hxxps://trk[.]cp20[.]com/click/gq9x-a048i-5pexy1-p9ws0w9/

Analysis

max time kernel
25s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 12:04 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk.cp20.com/click/gq9x-a048i-5pexy1-p9ws0w9/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676786853466793"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 784	4960	chrome.exe	83
PID 4960 wrote to memory of 784	4960	chrome.exe	83
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 1500	4960	chrome.exe	84
PID 4960 wrote to memory of 2264	4960	chrome.exe	85
PID 4960 wrote to memory of 2264	4960	chrome.exe	85
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86
PID 4960 wrote to memory of 1224	4960	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://trk.cp20.com/click/gq9x-a048i-5pexy1-p9ws0w9/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa8fa3cc40,0x7ffa8fa3cc4c,0x7ffa8fa3cc58
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3428,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4332,i,9676486410754324200,9838668149984438462,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2352

Network

DNS

trk.cp20.com

chrome.exe

Remote address:

8.8.8.8:53

Request

trk.cp20.com

IN A

Response

trk.cp20.com

IN CNAME

nlb-ext-cp20-com-80-443-596f7099d50874de.elb.ca-central-1.amazonaws.com

nlb-ext-cp20-com-80-443-596f7099d50874de.elb.ca-central-1.amazonaws.com

IN A

3.97.124.126

nlb-ext-cp20-com-80-443-596f7099d50874de.elb.ca-central-1.amazonaws.com

IN A

15.156.37.76
GET

https://trk.cp20.com/click/gq9x-a048i-5pexy1-p9ws0w9/

chrome.exe

Remote address:

3.97.124.126:443

Request

GET /click/gq9x-a048i-5pexy1-p9ws0w9/ HTTP/2.0
host: trk.cp20.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Fri, 09 Aug 2024 12:04:42 GMT
content-type: text/html; charset=utf-8
content-length: 142
location: https://10jun3a.elnk1.com
cache-control: private
server: cmp-trk-s1-03
refresh: 0; URL=https://10jun3a.elnk1.com
x-aspnet-version:
DNS

10jun3a.elnk1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

10jun3a.elnk1.com

IN A

Response

10jun3a.elnk1.com

IN A

34.235.207.210

10jun3a.elnk1.com

IN A

35.170.250.104

10jun3a.elnk1.com

IN A

3.228.47.156

10jun3a.elnk1.com

IN A

3.232.184.184
GET

https://10jun3a.elnk1.com/

chrome.exe

Remote address:

34.235.207.210:443

Request

GET / HTTP/2.0
host: 10jun3a.elnk1.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: awselb/2.0
date: Fri, 09 Aug 2024 12:04:42 GMT
content-type: text/html; charset=utf-8
content-length: 1315
GET

https://10jun3a.elnk1.com/favicon.ico

chrome.exe

Remote address:

34.235.207.210:443

Request

GET /favicon.ico HTTP/2.0
host: 10jun3a.elnk1.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: awselb/2.0
date: Fri, 09 Aug 2024 12:04:44 GMT
content-type: text/html; charset=utf-8
content-length: 1315
POST

https://10jun3a.elnk1.com/

chrome.exe

Remote address:

34.235.207.210:443

Request

POST / HTTP/2.0
host: 10jun3a.elnk1.com
content-length: 900
cache-control: max-age=0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
origin: null
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: awselb/2.0
date: Fri, 09 Aug 2024 12:04:44 GMT
content-type: text/html; charset=utf-8
content-length: 1495
GET

https://10jun3a.elnk1.com/favicon.ico

chrome.exe

Remote address:

34.235.207.210:443

Request

GET /favicon.ico HTTP/2.0
host: 10jun3a.elnk1.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: awselb/2.0
date: Fri, 09 Aug 2024 12:04:45 GMT
content-type: text/html; charset=utf-8
content-length: 1315
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.196
DNS

202.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.168.217.172.in-addr.arpa

IN PTR

Response

202.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f101e100net
DNS

126.124.97.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.124.97.3.in-addr.arpa

IN PTR

Response

126.124.97.3.in-addr.arpa

IN PTR

ec2-3-97-124-126ca-central-1compute amazonawscom
DNS

210.207.235.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.207.235.34.in-addr.arpa

