7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

Analysis

max time kernel
29s
max time network
157s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/10/2024, 21:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-5.6-main.zip
Size

25.1MB
MD5

95c1c4a3673071e05814af8b2a138be4
SHA1

4c08b79195e0ff13b63cfb0e815a09dc426ac340
SHA256

7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27
SHA512

339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd
SSDEEP

786432:Ty5jMDNnx2+4NYobtH8VVtKqi9+i514XZ/pjYlp0:MMDNnxV4iobxibiIi5MpjYv0

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
51	camo.githubusercontent.com
52	camo.githubusercontent.com
53	camo.githubusercontent.com
54	camo.githubusercontent.com
55	camo.githubusercontent.com
56	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2820	2760	chrome.exe	31
PID 2760 wrote to memory of 2820	2760	chrome.exe	31
PID 2760 wrote to memory of 2820	2760	chrome.exe	31
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2660	2760	chrome.exe	33
PID 2760 wrote to memory of 2844	2760	chrome.exe	34
PID 2760 wrote to memory of 2844	2760	chrome.exe	34
PID 2760 wrote to memory of 2844	2760	chrome.exe	34
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35
PID 2760 wrote to memory of 2608	2760	chrome.exe	35

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main.zip
1⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb1e9758,0x7fefb1e9768,0x7fefb1e9778
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:2
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3960 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3888 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3744 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2328 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3856 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1596 --field-trial-handle=1388,i,2020819703583340659,1736378166367200527,131072 /prefetch:8
  2⤵
  PID:900

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2084

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
PID:2388

Network

DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: COPjygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

216.58.212.202

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

172.217.169.42

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

172.217.169.10
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.180.14
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: chrome-untrusted://new-tab-page
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAlpzjkld-oO7BIFDdTB4P4=?alt=proto

chrome.exe

Remote address:

216.58.201.106:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAlpzjkld-oO7BIFDdTB4P4=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: COPjygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0

chrome.exe

Remote address:

142.250.180.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.169.78
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

172.217.169.78:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 1435
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: chrome-untrusted://new-tab-page
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

consent.google.com

Remote address:

8.8.8.8:53

Request

consent.google.com

IN A

Response

consent.google.com

IN A

216.58.204.78
DNS

id.google.com

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

142.250.179.227
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.githubassets.com

Remote address:

8.8.8.8:53

Request

github.githubassets.com

IN A

Response

github.githubassets.com

IN A

185.199.111.154

github.githubassets.com

IN A

185.199.108.154

github.githubassets.com

IN A

185.199.110.154

github.githubassets.com

IN A

185.199.109.154
DNS

avatars.githubusercontent.com

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN A

Response

avatars.githubusercontent.com

IN A

185.199.110.133

avatars.githubusercontent.com

IN A

185.199.109.133

avatars.githubusercontent.com

IN A

185.199.108.133

avatars.githubusercontent.com

IN A

185.199.111.133
DNS

github-cloud.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

3.5.28.190

s3-w.us-east-1.amazonaws.com

IN A

52.216.153.252

s3-w.us-east-1.amazonaws.com

IN A

52.217.166.113

s3-w.us-east-1.amazonaws.com

IN A

54.231.139.113

s3-w.us-east-1.amazonaws.com

IN A

3.5.6.213

s3-w.us-east-1.amazonaws.com

IN A

54.231.233.161

s3-w.us-east-1.amazonaws.com

IN A

16.182.41.241

s3-w.us-east-1.amazonaws.com

IN A

52.216.60.1
DNS

user-images.githubusercontent.com

Remote address:

8.8.8.8:53

Request

user-images.githubusercontent.com

IN A

Response

user-images.githubusercontent.com

IN A

185.199.110.133

user-images.githubusercontent.com

IN A

185.199.109.133

user-images.githubusercontent.com

IN A

185.199.108.133

user-images.githubusercontent.com

IN A

185.199.111.133
DNS

camo.githubusercontent.com

Remote address:

8.8.8.8:53

Request

camo.githubusercontent.com

IN A

Response

camo.githubusercontent.com

IN A

185.199.109.133

camo.githubusercontent.com

IN A

185.199.111.133

camo.githubusercontent.com

IN A

185.199.108.133

camo.githubusercontent.com

IN A

185.199.110.133
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

172.217.16.234
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN A

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com

glb-db52c2cf8be544.github.com

IN A

140.82.114.21
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
DNS

codeload.github.com

Remote address:

