hxxp://195[.]201[.]56[.]244[:]443

Analysis

max time kernel
24s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 06:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://195.201.56.244:443

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613512715777534"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 4396	3684	chrome.exe	82
PID 3684 wrote to memory of 4396	3684	chrome.exe	82
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 3540	3684	chrome.exe	83
PID 3684 wrote to memory of 2672	3684	chrome.exe	84
PID 3684 wrote to memory of 2672	3684	chrome.exe	84
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85
PID 3684 wrote to memory of 1768	3684	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://195.201.56.244:443
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee1a8ab58,0x7ffee1a8ab68,0x7ffee1a8ab78
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:2
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3460 --field-trial-handle=1652,i,1408654041754327201,13359932777467277060,131072 /prefetch:1
  2⤵
  PID:3620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3000

Network

GET

http://195.201.56.244:443/

chrome.exe

Remote address:

195.201.56.244:443

Request

GET / HTTP/1.1
Host: 195.201.56.244:443
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 303 See Other

Content-Length: 0
Location: /join
Referrer-Policy: same-origin
Server: ISLCP/4.4.2335beta123 server432.islonline.net
Strict-Transport-Security: max-age=2592000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
GET

http://195.201.56.244:443/join

chrome.exe

Remote address:

195.201.56.244:443

Request

GET /join HTTP/1.1
Host: 195.201.56.244:443
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 303 See Other

Content-Length: 0
Location: /users/main/join2
Referrer-Policy: same-origin
Server: ISLCP/4.4.2335beta123 server432.islonline.net
Strict-Transport-Security: max-age=2592000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
GET

http://195.201.56.244:443/users/main/join2

chrome.exe

Remote address:

195.201.56.244:443

Request

GET /users/main/join2 HTTP/1.1
Host: 195.201.56.244:443
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 303 See Other

Content-Length: 0
Location: https://195.201.56.244/users/main/join2
Referrer-Policy: same-origin
Server: ISLCP/4.4.2335beta123 server432.islonline.net
Strict-Transport-Security: max-age=2592000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
GET

http://www.gstatic.com/generate_204

chrome.exe

Remote address:

216.58.214.163:80

Request

GET /generate_204 HTTP/1.1
Host: www.gstatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 28 May 2024 06:27:50 GMT
GET

http://www.gstatic.com/generate_204

chrome.exe

Remote address:

216.58.214.163:80

Request

GET /generate_204 HTTP/1.1
Host: www.gstatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 28 May 2024 06:27:59 GMT
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

244.56.201.195.in-addr.arpa

Remote address:

8.8.8.8:53

Request

244.56.201.195.in-addr.arpa

IN PTR

Response

244.56.201.195.in-addr.arpa

IN PTR

static24456201195clientsyour-serverde
DNS

42.215.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.215.58.216.in-addr.arpa

IN PTR

Response

42.215.58.216.in-addr.arpa

IN PTR

par21s17-in-f101e100net
DNS

163.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.214.58.216.in-addr.arpa

IN PTR

Response

163.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f1631e100net

163.214.58.216.in-addr.arpa

IN PTR

par10s42-in-f3�J

163.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f3�J
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response

195.201.56.244:443

chrome.exe

98 B
52 B
2
1
195.201.56.244:443

http://195.201.56.244:443/users/main/join2

http

chrome.exe

1.6kB
1.1kB
6
5

HTTP Request

GET http://195.201.56.244:443/

HTTP Response

303

HTTP Request

GET http://195.201.56.244:443/join

HTTP Response

303

HTTP Request

GET http://195.201.56.244:443/users/main/join2

HTTP Response

303
195.201.56.244:443

tls

chrome.exe

909 B
5.6kB
8
9
216.58.214.163:80

http://www.gstatic.com/generate_204

http

chrome.exe

890 B
426 B
6
4

HTTP Request

GET http://www.gstatic.com/generate_204

HTTP Response

204

HTTP Request

GET http://www.gstatic.com/generate_204

HTTP Response

204
195.201.56.244:443

tls

chrome.exe

909 B
5.6kB
8
9
195.201.56.244:443

tls

chrome.exe

909 B
5.5kB
8
8

8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

244.56.201.195.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

244.56.201.195.in-addr.arpa
8.8.8.8:53

42.215.58.216.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

42.215.58.216.in-addr.arpa
8.8.8.8:53

163.214.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

163.214.58.216.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
77e209d4dfe7c7097eb2c29b47461c7e

SHA1
223ef451b1d420b8cb3ad493d87d5f4c3ff56434

SHA256
ddcc181f2425d7f1d09ae904750bcdc316ea34d1a1d1af0bee0df24f12a4986c

SHA512
b80d464765dbbca7d836bfb4e7f32e122adee8a9ba787ac85b2146f2d19e24eb9322a43216786a8af6537a229a63458f116f1c60348e2f56b0f1fa312508ac47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7c0f963ff93db851e8a2aa735a45bfbd

SHA1
ea850ae9085658194d6d3a975b4ed43e9706e926

SHA256
5e74db76ba4033160a365a698870e2fa4b5e76cc2e6fb27ae7809e54c322071c

SHA512
f56553c0688e98f653a69443de7b819f8e7fa1d9c0d491a7cfac3488a4f733ac56cdaef03b7054b2e07a766cfdf8d2b566abb7b61f2934ecba5088fe7f64b79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
88f6c92f63015a7564f14fbfc78817da

SHA1
631480dc0a1abf55a75ad948d445662eda335324

SHA256
c8d25485c5d2cdac55e3d7d4a93cd2ce1f5517223010712509bf932c91ebd9ae

SHA512
b073e2526328c92cd618c2e1d3304eaffa172384b8c3581985a0d0d0042618890ba296bd84f99fe66e18c49b7a0ddeb4482c6bd95a6bb4af8a015d3f724b2f37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.