Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    71s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/04/2023, 10:31 UTC

General

  • Target

    ShotasV5.exe

  • Size

    7.2MB

  • MD5

    837791a939b94c3770c202385d0f49d2

  • SHA1

    43f93873cfb1e9cf6d9d8bc814bd44626b78b640

  • SHA256

    8ec0b48c0b5d935941d701b2c273e510ed7b86a6b034609b46d4a1b6ee30c4c8

  • SHA512

    ec9a87d17bc7820cbcef54f3b7c6c1cfcdf6be0db5a812ad842176d2d12069fd4f590b66a5ab154cd4a4df5ba9679819b8ff20dbeba6c2947929b55272ca048b

  • SSDEEP

    196608:uipb7KX/RdKaeNWFJMIDJhgsAGKlRF93ozu0Lr:ZYX5gWFqyhgsS33+Rn

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 62 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ShotasV5.exe
    "C:\Users\Admin\AppData\Local\Temp\ShotasV5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Users\Admin\AppData\Local\Temp\ShotasV5.exe
      "C:\Users\Admin\AppData\Local\Temp\ShotasV5.exe"
      2⤵
      • Loads dropped DLL
      PID:760
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb249758,0x7fefb249768,0x7fefb249778
      2⤵
        PID:532
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:2
        2⤵
          PID:1440
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:8
          2⤵
            PID:1000
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:8
            2⤵
              PID:2036
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:1
              2⤵
                PID:912
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:1
                2⤵
                  PID:2056
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:2
                  2⤵
                    PID:2660
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3680 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:1
                    2⤵
                      PID:2792
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:8
                      2⤵
                        PID:2812
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:8
                        2⤵
                          PID:2860
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=584 --field-trial-handle=1320,i,896250904053951297,11873501836878741723,131072 /prefetch:1
                          2⤵
                            PID:1748
                        • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                          "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:1196
                          • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
                            "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
                            2⤵
                              PID:940
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                            1⤵
                            • Enumerates system info in registry
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:1708
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb249758,0x7fefb249768,0x7fefb249778
                              2⤵
                                PID:1628
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1228 --field-trial-handle=1360,i,17393678845279161134,13063260288690230992,131072 /prefetch:2
                                2⤵
                                  PID:928
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1360,i,17393678845279161134,13063260288690230992,131072 /prefetch:8
                                  2⤵
                                    PID:1144
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:2372

