hxxps://ci5[.]googleusercontent[.]com/proxy/-lSSxaYAD6r5UKveSfFFCfsFwFV6pejwS7b_TQMEXiGRUgU1TnQdZslxh4N14u8s-QdEL4S6a72zRjXJgvgY19m_WxTfZN8vAi8vufyzSuuYpzeirA=s0-d-e1-ft#hxxps://7dots[.]s3[.]eu-west-2[.]amazonaws[.]com/7Dots_Logo_2023_200px[.]gif

General

Target

https://ci5.googleusercontent.com/proxy/-lSSxaYAD6r5UKveSfFFCfsFwFV6pejwS7b_TQMEXiGRUgU1TnQdZslxh4N14u8s-QdEL4S6a72zRjXJgvgY19m_WxTfZN8vAi8vufyzSuuYpzeirA=s0-d-e1-ft#https://7dots.s3.eu-west-2.amazonaws.com/7Dots_Logo_2023_200px.gif

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 17 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E3EC9D3E-1790-11EF-B541-D2DDB4689AAC} = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607832417435245"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4960 chrome.exe
4960 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4960 chrome.exe
4960 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exeiexplore.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
1968	iexplore.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1968 iexplore.exe
1968 iexplore.exe
5052 IEXPLORE.EXE
5052 IEXPLORE.EXE
5052 IEXPLORE.EXE
5052 IEXPLORE.EXE

pid	process
1968	iexplore.exe
1968	iexplore.exe
5052	IEXPLORE.EXE
5052	IEXPLORE.EXE
5052	IEXPLORE.EXE
5052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4960 wrote to memory of 3412	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3412	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3920	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 928	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 928	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4008	4960	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ci5.googleusercontent.com/proxy/-lSSxaYAD6r5UKveSfFFCfsFwFV6pejwS7b_TQMEXiGRUgU1TnQdZslxh4N14u8s-QdEL4S6a72zRjXJgvgY19m_WxTfZN8vAi8vufyzSuuYpzeirA=s0-d-e1-ft#https://7dots.s3.eu-west-2.amazonaws.com/7Dots_Logo_2023_200px.gif
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96de3ab58,0x7ff96de3ab68,0x7ff96de3ab78
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:2
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:8
2⤵
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:8
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:1
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:1
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:8
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:8
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:8
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1856,i,1672576366959006608,14305189716299606463,131072 /prefetch:8
2⤵
PID:1464

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\unnamed.gif
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:17410 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5052

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\40562b44-58f2-4e37-9b72-43e3106185e8.tmp

Filesize
7KB

MD5
89787f4604b0363b7e9c20c0451559b6

SHA1
2370d1c9c598a49d1bc7ff7a10bae02b5643850f

SHA256
3d4b6b9f12ad2010ddd17fb16dd0267846d7b3f22ed9ad8c28c9fcc18993bb72

SHA512
a082d0bdbc94194ff2a297d7e831751e8b9c40d22d1c1e9ccf68184e3301021d1ed0e06336fd3171b2d68243386a619b8e837187a70147809261a7a25494c065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
96ce2b4abe384cc18f07bc89159c8a7c

SHA1
ede0609eed3c4555403533716980046aa01c73fd

SHA256
c788f4ef63d3e69fda9d77d989d22898ca035f8c218b7e97e75639fc0b866725

SHA512
5d4021c053774efb490b1ed2798fa990fa9f971e620c40ca0707a2ab3bc15348ca4f177f6b71673895937205077de2bb07f116de20ba13f03c7e10ec9cb6214c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
51026b07fc17617d5d9c02adc9bcc7ca

SHA1
da32b0a11ebaefc224a828eaa6cfb8b2ff93dd39

SHA256
839e76bf2a0494766797790d3019946fd1bc05c74996db483e0ca29c4732efda

SHA512
8b4323ca3655c808544d565897007aab9c682de78678f8a1200aacd1be3fcab5a39942c87752984bc2e6ed4b2d3216cf4221973af66ade0df3a70badc3cc5dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b0c2.TMP

Filesize
94KB

MD5
3858e933a93f646d965e99adbe129ce5

SHA1
90de0539590b5806cf1e4dd71f93dde9c8681d9b

SHA256
64043c51e9ea8e7e47387de9f4d7c96a402d759ffe492fd435adafdcadc8bf5b

SHA512
52072f1c46fc4b2600a71313d45e2eed7521ab33bf9eb84b9490fd9d7357ff2ef4fd5a8a8b928810d3ccb4ab932638f5b3df5ef3022e66742018aa6ac1469762

Download Submit
C:\Users\Admin\Downloads\unnamed.gif

Filesize
264KB

MD5
6670653a88137aef8b3540eeef1d30b8

SHA1
e025cba983b98a09f64fc7d8b4b64f4bbf33b37a

SHA256
beed27a27e0ab2bd24d65e5986442c184f8338987df5769b4137575c3ffcc219

SHA512
b023e66c36054cc00937f4de3989bb12f3b44ce428f8b0a3aa3b325fc74b61236839109a98aa55464528a9905e470d3d566f43f8425ee1ceb4f297e27bbe6786

Download Submit
\??\pipe\crashpad_4960_XSNNCNZMAIYGKBUC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads