Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

winprofile

windows7-x64

3

winprofile

windows10-1703-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    255s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 12:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe

  • Size

    1.1MB

  • MD5

    1d0d1194b728e7f76f62aa1e09780fde

  • SHA1

    3a7c0abfaed7785ddb57e2a4b7c0a67097ef511a

  • SHA256

    f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88

  • SHA512

    d88686711c5594e5e2314eaf27dbb3f7ec8a1e77d8cce8743149a2feb191d25f13ac480d3dc41bd6f89860d1fe7a2542874224b46ee42051d690862bef468568

  • SSDEEP

    24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8auU2+b+HdiJUX:sTvC/MTQYxsWR7auU2+b+HoJU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
    "C:\Users\Admin\AppData\Local\Temp\f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7009758,0x7fef7009768,0x7fef7009778
        3⤵
          PID:2892
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:2
          3⤵
            PID:2432
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:8
            3⤵
              PID:1896
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:8
              3⤵
                PID:2520
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:1
                3⤵
                  PID:1620
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:1
                  3⤵
                    PID:1428
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1192 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:2
                    3⤵
                      PID:1212
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1244 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:1
                      3⤵
                        PID:484
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2324 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:1
                        3⤵
                          PID:2960
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3476 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:8
                          3⤵
                            PID:2380
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1356,i,377875430389889204,5935559325375669272,131072 /prefetch:8
                            3⤵
                              PID:2792
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:112

