd55898fd5822f00f3d

SHA512
361a2efb082d7c84e558483ca9d63a31fadd7744fbf64fae22e9bd6fc5ff53339aeefe3eba79277746b6595c8483b02520c8bc0f961b9442444309523afca8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
440eb196a5ce03b7650e178c3bfb0fe4

SHA1
08e4fe5a7a8f1f6a5ae96b6608a24f7f18840daa

SHA256
5ef77648ea846db408b5b7f3b4025cd1d42e06732f6981dc643cda6d80daa7c0

SHA512
5113e2513b097544d397e1442afefffea85e490d7cb3f7615f950b46748af92f8741f46ff5acd70be12d699612807bdc0d0cdf2faea19606a97f05415ce8f0d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.