Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

wpad.js

windows7-x64

3

wpad.js

windows10-2004-x64

3

Analysis

  • max time kernel
    82s
  • max time network
    77s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 19:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wpad.js

  • Size

    1KB

  • MD5

    02b80d8c3b62d0494bb45d44f1789cce

  • SHA1

    0a195cc1037e584680d667ca4e7fa666c5df3a53

  • SHA256

    00df06e486137943654d3259f947dc01d162dc71fafa47f4938181c7c4e0067f

  • SHA512

    6b6a7eb196debba8af8147fb6f9df2af56ccabf4d21101157ef3a60eb8c31a0a8985f1613e1ed128893264abd3c36539c0d0d359a0b31d02c751473e587242c7

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 34 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\wpad.js
    1⤵
      PID:2972
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3844
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffff37ab58,0x7fffff37ab68,0x7fffff37ab78
        2⤵
          PID:2616
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:2
          2⤵
            PID:844
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:8
            2⤵
              PID:3020
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:8
              2⤵
                PID:856
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:1
                2⤵
                  PID:3276
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:1
                  2⤵
                    PID:2120
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4212 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:1
                    2⤵
                      PID:3224
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:8
                      2⤵
                        PID:5108
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:8
                        2⤵
                          PID:1388
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:8
                          2⤵
                            PID:4576
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:8
                            2⤵
                              PID:4836
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1984,i,12410055175877798797,3838850679113360916,131072 /prefetch:8
                              2⤵
                                PID:2772
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                                PID:3304

                              Network

                              • flag-us
                                DNS
                                g.bing.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                g.bing.com
                                IN A
                                Response
                                g.bing.com
                                IN CNAME
                                g-bing-com.dual-a-0034.a-msedge.net
                                g-bing-com.dual-a-0034.a-msedge.net
                                IN CNAME
                                dual-a-0034.a-msedge.net
                                dual-a-0034.a-msedge.net
                                IN A
                                204.79.197.237
                                dual-a-0034.a-msedge.net
                                IN A
                                13.107.21.237
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MUID=1F4FFB1437BA6AFB05AFEF6D369D6B78; domain=.bing.com; expires=Mon, 02-Jun-2025 19:29:51 GMT; path=/; SameSite=None; Secure; Priority=High;
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 4901204DF1DA47E5A4BF6647A02831F4 Ref B: LON04EDGE0706 Ref C: 2024-05-08T19:29:51Z
                                date: Wed, 08 May 2024 19:29:50 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=1F4FFB1437BA6AFB05AFEF6D369D6B78
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MSPTC=3D9eAUTExPNk6KSRYSBTr6s0eJTKKMVShmCwzL37_vA; domain=.bing.com; expires=Mon, 02-Jun-2025 19:29:51 GMT; path=/; Partitioned; secure; SameSite=None
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: DB5B6A388DBA426FA84F45AD8005F98C Ref B: LON04EDGE0706 Ref C: 2024-05-08T19:29:51Z
                                date: Wed, 08 May 2024 19:29:51 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=1F4FFB1437BA6AFB05AFEF6D369D6B78; MSPTC=3D9eAUTExPNk6KSRYSBTr6s0eJTKKMVShmCwzL37_vA
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 4E9EE23752B34998A1F5661FBFDEFD6E Ref B: LON04EDGE0706 Ref C: 2024-05-08T19:29:51Z
                                date: Wed, 08 May 2024 19:29:51 GMT
                              • flag-be
                                GET
                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                Remote address:
                                2.17.196.74:443
                                Request
                                GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                                host: www.bing.com
                                accept: */*
                                cookie: MUID=1F4FFB1437BA6AFB05AFEF6D369D6B78; MSPTC=3D9eAUTExPNk6KSRYSBTr6s0eJTKKMVShmCwzL37_vA
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-type: image/png
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                content-length: 1107
                                date: Wed, 08 May 2024 19:29:51 GMT
                                alt-svc: h3=":443"; ma=93600
                                x-cdn-traceid: 0.46c41102.1715196591.9c266ba
                              • flag-us
                                DNS
                                67.31.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                67.31.126.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                67.31.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                67.31.126.40.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                237.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.197.79.204.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                237.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.197.79.204.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                57.169.31.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                57.169.31.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                57.169.31.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                57.169.31.20.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                74.196.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                74.196.17.2.in-addr.arpa
                                IN PTR
                                Response
                                74.196.17.2.in-addr.arpa
                                IN PTR
                                a2-17-196-74deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                74.196.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                74.196.17.2.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                34.56.20.217.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                34.56.20.217.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                195.187.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                195.187.250.142.in-addr.arpa
                                IN PTR
                                Response
                                195.187.250.142.in-addr.arpa
                                IN PTR
                                lhr25s33-in-f31e100net
                              • flag-us
                                DNS
                                234.179.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                234.179.250.142.in-addr.arpa
                                IN PTR
                                Response
                                234.179.250.142.in-addr.arpa
                                IN PTR
                                lhr25s31-in-f101e100net
                              • flag-us
                                DNS
                                www.google.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.google.com
                                IN A
                                Response
                                www.google.com
                                IN A
                                142.250.178.4
                              • flag-us
                                DNS
                                4.178.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                4.178.250.142.in-addr.arpa
                                IN PTR
                                Response
                                4.178.250.142.in-addr.arpa
                                IN PTR
                                lhr48s27-in-f41e100net
                              • flag-us
                                DNS
                                play.google.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                play.google.com
                                IN A
                                Response
                                play.google.com
                                IN A
                                142.250.187.206
                              • flag-gb
                                POST
                                https://play.google.com/log?format=json&hasfast=true
                                chrome.exe
                                Remote address:
                                142.250.187.206:443
                                Request
                                POST /log?format=json&hasfast=true HTTP/2.0
                                host: play.google.com
                                content-length: 905
                                sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                sec-ch-ua-platform: "Windows"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                content-type: application/x-www-form-urlencoded;charset=UTF-8
                                accept: */*
                                origin: chrome-untrusted://new-tab-page
                                x-client-data: CKT5ygE=
                                sec-fetch-site: cross-site
                                sec-fetch-mode: cors
                                sec-fetch-dest: empty
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                DNS
                                206.187.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                206.187.250.142.in-addr.arpa
                                IN PTR
                                Response
                                206.187.250.142.in-addr.arpa
                                IN PTR
                                lhr25s33-in-f141e100net
                              • flag-us
                                DNS
                                clients2.google.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                clients2.google.com
                                IN A
                                Response
                                clients2.google.com
                                IN CNAME
                                clients.l.google.com
                                clients.l.google.com
                                IN A
                                172.217.16.238
                              • flag-us
                                DNS
                                238.16.217.172.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                238.16.217.172.in-addr.arpa
                                IN PTR
                                Response
                                238.16.217.172.in-addr.arpa
                                IN PTR
                                lhr48s28-in-f141e100net
                                238.16.217.172.in-addr.arpa
                                IN PTR
                                mad08s04-in-f14�I
                              • 204.79.197.237:443
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=
                                tls, http2
                                2.0kB
                                 9.2kB
                                 21
                                18

