Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    300s
  • max time network
    245s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 12:50 UTC

General

  • Target

    https://ruggededgeholdings.com/

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ruggededgeholdings.com/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff94c96cc40,0x7ff94c96cc4c,0x7ff94c96cc58
      2⤵
        PID:2016
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
        2⤵
          PID:4784
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
          2⤵
            PID:2308
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
            2⤵
              PID:4132
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
              2⤵
                PID:408
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
                2⤵
                  PID:3248
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4564,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
                  2⤵
                    PID:1012
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4752,i,7538694756188224948,6712548095567010813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2356
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:3960
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                    1⤵
                      PID:3496

                    Network

                    • flag-us
                      DNS
                      ruggededgeholdings.com
                      chrome.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      ruggededgeholdings.com
                      IN A
                      Response
                      ruggededgeholdings.com
                      IN A
                      172.96.176.76
                    • flag-ca
                      GET
                      https://ruggededgeholdings.com/
                      chrome.exe
                      Remote address:
                      172.96.176.76:443
                      Request
                      GET / HTTP/2.0
                      host: ruggededgeholdings.com
                      sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      upgrade-insecure-requests: 1
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      sec-fetch-site: none
                      sec-fetch-mode: navigate
                      sec-fetch-user: ?1
                      sec-fetch-dest: document
                      accept-encoding: gzip, deflate, br, zstd
                      accept-language: en-US,en;q=0.9
                      Response
                      HTTP/2.0 200
                      x-powered-by: PHP/8.3.12
                      content-encoding: br
                      content-length: 8
                      content-type: text/html; charset=UTF-8
                      date: Wed, 09 Oct 2024 12:50:18 GMT
                      server: Apache
                    • flag-ca
                      GET
                      https://ruggededgeholdings.com/favicon.ico
                      chrome.exe
                      Remote address:
                      172.96.176.76:443
                      Request
                      GET /favicon.ico HTTP/2.0
                      host: ruggededgeholdings.com
                      sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
                      sec-ch-ua-mobile: ?0
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      sec-fetch-site: same-origin
                      sec-fetch-mode: no-cors
                      sec-fetch-dest: image
                      referer: https://ruggededgeholdings.com/
                      accept-encoding: gzip, deflate, br, zstd
                      accept-language: en-US,en;q=0.9
                      Response
                      HTTP/2.0 200
                      x-powered-by: PHP/8.3.12
                      content-encoding: br
                      content-length: 8
                      content-type: text/html; charset=UTF-8
                      date: Wed, 09 Oct 2024 12:50:21 GMT
                      server: Apache
                    • flag-ca
                      GET
                      https://ruggededgeholdings.com/
                      chrome.exe
                      Remote address:
                      172.96.176.76:443
                      Request
                      GET / HTTP/2.0
                      host: ruggededgeholdings.com
                      cache-control: max-age=0
                      sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      upgrade-insecure-requests: 1
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      sec-fetch-site: none
                      sec-fetch-mode: navigate
                      sec-fetch-user: ?1
                      sec-fetch-dest: document
                      accept-encoding: gzip, deflate, br, zstd
                      accept-language: en-US,en;q=0.9
                      Response
                      HTTP/2.0 200
                      x-powered-by: PHP/8.3.12
                      content-encoding: br
                      content-length: 8
                      content-type: text/html; charset=UTF-8
                      date: Wed, 09 Oct 2024 12:50:26 GMT
                      server: Apache
                    • flag-ca
                      GET
                      https://ruggededgeholdings.com/favicon.ico
                      chrome.exe
                      Remote address:
                      172.96.176.76:443
                      Request
                      GET /favicon.ico HTTP/2.0
                      host: ruggededgeholdings.com
                      sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
                      sec-ch-ua-mobile: ?0
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      sec-fetch-site: same-origin
                      sec-fetch-mode: no-cors
                      sec-fetch-dest: image
                      referer: https://ruggededgeholdings.com/
                      accept-encoding: gzip, deflate, br, zstd
                      accept-language: en-US,en;q=0.9
                      Response
                      HTTP/2.0 200
                      x-powered-by: PHP/8.3.12
                      content-encoding: br
                      content-length: 8
                      content-type: text/html; charset=UTF-8
                      date: Wed, 09 Oct 2024 12:50:28 GMT
                      server: Apache
                    • flag-us
                      DNS
                      202.187.250.142.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      202.187.250.142.in-addr.arpa
                      IN PTR
                      Response
                      202.187.250.142.in-addr.arpa
                      IN PTR
                      lhr25s33-in-f101e100net
                    • flag-us
                      DNS
                      76.176.96.172.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      76.176.96.172.in-addr.arpa
