Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
10/05/2024, 15:25 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
http://google.com
Resource
win10-20240404-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598283346151770" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2752 chrome.exe 2752 chrome.exe 4196 chrome.exe 4196 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe Token: SeShutdownPrivilege 2752 chrome.exe Token: SeCreatePagefilePrivilege 2752 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe 2752 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2752 wrote to memory of 1464 2752 chrome.exe 73 PID 2752 wrote to memory of 1464 2752 chrome.exe 73 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 776 2752 chrome.exe 75 PID 2752 wrote to memory of 804 2752 chrome.exe 76 PID 2752 wrote to memory of 804 2752 chrome.exe 76 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77 PID 2752 wrote to memory of 780 2752 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe2289758,0x7fffe2289768,0x7fffe22897782⤵PID:1464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:22⤵PID:776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:82⤵PID:804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:82⤵PID:780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:12⤵PID:4968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2640 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:12⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:12⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:82⤵PID:2388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:82⤵PID:4188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=688 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4196
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1548
Network
-
Remote address:8.8.8.8:53Requestgoogle.comIN AResponsegoogle.comIN A142.250.200.14
-
Remote address:142.250.200.14:80RequestGET / HTTP/1.1
Host: google.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-REuKDFv1FA7nZk7fH35nAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Permissions-Policy: unload=()
Date: Fri, 10 May 2024 15:25:31 GMT
Expires: Sun, 09 Jun 2024 15:25:31 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.178.4
-
Remote address:142.250.178.4:443RequestGET / HTTP/2.0
host: www.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "4.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
x-client-data: COiBywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request14.200.250.142.in-addr.arpaIN PTRResponse14.200.250.142.in-addr.arpaIN PTRlhr48s29-in-f141e100net
-
Remote address:8.8.8.8:53Request4.178.250.142.in-addr.arpaIN PTRResponse4.178.250.142.in-addr.arpaIN PTRlhr48s27-in-f41e100net
-
Remote address:8.8.8.8:53Requestcontent-autofill.googleapis.comIN AResponsecontent-autofill.googleapis.comIN A172.217.169.10content-autofill.googleapis.comIN A216.58.212.202content-autofill.googleapis.comIN A142.250.179.234content-autofill.googleapis.comIN A142.250.180.10content-autofill.googleapis.comIN A142.250.187.202content-autofill.googleapis.comIN A142.250.187.234content-autofill.googleapis.comIN A142.250.178.10content-autofill.googleapis.comIN A172.217.16.234content-autofill.googleapis.comIN A142.250.200.10content-autofill.googleapis.comIN A142.250.200.42content-autofill.googleapis.comIN A216.58.201.106content-autofill.googleapis.comIN A216.58.204.74
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A216.58.201.110
-