8.8.8.8:53

Request

codeload.github.com

IN A

Response

codeload.github.com

IN A

20.26.156.216
DNS

beacons.gcp.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.35

142.250.178.4:443

https://www.google.com/async/ddljson?async=ntp:2

tls, http2

chrome.exe

2.7kB
46.2kB
35
49

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2
216.58.201.106:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAlpzjkld-oO7BIFDdTB4P4=?alt=proto

tls, http2

chrome.exe

2.4kB
7.4kB
20
22

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAlpzjkld-oO7BIFDdTB4P4=?alt=proto
142.250.180.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0

tls, http2

chrome.exe

2.6kB
51.1kB
31
45

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0
172.217.169.78:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

3.3kB
9.0kB
16
19

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
216.58.204.78:443

consent.google.com

tls

2.3kB
10.5kB
15
18
142.250.179.227:443

id.google.com

tls

2.2kB
9.6kB
14
17
20.26.156.215:443

github.com

tls

5.8kB
112.8kB
68
105
20.26.156.215:443

github.com

tls

1.1kB
4.0kB
11
8
185.199.110.133:443

avatars.githubusercontent.com

tls

1.0kB
4.8kB
10
10
185.199.111.154:443

github.githubassets.com

tls

32.7kB
1.0MB
475
834
185.199.109.133:443

camo.githubusercontent.com

tls

1.0kB
4.8kB
10
10
185.199.109.133:443

camo.githubusercontent.com

tls

1.1kB
4.8kB
12
10
185.199.109.133:443

camo.githubusercontent.com

tls

1.0kB
4.8kB
10
10
185.199.109.133:443

camo.githubusercontent.com

tls

1.1kB
4.8kB
12
10
185.199.109.133:443

camo.githubusercontent.com

tls

1.0kB
4.8kB
10
10
185.199.110.133:443

avatars.githubusercontent.com

tls

1.1kB
4.8kB
12
10
185.199.111.154:443

github.githubassets.com

tls

2.1kB
25.7kB
19
29
140.82.114.21:443

collector.github.com

tls

909 B
4.3kB
8
5
140.82.114.21:443

collector.github.com

tls

909 B
4.3kB
8
5
20.26.156.210:443

api.github.com

tls

4.5kB
7.9kB
25
27
140.82.114.21:443

collector.github.com

tls

985 B
5.7kB
9
6
20.26.156.216:443

codeload.github.com

tls

995 B
4.0kB
9
9
20.26.156.216:443

codeload.github.com

tls

490.1kB
27.5MB
10522
19715
172.217.169.35:443

beacons.gcp.gvt2.com

tls

3.7kB
6.8kB
19
18
172.217.169.35:443

beacons.gcp.gvt2.com

tls

999 B
5.6kB
9
8

8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
325 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

216.58.201.106

142.250.200.10

142.250.187.234

216.58.213.10

216.58.212.202

216.58.204.74

172.217.16.234

172.217.169.42

142.250.180.10

142.250.178.10

142.250.179.234

142.250.187.202

172.217.169.74

142.250.200.42

216.58.212.234

172.217.169.10
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.180.14
216.58.201.106:443

ogads-pa.googleapis.com

https

chrome.exe

5.6kB
9.5kB
26
32
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.169.78
224.0.0.251:5353