                      IN PTR
                      Response
                      76.176.96.172.in-addr.arpa
                      IN PTR
                      newwa914 hostpapavpsnet
                    • flag-us
                      DNS
                      g.bing.com
                      Remote address:
                      8.8.8.8:53
                      Request
                      g.bing.com
                      IN A
                      Response
                      g.bing.com
                      IN CNAME
                      g-bing-com.ax-0001.ax-msedge.net
                      g-bing-com.ax-0001.ax-msedge.net
                      IN CNAME
                      ax-0001.ax-msedge.net
                      ax-0001.ax-msedge.net
                      IN A
                      150.171.27.10
                      ax-0001.ax-msedge.net
                      IN A
                      150.171.28.10
                    • flag-us
                      GET
                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=
                      Remote address:
                      150.171.27.10:443
                      Request
                      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid= HTTP/2.0
                      host: g.bing.com
                      accept-encoding: gzip, deflate
                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                      Response
                      HTTP/2.0 204
                      cache-control: no-cache, must-revalidate
                      pragma: no-cache
                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                      set-cookie: MUID=395A738FF66967D0339C669CF76F66FB; domain=.bing.com; expires=Mon, 03-Nov-2025 12:50:19 GMT; path=/; SameSite=None; Secure; Priority=High;
                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                      access-control-allow-origin: *
                      x-cache: CONFIG_NOCACHE
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: D854B2B7B7BA45938473EF6EFE0CD5C1 Ref B: LON601060108040 Ref C: 2024-10-09T12:50:19Z
                      date: Wed, 09 Oct 2024 12:50:19 GMT
                    • flag-us
                      GET
                      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=
                      Remote address:
                      150.171.27.10:443
                      Request
                      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid= HTTP/2.0
                      host: g.bing.com
                      accept-encoding: gzip, deflate
                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                      cookie: MUID=395A738FF66967D0339C669CF76F66FB
                      Response
                      HTTP/2.0 204
                      cache-control: no-cache, must-revalidate
                      pragma: no-cache
                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                      set-cookie: MSPTC=LwxquOCWjsgFx1IywhxMi0RZ8gpH0LGD-IOye0VOXBE; domain=.bing.com; expires=Mon, 03-Nov-2025 12:50:19 GMT; path=/; Partitioned; secure; SameSite=None
                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                      access-control-allow-origin: *
                      x-cache: CONFIG_NOCACHE
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: CCDA88EDC80045698B8202D8C24C3D97 Ref B: LON601060108040 Ref C: 2024-10-09T12:50:19Z
                      date: Wed, 09 Oct 2024 12:50:19 GMT
                    • flag-us
                      GET
                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=
                      Remote address:
                      150.171.27.10:443
                      Request
                      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid= HTTP/2.0
                      host: g.bing.com
                      accept-encoding: gzip, deflate
                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                      cookie: MUID=395A738FF66967D0339C669CF76F66FB; MSPTC=LwxquOCWjsgFx1IywhxMi0RZ8gpH0LGD-IOye0VOXBE
                      Response
                      HTTP/2.0 204
                      cache-control: no-cache, must-revalidate
                      pragma: no-cache
                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                      access-control-allow-origin: *
                      x-cache: CONFIG_NOCACHE
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 236EC7106C0646809D56AC294D4E5130 Ref B: LON601060108040 Ref C: 2024-10-09T12:50:19Z
                      date: Wed, 09 Oct 2024 12:50:19 GMT
                    • flag-us
                      DNS
                      83.210.23.2.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      83.210.23.2.in-addr.arpa
                      IN PTR
                      Response
                      83.210.23.2.in-addr.arpa
                      IN PTR
                      a2-23-210-83deploystaticakamaitechnologiescom
                    • flag-us
                      DNS
                      10.27.171.150.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      10.27.171.150.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      50.23.12.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      50.23.12.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      241.42.69.40.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      241.42.69.40.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      172.214.232.199.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      172.214.232.199.in-addr.arpa
                      IN PTR
                      Response
                    • 172.96.176.76:443
                      https://ruggededgeholdings.com/favicon.ico
                      tls, http2
                      chrome.exe
                      2.5kB
                      5.7kB
                      20
                      24

                      HTTP Request

                      GET https://ruggededgeholdings.com/

                      HTTP Response

                      200

                      HTTP Request

                      GET https://ruggededgeholdings.com/favicon.ico

                      HTTP Response

                      200

                      HTTP Request

                      GET https://ruggededgeholdings.com/

                      HTTP Response

                      200

                      HTTP Request

                      GET https://ruggededgeholdings.com/favicon.ico

                      HTTP Response

                      200
                    • 150.171.27.10:443
                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=
                      tls, http2
                      2.0kB
                      9.3kB
                      21
                      18