GEThttps://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=protochrome.exeRemote address:172.217.169.10:443RequestGET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: COiBywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0chrome.exeRemote address:216.58.201.110:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COiBywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AQTF6Hzz-VSujSw7Vyo1WMjjJ8rWLl_4ZCle247Dpgifz8p_C7qEF9fnIw
cookie: __Secure-ENID=19.SE=o2TCVofXyGdZUnpBVZP7KSD1hd-u_U-cgvfCh7SuCOyq2spmcbEAruN5YW6Z57G3nCukgnnIBDueTpI24F00rtn9WpZUY7-dscvhR4Tqo0NkkDf18EJGzvKFMU1dfdtT9cpQqPaApTaNLSrpDBfrnn0Vm6p5ECh8VUzZzeHe7TvNULhjTXw
-
Remote address:8.8.8.8:53Request195.212.58.216.in-addr.arpaIN PTRResponse195.212.58.216.in-addr.arpaIN PTRlhr25s27-in-f31e100net195.212.58.216.in-addr.arpaIN PTRams16s21-in-f195�H195.212.58.216.in-addr.arpaIN PTRams16s21-in-f3�H
-
Remote address:8.8.8.8:53Request3.180.250.142.in-addr.arpaIN PTRResponse3.180.250.142.in-addr.arpaIN PTRlhr25s32-in-f31e100net
-
Remote address:8.8.8.8:53Request10.169.217.172.in-addr.arpaIN PTRResponse10.169.217.172.in-addr.arpaIN PTRlhr25s26-in-f101e100net
-
Remote address:8.8.8.8:53Request110.201.58.216.in-addr.arpaIN PTRResponse110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f1101e100net110.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f14�J110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f14�J
-
Remote address:8.8.8.8:53Requestplay.google.comIN AResponseplay.google.comIN A142.250.187.206
-
Remote address:142.250.187.206:443RequestPOST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 917
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://www.google.com
x-client-data: COiBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AQTF6Hzz-VSujSw7Vyo1WMjjJ8rWLl_4ZCle247Dpgifz8p_C7qEF9fnIw
cookie: __Secure-ENID=19.SE=WxOPIeju_Iq1jQkzmQQyxMWxH1OncExMCL8esb0eBHLQ3cR0JIQR2OWwnP6NgDivvHcS3bdsxChVSNqDu4iOaIDSnOSErRo_od1CyTMBbq1tUGJDAaOJmB9kf1_9tFRD0OYDif504yTIzdvPJnmTSQKjII0HA8rjksB-uMFT02E6NFRgd7qqDVmwu-dBKNrbvRxLDg
-
Remote address:8.8.8.8:53Request206.187.250.142.in-addr.arpaIN PTRResponse206.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f141e100net
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestbeacons.gcp.gvt2.comIN AResponsebeacons.gcp.gvt2.comIN CNAMEbeacons-handoff.gcp.gvt2.combeacons-handoff.gcp.gvt2.comIN A172.217.169.35
-
Remote address:172.217.169.35:443RequestPOST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 533
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request35.169.217.172.in-addr.arpaIN PTRResponse35.169.217.172.in-addr.arpaIN PTRlhr48s08-in-f31e100net
-
Remote address:8.8.8.8:53Request14.179.89.13.in-addr.arpaIN PTRResponse
-
282 B 236 B 6 5
-
282 B 196 B 6 4
-
747 B 1.2kB 7 5
HTTP Request
GET http://google.com/HTTP Response
301 -
3.4kB 85.5kB 43 73
HTTP Request
GET https://www.google.com/ -
172.217.169.10:443https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=prototls, http2chrome.exe1.9kB 7.0kB 16 17
HTTP Request
GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto -
216.58.201.110:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0tls, http2chrome.exe3.3kB 49.8kB 41 44
HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 -
3.2kB 9.1kB 19 20
HTTP Request
POST https://play.google.com/log?format=json&hasfast=true -
2.2kB 7.1kB 15 15
HTTP Request
POST https://beacons.gcp.gvt2.com/domainreliability/upload
-
56 B 72 B 1 1
DNS Request
google.com
DNS Response
142.250.200.14
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.178.4
-
118 B 182 B 1 1
DNS Request
0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
14.200.250.142.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
