Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    167s
  • max time network
    166s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/03/2024, 08:44 UTC

General

  • Target

    http://mem.gfx.ms

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mem.gfx.ms
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc84069758,0x7ffc84069768,0x7ffc84069778
      2⤵
        PID:4236
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:2
        2⤵
          PID:2680
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:8
          2⤵
            PID:1752
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:8
            2⤵
              PID:4848
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:1
              2⤵
                PID:4272
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:1
                2⤵
                  PID:1128
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:8
                  2⤵
                    PID:2504
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:8
                    2⤵
                      PID:5016
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4392 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5024
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:2264

                    Network

                    • flag-us
                      DNS
                      mem.gfx.ms
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      mem.gfx.ms
                      IN A
                      Response
                      mem.gfx.ms
                      IN CNAME
                      amcdnmsftuswe.azureedge.net
                      amcdnmsftuswe.azureedge.net
                      IN CNAME
                      amcdnmsftuswe.afd.azureedge.net
                      amcdnmsftuswe.afd.azureedge.net
                      IN CNAME
                      firstparty-azurefd-prod.trafficmanager.net
                      firstparty-azurefd-prod.trafficmanager.net
                      IN CNAME
                      shed.dual-low.part-0036.t-0009.t-msedge.net
                      shed.dual-low.part-0036.t-0009.t-msedge.net
                      IN CNAME
                      part-0036.t-0009.t-msedge.net
                      part-0036.t-0009.t-msedge.net
                      IN A
                      13.107.246.64
                      part-0036.t-0009.t-msedge.net
                      IN A
                      13.107.213.64
                    • flag-us
                      DNS
                      login.live.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      login.live.com
                      IN A
                      Response
                      login.live.com
                      IN CNAME
                      login.msa.msidentity.com
                      login.msa.msidentity.com
                      IN CNAME
                      www.tm.lg.prod.aadmsa.trafficmanager.net
                      www.tm.lg.prod.aadmsa.trafficmanager.net
                      IN CNAME
                      prdv4a.aadg.msidentity.com
                      prdv4a.aadg.msidentity.com
                      IN CNAME
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      40.126.32.76
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      40.126.32.136
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      40.126.32.138
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      40.126.32.72
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      20.190.160.20
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      20.190.160.17
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      40.126.32.74
                      www.tm.v4.a.prd.aadg.trafficmanager.net
                      IN A
                      40.126.32.133
                    • flag-us
                      DNS
                      106.39.251.142.in-addr.arpa
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      106.39.251.142.in-addr.arpa
                      IN PTR
                      Response
                      106.39.251.142.in-addr.arpa
                      IN PTR
                      ams15s48-in-f101e100net
                    • flag-us
                      DNS
                      205.178.17.96.in-addr.arpa
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      205.178.17.96.in-addr.arpa
                      IN PTR
                      Response
                      205.178.17.96.in-addr.arpa
                      IN PTR
                      a96-17-178-205deploystaticakamaitechnologiescom
                    • flag-us
                      DNS
                      205.178.17.96.in-addr.arpa
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      205.178.17.96.in-addr.arpa
                      IN PTR
                    • flag-us
                      GET
                      http://mem.gfx.ms/
                      chrome.exe
                      Remote address:
                      13.107.246.64:80
                      Request
                      GET / HTTP/1.1
                      Host: mem.gfx.ms
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Response
                      HTTP/1.1 400 Bad Request
                      Transfer-Encoding: chunked
                      X-MSEdge-Ref: 0mGfxZQAAAAAMRYoyy736SZZpEO5ktWkwTE9OMjFFREdFMTcxOQBFZGdl
                      Date: Wed, 13 Mar 2024 08:45:11 GMT
                    • flag-us
                      GET
                      http://mem.gfx.ms/favicon.ico
                      chrome.exe
                      Remote address:
                      13.107.246.64:80
                      Request
                      GET /favicon.ico HTTP/1.1
                      Host: mem.gfx.ms
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Referer: http://mem.gfx.ms/
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Response
                      HTTP/1.1 400 Bad Request
                      Transfer-Encoding: chunked
                      X-MSEdge-Ref: 0mGfxZQAAAADxeZLDffi0TbIEKDMxf+RMTE9OMjFFREdFMTcxOQBFZGdl
                      Date: Wed, 13 Mar 2024 08:45:12 GMT
                    • flag-us
                      DNS
                      76.32.126.40.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      76.32.126.40.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      57.169.31.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      57.169.31.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      55.36.223.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      55.36.223.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      arc.msn.com
                      Remote address:
                      8.8.8.8:53
                      Request
                      arc.msn.com
                      IN A
                      Response
                      arc.msn.com
                      IN CNAME
                      arc.trafficmanager.net
                      arc.trafficmanager.net
                      IN CNAME
                      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
                      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
                      IN A
                      20.223.36.55
                    • flag-us
                      DNS
                      arc.msn.com
                      Remote address:
                      8.8.8.8:53
                      Request
                      arc.msn.com
                      IN A
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 405726
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: BB71C806B1F1434CAA6B3E349E13A9A4 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
                      date: Wed, 13 Mar 2024 08:45:44 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&w=1080&h=1920&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 163886
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 3FEFAFE9BB9D46878451883A59F5A747 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
                      date: Wed, 13 Mar 2024 08:45:44 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 384492
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 6B510FBD3BE8441D8579F937D4681629 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
                      date: Wed, 13 Mar 2024 08:45:44 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 246369
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 0DF359209D504C45BAC497E09FDAA536 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
                      date: Wed, 13 Mar 2024 08:45:44 GMT
                    • 13.107.246.64:80
                      http://mem.gfx.ms/favicon.ico
                      http
                      chrome.exe
                      1.1kB
                      1.1kB
                      7
                      9