                          Network

                          • flag-us
                            DNS
                            www.youtube.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.youtube.com
                            IN A
                            Response
                            www.youtube.com
                            IN CNAME
                            youtube-ui.l.google.com
                            youtube-ui.l.google.com
                            IN A
                            216.58.212.238
                            youtube-ui.l.google.com
                            IN A
                            172.217.169.78
                            youtube-ui.l.google.com
                            IN A
                            172.217.169.46
                            youtube-ui.l.google.com
                            IN A
                            142.250.179.238
                            youtube-ui.l.google.com
                            IN A
                            142.250.180.14
                            youtube-ui.l.google.com
                            IN A
                            142.250.187.206
                            youtube-ui.l.google.com
                            IN A
                            142.250.187.238
                            youtube-ui.l.google.com
                            IN A
                            142.250.178.14
                            youtube-ui.l.google.com
                            IN A
                            172.217.16.238
                            youtube-ui.l.google.com
                            IN A
                            142.250.200.14
                            youtube-ui.l.google.com
                            IN A
                            142.250.200.46
                            youtube-ui.l.google.com
                            IN A
                            216.58.201.110
                            youtube-ui.l.google.com
                            IN A
                            216.58.204.78
                            youtube-ui.l.google.com
                            IN A
                            216.58.213.14
                            youtube-ui.l.google.com
                            IN A
                            172.217.169.14
                            youtube-ui.l.google.com
                            IN A
                            216.58.212.206
                          • flag-gb
                            GET
                            https://www.youtube.com/account
                            chrome.exe
                            Remote address:
                            216.58.212.238:443
                            Request
                            GET /account HTTP/2.0
                            host: www.youtube.com
                            sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-ch-ua-arch: "x86"
                            sec-ch-ua-platform-version: "0.1.0"
                            sec-ch-ua-model: ""
                            sec-ch-ua-bitness: "64"
                            sec-ch-ua-wow64: ?0
                            sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
                            x-client-data: CJH4ygE=
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            accounts.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            accounts.google.com
                            IN A
                            Response
                            accounts.google.com
                            IN A
                            173.194.69.84
                          • flag-nl
                            GET
                            https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en
                            chrome.exe
                            Remote address:
                            173.194.69.84:443
                            Request
                            GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en HTTP/2.0
                            host: accounts.google.com
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            sec-ch-ua-arch: "x86"
                            sec-ch-ua-platform-version: "0.1.0"
                            sec-ch-ua-model: ""
                            sec-ch-ua-bitness: "64"
                            sec-ch-ua-wow64: ?0
                            sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
                            x-client-data: CJH4ygE=
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            content-autofill.googleapis.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            content-autofill.googleapis.com
                            IN A
                            Response
                            content-autofill.googleapis.com
                            IN A
                            216.58.201.106
                            content-autofill.googleapis.com
                            IN A
                            216.58.204.74
                            content-autofill.googleapis.com
                            IN A
                            216.58.212.202
                            content-autofill.googleapis.com
                            IN A
                            216.58.212.234
                            content-autofill.googleapis.com
                            IN A
                            172.217.169.74
                            content-autofill.googleapis.com
                            IN A
                            172.217.169.42
                            content-autofill.googleapis.com
                            IN A
                            142.250.179.234
                            content-autofill.googleapis.com
                            IN A
                            142.250.180.10
                            content-autofill.googleapis.com
                            IN A
                            142.250.187.202
                            content-autofill.googleapis.com
                            IN A
                            142.250.187.234
                            content-autofill.googleapis.com
                            IN A
                            142.250.178.10
                            content-autofill.googleapis.com
                            IN A
                            172.217.16.234
                            content-autofill.googleapis.com
                            IN A
                            142.250.200.10
                            content-autofill.googleapis.com
                            IN A
                            142.250.200.42
                          • flag-gb
                            GET
                            https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                            chrome.exe
                            Remote address:
                            216.58.201.106:443
                            Request
                            GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto HTTP/2.0
                            host: content-autofill.googleapis.com
                            x-goog-encode-response-if-executable: base64
                            x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                            x-client-data: CJH4ygE=
                            sec-fetch-site: none
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            accounts.youtube.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            accounts.youtube.com
                            IN A
                            Response
                            accounts.youtube.com
                            IN CNAME
                            www3.l.google.com
                            www3.l.google.com
                            IN A
                            172.217.16.238
                          • flag-gb
                            GET
                            https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2144391703&timestamp=1714394042748
                            chrome.exe
                            Remote address:
                            172.217.16.238:443
                            Request
                            GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2144391703&timestamp=1714394042748 HTTP/2.0
                            host: accounts.youtube.com
                            sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-full-version: "106.0.5249.119"
                            sec-ch-ua-arch: "x86"
                            sec-ch-ua-platform: "Windows"
                            sec-ch-ua-platform-version: "0.1.0"
                            sec-ch-ua-model: ""
                            sec-ch-ua-bitness: "64"
                            sec-ch-ua-wow64: ?0
                            sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            x-client-data: CJH4ygE=
                            sec-fetch-site: cross-site
                            sec-fetch-mode: navigate
                            sec-fetch-dest: iframe
                            referer: https://accounts.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: YSC=FbMCEJnpcGQ
                            cookie: VISITOR_INFO1_LIVE=3fw4F2Jeihg
                            cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUA%3D%3D
                          • flag-us
                            DNS
                            play.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            play.google.com
                            IN A
                            Response
                            play.google.com
                            IN A
                            142.250.187.206
                          • flag-gb
                            OPTIONS
                            https://play.google.com/log?format=json&hasfast=true&authuser=0
                            chrome.exe
                            Remote address:
                            142.250.187.206:443
                            Request
                            OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                            host: play.google.com
                            accept: */*
                            access-control-request-method: POST
                            access-control-request-headers: x-goog-authuser
                            origin: https://accounts.google.com
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            sec-fetch-mode: cors
                            sec-fetch-site: same-site
                            sec-fetch-dest: empty
                            referer: https://accounts.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            www.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.google.com
                            IN A
                            Response
                            www.google.com
                            IN A
                            142.250.178.4
                          • flag-gb
                            GET
                            https://www.google.com/favicon.ico
                            chrome.exe
                            Remote address:
                            142.250.178.4:443
                            Request
                            GET /favicon.ico HTTP/2.0
                            host: www.google.com
                            sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            sec-ch-ua-arch: "x86"
                            sec-ch-ua-full-version: "106.0.5249.119"
                            sec-ch-ua-platform-version: "0.1.0"
                            sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
                            sec-ch-ua-bitness: "64"
                            sec-ch-ua-model:
                            sec-ch-ua-wow64: ?0
                            sec-ch-ua-platform: "Windows"
                            accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            x-client-data: CJH4ygE=
                            sec-fetch-site: same-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            referer: https://accounts.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            beacons.gcp.gvt2.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            beacons.gcp.gvt2.com
                            IN A
                            Response
                            beacons.gcp.gvt2.com
                            IN CNAME
                            beacons-handoff.gcp.gvt2.com
                            beacons-handoff.gcp.gvt2.com
                            IN A
                            192.178.49.163
                          • flag-us
                            POST
                            https://beacons.gcp.gvt2.com/domainreliability/upload
                            chrome.exe
                            Remote address:
                            192.178.49.163:443
                            Request
                            POST /domainreliability/upload HTTP/2.0
                            host: beacons.gcp.gvt2.com
                            content-length: 300
                            content-type: application/json; charset=utf-8
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            POST
                            https://beacons.gcp.gvt2.com/domainreliability/upload
                            chrome.exe
                            Remote address:
                            192.178.49.163:443
                            Request
                            POST /domainreliability/upload HTTP/2.0
                            host: beacons.gcp.gvt2.com
                            content-length: 335
                            content-type: application/json; charset=utf-8
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            POST
                            https://beacons.gcp.gvt2.com/domainreliability/upload
                            chrome.exe
                            Remote address:
                            192.178.49.163:443
                            Request
                            POST /domainreliability/upload HTTP/2.0
                            host: beacons.gcp.gvt2.com
                            content-length: 275
                            content-type: application/json; charset=utf-8
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            google.com
                            IN A
                            Response
                            google.com
                            IN A
                            142.250.200.46
                          • flag-gb
                            POST
                            https://google.com/domainreliability/upload
                            chrome.exe
                            Remote address:
                            142.250.200.46:443
                            Request
                            POST /domainreliability/upload HTTP/2.0
                            host: google.com
                            content-length: 269
                            content-type: application/json; charset=utf-8
                            user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            accounts.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            accounts.google.com
                            IN A
                            Response
                            accounts.google.com
                            IN A
                            173.194.69.84
                          • 216.58.212.238:443
                            https://www.youtube.com/account
                            tls, http2
                            chrome.exe
                            2.3kB
                             10.8kB
                             20
                            22

