Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/05/2024, 15:25 UTC

General

  • Target

    http://google.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe2289758,0x7fffe2289768,0x7fffe2289778
      2⤵
        PID:1464
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:2
        2⤵
          PID:776
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
          2⤵
            PID:804
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
            2⤵
              PID:780
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
              2⤵
                PID:4968
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2640 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
                2⤵
                  PID:4584
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
                  2⤵
                    PID:4904
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
                    2⤵
                      PID:2388
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
                      2⤵
                        PID:4188
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=688 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4196
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:1548

                      Network

                      • flag-us
                        DNS
                        google.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        google.com
                        IN A
                        Response
                        google.com
                        IN A
                        142.250.200.14
                      • flag-gb
                        GET
                        http://google.com/
                        chrome.exe
                        Remote address:
                        142.250.200.14:80
                        Request
                        GET / HTTP/1.1
                        Host: google.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 301 Moved Permanently
                        Location: http://www.google.com/
                        Content-Type: text/html; charset=UTF-8
                        Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-REuKDFv1FA7nZk7fH35nAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
                        Permissions-Policy: unload=()
                        Date: Fri, 10 May 2024 15:25:31 GMT
                        Expires: Sun, 09 Jun 2024 15:25:31 GMT
                        Cache-Control: public, max-age=2592000
                        Server: gws
                        Content-Length: 219
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                      • flag-us
                        DNS
                        www.google.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        www.google.com
                        IN A
                        Response
                        www.google.com
                        IN A
                        142.250.178.4
                      • flag-gb
                        GET
                        https://www.google.com/
                        chrome.exe
                        Remote address:
                        142.250.178.4:443
                        Request
                        GET / HTTP/2.0
                        host: www.google.com
                        upgrade-insecure-requests: 1
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-arch: "x86"
                        sec-ch-ua-platform-version: "4.0.0"
                        sec-ch-ua-model: ""
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
                        x-client-data: COiBywE=
                        sec-fetch-site: none
                        sec-fetch-mode: navigate
                        sec-fetch-user: ?1
                        sec-fetch-dest: document
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                      • flag-us
                        DNS
                        0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        8.8.8.8.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        8.8.8.8.in-addr.arpa
                        IN PTR
                        Response
                        8.8.8.8.in-addr.arpa
                        IN PTR
                        dnsgoogle
                      • flag-us
                        DNS
                        14.200.250.142.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        14.200.250.142.in-addr.arpa
                        IN PTR
                        Response
                        14.200.250.142.in-addr.arpa
                        IN PTR
                        lhr48s29-in-f141e100net
                      • flag-us
                        DNS
                        4.178.250.142.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        4.178.250.142.in-addr.arpa
                        IN PTR
                        Response
                        4.178.250.142.in-addr.arpa
                        IN PTR
                        lhr48s27-in-f41e100net
                      • flag-us
                        DNS
                        content-autofill.googleapis.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        content-autofill.googleapis.com
                        IN A
                        Response
                        content-autofill.googleapis.com
                        IN A
                        172.217.169.10
                        content-autofill.googleapis.com
                        IN A
                        216.58.212.202
                        content-autofill.googleapis.com
                        IN A
                        142.250.179.234
                        content-autofill.googleapis.com
                        IN A
                        142.250.180.10
                        content-autofill.googleapis.com
                        IN A
                        142.250.187.202
                        content-autofill.googleapis.com
                        IN A
                        142.250.187.234
                        content-autofill.googleapis.com
                        IN A
                        142.250.178.10
                        content-autofill.googleapis.com
                        IN A
                        172.217.16.234
                        content-autofill.googleapis.com
                        IN A
                        142.250.200.10
                        content-autofill.googleapis.com
                        IN A
                        142.250.200.42
                        content-autofill.googleapis.com
                        IN A
                        216.58.201.106
                        content-autofill.googleapis.com
                        IN A
                        216.58.204.74
                      • flag-us
                        DNS
                        apis.google.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        apis.google.com
                        IN A
                        Response
                        apis.google.com
                        IN CNAME
                        plus.l.google.com
                        plus.l.google.com
                        IN A
                        216.58.201.110
                      • flag-gb
                        GET
                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto
                        chrome.exe
                        Remote address:
                        172.217.169.10:443
                        Request
                        GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto HTTP/2.0
                        host: content-autofill.googleapis.com
                        x-goog-encode-response-if-executable: base64
                        x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                        x-client-data: COiBywE=
                        sec-fetch-site: none
