hxxp://www[.]facebook[.]co

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 04:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.facebook.co

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133505442430975087"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 3720	964	chrome.exe	22
PID 964 wrote to memory of 3720	964	chrome.exe	22
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 2588	964	chrome.exe	87
PID 964 wrote to memory of 3188	964	chrome.exe	86
PID 964 wrote to memory of 3188	964	chrome.exe	86
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88
PID 964 wrote to memory of 4844	964	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.facebook.co
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffef7209758,0x7ffef7209768,0x7ffef7209778
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3188 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 --field-trial-handle=1856,i,4044171507830955652,11071182139417277308,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1320

Network

DNS

www.facebook.co

chrome.exe

Remote address:

8.8.8.8:53

Request

www.facebook.co

IN A

Response

www.facebook.co

IN CNAME

www.facebook.com

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.147.35
GET

http://www.facebook.co/

chrome.exe

Remote address:

163.70.147.35:80

Request

GET / HTTP/1.1
Host: www.facebook.co
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Location: https://www.facebook.com/
Content-Type: text/html; charset="utf-8"
X-FB-Debug: FXopj4IHiex8naDjSgC+MatLmHo2HHwPdWI/SelyA+h8R4s7vEFvML1rbMMYT+dK3jbZoTKGknqf12oUcVa+2Q==
Date: Wed, 24 Jan 2024 04:30:39 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 0
DNS

www.facebook.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

35.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.147.70.163.in-addr.arpa

IN PTR

Response

35.147.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr6facebookcom
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

static.xx.fbcdn.net

chrome.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.147.23
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

23.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.147.70.163.in-addr.arpa

IN PTR

Response

23.147.70.163.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-lhr6fbcdnnet
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

facebook.com

chrome.exe

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

163.70.147.35
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.200.10
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmWJWnw3DukRBIFDXhvEhkSBQ3Fk8Qk?alt=proto

chrome.exe

Remote address:

142.250.178.10:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmWJWnw3DukRBIFDXhvEhkSBQ3Fk8Qk?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CM3cygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

10.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.178.250.142.in-addr.arpa

IN PTR

Response

10.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f101e100net
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

www.facebook.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom

52.142.223.178:80

208 B
4
163.70.147.35:80

www.facebook.co

chrome.exe

282 B
172 B
6
4
163.70.147.35:80

http://www.facebook.co/

http

chrome.exe

752 B
565 B
7
6

HTTP Request

GET http://www.facebook.co/

HTTP Response

302
157.240.221.35:443

www.facebook.com

tls

chrome.exe

2.2kB
32.3kB
23
34
163.70.147.23:443

static.xx.fbcdn.net

tls

chrome.exe

989 B
2.9kB
9
7
163.70.147.23:443

static.xx.fbcdn.net

tls

chrome.exe

4.4kB
121.9kB
66
105
163.70.147.23:443

static.xx.fbcdn.net

tls

chrome.exe

897 B
2.6kB
7
5
163.70.147.23:443

static.xx.fbcdn.net

tls

chrome.exe

989 B
2.9kB
9
7
163.70.147.35:443

facebook.com

tls

chrome.exe

1.7kB
5.1kB
14
15
142.250.178.10:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmWJWnw3DukRBIFDXhvEhkSBQ3Fk8Qk?alt=proto

tls, http2

chrome.exe

1.8kB
7.0kB
15
17

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwmWJWnw3DukRBIFDXhvEhkSBQ3Fk8Qk?alt=proto

8.8.8.8:53

www.facebook.co

dns

chrome.exe

61 B
136 B
1
1

DNS Request

www.facebook.co

DNS Response

163.70.147.35
8.8.8.8:53

www.facebook.com

dns

chrome.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

35.147.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.147.70.163.in-addr.arpa
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

static.xx.fbcdn.net

dns

chrome.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.147.23
163.70.147.23:443

static.xx.fbcdn.net

https

chrome.exe

11.7kB
268.9kB
105
251
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

23.147.70.163.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

23.147.70.163.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
157.240.221.35:443

www.facebook.com

https

chrome.exe

19.1kB
303.2kB
102
268
163.70.147.23:443

static.xx.fbcdn.net

https

chrome.exe

4.5kB
19.2kB
22
33
8.8.8.8:53

facebook.com

dns

chrome.exe

58 B
74 B
1
1

DNS Request

facebook.com

DNS Response

163.70.147.35
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
285 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.178.10

216.58.201.106

216.58.204.74

216.58.213.10

216.58.212.202

216.58.212.234

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

172.217.16.234

142.250.200.42

142.250.200.10
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

10.178.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.178.250.142.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