                            HTTP Request

                            GET https://www.youtube.com/account
                          • 216.58.212.238:443
                            www.youtube.com
                            tls, http2
                            chrome.exe
                            1.0kB
                             8.4kB
                             10
                            10
                          • 173.194.69.84:443
                            https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en
                            tls, http2
                            chrome.exe
                            2.5kB
                             7.9kB
                             19
                            20

                            HTTP Request

                            GET https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en
                          • 216.58.201.106:443
                            https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                            tls, http2
                            chrome.exe
                            2.0kB
                             7.1kB
                             18
                            19

                            HTTP Request

                            GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                          • 172.217.16.238:443
                            https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2144391703&timestamp=1714394042748
                            tls, http2
                            chrome.exe
                            2.7kB
                             24.9kB
                             24
                            30

                            HTTP Request

                            GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2144391703&timestamp=1714394042748
                          • 142.250.187.206:443
                            https://play.google.com/log?format=json&hasfast=true&authuser=0
                            tls, http2
                            chrome.exe
                            2.0kB
                             8.7kB
                             19
                            20

                            HTTP Request

                            OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
                          • 142.250.178.4:443
                            https://www.google.com/favicon.ico
                            tls, http2
                            chrome.exe
                            2.2kB
                             8.3kB
                             18
                            18

                            HTTP Request

                            GET https://www.google.com/favicon.ico
                          • 192.178.49.163:443
                            https://beacons.gcp.gvt2.com/domainreliability/upload
                            tls, http2
                            chrome.exe
                            3.5kB
                             8.0kB
                             29
                            30

                            HTTP Request

                            POST https://beacons.gcp.gvt2.com/domainreliability/upload

                            HTTP Request

                            POST https://beacons.gcp.gvt2.com/domainreliability/upload

                            HTTP Request

                            POST https://beacons.gcp.gvt2.com/domainreliability/upload
                          • 173.194.69.84:443
                            accounts.google.com
                            tls, http2
                            chrome.exe
                            1.1kB
                             5.9kB
                             11
                            10
                          • 142.250.200.46:443
                            https://google.com/domainreliability/upload
                            tls, http2
                            chrome.exe
                            2.1kB
                             9.7kB
                             18
                            19

                            HTTP Request

                            POST https://google.com/domainreliability/upload
                          • 8.8.8.8:53
                            www.youtube.com
                            dns
                            chrome.exe
                            61 B
                             351 B
                             1
                            1

                            DNS Request

                            www.youtube.com

                            DNS Response

                            216.58.212.238
                            172.217.169.78
                            172.217.169.46
                            142.250.179.238
                            142.250.180.14
                            142.250.187.206
                            142.250.187.238
                            142.250.178.14
                            172.217.16.238
                            142.250.200.14
                            142.250.200.46
                            216.58.201.110
                            216.58.204.78
                            216.58.213.14
                            172.217.169.14
                            216.58.212.206

                          • 8.8.8.8:53
                            accounts.google.com
                            dns
                            chrome.exe
                            65 B
                             81 B
                             1
                            1

                            DNS Request

                            accounts.google.com

                            DNS Response

                            173.194.69.84

                          • 173.194.69.84:443
                            accounts.google.com
                            https
                            chrome.exe
                            10.0kB
                             128.1kB
                             77
                            127
                          • 8.8.8.8:53
                            content-autofill.googleapis.com
                            dns
                            chrome.exe
                            77 B
                             301 B
                             1
                            1

                            DNS Request

                            content-autofill.googleapis.com

                            DNS Response

                            216.58.201.106
                            216.58.204.74
                            216.58.212.202
                            216.58.212.234
                            172.217.169.74
                            172.217.169.42
                            142.250.179.234
                            142.250.180.10
                            142.250.187.202
                            142.250.187.234
                            142.250.178.10
                            172.217.16.234
                            142.250.200.10
                            142.250.200.42

                          • 8.8.8.8:53
                            accounts.youtube.com
                            dns
                            chrome.exe
                            66 B
                             110 B
                             1
                            1

                            DNS Request

                            accounts.youtube.com

                            DNS Response

                            172.217.16.238

                          • 8.8.8.8:53
                            play.google.com
                            dns
                            chrome.exe
                            61 B
                             77 B
                             1
                            1

                            DNS Request

                            play.google.com

                            DNS Response

                            142.250.187.206

                          • 142.250.187.206:443
                            play.google.com
                            https
                            chrome.exe
                            10.5kB
                             10.0kB
                             23
                            27
                          • 8.8.8.8:53
                            www.google.com
                            dns
                            chrome.exe
                            60 B
                             76 B
                             1
                            1

                            DNS Request

                            www.google.com

                            DNS Response

                            142.250.178.4

                          • 224.0.0.251:5353
                            chrome.exe
                            204 B
                             3
                          • 173.194.69.84:443
                            accounts.google.com
                            https
                            chrome.exe
                            3.0kB
                             3.9kB
                             8
                            10
                          • 173.194.69.84:443
                            accounts.google.com
                            https
                            chrome.exe
                            2.5kB
                             8.2kB
                             7
                            11
                          • 8.8.8.8:53
                            beacons.gcp.gvt2.com
                            dns
                            chrome.exe
                            66 B
                             112 B
                             1
                            1

                            DNS Request

                            beacons.gcp.gvt2.com

                            DNS Response

                            192.178.49.163

                          • 8.8.8.8:53
                            google.com
                            dns
                            chrome.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            google.com

                            DNS Response

                            142.250.200.46

                          • 192.178.49.163:443
                            beacons.gcp.gvt2.com
                            https
                            chrome.exe
                            3.3kB
                             8.0kB
                             9
                            10
                          • 8.8.8.8:53
                            accounts.google.com
                            dns
                            chrome.exe
                            65 B
                             81 B
                             1
                            1

                            DNS Request

                            accounts.google.com

                            DNS Response

                            173.194.69.84

                          • 173.194.69.84:443
                            accounts.google.com
                            https
                            chrome.exe
                            2.3kB
                             3.6kB
                             8
                            9
                          • 173.194.69.84:443
                            accounts.google.com
                            https
                            2.8kB
                             3.9kB
                             9
                            9
                          • 142.250.200.46:443
                            google.com
                            https
                            3.6kB
                             8.2kB
                             8
                            11
                          • 192.178.49.163:443
                            beacons.gcp.gvt2.com
                            https
                            2.5kB
                             3.6kB
                             10
                            10

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
                            Filesize