                                  Network

                                  • flag-us
                                    DNS
                                    redir.metaservices.microsoft.com
                                    setup_wm.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    redir.metaservices.microsoft.com
                                    IN A
                                    Response
                                    redir.metaservices.microsoft.com
                                    IN CNAME
                                    redir.metaservices.microsoft.com.edgesuite.net
                                    redir.metaservices.microsoft.com.edgesuite.net
                                    IN CNAME
                                    a1095.g2.akamai.net
                                    a1095.g2.akamai.net
                                    IN A
                                    23.32.238.177
                                    a1095.g2.akamai.net
                                    IN A
                                    23.32.238.169
                                  • flag-de
                                    GET
                                    http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86
                                    setup_wm.exe
                                    Remote address:
                                    23.32.238.177:80
                                    Request
                                    GET /redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86 HTTP/1.1
                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Windows-Media-Player/12.0.7601.17514)
                                    Host: redir.metaservices.microsoft.com
                                    Connection: Keep-Alive
                                    Cookie: _EDGE_V=1
                                    Response
                                    HTTP/1.1 302 Moved Temporarily
                                    Server: AkamaiGHost
                                    Content-Length: 0
                                    Location: http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86
                                    Date: Fri, 14 Apr 2023 10:32:28 GMT
                                    Connection: keep-alive
                                  • flag-us
                                    DNS
                                    onlinestores.metaservices.microsoft.com
                                    setup_wm.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    onlinestores.metaservices.microsoft.com
                                    IN A
                                    Response
                                    onlinestores.metaservices.microsoft.com
                                    IN CNAME
                                    serviceswitching.metaservices.microsoft.com.edgesuite.net
                                    serviceswitching.metaservices.microsoft.com.edgesuite.net
                                    IN CNAME
                                    a177.g.akamai.net
                                    a177.g.akamai.net
                                    IN A
                                    23.72.252.161
                                    a177.g.akamai.net
                                    IN A
                                    23.72.252.129
                                  • flag-nl
                                    GET
                                    http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86
                                    setup_wm.exe
                                    Remote address:
                                    23.72.252.161:80
                                    Request
                                    GET /serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86 HTTP/1.1
                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Windows-Media-Player/12.0.7601.17514)
                                    Host: onlinestores.metaservices.microsoft.com
                                    Connection: Keep-Alive
                                    Cookie: _EDGE_V=1
                                    Response
                                    HTTP/1.1 200 OK
                                    Accept-Ranges: bytes
                                    Content-Type: application/xml
                                    ETag: "df03e65b8e082f24dab09c57bc9c6241:1507068277"
                                    Last-Modified: Tue, 03 Oct 2017 22:04:36 GMT
                                    Server: AkamaiNetStorage
                                    Content-Length: 546
                                    Date: Fri, 14 Apr 2023 10:32:28 GMT
                                    Connection: keep-alive
                                  • flag-nl
                                    GET
                                    http://onlinestores.metaservices.microsoft.com/bing/bing.xml
                                    setup_wm.exe
                                    Remote address:
                                    23.72.252.161:80
                                    Request
                                    GET /bing/bing.xml HTTP/1.1
                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Windows-Media-Player/12.0.7601.17514)
                                    Host: onlinestores.metaservices.microsoft.com
                                    Connection: Keep-Alive
                                    Cookie: _EDGE_V=1
                                    Response
                                    HTTP/1.1 200 OK
                                    Accept-Ranges: bytes
                                    Content-Type: application/xml
                                    ETag: "d58da90d6dc51f97cb84dfbffe2b2300:1507068209"
                                    Last-Modified: Tue, 03 Oct 2017 22:03:27 GMT
                                    Server: AkamaiNetStorage
                                    Content-Length: 523
                                    Date: Fri, 14 Apr 2023 10:32:30 GMT
                                    Connection: keep-alive
                                  • flag-us
                                    DNS
                                    apis.google.com
                                    chrome.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    apis.google.com
                                    IN A
                                    Response
                                    apis.google.com
                                    IN CNAME
                                    plus.l.google.com
                                    plus.l.google.com
                                    IN A
                                    172.217.23.206
                                  • flag-de
                                    GET
                                    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.fpEXMBCWMKc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9SQGHwxhl93I-W5KEIEdf87vGuqQ/cb=gapi.loaded_0
                                    chrome.exe
                                    Remote address:
                                    172.217.23.206:443
                                    Request
                                    GET /_/scs/abc-static/_/js/k=gapi.gapi.en.fpEXMBCWMKc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9SQGHwxhl93I-W5KEIEdf87vGuqQ/cb=gapi.loaded_0 HTTP/2.0
                                    host: apis.google.com
                                    sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                    sec-ch-ua-mobile: ?0
                                    user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                    sec-ch-ua-platform: "Windows"
                                    accept: */*
                                    sec-fetch-site: cross-site
                                    sec-fetch-mode: no-cors
                                    sec-fetch-dest: script
                                    accept-encoding: gzip, deflate, br
                                    accept-language: en-US,en;q=0.9
                                  • flag-us
                                    DNS
                                    content-autofill.googleapis.com
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    content-autofill.googleapis.com
                                    IN A
                                    Response
                                    content-autofill.googleapis.com
                                    IN A
                                    142.250.179.202
                                    content-autofill.googleapis.com
                                    IN A
                                    142.251.36.10
                                    content-autofill.googleapis.com
                                    IN A
                                    142.251.39.106
                                    content-autofill.googleapis.com
                                    IN A
                                    172.217.168.202
                                    content-autofill.googleapis.com
                                    IN A
                                    172.217.23.202
                                    content-autofill.googleapis.com
                                    IN A
                                    216.58.208.106
                                    content-autofill.googleapis.com
                                    IN A
                                    216.58.214.10
                                    content-autofill.googleapis.com
                                    IN A
                                    142.250.179.138
                                    content-autofill.googleapis.com
                                    IN A
                                    142.251.36.42
                                    content-autofill.googleapis.com
                                    IN A
                                    142.250.179.170
                                  • flag-us
                                    DNS
                                    play.google.com
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    play.google.com
                                    IN A
                                    Response
                                    play.google.com
                                    IN A
                                    142.251.36.14
                                  • flag-us
                                    DNS
                                    beacons.gcp.gvt2.com
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    beacons.gcp.gvt2.com
                                    IN A
                                    Response
                                    beacons.gcp.gvt2.com
                                    IN CNAME
                                    beacons-handoff.gcp.gvt2.com
                                    beacons-handoff.gcp.gvt2.com
                                    IN A
                                    216.58.214.3
                                  • flag-us
                                    DNS
                                    beacons2.gvt2.com
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    beacons2.gvt2.com
                                    IN A
                                    Response
                                    beacons2.gvt2.com
                                    IN A
                                    216.58.208.99
                                  • 157.240.5.21:443
                                    tls
                                    92 B
                                    119 B
                                    2
                                    2
                                  • 23.32.238.177:80
                                    http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86
                                    http
                                    setup_wm.exe
                                    680 B
                                    792 B
                                    5
                                    4

