Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/06/2024, 10:51 UTC
Static task
static1
Behavioral task
behavioral1
Sample
e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe
Resource
win11-20240508-en
General
-
Target
e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe
-
Size
2.3MB
-
MD5
d06913fbee09bdfe1bb7cbb2b392c798
-
SHA1
127509ec2204bd8d16ce2355038755a0c53b01f7
-
SHA256
e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8
-
SHA512
18ae838dae507696a118cd8caacdc38230c20df15679e76b9490f5738b2eb742a161dd587a78d63d3f5bf0a90aac4ee9a4a2aa8fff164482709e6d1f945ad2d0
-
SSDEEP
49152:ZOC4iuI0MHyCRKsvOqoOuVDZ+bpBgNGOeOq068eNtGeZFLEKpZIYtB0Ck:ZOC4iuI0B9GVBgNGONiFikxEyb0C
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Wine e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe -
AutoIT Executable 13 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/1672-3-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-4-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-5-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-6-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-7-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-9-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-10-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-11-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-61-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-86-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-87-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-88-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe behavioral1/memory/1672-94-0x00000000009C0000-0x0000000000F0E000-memory.dmp autoit_exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640455256830920" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 4912 chrome.exe 4912 chrome.exe 216 chrome.exe 216 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe Token: SeShutdownPrivilege 4912 chrome.exe Token: SeCreatePagefilePrivilege 4912 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 4912 chrome.exe 4912 chrome.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe -
Suspicious use of SendNotifyMessage 60 IoCs
pid Process 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 4912 chrome.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1672 wrote to memory of 4912 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 88 PID 1672 wrote to memory of 4912 1672 e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe 88 PID 4912 wrote to memory of 2252 4912 chrome.exe 90 PID 4912 wrote to memory of 2252 4912 chrome.exe 90 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 1712 4912 chrome.exe 91 PID 4912 wrote to memory of 3916 4912 chrome.exe 92 PID 4912 wrote to memory of 3916 4912 chrome.exe 92 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93 PID 4912 wrote to memory of 3768 4912 chrome.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe"C:\Users\Admin\AppData\Local\Temp\e6f31f77a9e4ca9640688081b639faaf388e26d6cca5779f05ac5823ed58c8e8.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff530aab58,0x7fff530aab68,0x7fff530aab783⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:23⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:83⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:83⤵PID:3768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:13⤵PID:1176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:13⤵PID:3300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:13⤵PID:2000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:83⤵PID:1588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3344 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:83⤵PID:2284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:83⤵PID:2716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=2040,i,11923205151573166313,11945439531157603764,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:216
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4092,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:81⤵PID:3304
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A172.217.169.14youtube-ui.l.google.comIN A172.217.169.46youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A172.217.169.78youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A216.58.212.238youtube-ui.l.google.comIN A216.58.213.14youtube-ui.l.google.comIN A216.58.201.110
-
Remote address:142.250.179.238:443RequestGET /account HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
x-client-data: CLyIywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestconsent.youtube.comIN AResponseconsent.youtube.comIN A216.58.212.206
-
GEThttps://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1chrome.exeRemote address:216.58.212.206:443RequestGET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
host: consent.youtube.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
x-client-data: CLyIywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: SOCS=CAAaBgiA-vezBg
cookie: YSC=ktPCQx3jn9M
cookie: __Secure-YEC=CgtNZG5UUmFZZFpENCjTq_qzBjIKCgJHQhIEGgAgEg%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgEg%3D%3D
-
