hxxps://ruggededgeholdings[.]com/

Analysis

max time kernel
300s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 12:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ruggededgeholdings.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729518220693606"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2016	3068	chrome.exe	83
PID 3068 wrote to memory of 2016	3068	chrome.exe	83
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 4784	3068	chrome.exe	84
PID 3068 wrote to memory of 2308	3068	chrome.exe	85
PID 3068 wrote to memory of 2308	3068	chrome.exe	85
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86
PID 3068 wrote to memory of 4132	3068	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ruggededgeholdings.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff94c96cc40,0x7ff94c96cc4c,0x7ff94c96cc58
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4564,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4752,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3496

Network

DNS

ruggededgeholdings.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ruggededgeholdings.com

IN A

Response

ruggededgeholdings.com

IN A

172.96.176.76
GET

https://ruggededgeholdings.com/

chrome.exe

Remote address:

172.96.176.76:443

Request

GET / HTTP/2.0
host: ruggededgeholdings.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-powered-by: PHP/8.3.12
content-encoding: br
content-length: 8
content-type: text/html; charset=UTF-8
date: Wed, 09 Oct 2024 12:50:18 GMT
server: Apache
GET

https://ruggededgeholdings.com/favicon.ico

chrome.exe

Remote address:

172.96.176.76:443

Request

GET /favicon.ico HTTP/2.0
host: ruggededgeholdings.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ruggededgeholdings.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-powered-by: PHP/8.3.12
content-encoding: br
content-length: 8
content-type: text/html; charset=UTF-8
date: Wed, 09 Oct 2024 12:50:21 GMT
server: Apache
GET

https://ruggededgeholdings.com/

chrome.exe

Remote address:

172.96.176.76:443

Request

GET / HTTP/2.0
host: ruggededgeholdings.com
cache-control: max-age=0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-powered-by: PHP/8.3.12
content-encoding: br
content-length: 8
content-type: text/html; charset=UTF-8
date: Wed, 09 Oct 2024 12:50:26 GMT
server: Apache
GET

https://ruggededgeholdings.com/favicon.ico

chrome.exe

Remote address:

172.96.176.76:443

Request

GET /favicon.ico HTTP/2.0
host: ruggededgeholdings.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ruggededgeholdings.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-powered-by: PHP/8.3.12
content-encoding: br
content-length: 8
content-type: text/html; charset=UTF-8
date: Wed, 09 Oct 2024 12:50:28 GMT
server: Apache
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

76.176.96.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.176.96.172.in-addr.arpa

IN PTR

Response

76.176.96.172.in-addr.arpa

IN PTR

newwa914hostpapavpsnet
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=395A738FF66967D0339C669CF76F66FB; domain=.bing.com; expires=Mon, 03-Nov-2025 12:50:19 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D854B2B7B7BA45938473EF6EFE0CD5C1 Ref B: LON601060108040 Ref C: 2024-10-09T12:50:19Z
date: Wed, 09 Oct 2024 12:50:19 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=395A738FF66967D0339C669CF76F66FB

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=LwxquOCWjsgFx1IywhxMi0RZ8gpH0LGD-IOye0VOXBE; domain=.bing.com; expires=Mon, 03-Nov-2025 12:50:19 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CCDA88EDC80045698B8202D8C24C3D97 Ref B: LON601060108040 Ref C: 2024-10-09T12:50:19Z
date: Wed, 09 Oct 2024 12:50:19 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=395A738FF66967D0339C669CF76F66FB; MSPTC=LwxquOCWjsgFx1IywhxMi0RZ8gpH0LGD-IOye0VOXBE

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 236EC7106C0646809D56AC294D4E5130 Ref B: LON601060108040 Ref C: 2024-10-09T12:50:19Z
date: Wed, 09 Oct 2024 12:50:19 GMT
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response

172.96.176.76:443

https://ruggededgeholdings.com/favicon.ico

tls, http2

chrome.exe

2.5kB
5.7kB
20
24

HTTP Request

GET https://ruggededgeholdings.com/

HTTP Response

200

HTTP Request

GET https://ruggededgeholdings.com/favicon.ico

HTTP Response

200

HTTP Request

GET https://ruggededgeholdings.com/

HTTP Response

200

HTTP Request

GET https://ruggededgeholdings.com/favicon.ico

HTTP Response

200
150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

tls, http2

2.0kB
9.3kB
21
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

HTTP Response

204

8.8.8.8:53

ruggededgeholdings.com

dns

chrome.exe

68 B
84 B
1
1

DNS Request

ruggededgeholdings.com

DNS Response

172.96.176.76
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

76.176.96.172.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

76.176.96.172.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d0d4b4629b594aa1fbf28f781c0ffedd

SHA1
b7ef14b835071d384e2054f229b8cf37ca48af41

SHA256
95f36477c63802b1e9cf687c1ce5c343e3853ba72fd7995a906575f462fa839e

SHA512
79256ccb70a5c3a94290ae8405bccdaf2d7afa07e6c66bcb76afe3c242957566fa70bdb16e6e65becaec1c66e8223a8c8d4c2a132148c537b1c3adec21660373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e13ab587af0ce38b979653c2fecbf8f1

SHA1
698b6245579a400fcb9bf9876f7da869eb34af41

SHA256
ec028ad21c948be94ad16e66b374efb0a17ecb173033c39e04bf85c522ef6846

SHA512
3b520e5132cc44a033707c95f9ccb1f3e07ebac435cdff121252c79993e883731494caedc9be180d201ad86337b31e8d6f96057a1d41551493dcb00a50f143a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2934621657e44be6b2a2dad307eaa310