                                    HTTP Request

                                    GET http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86

                                    HTTP Response

                                    302
                                  • 23.72.252.161:80
                                    http://onlinestores.metaservices.microsoft.com/bing/bing.xml
                                    http
                                    setup_wm.exe
                                    1.2kB
                                    3.5kB
                                    7
                                    7

                                    HTTP Request

                                    GET http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x64&arch=x86

                                    HTTP Response

                                    200

                                    HTTP Request

                                    GET http://onlinestores.metaservices.microsoft.com/bing/bing.xml

                                    HTTP Response

                                    200
                                  • 172.217.23.206:443
                                    https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.fpEXMBCWMKc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9SQGHwxhl93I-W5KEIEdf87vGuqQ/cb=gapi.loaded_0
                                    tls, http2
                                    chrome.exe
                                    2.5kB
                                    46.9kB
                                    29
                                    41

                                    HTTP Request

                                    GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.fpEXMBCWMKc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9SQGHwxhl93I-W5KEIEdf87vGuqQ/cb=gapi.loaded_0
                                  • 142.250.179.202:443
                                    content-autofill.googleapis.com
                                    tls
                                    1.7kB
                                    6.9kB
                                    13
                                    14
                                  • 142.251.36.14:443
                                    play.google.com
                                    tls
                                    1.6kB
                                    8.3kB
                                    12
                                    13
                                  • 216.58.214.3:443
                                    beacons.gcp.gvt2.com
                                    tls
                                    2.7kB
                                    7.0kB
                                    14
                                    14
                                  • 13.227.211.67:80
                                    46 B
                                    40 B
                                    1
                                    1
                                  • 172.217.23.206:443
                                    apis.google.com
                                    tls
                                    46 B
                                    113 B
                                    1
                                    1
                                  • 216.58.208.99:443
                                    beacons2.gvt2.com
                                    tls
                                    1.6kB
                                    6.3kB
                                    13
                                    12
                                  • 8.8.8.8:53
                                    redir.metaservices.microsoft.com
                                    dns
                                    setup_wm.exe
                                    78 B
                                    200 B
                                    1
                                    1

                                    DNS Request

                                    redir.metaservices.microsoft.com

                                    DNS Response

                                    23.32.238.177
                                    23.32.238.169

                                  • 8.8.8.8:53
                                    onlinestores.metaservices.microsoft.com
                                    dns
                                    setup_wm.exe
                                    85 B
                                    216 B
                                    1
                                    1

                                    DNS Request

                                    onlinestores.metaservices.microsoft.com

                                    DNS Response

                                    23.72.252.161
                                    23.72.252.129

                                  • 8.8.8.8:53
                                    apis.google.com
                                    dns
                                    chrome.exe
                                    61 B
                                    98 B
                                    1
                                    1

                                    DNS Request

                                    apis.google.com

                                    DNS Response

                                    172.217.23.206

                                  • 172.217.23.206:443
                                    apis.google.com
                                    https
                                    4.7kB
                                    47.9kB
                                    25
                                    40
                                  • 8.8.8.8:53
                                    content-autofill.googleapis.com
                                    dns
                                    77 B
                                    237 B
                                    1
                                    1

                                    DNS Request

                                    content-autofill.googleapis.com

                                    DNS Response

                                    142.250.179.202
                                    142.251.36.10
                                    142.251.39.106
                                    172.217.168.202
                                    172.217.23.202
                                    216.58.208.106
                                    216.58.214.10
                                    142.250.179.138
                                    142.251.36.42
                                    142.250.179.170

                                  • 8.8.8.8:53
                                    play.google.com
                                    dns
                                    61 B
                                    77 B
                                    1
                                    1

