20656fb66b0629c323be0f5a94ccbcdc7ba7fe8d14c6a11f90de18819cfc48b0

max time kernel
1799s
max time network
1697s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23/04/2024, 17:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Elmo.jpg
Size

5KB
MD5

a6564d72511a7a126fca09696f55dda7
SHA1

afe5009a79b718a57f7b47295bc2dbaf15f15b6d
SHA256

20656fb66b0629c323be0f5a94ccbcdc7ba7fe8d14c6a11f90de18819cfc48b0
SHA512

bb484a1c1283676583fa04539b77cf5735e45b60ba13e8911a7da417159475cf2b70f2cad7ef2ea7b65067b715ac1bc9c57f2169659da3831e4c32f58f504b0a
SSDEEP

96:nBxQRQwdVJHiRfc3E1yU38aUuurzdm2l492S8VlrRV1TfHUniBTF4Tb42UvMmcUd:BWDCRoE1zUhL492FTVhsn0u2kM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583663886244103"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1680	2052	chrome.exe	86
PID 2052 wrote to memory of 1680	2052	chrome.exe	86
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 4528	2052	chrome.exe	88
PID 2052 wrote to memory of 4528	2052	chrome.exe	88
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Elmo.jpg
1⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe4ebfab58,0x7ffe4ebfab68,0x7ffe4ebfab78
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4232 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3840 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1348 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3404

Network

DNS

227.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.16.217.172.in-addr.arpa

IN PTR

Response

227.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f31e100net

227.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f3�H
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.48
DNS

163.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.49.178.192.in-addr.arpa

IN PTR

Response

163.49.178.192.in-addr.arpa

IN PTR

phx19s05-in-f31e100net
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

88.221.83.17

a767.dspw65.akamai.net

IN A

88.221.83.59
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

88.221.83.26

a767.dspw65.akamai.net

IN A

88.221.83.17
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.trafficmanager.net

www.tm.lg.prod.aadmsa.trafficmanager.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.75

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.2

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.71

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.73

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.23

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.64

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.0

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.69
DNS

www.bing.com

Remote address:

8.8.8.8:53

Request

www.bing.com

IN A

Response

www.bing.com

IN CNAME

wwwprod.www-bing-com.akadns.net

wwwprod.www-bing-com.akadns.net

IN CNAME

www.bing.com.edgekey.net

www.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

23.62.61.169

e86303.dscx.akamaiedge.net

IN A

23.62.61.192

e86303.dscx.akamaiedge.net

IN A

23.62.61.176

e86303.dscx.akamaiedge.net

IN A

23.62.61.177

e86303.dscx.akamaiedge.net

IN A

23.62.61.187

e86303.dscx.akamaiedge.net

IN A

23.62.61.171

e86303.dscx.akamaiedge.net

IN A

23.62.61.193

e86303.dscx.akamaiedge.net

IN A

23.62.61.57

e86303.dscx.akamaiedge.net

IN A

23.62.61.58
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com

IN A

20.223.36.55
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 274
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 269
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 336
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://beacons2.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.38.117:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons2.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons2.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.38.117:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons2.gvt2.com
content-length: 403
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6B420DE7E0DB44F390A60F276FBD26E6 Ref B: LON04EDGE1010 Ref C: 2024-04-23T17:43:17Z
date: Tue, 23 Apr 2024 17:43:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 555746
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DE4D1AD29969498693124FD71A037FF9 Ref B: LON04EDGE1010 Ref C: 2024-04-23T17:43:17Z
date: Tue, 23 Apr 2024 17:43:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 662479E10F204268977E40E98C0D498C Ref B: LON04EDGE1010 Ref C: 2024-04-23T17:43:17Z
date: Tue, 23 Apr 2024 17:43:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D460E40F638B4E4ABB71DD733116A8B6 Ref B: LON04EDGE1010 Ref C: 2024-04-23T17:43:17Z
date: Tue, 23 Apr 2024 17:43:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 638730
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EF4ED12D14FF440AB6FCA405686F4619 Ref B: LON04EDGE1010 Ref C: 2024-04-23T17:43:17Z
date: Tue, 23 Apr 2024 17:43:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FD0D615C57BB46E587523B3B1AD7AC27 Ref B: LON04EDGE1010 Ref C: 2024-04-23T17:43:17Z
date: Tue, 23 Apr 2024 17:43:16 GMT

216.58.204.68:443

www.google.com

tls

chrome.exe

953 B
4.8kB
8
9
216.58.212.206:443

clients2.google.com

tls, http2

chrome.exe

1.1kB
8.5kB
12
12
52.111.243.29:443

322 B
7
192.178.49.163:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

4.0kB
8.3kB
39
34

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
192.178.49.163:443

beacons.gcp.gvt2.com

tls, http2

chrome.exe

999 B
5.8kB
9
8
216.239.38.117:443

https://beacons2.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.8kB
7.7kB
25
23