                      HTTP Request

                      GET http://mem.gfx.ms/

                      HTTP Response

                      400

                      HTTP Request

                      GET http://mem.gfx.ms/favicon.ico

                      HTTP Response

                      400
                    • 13.107.246.64:80
                      mem.gfx.ms
                      chrome.exe
                      190 B
                      132 B
                      4
                      3
                    • 204.79.197.200:443
                      tse1.mm.bing.net
                      tls, http2
                      1.3kB
                      8.1kB
                      16
                      14
                    • 204.79.197.200:443
                      tse1.mm.bing.net
                      tls, http2
                      1.3kB
                      8.1kB
                      16
                      13
                    • 204.79.197.200:443
                      https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4
                      tls, http2
                      45.0kB
                      1.3MB
                      921
                      919

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&w=1080&h=1920&c=4

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4

                      HTTP Response

                      200

                      HTTP Response

                      200

                      HTTP Response

                      200

                      HTTP Response

                      200
                    • 204.79.197.200:443
                      tse1.mm.bing.net
                      tls, http2
                      1.3kB
                      8.1kB
                      16
                      13
                    • 8.8.8.8:53
                      mem.gfx.ms
                      dns
                      chrome.exe
                      333 B
                      869 B
                      5
                      4

                      DNS Request

                      mem.gfx.ms

                      DNS Response

                      13.107.246.64
                      13.107.213.64

                      DNS Request

                      login.live.com

                      DNS Response

                      40.126.32.76
                      40.126.32.136
                      40.126.32.138
                      40.126.32.72
                      20.190.160.20
                      20.190.160.17
                      40.126.32.74
                      40.126.32.133

                      DNS Request

                      106.39.251.142.in-addr.arpa

                      DNS Request

                      205.178.17.96.in-addr.arpa

                      DNS Request

                      205.178.17.96.in-addr.arpa

                    • 8.8.8.8:53
                      76.32.126.40.in-addr.arpa
                      dns
                      327 B
                      648 B
                      5
                      4

                      DNS Request

                      76.32.126.40.in-addr.arpa

                      DNS Request

                      57.169.31.20.in-addr.arpa

                      DNS Request

                      55.36.223.20.in-addr.arpa

                      DNS Request

                      arc.msn.com

                      DNS Request

                      arc.msn.com

                      DNS Response

                      20.223.36.55

                    • 224.0.0.251:5353
                      chrome.exe
                      204 B
                      3

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      9b163df35694380eee520949b33581c7

                      SHA1

                      9860027924025e10701f9592eded119801280e56

                      SHA256

                      b87d19d02f9eaef86d09acdb0d3de9a3714d1815e2194bc5cb366c1cd67b32f2

                      SHA512

                      9b58343195e867ce823c073d48f6f6e6a9f033f036b07835502820ec9e03f149e214c25ab192af37d44be923b66993bab9562f7412aa74a33e183a5231329c8c

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      6e2d746556423062a0e7b606140a3d85

                      SHA1

                      6ed1e7b82251174cc54dbd1fe60a4d1c00b866db

                      SHA256

                      05310c37eb120673c6616c2de16fe6f9744e295f498627993df64432f154446c

                      SHA512

                      f80548cf63ea1ae5115004706ce6f1c745112431e26ba9b185de024a4b9ef03b51c1186407408dca0c95eb6087f91ff6eba2f11f339ab1e1f592b85320876abe

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      130KB

                      MD5

                      ace3c4cfc16c704e08027934181859de

                      SHA1

                      ad7b8dccda778d9c94d5137d7c281eba15c4ce5d

                      SHA256

                      32efb4ede0a172b50c6fc1387b1c1b322e8e89f5a87bc11b827fb542fc3cb36a

                      SHA512

                      e052af8f2d8c91cffbd3d8929bcc26b61cce394ab89fdd2783c2e4de667dc5b4f0fa332f49661b2d23fbd45fabaf4200ebf27cec95ef06b168da505d8c90852c

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                      Filesize

                      2B

                      MD5

                      99914b932bd37a50b983c5e7c90ae93b

                      SHA1

                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                      SHA256

                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                      SHA512

                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.