                                    DNS Request

                                    play.google.com

                                    DNS Response

                                    142.251.36.14

                                  • 142.251.36.14:443
                                    play.google.com
                                    https
                                    4.2kB
                                    7.7kB
                                    9
                                    11
                                  • 8.8.8.8:53
                                    beacons.gcp.gvt2.com
                                    dns
                                    66 B
                                    112 B
                                    1
                                    1

                                    DNS Request

                                    beacons.gcp.gvt2.com

                                    DNS Response

                                    216.58.214.3

                                  • 224.0.0.251:5353
                                    204 B
                                    3
                                  • 8.8.8.8:53
                                    beacons2.gvt2.com
                                    dns
                                    63 B
                                    79 B
                                    1
                                    1

                                    DNS Request

                                    beacons2.gvt2.com

                                    DNS Response

                                    216.58.208.99

                                  • 216.58.208.99:443
                                    beacons2.gvt2.com
                                    https
                                    4.3kB
                                    11.4kB
                                    12
                                    17

                                  MITRE ATT&CK Enterprise v6

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                    Filesize

                                    40B

                                    MD5

                                    ce02c3a1c2e2258c20b1dd34b4a59138

                                    SHA1

                                    90b58959a14186809ae02b948820e46c5725bc13

                                    SHA256

                                    9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12

                                    SHA512

                                    f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                    Filesize

                                    40B

                                    MD5

                                    ce02c3a1c2e2258c20b1dd34b4a59138

                                    SHA1

                                    90b58959a14186809ae02b948820e46c5725bc13

                                    SHA256

                                    9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12

                                    SHA512

                                    f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                    Filesize

                                    40B

                                    MD5

                                    ce02c3a1c2e2258c20b1dd34b4a59138

                                    SHA1

                                    90b58959a14186809ae02b948820e46c5725bc13

                                    SHA256

                                    9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12

                                    SHA512

                                    f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                    Filesize

                                    40B

                                    MD5

                                    ce02c3a1c2e2258c20b1dd34b4a59138

                                    SHA1

                                    90b58959a14186809ae02b948820e46c5725bc13

                                    SHA256

                                    9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12

                                    SHA512

                                    f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                    Filesize

                                    40B

                                    MD5

                                    ce02c3a1c2e2258c20b1dd34b4a59138

                                    SHA1

                                    90b58959a14186809ae02b948820e46c5725bc13

                                    SHA256

                                    9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12

                                    SHA512

                                    f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                    Filesize

                                    264KB

                                    MD5

                                    f50f89a0a91564d0b8a211f8921aa7de

                                    SHA1

                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                    SHA256

                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                    SHA512

                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    361B

                                    MD5

                                    2997cae9330827baa9f84726858a4d7b

                                    SHA1

                                    3eb4fe86facc1a5ca6246252e0ff51ca16c6d860

                                    SHA256

                                    94690c1e8dd6ea05d3b90225e142727a07e3d0be22bdcc2c0b03bbf28e25bef1

                                    SHA512

                                    94a0bbd7b900a26ee9552468863c13df9601fe18327419ce9a4b6e308b85667780a9701cf764d00c86bd501948f3fc4a878b0fd7adab9a4c2c07750cbf5e9337

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    4KB

                                    MD5

                                    8d20ea2d208bf4c7d00c78f26d5fd3ef

                                    SHA1

                                    7d033162881915ada89da8a2b97912d5ff951be4

                                    SHA256

                                    d6a6056bb6b9d78f8b1ab04cf5083f5b803b8b2b5f5e404b9a1acc38c017541d

                                    SHA512

                                    21340f8bc6cee1f90624c4eebec71717f7ce02dc1b4dc50bd06a16fd6b437bee1fd53e023b08feaa3096594b18101b1fb91908b91f1946fbfeb1c2509e04f68d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    4KB

                                    MD5

                                    495dc9878b1ebb79ca0bb7b73b2a17ec

                                    SHA1

                                    d4c663280f1f4b55937aabbed490d92242f3831f

                                    SHA256

                                    baa617991e1a560884534e5ccabfd2d3144dec7853d469df4aa3a31aaf0b4d9b

                                    SHA512

                                    8728e10badeab1e740b5cf5fc8a8b2d5b9c300d9423646c719e0baece8c0f977392c637f4ab46b29f10c4829e198ae3708e3970512701078daec43b2a8bf9466