chrome.exe

204 B
3
142.250.178.4:443

www.google.com

https

chrome.exe

54.3kB
1.5MB
362
1414
172.217.169.78:443

play.google.com

https

chrome.exe

9.1kB
9.2kB
20
21
8.8.8.8:53

consent.google.com

dns

64 B
80 B
1
1

DNS Request

consent.google.com

DNS Response

216.58.204.78
8.8.8.8:53

id.google.com

dns

59 B
75 B
1
1

DNS Request

id.google.com

DNS Response

142.250.179.227
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

github.githubassets.com

dns

69 B
133 B
1
1

DNS Request

github.githubassets.com

DNS Response

185.199.111.154

185.199.108.154

185.199.110.154

185.199.109.154
8.8.8.8:53

avatars.githubusercontent.com

dns

75 B
139 B
1
1

DNS Request

avatars.githubusercontent.com

DNS Response

185.199.110.133

185.199.109.133

185.199.108.133

185.199.111.133
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

75 B
253 B
1
1

DNS Request

github-cloud.s3.amazonaws.com

DNS Response

3.5.28.190

52.216.153.252

52.217.166.113

54.231.139.113

3.5.6.213

54.231.233.161

16.182.41.241

52.216.60.1
8.8.8.8:53

user-images.githubusercontent.com

dns

79 B
143 B
1
1

DNS Request

user-images.githubusercontent.com

DNS Response

185.199.110.133

185.199.109.133

185.199.108.133

185.199.111.133
8.8.8.8:53

camo.githubusercontent.com

dns

72 B
136 B
1
1

DNS Request

camo.githubusercontent.com

DNS Response

185.199.109.133

185.199.111.133

185.199.108.133

185.199.110.133
8.8.8.8:53

content-autofill.googleapis.com

dns

77 B
301 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.200.42

142.250.180.10

142.250.187.234

216.58.201.106

142.250.200.10

216.58.213.10

172.217.169.10

172.217.169.42

142.250.179.234

216.58.204.74

216.58.212.234

142.250.187.202

142.250.178.10

172.217.16.234
8.8.8.8:53

collector.github.com

dns

66 B
115 B
1
1

DNS Request

collector.github.com

DNS Response

140.82.114.21
8.8.8.8:53

api.github.com

dns

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

codeload.github.com

dns

65 B
81 B
1
1

DNS Request

codeload.github.com

DNS Response

20.26.156.216
8.8.8.8:53

beacons.gcp.gvt2.com

dns

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.35

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8029ee08bbf9b4375adb4d085ff7690

SHA1
68d4ee2ceecc4687be96a0a09a48a49298a8db90

SHA256
46b3a397afbe34378b33e92e439646062b30a4b0a417c96824c3ba60b56c65df

SHA512
444cf02a139f7ffe553850ef14dcd2624b5f2cdc1486aaaf48c89788319b35470245ea442c68a846090b69fe1ee08b273ddcb9331a19b06435b5b166c5af8aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4b5c499720c846972e0c38b601ff9ab7

SHA1
b5260b0ee62bdede56f69c3d64afa2b49321856d

SHA256
304b6def83a9ee3cf3d308fbd947f7d2115da2cb7caccfbc383e0842bda229d1

SHA512
2a678964be7a5eec9efd9ab6cb90dfb6728b76557f2bd6e98f3d7341338e56f734a0a07765692f97d1d0893192fe77e557d880af4f5739990c8200275da37479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f84ae2e4c70adcc98d2cd0c78c9a92c4

SHA1
044776c8a5844c0ef4ee1077e08ac2a04bc5847f

SHA256
e6ab80c0f1f010276ef3da0068e2af434b732bef2bb555b54f708fc49eeeb406

SHA512
9b228c6e82d26870285f23530006c3126fba4328e865f807a555211210ceb7a6189b690a636620887b81f22729e101c2f864b4ee42255acedc11a725e56add52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
63cbe8fcf076d4b000bc8e79eb4d7444

SHA1
f02631a1f7524b95eaddc666cfd39e52970adcc5

SHA256
f776f38e5f1c471b3945eab12454ab342ab1a7d9ab477f04209cae936eb9a301

SHA512
5e8ea73c3a00006bdfdf096086a83cadbe05859ecf8fc1b88e891031365186099e0b4d7de68243bdba7f16f1cea28dde409f38a0fb25d9bf2f3d7663bc4237e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
2aca17f17dd07ddb8c29d65b6de02d04

SHA1
7d4188f1b9a3250f4b8d505331f99c067308fc11

SHA256
c909c375fe272223b6fff8527b7d2584a078c68fc13016f73d01e516a0c99e1a

SHA512
d7ba54f7493188093c33659585aa970ff1efa549509438f521239263f2866819c01d0d0c009bf5f4b4307d924e99355bc8652ab6ff4759d4d9d5b6bbda5a016d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
0fbb133c8e83eb421dad1925d71dfb6e

SHA1
2c71adf8e03f454c65a3fa735b7e7434b436faf3

SHA256
260e457bc78ee97ab97fd06b234025c353d6f999e721276642ebe4456bd2446f

SHA512
d4346240fad8e93676f74a750656e5cd545078e69a24eae679dc4214d08faa9f01c93d6bc8b714ffd637975d0bbcf5d3d8cc55c74a5794d7c54c81872a7ac70f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f50ce208656b0030969ad6117add74c1