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=63dfd28c7ca049ce8ab1594af1fb80d1&localId=w:F7A0D56A-F9D0-CE0C-24BD-E32EA7746E44&deviceId=6825829383594079&anid=

                                HTTP Response

                                204
                              • 2.17.196.74:443
                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                tls, http2
                                1.6kB
                                 6.4kB
                                 18
                                12

                                HTTP Request

                                GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                                HTTP Response

                                200
                              • 142.250.178.4:443
                                www.google.com
                                tls
                                chrome.exe
                                907 B
                                 4.8kB
                                 7
                                8
                              • 142.250.187.206:443
                                https://play.google.com/log?format=json&hasfast=true
                                tls, http2
                                chrome.exe
                                2.7kB
                                 8.9kB
                                 14
                                17

                                HTTP Request

                                POST https://play.google.com/log?format=json&hasfast=true
                              • 172.217.16.238:443
                                clients2.google.com
                                tls, http2
                                chrome.exe
                                953 B
                                 8.3kB
                                 8
                                9
                              • 8.8.8.8:53
                                g.bing.com
                                dns
                                56 B
                                 151 B
                                 1
                                1

                                DNS Request

                                g.bing.com

                                DNS Response

                                204.79.197.237
                                13.107.21.237

                              • 8.8.8.8:53
                                67.31.126.40.in-addr.arpa
                                dns
                                142 B
                                 157 B
                                 2
                                1

                                DNS Request

                                67.31.126.40.in-addr.arpa

                                DNS Request

                                67.31.126.40.in-addr.arpa

                              • 8.8.8.8:53
                                237.197.79.204.in-addr.arpa
                                dns
                                146 B
                                 143 B
                                 2
                                1

                                DNS Request

                                237.197.79.204.in-addr.arpa

                                DNS Request

                                237.197.79.204.in-addr.arpa

                              • 8.8.8.8:53
                                57.169.31.20.in-addr.arpa
                                dns
                                142 B
                                 157 B
                                 2
                                1

                                DNS Request

                                57.169.31.20.in-addr.arpa

                                DNS Request

                                57.169.31.20.in-addr.arpa

                              • 8.8.8.8:53
                                74.196.17.2.in-addr.arpa
                                dns
                                140 B
                                 133 B
                                 2
                                1