HTTP Request

OPTIONS https://beacons2.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons2.gvt2.com/domainreliability/upload-nel
23.62.61.169:443

www.bing.com

tls

1.7kB
11.6kB
22
16
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

123.8kB
3.5MB
2512
2507

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
16
14

216.58.204.68:443

www.google.com

https

chrome.exe

6.1kB
110.3kB
53
93
8.8.8.8:53

227.16.217.172.in-addr.arpa

dns

822 B
2.1kB
12
11

DNS Request

227.16.217.172.in-addr.arpa

DNS Request

3.200.250.142.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.48

DNS Request

163.49.178.192.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

88.221.83.17

88.221.83.59

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

88.221.83.26

88.221.83.17

DNS Request

login.live.com

DNS Response

20.190.159.75

20.190.159.2

20.190.159.71

40.126.31.73

20.190.159.23

20.190.159.64

20.190.159.0

40.126.31.69

DNS Request

www.bing.com

DNS Response

23.62.61.169

23.62.61.192

23.62.61.176

23.62.61.177

23.62.61.187

23.62.61.171

23.62.61.193

23.62.61.57

23.62.61.58

DNS Request

arc.msn.com

DNS Response

20.223.36.55

DNS Request

55.36.223.20.in-addr.arpa

DNS Request

55.36.223.20.in-addr.arpa
142.250.180.14:443

apis.google.com

https

chrome.exe

4.6kB
50.9kB
26
44
224.0.0.251:5353

chrome.exe

204 B
3
216.58.212.206:443

clients2.google.com

https

chrome.exe

3.7kB
8.1kB
10
11
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

2.9kB
5.3kB
5
7
216.239.38.117:443

beacons2.gvt2.com

https

chrome.exe

2.9kB
6.3kB
6
8
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

4.0kB
3.8kB
17
14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3a897a0bf91d6130da7956345a651061

SHA1
b363c603d80fe5e79b66400675ecc3c83ddaee1b

SHA256
69fae9a70d56a969780522c333fc4a8ff201b18242c743a9ab57f2160a7e8ffa

SHA512
d45064be136dbfb68c97b8796d723310573b040b1560072e43dca57828b82d5377ae50fd8ac2753e0bc5c2437fc05a6a25567e0fa68ef173ab0115419e2cdd3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dbc20a0238dcaa70cd030a51c60d605b

SHA1
601c2b5df44e46fbeb64087d37884be8857e60f4

SHA256
813666c21e5620ea0caeccd56dbcd275883cac43943e638c672644c77d82720b

SHA512
16b46305d959fef3be967d8ffa8c5372bfc844dda6d20c2585d901064c80098c43b4b4d7eeffcec127636605f3297e8b8c91acdbabd9a80bdfa03d969ff9f1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4e6ba42c8224e7d9fc865dcb2f2f373a

SHA1
f024c1aac48d388b18c5ebd61078ea2e7cba2075

SHA256
0ce5dd07369312f065886de61b42556096da08752175e05baf768347cf0d516d

SHA512
a3a1c92fd40b5a6200a1f897f43a54a8ae0aef2db9de4da7f6eb546efaae3c677f8348b36b3a937f7582e9e9854c0def396a523ada2fceb320164133e0d22d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
91c7586b751d5280dd01a1f7f3b6ca50

SHA1
e95102c828ce0eeda88c0d5017b67210c6c76397

SHA256
aaa656cebd3167c89f6d80a86ee77a85faa197f2bf3af4b29c0bb82c3331ee88

SHA512
8a9193d68fbece2d3a12868a70f66b118474af5c6d13774e97ed823c9e8f024b979d0e69aef9ef41f29482269b9dcf094354b0ff90ff1bf514813af416619d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
029d7e23bd22c7eb513a97a55cea53b0

SHA1
236a34c7bc2d78ec4bb88a01f827b8f5ec5a937b

SHA256
2420dd58a81466b21c92a863f7d4e2987318c2fdee74b45f515df08025de9b5e

SHA512
be59d66c501917bf61b1dd05ff1cedacea662ef92dafe68b96670d91b5522b1f06da56e3a2179dfbf157142485203531ccb8659d0958cc3f052179be0c2f15ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
887d8c3c3d2262d9a7553abb449a8522

SHA1
5da21e4b8ba694af0294106fd346a61716564d27

SHA256
61a3722137381a5dedbc411dbf6082cf2e36034991fb49b8fe0567069662409d

SHA512
7b986a0691e19baf054b2ed1589db037993fbbf41bfbfcc46565259f278ad9c5dec63c22aae989f4879cc668d065950501432c9fd03612d6f7b0eac024ab7841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
615124d5b0b1245ac9e6a929c12a94aa

SHA1
a19bdefc7be16699d424e56e3635e60a3d356934

SHA256
9e5d8bfe1a63f1d413ad6b439c01f05990ce53aa7677187675ac0e5ecebb64a5

SHA512
4e62e4106447e514ae1f4b7a075a34939b2281140d4dfa071436fdac4d68f1a2dd982ed83e284363fb13ae661cdd37612e95eee3f786024bd4f29d9af4795483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
419a8ab625f0aecf5579df23c520079b

SHA1
787d9c8e15c34308f3984bb5164def5e35c89849

SHA256
ab8c2c8985b9a018fab8e43828f88ad97dda7a33f5846ebc037dc6d4f32122b4

SHA512
6c3d6435a08e04d6e8496fc662af946201a50906dc49f57ab48f7fc0922ed486159b00a1a635c9398e1bd1199f727c4a9e71f361b43b862181ac129e2abee1f9

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.