hxxps://public-usa[.]mkt[.]dynamics[.]com/api/orgs/e06579f0-c953-4dd1-97a1-7d17a86e3fa4/i/p4qj97UMikKL01d3v76J9wEAAAA

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 10:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://public-usa.mkt.dynamics.com/api/orgs/e06579f0-c953-4dd1-97a1-7d17a86e3fa4/i/p4qj97UMikKL01d3v76J9wEAAAA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733736212307363"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 4208	1920	chrome.exe	84
PID 1920 wrote to memory of 4208	1920	chrome.exe	84
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 228	1920	chrome.exe	86
PID 1920 wrote to memory of 1564	1920	chrome.exe	87
PID 1920 wrote to memory of 1564	1920	chrome.exe	87
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88
PID 1920 wrote to memory of 4348	1920	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://public-usa.mkt.dynamics.com/api/orgs/e06579f0-c953-4dd1-97a1-7d17a86e3fa4/i/p4qj97UMikKL01d3v76J9wEAAAA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec069cc40,0x7ffec069cc4c,0x7ffec069cc58
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,16353745263939183978,17290999604247738834,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,16353745263939183978,17290999604247738834,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,16353745263939183978,17290999604247738834,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16353745263939183978,17290999604247738834,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,16353745263939183978,17290999604247738834,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,16353745263939183978,17290999604247738834,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4604,i,16353745263939183978,17290999604247738834,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2936

Network

DNS

public-usa.mkt.dynamics.com

chrome.exe

Remote address:

8.8.8.8:53

Request

public-usa.mkt.dynamics.com

IN A

Response

public-usa.mkt.dynamics.com

IN CNAME

cxppusa1im4t7x7z5iubq.trafficmanager.net

cxppusa1im4t7x7z5iubq.trafficmanager.net

IN CNAME

public-prdia888eus0aks.mkt.dynamics.com

public-prdia888eus0aks.mkt.dynamics.com

IN CNAME

prdia888eus0aks.mkt.dynamics.com

prdia888eus0aks.mkt.dynamics.com

IN A

52.146.76.30
GET

https://public-usa.mkt.dynamics.com/api/orgs/e06579f0-c953-4dd1-97a1-7d17a86e3fa4/i/p4qj97UMikKL01d3v76J9wEAAAA

chrome.exe

Remote address:

52.146.76.30:443

Request

GET /api/orgs/e06579f0-c953-4dd1-97a1-7d17a86e3fa4/i/p4qj97UMikKL01d3v76J9wEAAAA HTTP/1.1
Host: public-usa.mkt.dynamics.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 14 Oct 2024 10:00:20 GMT
Content-Type: image/png
Content-Length: 70
Connection: keep-alive
x-ms-trace-id: 105d6f6df0e0e12f7b1bbaee21ca1479
Strict-Transport-Security: max-age=2592000; preload
x-content-type-options: nosniff
GET

https://public-usa.mkt.dynamics.com/favicon.ico

chrome.exe

Remote address:

52.146.76.30:443

Request

GET /favicon.ico HTTP/1.1
Host: public-usa.mkt.dynamics.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://public-usa.mkt.dynamics.com/api/orgs/e06579f0-c953-4dd1-97a1-7d17a86e3fa4/i/p4qj97UMikKL01d3v76J9wEAAAA
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 14 Oct 2024 10:00:20 GMT
Content-Type: text/html
Content-Length: 548
Connection: keep-alive
Strict-Transport-Security: max-age=2592000; preload
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f10�I
DNS

30.76.146.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.76.146.52.in-addr.arpa

IN PTR

Response
DNS

67.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.31.126.40.in-addr.arpa

IN PTR

Response
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

212.20.149.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.20.149.52.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
DNS

98.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.117.19.2.in-addr.arpa

IN PTR

Response

98.117.19.2.in-addr.arpa

IN PTR

a2-19-117-98deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response

52.146.76.30:443

https://public-usa.mkt.dynamics.com/favicon.ico

tls, http

chrome.exe

2.8kB
7.0kB
14
14

HTTP Request

GET https://public-usa.mkt.dynamics.com/api/orgs/e06579f0-c953-4dd1-97a1-7d17a86e3fa4/i/p4qj97UMikKL01d3v76J9wEAAAA

HTTP Response

200

HTTP Request

GET https://public-usa.mkt.dynamics.com/favicon.ico

HTTP Response

404

8.8.8.8:53

public-usa.mkt.dynamics.com

dns

chrome.exe

73 B
210 B
1
1

DNS Request

public-usa.mkt.dynamics.com

DNS Response

52.146.76.30
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

30.76.146.52.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

30.76.146.52.in-addr.arpa
8.8.8.8:53

67.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

67.31.126.40.in-addr.arpa
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

212.20.149.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

212.20.149.52.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
8.8.8.8:53

98.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

98.117.19.2.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a4cbd673f1ffcdc2531fddc75cbd29b2

SHA1
f0f4663cfab3cd37b25ce43ab75f001f3277ed48

SHA256
3cb5d5d5a6580088b37bc44b59dd5e11499cfda601c796f2bdcb4711ee2c8641

SHA512
7b60c4a433b64c56864b6b85a1402ee22e23d2456e9a674a69f2b47bff259f9f06d2b4f8c3e99dd61296f716e534094b1f90825034ead21a1d1c7a2e6ec23012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
0d30b280fecc915f4da706c784bbe0ee