SHA1
e7a288a477b10ae31caca8097f73e80d7d3f517a

SHA256
25b42f3ed9a3ce3ac696178b08f340c689f6f70902c8816dbf690943af647df9

SHA512
064ea289e4572b5240a1f4fdb0997bd5d754126e9f0f07feac3eec495860e30f18559335f5016ffbbb27fb89b0fcf4e6c6499251ca708e0aa42c6a3753094e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
33f1604b1fc85afec2bc35966d67667c

SHA1
ea7d48ab9b74d14f0a3dc8eb8b63f0a7942dd7f5

SHA256
1e7943e18932d958b59add7bbe6d1e144569ea5c6256ba0584f3469a25dd6cbc

SHA512
0b9399315909538ecdbe63f8a84fd7873eaa530694cb182bf576c389799f8e9f1dc18b42d1fd58643b3949dc6ecff7148e6d3dc9a1039729944cb69d189a7cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
544b88eedd13a32b53521d526bbc14dd

SHA1
471a32c90f4a43b01840346e487ad177450db1a0

SHA256
1dd43b8894614457bf33e6db1113a03669ca3c0032f9a3519f3dbc7dea3b0bc0

SHA512
a17ca388b78c472977fb5a4043ca45c2188a977c6b22078c8e7b2e132e5642748342fbc63bddafbfba95c5a5855b06a61a0e4e3b84a6bf738410884e02b0ffc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6213d5d54a2e8ecb74dfc3afb9697f15

SHA1
ba5dce371d7596132c8290d8cd4f12d1be61fbda

SHA256
1cc8a7026ee4296d6c0bc2d4039ec7421209ac88bc9da4515d91657e4fb03a6c

SHA512
9dc5e4d833792dd0beb4d937cd4d5c372561b1bf6653e0a9093a3c4b6f7853c7bac4c838ae1f2b53cf6591fd2f0da29bf967947e7a622d177f277fefdaa52f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cd8c25aad4032748ba62be69dd8ec6de

SHA1
981d329fc7459d80e1f3fb2cb02d812aedecec31

SHA256
3d94155c3caa97eba57728b1d2eb912fda3deaf1549f5db0d2e640d62b87b8e6

SHA512
de4066a07555568d4c1f5826d2461e7e65552a5714e615467e9d6a964d8205de005ef14b5f06d38a85e2e00b15d74a38eff2a1fe06fd7ab51b0988f15643190e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aed47c386e94fe0ff1c66191411cfa62

SHA1
b38a10b558c4a345616e4e03df4ff90601dca9d2

SHA256
c36ebcb28c98104a3d1749842975fd81e67372207345b5faa2b93767efe016e6

SHA512
6649b8f730b440c745bcbb9aca33235d69ded8f2d037cb5b9fb8bdc229af2b40d3b5ba9c5af5ed026ed758158f7331bcdd0d675020595d32e7efbe5cfb2e9796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f633e2144cacd9c1b49d1e9428c93606

SHA1
5b22a9ea38afeb7eec9e70f0b493f6b66d238a51

SHA256
2d92cf47b8f9e8e7443d18018f61d65fdd9339f1569f4bf6fb778167f84df8f8

SHA512
178ba2bf5044febb3bc6b1eaa74a0b099a49f913219d420182e8b2bc63eab28c8655a88dde61fe721f3294af1ba982b5ae98bfbbae4cc63afb10127534bca79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d14fe9beca29fbfbc3258e7b2fb907e

SHA1
ebfbf12e5a43a23d19f506fcdf828220ec73488a

SHA256
8fa42c5160deb48576086d5a06e6c1b0b756c69c63aa0299ed60f2ae40819ff4

SHA512
8b665eb291dd94b34534175c18579469d9b23eb15e2d295ed0ae51ca5778c123f09f9bf68067bfe6f9fe35ef71673753506f2cc8e558aee77c69068c3954659e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
920955df25f38e32cc9535e749d4d0a7

SHA1
3424b2d81dcf46786054038aa6fdc9eafc937be0

SHA256
3416ed4cb19b9425651cb2c58090c647a6a130d25d05386385c4ce5d9ca93378

SHA512
6124ecf8ddb50293449aee4575e73e4d30c5cb8652614100c5bc14b6e80f0be3bc1b5072aacf013c665a88bfbdd6e055155900d5ac4289e960449ff4768daf98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b824c76679dc02151490df7350589255

SHA1
b3a5f7ae9bfd54bd7ac0de9dc48b73270e687842

SHA256
16a9da05916488415b62ea8d5a576d86d8037b42cc50b472f9b7d32ad2d1a3eb

SHA512
89e2ae90536403224678a329fdbd11040bf1cf297a79fb1c98e7a60c41138666ce82cd054773ae086feaa2c821de706f5a898ed5fa22257f7ac32ccd2915d39c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b56b58da3e40ff57d74f6d83be14e908

SHA1
2bdec8c03f1c085bbc7cf2ce0d953799833dec84

SHA256
fef50c789acb654bc03604efbb5e25491f2660b8ce72d0857a545ec85e38b3b3

SHA512
8008922760d93572bfec69dec03b65f2c1af15b2153807dfe3397df026b83e2fe66e087987c27c3463fd144d2d63ded8dac39d7ad99b626fea9e944e994cb694

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.