4.178.250.142.in-addr.arpa
-
21.7kB 591.7kB 147 528
-
77 B 269 B 1 1
DNS Request
content-autofill.googleapis.com
DNS Response
172.217.169.10216.58.212.202142.250.179.234142.250.180.10142.250.187.202142.250.187.234142.250.178.10172.217.16.234142.250.200.10142.250.200.42216.58.201.106216.58.204.74
-
61 B 98 B 1 1
DNS Request
apis.google.com
DNS Response
216.58.201.110
-
73 B 171 B 1 1
DNS Request
195.212.58.216.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
3.180.250.142.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
10.169.217.172.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
110.201.58.216.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
play.google.com
DNS Response
142.250.187.206
-
74 B 113 B 1 1
DNS Request
206.187.250.142.in-addr.arpa
-
204 B 3
-
72 B 158 B 1 1
DNS Request
19.229.111.52.in-addr.arpa
-
66 B 112 B 1 1
DNS Request
beacons.gcp.gvt2.com
DNS Response
172.217.169.35
-
73 B 111 B 1 1
DNS Request
35.169.217.172.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
14.179.89.13.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD544e24c2c9ba68ac83f783315a827c1e4
SHA11e51e3e194540de7f7e4cfeae96d9102d9d17233
SHA256836efe10541a1a2895ee5d71de1d83b81f9a23373f6785d7405fca068ffccf88
SHA512a93ebebe709f525888ea291e380a2fb117d5a05ae7370392d3f12dd3f260f8ea132434607b58c20313423ff8c71d9d45d2f1510201079c08c98f3da7f0d5f2a8
-
Filesize
1KB
MD59110ce0e1d13cdf6d0ae7e90b8be3f38
SHA1e1c3ceb11f5f744daea3add87c353cdf5cfebf6e
SHA256c2d2db392dffe5d2ca1e89415a40956fffc130354053342d0d4c3efdc2df1779
SHA51203b79190125b754927fc867ced2bc69c28f25a1cc9f034a54d4eb190f09d7d8cad703355cd11e3e8b84609500739b8b504a2603afe60694c4c64fa80a1047d25
-
Filesize
1018B
MD59c29db5689707d5dda8f4af66833d0e6
SHA17b490b181cd7a8f3a38b011433955a652c6a28bb
SHA256794e840703967b575e83cd514087e8f98ae27e5008f33d87204d1df073b1282c
SHA51231c7b460e7b4af72ad6f05e6bc704638a5419cedddfff66b069e1084652c5b5690ed64821440b8429a49ee17d786818a216d14370264d66773f462b6188ef54b
-
Filesize
371B
MD5d66f3da4667d0a52709feeb2a54f0022
SHA159978b87e73565e3a7481279d7634e5750386549
SHA25662035d7bebad8099fa720948b0bf5491b8b9e8ef90d22680f44d51eebd49ae6e
SHA512073f3dd8bfdca3a2bbae4df2fe14617888f1b374fab495f4f7bc602a9c1210fd4ac029fe97f2512f25e6a970e211c7c2658d2b920e6c2b6c1fa97e4d646167a1
-
Filesize
6KB
MD5904b3f420d218f22a190f1a46d230625
SHA1f498b76db688bb9cc4a2d0efecde8747e238aa1a
SHA2566ade467a2ff87daa4ac2a6ac449b8a0bd6a49236bd6289cae0102504f6f3a2c0
SHA512f8bb6a701f505f7ca7eb648eec0e804c96f5a7078969922857c8958c224c9bd0cd7621e1dcd17137f367fe69d6a55f6f443a2529daf9d2881d88b3c6faa083da
-
Filesize
6KB
MD5501dae656ec5ec1bfa717313ce2435d5
SHA191dd4697e7fc49c5ca21716f8915c94c8f35cdfe
SHA2562278ad689abc8c5f6e47ee570924e34fa027ee39baeaeee35f16188f5bcce8cf
SHA512f7bd4e41a1e78e85e932979c7ed37331a02eeca4f1c41da09d8c313ebf4eb35b35d2a9ec2f12d2b2a15556a8c1abe2169479803d4be9f4a61d7a8dd72899a93f
-
Filesize
6KB
MD574ddaca233bc2f9c5a7597f301ba3a6c
SHA14ce08b7bb101b36b1f8c1e6156956b17d8e35978
SHA256f879a7a4f400071c8cdb6e7cb0f64303374df11e62ab186ec9a7e108e4b1a9a6
SHA512ef448b20c5efbb87544ad744b8d6efa3d1715e95db7d0d722b3178f3e78a6702e0fe4ef561ba095fbfabf3409e57382e0a82771783b03b635dbc4b8fa2a0d943
-
Filesize
136KB
MD5a445996f0f14f17bfc7e5ebf4f3a47fb
SHA1e28d785135ef6751d699ee976803c3f5c2600683
SHA256e529ac550d3037c658780ad33cca9e5095ed84e4119627efeb92e912643fb17c
SHA512910d170a942a6d611e81f72e9d3c9284fd4c46c23ebb1107badaf027aa4906f35801d85678f693762a50a2239a72dbb0b5e07a2f9ce0d050c962d53f1e3812ed
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd