hxxp://google[.]com

Analysis

max time kernel
149s
max time network
140s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/05/2024, 15:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598283346151770"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 1464	2752	chrome.exe	73
PID 2752 wrote to memory of 1464	2752	chrome.exe	73
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 804	2752	chrome.exe	76
PID 2752 wrote to memory of 804	2752	chrome.exe	76
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe2289758,0x7fffe2289768,0x7fffe2289778
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:2
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2640 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=688 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1548

Network

DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.200.14
GET

http://google.com/

chrome.exe

Remote address:

142.250.200.14:80

Request

GET / HTTP/1.1
Host: google.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-REuKDFv1FA7nZk7fH35nAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Permissions-Policy: unload=()
Date: Fri, 10 May 2024 15:25:31 GMT
Expires: Sun, 09 Jun 2024 15:25:31 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
GET

https://www.google.com/

chrome.exe

Remote address:

142.250.178.4:443

Request

GET / HTTP/2.0
host: www.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "4.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
x-client-data: COiBywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

Remote address:

8.8.8.8:53

Request

0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

4.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.178.250.142.in-addr.arpa

IN PTR

Response

4.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f41e100net
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto

chrome.exe

Remote address:

172.217.169.10:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: COiBywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: COiBywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AQTF6Hzz-VSujSw7Vyo1WMjjJ8rWLl_4ZCle247Dpgifz8p_C7qEF9fnIw
cookie: __Secure-ENID=19.SE=o2TCVofXyGdZUnpBVZP7KSD1hd-u_U-cgvfCh7SuCOyq2spmcbEAruN5YW6Z57G3nCukgnnIBDueTpI24F00rtn9WpZUY7-dscvhR4Tqo0NkkDf18EJGzvKFMU1dfdtT9cpQqPaApTaNLSrpDBfrnn0Vm6p5ECh8VUzZzeHe7TvNULhjTXw
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f31e100net

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f195�H

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f3�H
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

10.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.169.217.172.in-addr.arpa

IN PTR

Response

10.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f101e100net
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1101e100net

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f14�J

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�J
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.206
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

142.250.187.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 917
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://www.google.com
x-client-data: COiBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AQTF6Hzz-VSujSw7Vyo1WMjjJ8rWLl_4ZCle247Dpgifz8p_C7qEF9fnIw
cookie: __Secure-ENID=19.SE=WxOPIeju_Iq1jQkzmQQyxMWxH1OncExMCL8esb0eBHLQ3cR0JIQR2OWwnP6NgDivvHcS3bdsxChVSNqDu4iOaIDSnOSErRo_od1CyTMBbq1tUGJDAaOJmB9kf1_9tFRD0OYDif504yTIzdvPJnmTSQKjII0HA8rjksB-uMFT02E6NFRgd7qqDVmwu-dBKNrbvRxLDg
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.35
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.35:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 533
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

35.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.169.217.172.in-addr.arpa

IN PTR

Response

35.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f31e100net
DNS

14.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.179.89.13.in-addr.arpa

IN PTR

Response

142.250.200.14:80

google.com

chrome.exe

282 B
236 B
6
5
142.250.200.14:80

google.com

chrome.exe

282 B
196 B
6
4
142.250.200.14:80

http://google.com/

http

chrome.exe

747 B
1.2kB
7
5

HTTP Request

GET http://google.com/

HTTP Response

301
142.250.178.4:443

https://www.google.com/

tls, http2

chrome.exe

3.4kB
85.5kB
43
73

HTTP Request

GET https://www.google.com/
172.217.169.10:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto

tls, http2

chrome.exe

1.9kB
7.0kB
16
17

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto
216.58.201.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0

tls, http2

chrome.exe

3.3kB
49.8kB
41
44

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

3.2kB
9.1kB
19
20

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
172.217.169.35:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.2kB
7.1kB
15
15

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.200.14
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

dns

118 B
182 B
1
1

DNS Request

0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

4.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.178.250.142.in-addr.arpa
142.250.178.4:443

www.google.com

https

chrome.exe

21.7kB
591.7kB
147
528
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
269 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

172.217.169.10

216.58.212.202

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

10.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.169.217.172.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.187.206
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.35
8.8.8.8:53

35.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.169.217.172.in-addr.arpa
8.8.8.8:53

14.179.89.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

14.179.89.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
44e24c2c9ba68ac83f783315a827c1e4

SHA1
1e51e3e194540de7f7e4cfeae96d9102d9d17233

SHA256
836efe10541a1a2895ee5d71de1d83b81f9a23373f6785d7405fca068ffccf88

SHA512
a93ebebe709f525888ea291e380a2fb117d5a05ae7370392d3f12dd3f260f8ea132434607b58c20313423ff8c71d9d45d2f1510201079c08c98f3da7f0d5f2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9110ce0e1d13cdf6d0ae7e90b8be3f38

SHA1
e1c3ceb11f5f744daea3add87c353cdf5cfebf6e

SHA256
c2d2db392dffe5d2ca1e89415a40956fffc130354053342d0d4c3efdc2df1779

SHA512
03b79190125b754927fc867ced2bc69c28f25a1cc9f034a54d4eb190f09d7d8cad703355cd11e3e8b84609500739b8b504a2603afe60694c4c64fa80a1047d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
9c29db5689707d5dda8f4af66833d0e6

SHA1
7b490b181cd7a8f3a38b011433955a652c6a28bb

SHA256
794e840703967b575e83cd514087e8f98ae27e5008f33d87204d1df073b1282c

SHA512
31c7b460e7b4af72ad6f05e6bc704638a5419cedddfff66b069e1084652c5b5690ed64821440b8429a49ee17d786818a216d14370264d66773f462b6188ef54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d66f3da4667d0a52709feeb2a54f0022

SHA1
59978b87e73565e3a7481279d7634e5750386549

SHA256
62035d7bebad8099fa720948b0bf5491b8b9e8ef90d22680f44d51eebd49ae6e

SHA512
073f3dd8bfdca3a2bbae4df2fe14617888f1b374fab495f4f7bc602a9c1210fd4ac029fe97f2512f25e6a970e211c7c2658d2b920e6c2b6c1fa97e4d646167a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
904b3f420d218f22a190f1a46d230625

SHA1
f498b76db688bb9cc4a2d0efecde8747e238aa1a

SHA256
6ade467a2ff87daa4ac2a6ac449b8a0bd6a49236bd6289cae0102504f6f3a2c0

SHA512
f8bb6a701f505f7ca7eb648eec0e804c96f5a7078969922857c8958c224c9bd0cd7621e1dcd17137f367fe69d6a55f6f443a2529daf9d2881d88b3c6faa083da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
501dae656ec5ec1bfa717313ce2435d5

SHA1
91dd4697e7fc49c5ca21716f8915c94c8f35cdfe

SHA256
2278ad689abc8c5f6e47ee570924e34fa027ee39baeaeee35f16188f5bcce8cf

SHA512
f7bd4e41a1e78e85e932979c7ed37331a02eeca4f1c41da09d8c313ebf4eb35b35d2a9ec2f12d2b2a15556a8c1abe2169479803d4be9f4a61d7a8dd72899a93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74ddaca233bc2f9c5a7597f301ba3a6c

SHA1
4ce08b7bb101b36b1f8c1e6156956b17d8e35978

SHA256
f879a7a4f400071c8cdb6e7cb0f64303374df11e62ab186ec9a7e108e4b1a9a6

SHA512
ef448b20c5efbb87544ad744b8d6efa3d1715e95db7d0d722b3178f3e78a6702e0fe4ef561ba095fbfabf3409e57382e0a82771783b03b635dbc4b8fa2a0d943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
a445996f0f14f17bfc7e5ebf4f3a47fb

SHA1
e28d785135ef6751d699ee976803c3f5c2600683

SHA256
e529ac550d3037c658780ad33cca9e5095ed84e4119627efeb92e912643fb17c

SHA512
910d170a942a6d611e81f72e9d3c9284fd4c46c23ebb1107badaf027aa4906f35801d85678f693762a50a2239a72dbb0b5e07a2f9ce0d050c962d53f1e3812ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.