                            16B

                            MD5

                            aefd77f47fb84fae5ea194496b44c67a

                            SHA1

                            dcfbb6a5b8d05662c4858664f81693bb7f803b82

                            SHA256

                            4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                            SHA512

                            b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                            Filesize

                            1KB

                            MD5

                            b87204c979780b5e58888f0a56edc0e4

                            SHA1

                            b03b010e5025b33e73bcafd00dd25f345e3ff37b

                            SHA256

                            0585f05d1219bb5bae15ecf2cd5845a6c4a8adfcd1770c6e12f95f2019357033

                            SHA512

                            4b4b0beacdd8a89fcb58fe5b998ae254c1ab61087d45d3df023bca85030e4082d9b7e441c2f7cfefb67f535015b8b55008184f1dac91b8fc342227b53cf417e2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                            Filesize

                            2KB

                            MD5

                            b304347cdc685301e200fee026dab0fe

                            SHA1

                            4d8d1ef006f319bf820b56ec7b0206b00e2b0e37

                            SHA256

                            55068cf82b1acf2e16937f70e65f1f95b5448f89c937b8799f3b498e936e0efa

                            SHA512

                            ece7e83dcf4ddd8ba2e75709b52f3f024af64e7331b68bb4d7f16218d272c2c00a6ec77d26675c6cf6fd1c980332e1b9b74b6f5e19fff58bcbcdf6853953e196

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                            Filesize

                            2KB

                            MD5

                            bc21e1731e2287fbcb9187cd57c4c24e

                            SHA1

                            a898e678c021b1fc3dbac6cd8c1314e07c5aef70

                            SHA256

                            e63bd4d866a40747869b4bbf336b8547376625b2b5790ff74a2db9344a294500

                            SHA512

                            ce01f0d8504e819f3450032284b79f9ba8011e3bd5ee6e9e41ea535eb302b2ce3b040e057e0872dfe835c61b6345992d9726eef99801ee35a4f22699c937d453

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                            Filesize

                            525B

                            MD5

                            5e9ec9de53657bcd3ad964d8f669c292

                            SHA1

                            467b0590a9f81bc97d74973d4dc679bdbd557e19

                            SHA256

                            37dab421fbfa293b1b90dd286d2a92c1191d82c32591d082085dfb61101aee1e

                            SHA512

                            493d15d63d18e9c2a5b3a677d8bbc5c26db61a6a0cb4684ba022d24b2b4d8a63ed5ef068a7c06cd6353d0de6a78b282c64058566635851710936e2b93f844585

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf77360e.TMP
                            Filesize

                            525B

                            MD5

                            7442ebbfff0cb5daaca14cf50f82af41

                            SHA1

                            7e7c07af73524ae18eeebd0ecc63a8400e08a733

                            SHA256

                            7489db0423e7154d24d7e24bf0d0651357e661c44a6bb55db9837b5f30301a35

                            SHA512

                            820ac3d6f16db02f25d467f1d8b933dd0e419660bcadbf8c4d07c061c4908cc593a67e8854f65b9e92e5214dcc2c068ff28afe448455df80d011fa1c8991a1f7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            c327750e88580cc48bb0d3bc7532607d

                            SHA1

                            449f6f9d9d0e203d65f558bc9a81e2ba3f1601e0

                            SHA256

                            65004b58730d3107e811db8842464fec7150536eb0cf27412a78582d2855108a

                            SHA512

                            9a8a664c6913156d4ccc2693eee216b96a6ace21890036ef36f7d5d8ca540a130ac125679ae0cc72df8fc7a72bf372fbe08a572f84be569c42a74fd46fe3eb5a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            af3f49575be255dd47dc35263a893769

                            SHA1

                            213c100e019a879a7f4ccdddf0161876c6468aad

                            SHA256

                            3f96fee212ad5c953b1ba5faeac725ede825c2197e30a754b26e497d7ad45760

                            SHA512

                            cecb7459d182cd40ba5e8202674152d767d156b854372d47141df7e33a332b1bbacf7520212cf989e272e3c89bf67bdff3c3c9068568fb236fe4cfc8beee5e71

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
                            Filesize

                            16B

                            MD5

                            18e723571b00fb1694a3bad6c78e4054

                            SHA1

                            afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                            SHA256

                            8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                            SHA512

                            43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.