POSThttps://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=-917512797857295875&bl=boq_identityfrontenduiserver_20240625.02_p0&hl=en&gl=GB&_reqid=39129&rt=jchrome.exeRemote address:216.58.212.206:443RequestPOST /_/ConsentUi/browserinfo?f.sid=-917512797857295875&bl=boq_identityfrontenduiserver_20240625.02_p0&hl=en&gl=GB&_reqid=39129&rt=j HTTP/2.0
host: consent.youtube.com
content-length: 117
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
x-same-domain: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
content-type: application/x-www-form-urlencoded;charset=UTF-8
sec-ch-ua-full-version: "110.0.5481.104"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://consent.youtube.com
x-client-data: CLyIywE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://consent.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: SOCS=CAAaBgiA-vezBg
cookie: YSC=ktPCQx3jn9M
cookie: __Secure-YEC=CgtNZG5UUmFZZFpENCjTq_qzBjIKCgJHQhIEGgAgEg%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgEg%3D%3D
cookie: OTZ=7621132_56_56__56_
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request195.187.250.142.in-addr.arpaIN PTRResponse195.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f31e100net
-
Remote address:8.8.8.8:53Request238.179.250.142.in-addr.arpaIN PTRResponse238.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f141e100net
-
Remote address:8.8.8.8:53Request234.212.58.216.in-addr.arpaIN PTRResponse234.212.58.216.in-addr.arpaIN PTRams16s22-in-f101e100net234.212.58.216.in-addr.arpaIN PTRlhr25s28-in-f10�I234.212.58.216.in-addr.arpaIN PTRams16s22-in-f234�I
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.187.196
-
Remote address:142.250.187.196:443RequestGET /favicon.ico HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "110.0.5481.104"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLyIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://consent.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request206.212.58.216.in-addr.arpaIN PTRResponse206.212.58.216.in-addr.arpaIN PTRams16s21-in-f141e100net206.212.58.216.in-addr.arpaIN PTRlhr25s27-in-f14�I206.212.58.216.in-addr.arpaIN PTRams16s21-in-f206�I
-
Remote address:8.8.8.8:53Request227.212.58.216.in-addr.arpaIN PTRResponse227.212.58.216.in-addr.arpaIN PTRams16s22-in-f31e100net227.212.58.216.in-addr.arpaIN PTRams16s22-in-f227�H227.212.58.216.in-addr.arpaIN PTRlhr25s28-in-f3�H
-
Remote address:8.8.8.8:53Request74.204.58.216.in-addr.arpaIN PTRResponse74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f741e100net74.204.58.216.in-addr.arpaIN PTRlhr48s49-in-f10�H74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f10�H
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request99.201.58.216.in-addr.arpaIN PTRResponse99.201.58.216.in-addr.arpaIN PTRprg03s02-in-f31e100net99.201.58.216.in-addr.arpaIN PTRprg03s02-in-f99�G99.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f3�G
-
Remote address:8.8.8.8:53Request196.187.250.142.in-addr.arpaIN PTRResponse196.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f41e100net
-
Remote address:8.8.8.8:53Requestclients2.google.comIN AResponseclients2.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.187.238
-
GEThttps://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.2%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D51%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D51%2526e%253D1chrome.exeRemote address:142.250.187.238:443RequestGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.2%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D51%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D51%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request238.187.250.142.in-addr.arpaIN PTRResponse238.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f141e100net
-
Remote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestplay.google.comIN AResponseplay.google.comIN A142.250.179.238
-
Remote address:142.250.179.238:443RequestOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://consent.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://consent.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request95.12.20.2.in-addr.arpaIN PTRResponse95.12.20.2.in-addr.arpaIN PTRa2-20-12-95deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request203.107.17.2.in-addr.arpaIN PTRResponse203.107.17.2.in-addr.arpaIN PTRa2-17-107-203deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestbeacons.gcp.gvt2.comIN AResponsebeacons.gcp.gvt2.comIN CNAMEbeacons-handoff.gcp.gvt2.combeacons-handoff.gcp.gvt2.comIN A172.217.169.67
-
Remote address:172.217.169.67:443RequestPOST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 569
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:172.217.169.67:443RequestPOST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 335
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:172.217.169.67:443RequestPOST /domainreliability/upload-nel HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 402
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request67.169.217.172.in-addr.arpaIN PTRResponse67.169.217.172.in-addr.arpaIN PTRlhr48s09-in-f31e100net
-
Remote address:8.8.8.8:53Request4.173.189.20.in-addr.arpaIN PTRResponse
-
2.2kB 10.6kB 16 20
HTTP Request
GET https://www.youtube.com/account -
216.58.212.206:443https://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=-917512797857295875&bl=boq_identityfrontenduiserver_20240625.02_p0&hl=en&gl=GB&_reqid=39129&rt=jtls, http2chrome.exe4.0kB 63.8kB 41 65