SHA1
6c76755479f474569535b43275a5d5db7ce7d148

SHA256
a3f935efbe4e6f686f0201913fe58dccbe693f0d5096edb6a2811754fbc19e95

SHA512
a8035a664c744cd5304284db81f83d41c13e934be52d4e51d3dbad3f7d08b6a52aaad14e019e363c45d9ce820b60b7c05a19c49ba07a1657250bcac40ccf2820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
8e445022a48ac1018b8ee5bf04674b99

SHA1
6b354bc988915d8eb227f64796c6f46bffbca0b3

SHA256
e1a135839bfb15977218ce0bb101dbffd1a104b2ce6d3793ad0bf9c9d8bc2d8c

SHA512
97c653f484376db1d8a51b7c4cf163c42472fa49b115d5c433066c11fb1bd863574d69c98afa90296d7ee6d8b5bc99fea965d60d39cd05a388fd6e2022f84d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
681cf05c47581882c4daeb63f8400ae0

SHA1
5b5cb649d414b68324ade12e314802d764b1b7c3

SHA256
31134ac8625becb0def4e3e7d143f406c305f1292adaf228c153a07d6b2d7bac

SHA512
ba04d8a4edb26fddaa1549b259f163a4b3dc4cd34f41d22c296d20fbd7631b1927c21dc3d0f14647ce35f8af2716f949e5a2bb969997e7917d136325c833ff59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6cf64f50b5ece554202aaebc348f6cf9

SHA1
82bb33f564466b63f9f9f252bf1bac46904646f5

SHA256
824c9aa2e718b0dd3487f81e5e6eb2381315446161a5e415a432543205eeb23e

SHA512
24807fb20758c85865e82bcdaf649d912d5600bc31004750960e8be452a0b808831be7cd7739b9b1fe6671e5bc2b5f91d30fa7c50b8baa8225029aef3504bdab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4cf1a64638ef133dc840b883cb5cdc53

SHA1
ad464748a0ceb82ff96b1a92cfd20f6fed7da554

SHA256
fa347189d7130c16a9fb8bdccdea0d7bea6e9e9098c4ae69b739daf6ba72d690

SHA512
e9857443b34e64a6a9a9b55a8d96870f3e1a93f7da76c055ba363b0d84c9884edb70063ccb7046bf2c7babe3f5a8f3498b0a3667853ace9fb32fe4469882e557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7e532e89c206e4b47626c055187a00d3

SHA1
66e6396c0ace05cc4983fa3ed7863cc0f27e4c3f

SHA256
fe3da3c853c90c51139f2963b33357257736bd8452c39e283d5c8e676e785318

SHA512
8f0c226ea6b9904571c4a5bee04be503d904aff4cb8447eafaecf33f1ada3a76ba90148ca28ec27728489caf560a64899caad4de79e7920189907185f8960806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
efc55437788540558e3ad2d8f57b5b89

SHA1
4cb7fad83f08d26fd0cf19a57ac52224f9a52b05

SHA256
0f996871b2a20c2f79c984b1ed71226fbcad7540fc5824b350d12be88b7db821

SHA512
5bdcb244a77ca8994cfe843d2f9146c0e3f7a9fec46b0e15da4a3077052f3d80cbdb2a7931379cf3a6bb5cee84a068be39025f8dc3edc9aa8fabcf1a85a01063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
341KB

MD5
fa219c913106e3628b4b088120e32820

SHA1
086de9014fd771af05c6573c2c30029863576288

SHA256
092697529ab7b05d702e221656be4ad1507ab4e1b2d1c067ffb9a203cab1f915

SHA512
92c531cf828572c2c0ef168c461decab7fb0603ca30c6bc2fe43193084a148544b84c589865b1c4e08f5a67ac2d61494abbf6868c2f29971fbfb8728c79ea011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
7dbfbaf4fd28c72d8abce7c3cd5c8797

SHA1
534db807d848b6c74bf9ed3bb4008f4190cea248

SHA256
2536b068f1489ff00f2153df3264eccbdcccc8bbec1a91947dc91357d840b8e4

SHA512
4237b34f43c931ae15681aae7704b2634cd167c74b75448373afb7f6e9c6e0b303aab33aa2f18f6cf8a928b636bc26dff2a35d45d554fe61b14a12b888716409

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab67F9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar682A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main.zip.crdownload

Filesize
25.1MB

MD5
95c1c4a3673071e05814af8b2a138be4

SHA1
4c08b79195e0ff13b63cfb0e815a09dc426ac340

SHA256
7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

SHA512
339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.