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: empty
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                      • flag-gb
                        GET
                        https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
                        chrome.exe
                        Remote address:
                        216.58.201.110:443
                        Request
                        GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/2.0
                        host: apis.google.com
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        sec-ch-ua-platform: "Windows"
                        accept: */*
                        x-client-data: COiBywE=
                        sec-fetch-site: same-site
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: script
                        referer: https://www.google.com/
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                        cookie: AEC=AQTF6Hzz-VSujSw7Vyo1WMjjJ8rWLl_4ZCle247Dpgifz8p_C7qEF9fnIw
                        cookie: __Secure-ENID=19.SE=o2TCVofXyGdZUnpBVZP7KSD1hd-u_U-cgvfCh7SuCOyq2spmcbEAruN5YW6Z57G3nCukgnnIBDueTpI24F00rtn9WpZUY7-dscvhR4Tqo0NkkDf18EJGzvKFMU1dfdtT9cpQqPaApTaNLSrpDBfrnn0Vm6p5ECh8VUzZzeHe7TvNULhjTXw
                      • flag-us
                        DNS
                        195.212.58.216.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        195.212.58.216.in-addr.arpa
                        IN PTR
                        Response
                        195.212.58.216.in-addr.arpa
                        IN PTR
                        lhr25s27-in-f31e100net
                        195.212.58.216.in-addr.arpa
                        IN PTR
                        ams16s21-in-f195�H
                        195.212.58.216.in-addr.arpa
                        IN PTR
                        ams16s21-in-f3�H
                      • flag-us
                        DNS
                        3.180.250.142.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        3.180.250.142.in-addr.arpa
                        IN PTR
                        Response
                        3.180.250.142.in-addr.arpa
                        IN PTR
                        lhr25s32-in-f31e100net
                      • flag-us
                        DNS
                        10.169.217.172.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        10.169.217.172.in-addr.arpa
                        IN PTR
                        Response
                        10.169.217.172.in-addr.arpa
                        IN PTR
                        lhr25s26-in-f101e100net
                      • flag-us
                        DNS
                        110.201.58.216.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        110.201.58.216.in-addr.arpa
                        IN PTR
                        Response
                        110.201.58.216.in-addr.arpa
                        IN PTR
                        prg03s02-in-f1101e100net
                        110.201.58.216.in-addr.arpa
                        IN PTR
                        lhr48s48-in-f14�J
                        110.201.58.216.in-addr.arpa
                        IN PTR
                        prg03s02-in-f14�J
                      • flag-us
                        DNS
                        play.google.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        play.google.com
                        IN A
                        Response
                        play.google.com
                        IN A
                        142.250.187.206
                      • flag-gb
                        POST
                        https://play.google.com/log?format=json&hasfast=true
                        chrome.exe
                        Remote address:
                        142.250.187.206:443
                        Request
                        POST /log?format=json&hasfast=true HTTP/2.0
                        host: play.google.com
                        content-length: 917
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-mobile: ?0
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        content-type: application/x-www-form-urlencoded;charset=UTF-8
                        accept: */*
                        origin: https://www.google.com
                        x-client-data: COiBywE=
                        sec-fetch-site: same-site
                        sec-fetch-mode: cors
                        sec-fetch-dest: empty
                        referer: https://www.google.com/
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                        cookie: AEC=AQTF6Hzz-VSujSw7Vyo1WMjjJ8rWLl_4ZCle247Dpgifz8p_C7qEF9fnIw
                        cookie: __Secure-ENID=19.SE=WxOPIeju_Iq1jQkzmQQyxMWxH1OncExMCL8esb0eBHLQ3cR0JIQR2OWwnP6NgDivvHcS3bdsxChVSNqDu4iOaIDSnOSErRo_od1CyTMBbq1tUGJDAaOJmB9kf1_9tFRD0OYDif504yTIzdvPJnmTSQKjII0HA8rjksB-uMFT02E6NFRgd7qqDVmwu-dBKNrbvRxLDg
                      • flag-us
                        DNS
                        206.187.250.142.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        206.187.250.142.in-addr.arpa
                        IN PTR
                        Response
                        206.187.250.142.in-addr.arpa
                        IN PTR
                        lhr25s33-in-f141e100net
                      • flag-us
                        DNS
                        19.229.111.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        19.229.111.52.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        beacons.gcp.gvt2.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        beacons.gcp.gvt2.com
                        IN A
                        Response
                        beacons.gcp.gvt2.com
                        IN CNAME
                        beacons-handoff.gcp.gvt2.com
                        beacons-handoff.gcp.gvt2.com
                        IN A
                        172.217.169.35
                      • flag-gb
                        POST
                        https://beacons.gcp.gvt2.com/domainreliability/upload
                        chrome.exe
                        Remote address:
                        172.217.169.35:443
                        Request
                        POST /domainreliability/upload HTTP/2.0
                        host: beacons.gcp.gvt2.com
                        content-length: 533
                        content-type: application/json; charset=utf-8
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                      • flag-us
                        DNS
                        35.169.217.172.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        35.169.217.172.in-addr.arpa
                        IN PTR
                        Response
                        35.169.217.172.in-addr.arpa
                        IN PTR
                        lhr48s08-in-f31e100net
                      • flag-us
                        DNS
                        14.179.89.13.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        14.179.89.13.in-addr.arpa
                        IN PTR
                        Response
                      • 142.250.200.14:80
                        google.com
                        chrome.exe
                        282 B
                        236 B
                        6
                        5
                      • 142.250.200.14:80
                        google.com
                        chrome.exe
                        282 B
                        196 B
                        6
                        4
                      • 142.250.200.14:80
                        http://google.com/
                        http
                        chrome.exe
                        747 B
                        1.2kB
                        7
                        5