SHA1
325e8d2fc63f0c483bdcfdcdecaddcec098dc34b

SHA256
0a5c3eb3c0e2f06b6443e510f43d35ae466ef6d03394cd931f8836af846ea860

SHA512
86376d555717ed6c2ee50a009c288cd6502f340de1edfb5ecef5edda5c7dccc76c988bc44ba2d242debfab55d765dd4f722928eccc1c09df438d7a2d184f63ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7dbe405690f23dc18e7ab94c16d97ce6

SHA1
303f50839beae8738d5623224e1577007945d820

SHA256
71f8953bdf8bf9f641e99a3a314730581e61bf36cdfcd373f630f2806b808462

SHA512
402a21a1b1c437583101f40d9831d1ecbd2f49b04918745a44400cd831bbd981ff6af789cbb76e093db0af99266a000d9f763905da7f5d31d70f8960182386c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e3ee670bec3692083a47b22d0a1f297

SHA1
0f85226cbfcefac12f51bdb6a563087be8b7bf51

SHA256
37e2663cc7f73df36a53c29ed9782867ba616b8919c850689ac80255c8cd2ece

SHA512
bb35d33b826d00cfaf1878aeaf3fd24fa715cc6c4ed91e4034a6273b4ef2062171db86b7b5346b425e3fe56f70c041d00606becf500f3aacfa77b5de9e432030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bed94d1957051017dbb532f088aeadea

SHA1
6ac2842bc8fc167a4420ce2c26a1552b8ad936dd

SHA256
2a53c1c730640ea30753ebf46db7b9016671ad9bc53043533cd47602ccd53324

SHA512
2badc249ca173fa06ae82e25336b51be8d6090c72bdd7e1b40570b021bf6bf1bce6c47e257414fbd53f1a76bb2dcec204701030cab19d1dbbf96e2e4aa579fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
861df844d53bd8aea66ec0c816b4b0ab

SHA1
643f812a85a768c666c0dd4ad365c3b659b05390

SHA256
bf33b6e18c4a1a7def7001143112f367003d7b4a781acafaf1eab8a776321259

SHA512
4e35575712561601905831d5ed6f243042ebf0e87aaea0f72dcb113e7e01b4ef082ae791d0a50ad5f2911b9fab65cf301288f495214383439cd3dfac59933e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d7e6fdcaad27c0f6c0e1e296b854343

SHA1
3e06e89b45b37d928c7ebcd76bb59fa698dbed5c

SHA256
b95b14de128b1ee6d2ddbb25b340c6589ad94f094122777d90e75b3aa1a54ed3

SHA512
6b091232e2fb7425991f46bbc313cf251649800b42db0c3d3d46e8513a5a765a2e4fa8bc74cacff875c87c785a9be6a30e17e049d46643e49c26a05183a21253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39ca5cb00bb35c3e2fa04c14fc882f18

SHA1
da9d5a551c91a050d29ab6832e29433797d10387

SHA256
ef57e2c2e5f8a26800d253318ad8718d8049aeef540784e95eca5d005a00015c

SHA512
ef29299d78e675be06a04ccc75882e875fb317720b66dc42eec96cdeae733fdf7b1df6c83eee2d4c8159ea9b20b62e57b5346a157ab086f81f971b01b936ac77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b133d98c28295c2f0604e3a5a2e1b0f

SHA1
91241b5a89aba6b2d3dfa8320d9f698fc72e2def

SHA256
419991d1d9ab7d243608b88ba49d4b4517d95b64dafcf5d40e788d7abae0fc64

SHA512
76e7981e56b80abd0e1c9ee1a256d8d76225235a23f2342ec4d53738986854782a344979538a03c105cf7612672bd599cc071e255f61a93ec232123791d3785c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fd6fe72200b5294cb3df79aa15e141c

SHA1
f57dc4a4d61ac257f0788f20c3cc92b420d565b7

SHA256
ce94b97c64a5391a5bbc69ffe43eadfd292de26c8d1767507dd0023623538b6a

SHA512
4aa1629fb0079d16642874732eee16515efd5bebeb0ff0183ce0975f7b422eadf5b3a8192bb486f07228ab4beffc812dba9d6f9ae8b685c709740ff80f50c27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
acbb30103914e88cd4cd4bb65ae934b9

SHA1
6801f83d14b99ba88724caf73d98c6ffefccf51f

SHA256
b24e95ae35f61f22ca887a1a27b88a8d04d6756a2525cb6ce9d6085ae143690e

SHA512
7c55504ceba9b347a0973e4702b3395c5f7ece58c26674e639202fe09b94e557be4b09c178046fdf07fa41eef68164d9ac74bc0a0345f67b27f50498e0b6bdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c45e649d914687988df598586eeffa48

SHA1
28f1ab33be54016810a6ebc261a5ec0a0e62fa06

SHA256
099b120d015d20d9a2af0eba0606296b0c6dc32d2cd14c10172079d3a03f3195

SHA512
b0064f6f78e1087dec965bdd9aee95005f926d07d5334f337630533b367646856eab67197c78364dcfc3843ebecf1b30b5a4069eb5ae4175e8affa902a7a5dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
aa89bec1adf12ca946665214e4a0aa64

SHA1
4b3fe06cda14e513f4d33824a3ffc67465e26757

SHA256
e3af347c33bb9ca8773ab5f503e617c9235a02405e5da73b8dfbb603dba6031f

SHA512
b7f73dc411c4f432e843d259285061639e51d46965b98bda98a76598d68e02f662f7644a7868256d32a03c77b69a14b00767c27bfe79e62632a3cea7aea81ea8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.