                                DNS Request

                                74.196.17.2.in-addr.arpa

                                DNS Request

                                74.196.17.2.in-addr.arpa

                              • 8.8.8.8:53
                                34.56.20.217.in-addr.arpa
                                dns
                                71 B
                                 131 B
                                 1
                                1

                                DNS Request

                                34.56.20.217.in-addr.arpa

                              • 8.8.8.8:53
                                195.187.250.142.in-addr.arpa
                                dns
                                74 B
                                 112 B
                                 1
                                1

                                DNS Request

                                195.187.250.142.in-addr.arpa

                              • 8.8.8.8:53
                                234.179.250.142.in-addr.arpa
                                dns
                                74 B
                                 113 B
                                 1
                                1

                                DNS Request

                                234.179.250.142.in-addr.arpa

                              • 8.8.8.8:53
                                www.google.com
                                dns
                                chrome.exe
                                60 B
                                 76 B
                                 1
                                1

                                DNS Request

                                www.google.com

                                DNS Response

                                142.250.178.4

                              • 142.250.178.4:443
                                www.google.com
                                https
                                chrome.exe
                                4.9kB
                                 45.2kB
                                 32
                                47
                              • 8.8.8.8:53
                                4.178.250.142.in-addr.arpa
                                dns
                                72 B
                                 110 B
                                 1
                                1

                                DNS Request

                                4.178.250.142.in-addr.arpa

                              • 8.8.8.8:53
                                play.google.com
                                dns
                                chrome.exe
                                61 B
                                 77 B
                                 1
                                1

                                DNS Request

                                play.google.com

                                DNS Response

                                142.250.187.206

                              • 142.250.187.206:443
                                play.google.com
                                https
                                chrome.exe
                                3.2kB
                                 6.8kB
                                 9
                                9
                              • 8.8.8.8:53
                                206.187.250.142.in-addr.arpa
                                dns
                                74 B
                                 113 B
                                 1
                                1

                                DNS Request

                                206.187.250.142.in-addr.arpa

                              • 224.0.0.251:5353
                                chrome.exe
                                204 B
                                 3
                              • 8.8.8.8:53
                                clients2.google.com
                                dns
                                chrome.exe
                                65 B
                                 105 B
                                 1
                                1

                                DNS Request

                                clients2.google.com

                                DNS Response

                                172.217.16.238

                              • 172.217.16.238:443
                                clients2.google.com
                                https
                                chrome.exe
                                3.6kB
                                 8.3kB
                                 10
                                12
                              • 8.8.8.8:53
                                238.16.217.172.in-addr.arpa
                                dns
                                73 B
                                 142 B
                                 1
                                1

                                DNS Request

                                238.16.217.172.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                Filesize

                                352B

                                MD5

                                87b484a80339008029657182b2f204a9

                                SHA1

                                5dcf1bff74d76d0cb54cb49490c4d3ef63eca739

                                SHA256

                                ab99a63b4744e30e9d1451f88f1211321173af179819bae156b35debd70eb228

                                SHA512

                                e2b8662871fc1d44cc48fca1363b8f4662816d43e64fbbd9172b6c4a012684586a39232360d52e1459290f85b8f69039f02b17895a8082318819cf501556cc00

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                10531aa0cac059dde7e1f4f1328cb9de

                                SHA1

                                1628ed5f4b88882431933be586cd45ed2ef5152e

                                SHA256

                                d37429fa1f5966967e0d3b3e66778bdbcfa6d03e0a6215bf8b9bb565f9b78460

                                SHA512

                                307226fcb5daea74f13cad18146434f59c8c8cd2198053de2689ac6bf67b56fa6a4b3aeb25d40118f2e5a2268b6d95188088161a1dccff5c4e816efdaf78d826

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                257KB

                                MD5

                                b8b80a7e7193a40100b35a11f0d27f68

                                SHA1

                                5c8d7b44508d7a5dac65ff38b457af6a221bbd5b

                                SHA256

                                9554f16e24fd377a165f9775b83812f1d0b0c4ee061d5df822d073e5962172e5

                                SHA512

                                8c21e15baa0e60ef82e1f15ea18e5f6a2d4ec3cf996ccac666fb1b243d1d286a516a22b3f6ed6799b3acc5217e4ab8ef3ae23178dad322868a2b9d88387aea1e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                257KB

                                MD5

                                e00429e0e07640cf577400db4e40b4d7

                                SHA1

                                6a13af429a37fbf0355068378ba77a248f65d22a

                                SHA256

                                4cd234758bf06e0e2ac0b507f1ccaf6a1ec5a28c61df4e4634c0e305e58b6e6a

                                SHA512

                                6dee41e4c66f6d24ef7be400f43a438b7640aef6b14a695c958be0303abba8bba8e3410641fc5c42c3d49bc228fec6d5b06e5c1599300ca86b247b564d8c03d4

                                Download Submit

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.