                        HTTP Request

                        GET http://google.com/

                        HTTP Response

                        301
                      • 142.250.178.4:443
                        https://www.google.com/
                        tls, http2
                        chrome.exe
                        3.4kB
                        85.5kB
                        43
                        73

                        HTTP Request

                        GET https://www.google.com/
                      • 172.217.169.10:443
                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto
                        tls, http2
                        chrome.exe
                        1.9kB
                        7.0kB
                        16
                        17

                        HTTP Request

                        GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto
                      • 216.58.201.110:443
                        https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
                        tls, http2
                        chrome.exe
                        3.3kB
                        49.8kB
                        41
                        44

                        HTTP Request

                        GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
                      • 142.250.187.206:443
                        https://play.google.com/log?format=json&hasfast=true
                        tls, http2
                        chrome.exe
                        3.2kB
                        9.1kB
                        19
                        20

                        HTTP Request

                        POST https://play.google.com/log?format=json&hasfast=true
                      • 172.217.169.35:443
                        https://beacons.gcp.gvt2.com/domainreliability/upload
                        tls, http2
                        chrome.exe
                        2.2kB
                        7.1kB
                        15
                        15

                        HTTP Request

                        POST https://beacons.gcp.gvt2.com/domainreliability/upload
                      • 8.8.8.8:53
                        google.com
                        dns
                        chrome.exe
                        56 B
                        72 B
                        1
                        1

                        DNS Request

                        google.com

                        DNS Response

                        142.250.200.14

                      • 8.8.8.8:53
                        www.google.com
                        dns
                        chrome.exe
                        60 B
                        76 B
                        1
                        1

                        DNS Request

                        www.google.com

                        DNS Response

                        142.250.178.4

                      • 8.8.8.8:53
                        0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
                        dns
                        118 B
                        182 B
                        1
                        1

                        DNS Request

                        0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

                      • 8.8.8.8:53
                        8.8.8.8.in-addr.arpa
                        dns
                        66 B
                        90 B
                        1
                        1