178.223.142.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

178.223.142.52.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

chrome.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
157.240.221.35:443

www.facebook.com

https

chrome.exe

3.7kB
4.5kB
8
12
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
c047667a06924b3c4cb0cdce23030eff

SHA1
ac07d4f53a3050593a7111a035fc6ea44826ba7f

SHA256
06b1f3405a151cbe333048f97ba400129800e4f58e8b6e0bbf6e25434db3496a

SHA512
56911a360254f0dae39b77c962934d00b33bc51a7aae726151aad9d0c516a2b7211e7994665b44620ebdd235dc35ffdb521f65f853a82512bc5703618f8cb8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0d139ff69c9444548e7e70b0749a19c3

SHA1
c5ffab6c78bd88e34e97a00755fd2bbd43799a2a

SHA256
03de679633e7eb2275d7e3250382a90b7d694ee592681660f07c6bb8137f6a7e

SHA512
14e7776b41c4483546f32dc855f59fb1222472227984569afefed73cb649cffd5ff7dc91479b97302533ffc7a151555586ce064a7cf433f5b7e65c6938b5469f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0d3a3aa9ff799b4e2c69dde1f3accea4

SHA1
194a1c95d9ed990c1419c74ec30bb34ea538dc62

SHA256
32be65882ae0b365e256345cfcffe8ce7d95ee1e840a45ea158290ff823538c7

SHA512
127860e57f5c12d840fd2abcf43d85b9f61cb1c8903ab480c6e605c33306b9380467cbe9edd6d2ec99bdca41d430e47a4666fbefa95e4f0bfc0973ceee7ef20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
e7f542d517713b6977cb1c69bd479a51

SHA1
0ae886562f284415f00d50abb8011ba8670d8da3

SHA256
f2aa2c56d423aea63d8cf1a04f0982138e10271c2d44425a142546ce59941f94

SHA512
37dab61ea2f6264e004340ac842d5b6579162f495c7bcaf1a0daa7c562e0b046916c299a1299e154f9d5f37c6a5210ec1fd461b628dd888372d8c6f101c889dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
00560ecb0ef50fad4046feef31c4e252

SHA1
4d2e87359305157752e5d485fd15903c47a43a79

SHA256
3ef73c0211bfa4413b1c69f157f1f531d2b097f46618b64dc2f7564e94d61d7e

SHA512
18f841b4912925cd7ca8c9364d84edf9981cc2920841a3a10f1be9a7ee92047156ad92695ce9276e78eff246f876b530b2510f7dbab782d430a276fed65d9db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
baff90dc0c091a08cf09cd7ffc2be5f2

SHA1
382ea2d211f037bcda5656e8214a089874458eca

SHA256
75b5bdc8263fd0f9667928185ba2435f286899aa8ff3a5b907eb0077dfff22ed

SHA512
a48acf6e49a5c14b7f1e9f9939cfe4e944a629833c849a33bcfa40afed9eb98645145c1a9df7a1257960766d4f9da2ab2adca96d24fd237eb7fc67d12c5bcb58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
8a65276b30b6ac8ff8446e3ab4909dbd

SHA1
e1a99d2c648f1eeb48312ecdd3447dd5aefdfaf6

SHA256
ad9de8f8f8baffca61a11adf831d3a67838ad684331ebd042c2186173b299803

SHA512
a8e272208ebe08fdacca32e6d11186bed5bca234fbaefc7403a75a4b4b3008e80db77947e4143f9df3cccbcb952515441bd372cf6fd7c8675a294f5913d19661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e45bbfc4283d5b22e1d4c4448e43f0c

SHA1
5add65f382120454656072b820717bc542008481

SHA256
c015fa29bf7f316cdd4a56506c05053d7c8a770bbd72310029bb20f909b18529

SHA512
11487ad7366f30de4c8eb6dea212086b0403f0b01a2e68b0517f314b8b4b4319300951413d435277acc2e8c1cdf4993b387a1108b204d135db5ebd1c93551c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
46a5aab062db9b91f0a35cdb44350387

SHA1
42461ea4625f2c1517f5cf276d044d8ba0870b77

SHA256
530c6d9b7384c8c36d4d751d39a53f3ea9669326282be308d407b9d7fe3f73fe

SHA512
40a5af3d5d3181806751a4973c77ba4bad4d5d3681754be3549749edf1d2626035cc90fb9c5512afe1cf3bdbd9886ee9cf1a0c664f88e2266a40ff572c76b75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.