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    71KB

                                    MD5

                                    3705b5c4a86d707ae28a3466f1dea707

                                    SHA1

                                    517af77d616cf04f2f105912d35dd763d23fc30c

                                    SHA256

                                    82bdd0d0ec839f5d2c5db95535a6fde6ee204a3e79171c4405e5fc7187125e6f

                                    SHA512

                                    3d5af3de2a8e64c6192bdc6136b7fc8fd7ebaf6d0b144a131f4929a9a4f2e05c4ca1acc18993ebb406494aa566ab657b6992979d9d40ef5148053615552e8d86

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    199KB

                                    MD5

                                    52459464a74bfff23145a7e61270d461

                                    SHA1

                                    123c3f732bd8e76cf206fc16783738053429ebd2

                                    SHA256

                                    91bca97fd65c8f8536825ac290a1b295125765e71505201c2bb8d157f471f1e0

                                    SHA512

                                    7852f7e32c73b3e766a32317320b141b1ba111633cedbd02d31ba4bc5e7a84aa1834aa2617120befbd07e45ab46278894c90a3fdd87d0757a2599a1c24ade147

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                    Filesize

                                    86B

                                    MD5

                                    f732dbed9289177d15e236d0f8f2ddd3

                                    SHA1

                                    53f822af51b014bc3d4b575865d9c3ef0e4debde

                                    SHA256

                                    2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

                                    SHA512

                                    b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e2855b19-4f18-46fc-84a7-702b4fac30c8.tmp

                                    Filesize

                                    71KB

                                    MD5

                                    3705b5c4a86d707ae28a3466f1dea707

                                    SHA1

                                    517af77d616cf04f2f105912d35dd763d23fc30c

                                    SHA256

                                    82bdd0d0ec839f5d2c5db95535a6fde6ee204a3e79171c4405e5fc7187125e6f

                                    SHA512

                                    3d5af3de2a8e64c6192bdc6136b7fc8fd7ebaf6d0b144a131f4929a9a4f2e05c4ca1acc18993ebb406494aa566ab657b6992979d9d40ef5148053615552e8d86

                                  • C:\Users\Admin\AppData\Local\Temp\_MEI12362\python310.dll

                                    Filesize

                                    1.4MB

                                    MD5

                                    bbcb74867bd3f8a691b1f0a394336908

                                    SHA1

                                    aea4b231b9f09bedcd5ce02e1962911edd4b35ad

                                    SHA256

                                    800b5e9a08c3a0f95a2c6f4a3355df8bbbc416e716f95bd6d42b6f0d6fb92f41

                                    SHA512

                                    00745ddd468504b3652bdda757d42ebe756e419d6432ceb029ed3ccde3b99c8ae21b4fc004938bb0babaa169768db385374b29ac121608c5630047e55c40f481

                                  • C:\Users\Admin\AppData\Local\Temp\tmp33020.WMC\allservices.xml

                                    Filesize

                                    546B

                                    MD5

                                    df03e65b8e082f24dab09c57bc9c6241

                                    SHA1

                                    6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf

                                    SHA256

                                    155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba

                                    SHA512

                                    ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99

                                  • C:\Users\Admin\AppData\Local\Temp\tmp44845.WMC\serviceinfo.xml

                                    Filesize

                                    523B

                                    MD5

                                    d58da90d6dc51f97cb84dfbffe2b2300

                                    SHA1

                                    5f86b06b992a3146cb698a99932ead57a5ec4666

                                    SHA256

                                    93acdb79543d9248ca3fca661f3ac287e6004e4b3dafd79d4c4070794ffbf2ad

                                    SHA512

                                    7f1e95e5aa4c8a0e4c967135c78f22f4505f2a48bbc619924d0096bf4a94d469389b9e8488c12edacfba819517b8376546687d1145660ad1f49d8c20a744e636

                                  • \Users\Admin\AppData\Local\Temp\_MEI12362\python310.dll

                                    Filesize

                                    1.4MB

                                    MD5

                                    bbcb74867bd3f8a691b1f0a394336908

                                    SHA1

                                    aea4b231b9f09bedcd5ce02e1962911edd4b35ad

                                    SHA256

                                    800b5e9a08c3a0f95a2c6f4a3355df8bbbc416e716f95bd6d42b6f0d6fb92f41

                                    SHA512

                                    00745ddd468504b3652bdda757d42ebe756e419d6432ceb029ed3ccde3b99c8ae21b4fc004938bb0babaa169768db385374b29ac121608c5630047e55c40f481

                                  • memory/760-82-0x000007FEF6260000-0x000007FEF66CE000-memory.dmp

                                    Filesize

                                    4.4MB

                                  We care about your privacy.

                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.