                        DNS Request

                        8.8.8.8.in-addr.arpa

                      • 8.8.8.8:53
                        14.200.250.142.in-addr.arpa
                        dns
                        73 B
                        112 B
                        1
                        1

                        DNS Request

                        14.200.250.142.in-addr.arpa

                      • 8.8.8.8:53
                        4.178.250.142.in-addr.arpa
                        dns
                        72 B
                        110 B
                        1
                        1

                        DNS Request

                        4.178.250.142.in-addr.arpa

                      • 142.250.178.4:443
                        www.google.com
                        https
                        chrome.exe
                        21.7kB
                        591.7kB
                        147
                        528
                      • 8.8.8.8:53
                        content-autofill.googleapis.com
                        dns
                        chrome.exe
                        77 B
                        269 B
                        1
                        1

                        DNS Request

                        content-autofill.googleapis.com

                        DNS Response

                        172.217.169.10
                        216.58.212.202
                        142.250.179.234
                        142.250.180.10
                        142.250.187.202
                        142.250.187.234
                        142.250.178.10
                        172.217.16.234
                        142.250.200.10
                        142.250.200.42
                        216.58.201.106
                        216.58.204.74

                      • 8.8.8.8:53
                        apis.google.com
                        dns
                        chrome.exe
                        61 B
                        98 B
                        1
                        1

                        DNS Request

                        apis.google.com

                        DNS Response

                        216.58.201.110

                      • 8.8.8.8:53
                        195.212.58.216.in-addr.arpa
                        dns
                        73 B
                        171 B
                        1
                        1

                        DNS Request

                        195.212.58.216.in-addr.arpa

                      • 8.8.8.8:53
                        3.180.250.142.in-addr.arpa
                        dns
                        72 B
                        110 B
                        1
                        1

                        DNS Request

                        3.180.250.142.in-addr.arpa

                      • 8.8.8.8:53
                        10.169.217.172.in-addr.arpa
                        dns
                        73 B
                        112 B
                        1
                        1

                        DNS Request

                        10.169.217.172.in-addr.arpa

                      • 8.8.8.8:53
                        110.201.58.216.in-addr.arpa
                        dns
                        73 B
                        173 B
                        1
                        1

                        DNS Request

                        110.201.58.216.in-addr.arpa

                      • 8.8.8.8:53
                        play.google.com
                        dns
                        chrome.exe
                        61 B
                        77 B
                        1
                        1

                        DNS Request

                        play.google.com

                        DNS Response

                        142.250.187.206

                      • 8.8.8.8:53
                        206.187.250.142.in-addr.arpa
                        dns
                        74 B
                        113 B
                        1
                        1

                        DNS Request

                        206.187.250.142.in-addr.arpa

                      • 224.0.0.251:5353
                        chrome.exe
                        204 B
                        3
                      • 8.8.8.8:53
                        19.229.111.52.in-addr.arpa
                        dns
                        72 B
                        158 B
                        1
                        1

                        DNS Request

                        19.229.111.52.in-addr.arpa

                      • 8.8.8.8:53
                        beacons.gcp.gvt2.com
                        dns
                        chrome.exe
                        66 B
                        112 B
                        1
                        1

                        DNS Request

                        beacons.gcp.gvt2.com

                        DNS Response

                        172.217.169.35

                      • 8.8.8.8:53
                        35.169.217.172.in-addr.arpa
                        dns
                        73 B
                        111 B
                        1
                        1

                        DNS Request

                        35.169.217.172.in-addr.arpa

                      • 8.8.8.8:53
                        14.179.89.13.in-addr.arpa
                        dns
                        71 B
                        145 B
                        1
                        1

                        DNS Request

                        14.179.89.13.in-addr.arpa

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        216B

                        MD5

                        44e24c2c9ba68ac83f783315a827c1e4

                        SHA1

                        1e51e3e194540de7f7e4cfeae96d9102d9d17233

                        SHA256

                        836efe10541a1a2895ee5d71de1d83b81f9a23373f6785d7405fca068ffccf88

                        SHA512

                        a93ebebe709f525888ea291e380a2fb117d5a05ae7370392d3f12dd3f260f8ea132434607b58c20313423ff8c71d9d45d2f1510201079c08c98f3da7f0d5f2a8