HTTP Request
GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1HTTP Request
POST https://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=-917512797857295875&bl=boq_identityfrontenduiserver_20240625.02_p0&hl=en&gl=GB&_reqid=39129&rt=j -
2.1kB 8.0kB 16 17
HTTP Request
GET https://www.google.com/favicon.ico -
142.250.187.238:443https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.2%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D51%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D51%2526e%253D1tls, http2chrome.exe2.0kB 9.7kB 16 20
HTTP Request
GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.2%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D51%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D51%2526e%253D1 -
142.250.179.238:443https://play.google.com/log?format=json&hasfast=true&authuser=0tls, http2chrome.exe1.8kB 8.4kB 15 16
HTTP Request
OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0 -
3.9kB 7.8kB 27 29
HTTP Request
POST https://beacons.gcp.gvt2.com/domainreliability/uploadHTTP Request
POST https://beacons.gcp.gvt2.com/domainreliability/uploadHTTP Request
POST https://beacons.gcp.gvt2.com/domainreliability/upload-nel
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
61 B 335 B 1 1
DNS Request
www.youtube.com
DNS Response
142.250.179.238172.217.169.14172.217.169.46142.250.180.14142.250.178.14216.58.204.78142.250.187.238172.217.169.78172.217.16.238142.250.187.206142.250.200.14142.250.200.46216.58.212.238216.58.213.14216.58.201.110
-
65 B 81 B 1 1
DNS Request
consent.youtube.com
DNS Response
216.58.212.206
-
71 B 157 B 1 1
DNS Request
0.159.190.20.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
195.187.250.142.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
238.179.250.142.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
234.212.58.216.in-addr.arpa
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.187.196
-
73 B 173 B 1 1
DNS Request
206.212.58.216.in-addr.arpa
-
73 B 171 B 1 1
DNS Request
227.212.58.216.in-addr.arpa
-
72 B 171 B 1 1
DNS Request
74.204.58.216.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
72 B 169 B 1 1
DNS Request
99.201.58.216.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
196.187.250.142.in-addr.arpa
-
65 B 105 B 1 1
DNS Request
clients2.google.com
DNS Response
142.250.187.238
-
204 B 3
-
74 B 113 B 1 1
DNS Request
238.187.250.142.in-addr.arpa
-
2.9kB 7.1kB 5 8
-
73 B 159 B 1 1
DNS Request
183.142.211.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
play.google.com
DNS Response
142.250.179.238
-
4.6kB 7.4kB 9 11
-
69 B 131 B 1 1
DNS Request
95.12.20.2.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
203.107.17.2.in-addr.arpa
-
4.0kB 3.8kB 9 10
-
66 B 112 B 1 1
DNS Request
beacons.gcp.gvt2.com
DNS Response
172.217.169.67
-
73 B 111 B 1 1
DNS Request
67.169.217.172.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
4.173.189.20.in-addr.arpa
-
2.8kB 4.2kB 9 11
-
2.9kB 6.3kB 5 7
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD553fec90f5292fb461da40a4908dd9175
SHA170368787beb88456e7c5a4a91a81960a57e76f15
SHA25673cf6e2cda3adc55e4a2158b45bf3a98fb7d692eb0df0bcb32093e9b98e8ccd1
SHA512f207da685c970bd4f358421cb53bbf550d5105d7b83de0bfd249e2d40d55381c9fa180288c30b9e3862a6e026395b5b0c7fcc8163e30a7918f9ed6095db5005b
-
Filesize
2KB
MD526a36b2c09160bef2ee039c2a07812f3
SHA171936bcf2c194aa2d06aa6e836e30eeb489dc913
SHA2567285a6e2e2ddb02187953e1543e528bfef9ccde7a3165b3a66186153ea7df96c
SHA512b7d3de3477000acfe43dd0c138f818bdf88ee6570f35f4b893fff7ae6b62328a5b820180cc2f0b077e97773cf5a46b47845e33ee2f44bb5365ea8cccc166f970
-
Filesize
2KB
MD597ef1b960414b9cd60df256ddac6f092
SHA15f217d4423576ae6f14872d7ccf4dad674c81ff6
SHA256403482dd0226c9a875580ab7683e9b13ecc2a8806dc154309419442c1c179b82
SHA51210126256450844f5b93fe95279bccf40fa011c89201a3a1bc35884b59d301964267fb5cc913e35eb6e581e8fac20c25ca5c08cc60f0ff7ecb534ba172e2a6699
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
692B
MD566d685821c8e7e6e706a6d90b914665b
SHA1ec67e63b9b1dfd75d5b3287e8982763abebe2c26
SHA2563a212c04492f74808dd4e14330cbc6e42ea2ea8c172d6bc98a9bce10d9592de8
SHA512951dd3f36b5435cce4a46839630cf9f248bac46c586decb945c8a3ae46036992b96b1c93721fe3fa851010c99c43583868d8651a7e3c9738911dd4e489a3caa0
-
Filesize
7KB
MD58a467008b19955b2a48f9e8107825a9e
SHA14f756d4cdeb21ea87200d5442e1e2a69b819e960
SHA2567924460c8a252247c5877aefb91addb792b713181f8b853f13e187b45df862c0
SHA5124b20cd800bfd3393e76f75259c3d04287a767a34fd38283ff44868cf957261340414745c7aef97422d09f7822e80e687453c4a6fd7716af6316d4d52db2d180a
-
Filesize
16KB
MD5c71fbaf4ab5fd5907dd547fbb12c83f6
SHA137b0bcbe5d527f7006c3cb5ac7d596ec8ce15ea5
SHA2565a7fbd37d3862c3e2146d107b95ac539e165b4b54af622fe06dc4fe658077949
SHA51224ba5e772ab6b2b4c8d56d386352bdfa3aa0ab222e473339e6adaa1e9b2db03d84fb77b85875d1c74f56cded6d46093daedb9fcd6e700a909b2d212928fc541f
-
Filesize
272KB
MD515e7c4b1dd5fbec0f7124a03cda15795
SHA13f2b9164cac1f03862f88f1a0cbbab60b1955c45
SHA2565e5f6534d4e6efe807ed791bf54f2e185a7a9f9a6c4a52ed9683df54418a09f9
SHA5125b6042436b74fced9438a1a80061979378027b03f9e2380efd4e9a511419d95bbdb3372edb5ce0ba7abff6c21bf40fc2a3bd53914cbc71b8b066090111eb242c