IN PTR

Response

210.207.235.34.in-addr.arpa

IN PTR

ec2-34-235-207-210 compute-1 amazonawscom
GET

https://www.google.com/recaptcha/api.js?render=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /recaptcha/api.js?render=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CPCRywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /recaptcha/api.js?onload=onloadRecaptchaCallback HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CPCRywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _GRECAPTCHA=09ABJXHI-C9RdjhASFr-JS63x5UBJOuhqBHaoSLZ_9v0f8bwby2kq5F5ig7qJ8yCWMPVXKKEwQ8VI8XBmzasIoSis
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3D4727C759EE664200003311580E67F3; domain=.bing.com; expires=Wed, 03-Sep-2025 12:04:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EFC05B528B904D8788481FFE61F366C0 Ref B: LON04EDGE1121 Ref C: 2024-08-09T12:04:43Z
date: Fri, 09 Aug 2024 12:04:42 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3D4727C759EE664200003311580E67F3

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=JIwHmWx9NbX9pCP2VXHKHCJjnvnkCve105YLQql3yMY; domain=.bing.com; expires=Wed, 03-Sep-2025 12:04:43 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED9C92B6981949EDBEDF2BA386F10208 Ref B: LON04EDGE1121 Ref C: 2024-08-09T12:04:43Z
date: Fri, 09 Aug 2024 12:04:42 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3D4727C759EE664200003311580E67F3; MSPTC=JIwHmWx9NbX9pCP2VXHKHCJjnvnkCve105YLQql3yMY

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5D43419BA9D0408D8543A2C3F4D56DEC Ref B: LON04EDGE1121 Ref C: 2024-08-09T12:04:43Z
date: Fri, 09 Aug 2024 12:04:43 GMT
GET

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo&co=aHR0cHM6Ly8xMGp1bjNhLmVsbmsxLmNvbTo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=jxyqktcr3l3q

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /recaptcha/api2/anchor?ar=1&k=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo&co=aHR0cHM6Ly8xMGp1bjNhLmVsbmsxLmNvbTo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=jxyqktcr3l3q HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CPCRywE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/js/bg/KMCqiV_wEkJTwFI21kyzyBiD2M1KubXhmTExSqPSBNU.js

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /js/bg/KMCqiV_wEkJTwFI21kyzyBiD2M1KubXhmTExSqPSBNU.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CPCRywE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo&co=aHR0cHM6Ly8xMGp1bjNhLmVsbmsxLmNvbTo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=jxyqktcr3l3q
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /recaptcha/api2/webworker.js?hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CPCRywE=
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: worker
referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo&co=aHR0cHM6Ly8xMGp1bjNhLmVsbmsxLmNvbTo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=jxyqktcr3l3q
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

216.58.214.10

content-autofill.googleapis.com

IN A

172.217.168.202

content-autofill.googleapis.com

IN A

216.58.208.106

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

172.217.23.202

content-autofill.googleapis.com

IN A

142.250.179.170
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQnMh_sZxVA3SRIFDVNaR8Uh0yGshr0Ko6M=?alt=proto

chrome.exe

Remote address:

142.251.36.42:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQnMh_sZxVA3SRIFDVNaR8Uh0yGshr0Ko6M=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CPCRywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQnOBoGsK1vINBIFDVNaR8Uh0yGshr0Ko6M=?alt=proto

chrome.exe

Remote address:

142.251.36.42:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQnOBoGsK1vINBIFDVNaR8Uh0yGshr0Ko6M=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CPCRywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

196.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.179.250.142.in-addr.arpa

IN PTR

Response

196.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f41e100net
DNS

85.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.177.190.20.in-addr.arpa

IN PTR

Response
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

42.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.36.251.142.in-addr.arpa

IN PTR

Response

42.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f101e100net
DNS

42.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.36.251.142.in-addr.arpa

IN PTR
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

3.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.36.251.142.in-addr.arpa

IN PTR

Response

3.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f31e100net
DNS

3.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.36.251.142.in-addr.arpa

IN PTR

3.97.124.126:443

https://trk.cp20.com/click/gq9x-a048i-5pexy1-p9ws0w9/

tls, http2

chrome.exe

1.8kB
6.7kB
12
15

HTTP Request

GET https://trk.cp20.com/click/gq9x-a048i-5pexy1-p9ws0w9/

HTTP Response

302
34.235.207.210:443

https://10jun3a.elnk1.com/favicon.ico

tls, http2

chrome.exe

3.5kB
15.3kB
22
25

HTTP Request

GET https://10jun3a.elnk1.com/

HTTP Response

200

HTTP Request

GET https://10jun3a.elnk1.com/favicon.ico

HTTP Response

200

HTTP Request

POST https://10jun3a.elnk1.com/

HTTP Response

200

HTTP Request

GET https://10jun3a.elnk1.com/favicon.ico

HTTP Response

200
142.250.179.196:443

https://www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback

tls, http2

chrome.exe

2.1kB
9.5kB
17
23

HTTP Request

GET https://www.google.com/recaptcha/api.js?render=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo

HTTP Request

GET https://www.google.com/recaptcha/api.js?onload=onloadRecaptchaCallback
13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

tls, http2

2.0kB
9.3kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=46b80a5f05ae4d7386f0ccc74abe0891&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

HTTP Response

204
142.250.179.196:443

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx

tls, http2

chrome.exe

3.7kB
49.1kB
41
52

HTTP Request

GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4MaQUAAAAAGeV85igUnejUuezhWPplUTSdLlo&co=aHR0cHM6Ly8xMGp1bjNhLmVsbmsxLmNvbTo0NDM.&hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=jxyqktcr3l3q

HTTP Request

GET https://www.google.com/js/bg/KMCqiV_wEkJTwFI21kyzyBiD2M1KubXhmTExSqPSBNU.js

HTTP Request

GET https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=_ZpyzC9NQw3gYt1GHTrnprhx
142.251.36.42:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQnOBoGsK1vINBIFDVNaR8Uh0yGshr0Ko6M=?alt=proto

tls, http2

chrome.exe

2.1kB
7.0kB
16
18

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQnMh_sZxVA3SRIFDVNaR8Uh0yGshr0Ko6M=?alt=proto

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQnOBoGsK1vINBIFDVNaR8Uh0yGshr0Ko6M=?alt=proto

8.8.8.8:53

trk.cp20.com

dns

chrome.exe

58 B
172 B
1
1

DNS Request

trk.cp20.com

DNS Response

3.97.124.126

15.156.37.76
8.8.8.8:53

10jun3a.elnk1.com

dns

chrome.exe

63 B
127 B
1
1

DNS Request

10jun3a.elnk1.com

DNS Response

34.235.207.210

35.170.250.104

3.228.47.156

3.232.184.184
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.196
8.8.8.8:53

202.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.168.217.172.in-addr.arpa
8.8.8.8:53

126.124.97.3.in-addr.arpa

dns

71 B
136 B
1
1

DNS Request

126.124.97.3.in-addr.arpa
8.8.8.8:53

210.207.235.34.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

210.207.235.34.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
253 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.251.36.42

142.250.179.202

142.250.179.138

142.251.39.106

216.58.214.10

172.217.168.202

216.58.208.106

172.217.168.234

142.251.36.10

172.217.23.202

142.250.179.170
142.250.179.196:443

www.google.com

https

chrome.exe

37.3kB
155.0kB
97
157
8.8.8.8:53

196.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.179.250.142.in-addr.arpa
8.8.8.8:53

85.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

85.177.190.20.in-addr.arpa
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

42.36.251.142.in-addr.arpa

dns

144 B
111 B
2
1

DNS Request

42.36.251.142.in-addr.arpa

DNS Request

42.36.251.142.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
142.250.179.196:443

www.google.com

https

chrome.exe

1.8kB
7.5kB
6
9
142.251.36.42:443

content-autofill.googleapis.com

https

chrome.exe

2.9kB
7.8kB
6
9
8.8.8.8:53

3.36.251.142.in-addr.arpa

dns

142 B
109 B
2
1

DNS Request

3.36.251.142.in-addr.arpa

DNS Request

3.36.251.142.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cdd72cc98a8fb07ce419c0ab747c9b61

SHA1
0c5427a014742196de323e16db905a8178d1ff60

SHA256
9520df03e8e70b1ab7943c598ea6fbaa0d387886f28aa17d57c85bb82870efc5

SHA512
d7f8f29d9c7411263308a51e88aace460ae8a42e211c1958226ed44602b56ae99e6058da0345c6af4bd98a16ca49719e627f7c8af62dd765db9a878d73e31424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
be92168a9e143b01013dc36ca39360a9

SHA1
7547da82c282c780da10ea34a969eae51e4acccc

SHA256
2b1acf6eb544ff861ef7048944516e4927ec9d3552cec819b4971f1c66c392b5

SHA512
cafd2ac03af535cfdaa58c5010079a08a64a942a241b59fbfbfb3c2c986c9f3de509f5af4a7c8af3b2bef885760c4070253b187d1aba9f0c7ae3fb86235379d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
18813ee8771710659ba484aab82e8a04

SHA1
8a46a0d83734576cc18bb2f12eb0b89856a493d3

SHA256
8e8cf57004c633164e7c3c087bf76204f3199db799fe4afbfa3e4ceedec5cf5c

SHA512
239651dbc2c11cef763eb947673f5b0a9b9db7ffd7889867f7e5d3e9b5603d82dd54ec7bcbd71271b22a4e73a92d18d729621018bec0fc517560126893714d5d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.