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        1KB

                        MD5

                        9110ce0e1d13cdf6d0ae7e90b8be3f38

                        SHA1

                        e1c3ceb11f5f744daea3add87c353cdf5cfebf6e

                        SHA256

                        c2d2db392dffe5d2ca1e89415a40956fffc130354053342d0d4c3efdc2df1779

                        SHA512

                        03b79190125b754927fc867ced2bc69c28f25a1cc9f034a54d4eb190f09d7d8cad703355cd11e3e8b84609500739b8b504a2603afe60694c4c64fa80a1047d25

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        1018B

                        MD5

                        9c29db5689707d5dda8f4af66833d0e6

                        SHA1

                        7b490b181cd7a8f3a38b011433955a652c6a28bb

                        SHA256

                        794e840703967b575e83cd514087e8f98ae27e5008f33d87204d1df073b1282c

                        SHA512

                        31c7b460e7b4af72ad6f05e6bc704638a5419cedddfff66b069e1084652c5b5690ed64821440b8429a49ee17d786818a216d14370264d66773f462b6188ef54b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        371B

                        MD5

                        d66f3da4667d0a52709feeb2a54f0022

                        SHA1

                        59978b87e73565e3a7481279d7634e5750386549

                        SHA256

                        62035d7bebad8099fa720948b0bf5491b8b9e8ef90d22680f44d51eebd49ae6e

                        SHA512

                        073f3dd8bfdca3a2bbae4df2fe14617888f1b374fab495f4f7bc602a9c1210fd4ac029fe97f2512f25e6a970e211c7c2658d2b920e6c2b6c1fa97e4d646167a1

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        904b3f420d218f22a190f1a46d230625

                        SHA1

                        f498b76db688bb9cc4a2d0efecde8747e238aa1a

                        SHA256

                        6ade467a2ff87daa4ac2a6ac449b8a0bd6a49236bd6289cae0102504f6f3a2c0

                        SHA512

                        f8bb6a701f505f7ca7eb648eec0e804c96f5a7078969922857c8958c224c9bd0cd7621e1dcd17137f367fe69d6a55f6f443a2529daf9d2881d88b3c6faa083da

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        501dae656ec5ec1bfa717313ce2435d5

                        SHA1

                        91dd4697e7fc49c5ca21716f8915c94c8f35cdfe

                        SHA256

                        2278ad689abc8c5f6e47ee570924e34fa027ee39baeaeee35f16188f5bcce8cf

                        SHA512

                        f7bd4e41a1e78e85e932979c7ed37331a02eeca4f1c41da09d8c313ebf4eb35b35d2a9ec2f12d2b2a15556a8c1abe2169479803d4be9f4a61d7a8dd72899a93f

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        74ddaca233bc2f9c5a7597f301ba3a6c

                        SHA1

                        4ce08b7bb101b36b1f8c1e6156956b17d8e35978

                        SHA256

                        f879a7a4f400071c8cdb6e7cb0f64303374df11e62ab186ec9a7e108e4b1a9a6

                        SHA512

                        ef448b20c5efbb87544ad744b8d6efa3d1715e95db7d0d722b3178f3e78a6702e0fe4ef561ba095fbfabf3409e57382e0a82771783b03b635dbc4b8fa2a0d943

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        136KB

                        MD5

                        a445996f0f14f17bfc7e5ebf4f3a47fb

                        SHA1

                        e28d785135ef6751d699ee976803c3f5c2600683

                        SHA256

                        e529ac550d3037c658780ad33cca9e5095ed84e4119627efeb92e912643fb17c

                        SHA512

                        910d170a942a6d611e81f72e9d3c9284fd4c46c23ebb1107badaf027aa4906f35801d85678f693762a50a2239a72dbb0b5e07a2f9ce0d050c962d53f1e3812ed

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                        Filesize

                        2B

                        MD5

                        99914b932bd37a50b983c5e7c90ae93b

                        SHA1

                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                        SHA256

                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                        SHA512

                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.