                      HTTP Request

                      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

                      HTTP Response

                      204

                      HTTP Request

                      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

                      HTTP Response

                      204

                      HTTP Request

                      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=82fbfacb6a534d8cba878cfcf0b20e2a&localId=w:45F2691B-218C-F38E-DD34-9B67AA44BEAA&deviceId=6825841072482335&anid=

                      HTTP Response

                      204
                    • 8.8.8.8:53
                      ruggededgeholdings.com
                      dns
                      chrome.exe
                      68 B
                      84 B
                      1
                      1

                      DNS Request

                      ruggededgeholdings.com

                      DNS Response

                      172.96.176.76

                    • 8.8.8.8:53
                      202.187.250.142.in-addr.arpa
                      dns
                      74 B
                      113 B
                      1
                      1

                      DNS Request

                      202.187.250.142.in-addr.arpa

                    • 8.8.8.8:53
                      76.176.96.172.in-addr.arpa
                      dns
                      72 B
                      110 B
                      1
                      1

                      DNS Request

                      76.176.96.172.in-addr.arpa

                    • 8.8.8.8:53
                      g.bing.com
                      dns
                      56 B
                      148 B
                      1
                      1

                      DNS Request

                      g.bing.com

                      DNS Response

                      150.171.27.10
                      150.171.28.10

                    • 8.8.8.8:53
                      83.210.23.2.in-addr.arpa
                      dns
                      70 B
                      133 B
                      1
                      1

                      DNS Request

                      83.210.23.2.in-addr.arpa

                    • 8.8.8.8:53
                      10.27.171.150.in-addr.arpa
                      dns
                      72 B
                      158 B
                      1
                      1

                      DNS Request

                      10.27.171.150.in-addr.arpa

                    • 224.0.0.251:5353
                      chrome.exe
                      204 B
                      3
                    • 8.8.8.8:53
                      50.23.12.20.in-addr.arpa
                      dns
                      70 B
                      156 B
                      1
                      1

                      DNS Request

                      50.23.12.20.in-addr.arpa

                    • 8.8.8.8:53
                      241.42.69.40.in-addr.arpa
                      dns
                      71 B
                      145 B
                      1
                      1

                      DNS Request

                      241.42.69.40.in-addr.arpa

                    • 8.8.8.8:53
                      172.214.232.199.in-addr.arpa
                      dns
                      74 B
                      128 B
                      1
                      1

                      DNS Request

                      172.214.232.199.in-addr.arpa

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      2KB

                      MD5

                      d0d4b4629b594aa1fbf28f781c0ffedd

                      SHA1

                      b7ef14b835071d384e2054f229b8cf37ca48af41

                      SHA256

                      95f36477c63802b1e9cf687c1ce5c343e3853ba72fd7995a906575f462fa839e

                      SHA512

                      79256ccb70a5c3a94290ae8405bccdaf2d7afa07e6c66bcb76afe3c242957566fa70bdb16e6e65becaec1c66e8223a8c8d4c2a132148c537b1c3adec21660373

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      e13ab587af0ce38b979653c2fecbf8f1

                      SHA1

                      698b6245579a400fcb9bf9876f7da869eb34af41

                      SHA256

                      ec028ad21c948be94ad16e66b374efb0a17ecb173033c39e04bf85c522ef6846

                      SHA512

                      3b520e5132cc44a033707c95f9ccb1f3e07ebac435cdff121252c79993e883731494caedc9be180d201ad86337b31e8d6f96057a1d41551493dcb00a50f143a2

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      8KB

                      MD5

                      2934621657e44be6b2a2dad307eaa310

                      SHA1

                      e7a288a477b10ae31caca8097f73e80d7d3f517a

                      SHA256

                      25b42f3ed9a3ce3ac696178b08f340c689f6f70902c8816dbf690943af647df9

                      SHA512

                      064ea289e4572b5240a1f4fdb0997bd5d754126e9f0f07feac3eec495860e30f18559335f5016ffbbb27fb89b0fcf4e6c6499251ca708e0aa42c6a3753094e56

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      8KB

                      MD5

                      33f1604b1fc85afec2bc35966d67667c

                      SHA1

                      ea7d48ab9b74d14f0a3dc8eb8b63f0a7942dd7f5

                      SHA256

                      1e7943e18932d958b59add7bbe6d1e144569ea5c6256ba0584f3469a25dd6cbc

                      SHA512

                      0b9399315909538ecdbe63f8a84fd7873eaa530694cb182bf576c389799f8e9f1dc18b42d1fd58643b3949dc6ecff7148e6d3dc9a1039729944cb69d189a7cbc

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      544b88eedd13a32b53521d526bbc14dd

                      SHA1

                      471a32c90f4a43b01840346e487ad177450db1a0

                      SHA256

                      1dd43b8894614457bf33e6db1113a03669ca3c0032f9a3519f3dbc7dea3b0bc0

                      SHA512

                      a17ca388b78c472977fb5a4043ca45c2188a977c6b22078c8e7b2e132e5642748342fbc63bddafbfba95c5a5855b06a61a0e4e3b84a6bf738410884e02b0ffc0

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      6213d5d54a2e8ecb74dfc3afb9697f15

                      SHA1

                      ba5dce371d7596132c8290d8cd4f12d1be61fbda

                      SHA256

                      1cc8a7026ee4296d6c0bc2d4039ec7421209ac88bc9da4515d91657e4fb03a6c

                      SHA512

                      9dc5e4d833792dd0beb4d937cd4d5c372561b1bf6653e0a9093a3c4b6f7853c7bac4c838ae1f2b53cf6591fd2f0da29bf967947e7a622d177f277fefdaa52f74

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      8KB

                      MD5

                      cd8c25aad4032748ba62be69dd8ec6de

                      SHA1

                      981d329fc7459d80e1f3fb2cb02d812aedecec31

                      SHA256

                      3d94155c3caa97eba57728b1d2eb912fda3deaf1549f5db0d2e640d62b87b8e6

                      SHA512

                      de4066a07555568d4c1f5826d2461e7e65552a5714e615467e9d6a964d8205de005ef14b5f06d38a85e2e00b15d74a38eff2a1fe06fd7ab51b0988f15643190e

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      aed47c386e94fe0ff1c66191411cfa62

                      SHA1

                      b38a10b558c4a345616e4e03df4ff90601dca9d2

                      SHA256

                      c36ebcb28c98104a3d1749842975fd81e67372207345b5faa2b93767efe016e6

                      SHA512

                      6649b8f730b440c745bcbb9aca33235d69ded8f2d037cb5b9fb8bdc229af2b40d3b5ba9c5af5ed026ed758158f7331bcdd0d675020595d32e7efbe5cfb2e9796

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      f633e2144cacd9c1b49d1e9428c93606

                      SHA1

                      5b22a9ea38afeb7eec9e70f0b493f6b66d238a51

                      SHA256

                      2d92cf47b8f9e8e7443d18018f61d65fdd9339f1569f4bf6fb778167f84df8f8

                      SHA512

                      178ba2bf5044febb3bc6b1eaa74a0b099a49f913219d420182e8b2bc63eab28c8655a88dde61fe721f3294af1ba982b5ae98bfbbae4cc63afb10127534bca79b

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      7d14fe9beca29fbfbc3258e7b2fb907e

                      SHA1

                      ebfbf12e5a43a23d19f506fcdf828220ec73488a

                      SHA256

                      8fa42c5160deb48576086d5a06e6c1b0b756c69c63aa0299ed60f2ae40819ff4

                      SHA512

                      8b665eb291dd94b34534175c18579469d9b23eb15e2d295ed0ae51ca5778c123f09f9bf68067bfe6f9fe35ef71673753506f2cc8e558aee77c69068c3954659e

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      920955df25f38e32cc9535e749d4d0a7

                      SHA1

                      3424b2d81dcf46786054038aa6fdc9eafc937be0

                      SHA256

                      3416ed4cb19b9425651cb2c58090c647a6a130d25d05386385c4ce5d9ca93378

                      SHA512

                      6124ecf8ddb50293449aee4575e73e4d30c5cb8652614100c5bc14b6e80f0be3bc1b5072aacf013c665a88bfbdd6e055155900d5ac4289e960449ff4768daf98

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      b824c76679dc02151490df7350589255

                      SHA1

                      b3a5f7ae9bfd54bd7ac0de9dc48b73270e687842

                      SHA256

                      16a9da05916488415b62ea8d5a576d86d8037b42cc50b472f9b7d32ad2d1a3eb

                      SHA512

                      89e2ae90536403224678a329fdbd11040bf1cf297a79fb1c98e7a60c41138666ce82cd054773ae086feaa2c821de706f5a898ed5fa22257f7ac32ccd2915d39c

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      b56b58da3e40ff57d74f6d83be14e908

                      SHA1

                      2bdec8c03f1c085bbc7cf2ce0d953799833dec84

                      SHA256

                      fef50c789acb654bc03604efbb5e25491f2660b8ce72d0857a545ec85e38b3b3

                      SHA512

                      8008922760d93572bfec69dec03b65f2c1af15b2153807dfe3397df026b83e2fe66e087987c27c3463fd144d2d63ded8dac39d7ad99b626fea9e944e994cb694

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.