umbral | hxxp://tria[.]ge

Analysis

max time kernel
918s
max time network
912s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tria.ge

Score

10^/10

umbral agilenet stealer

Malware Config

Extracted

Family

umbral

https://canary.discord.com/api/webhooks/1136750673891971094/th8OAkZ-jIiL69Ewx3ZMQxkDQlnfhxrnb69zuRYcBmprvNUza9mLVEsV2kBmDJktCugu

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/files/0x0006000000023318-1017.dat	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Obfuscated with Agile.Net obfuscator 8 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/4320-655-0x00000235E8860000-0x00000235E8880000-memory.dmp	agile_net
behavioral1/memory/4320-657-0x00000235E8880000-0x00000235E88A0000-memory.dmp	agile_net
behavioral1/memory/4320-658-0x00000235EA240000-0x00000235EA2AE000-memory.dmp	agile_net
behavioral1/memory/4320-659-0x00000235E8850000-0x00000235E885E000-memory.dmp	agile_net
behavioral1/memory/4320-660-0x00000235E8920000-0x00000235E897A000-memory.dmp	agile_net
behavioral1/memory/4320-662-0x00000235E88E0000-0x00000235E88FE000-memory.dmp	agile_net
behavioral1/memory/4320-661-0x00000235E88A0000-0x00000235E88B0000-memory.dmp	agile_net
behavioral1/memory/4320-663-0x00000235EAE00000-0x00000235EAF4A000-memory.dmp	agile_net

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355662424893052"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Umbral.builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000096dc8a4fa9add901d512f862b7afd90105e6ca6745c6d90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 480031000000000003571aa0100064610000360009000400efbe035717a003571aa02e000000fd26020000000500000000000000000000000000000094c4bc0064006100000012000000	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3"	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
4148	chrome.exe
4148	chrome.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
4320	Umbral.builder.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3776	2220	chrome.exe	69
PID 2220 wrote to memory of 3776	2220	chrome.exe	69
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 4136	2220	chrome.exe	87
PID 2220 wrote to memory of 1056	2220	chrome.exe	88
PID 2220 wrote to memory of 1056	2220	chrome.exe	88
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89
PID 2220 wrote to memory of 1380	2220	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tria.ge
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0e669758,0x7ffd0e669768,0x7ffd0e669778
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4816 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3180 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3716 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5568 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4960 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5392 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3440 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5812 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4988 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3984 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5776 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5240 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6060 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5184 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5456 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1876,i,2405721219906319495,17755571135418787268,131072 /prefetch:8
  2⤵
  PID:5020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3876

C:\Users\Admin\Desktop\da\Umbral.builder.exe
"C:\Users\Admin\Desktop\da\Umbral.builder.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
39KB

MD5
500ecdda9ad3e919a1f41c1588266a1b

SHA1
d5ddf92dc08284a48701a4d3555590bda05f77e0

SHA256
caad3feace9086d27e006d538d2daf4dd50e2b33307232a7db6d5f8c48f73b37

SHA512
5e47a0d0721ec0f9adb5a439ffc98c1b4da780e74270332313f8350f228bdb919d32c4812c6ede84ebae3ead1342c2eaf4c73f4dfca5a87e8887e1b5913c0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
19KB

MD5
49943bc015e9713f646c021a2f9a7f48

SHA1
7bcd637eb823b04c425775fa8c914e8b8f2ac2a5

SHA256
f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289

SHA512
2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
a1a1e4696c78bedb704290c723274901

SHA1
9145a621891f495eb2e4e81ed64ee172273f591c

SHA256
85d6a00d984d0f9ac3cdb2a865c07e7fbe3d4a9e8fd3819d5ad59552680966ff

SHA512
ab064e1404781e799ca84f623c97f776693abf563b930f0af3a57a50735073979fa0b02eb46bf59ec2ceea8d0404ab12dc198019dd6fe9cdd5c6ee19ee39635b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f01c903e8e696ded87078a18bc2bea0

SHA1
e88d1b1f4e98bdf77b4f843bbdf887a95a4f6874

SHA256
4c68c6e1912cff34dd06040951da812416e93ce0ca68fd6e7b27f8bc4db1e9c3

SHA512
9004f6aa2bcf453744ed9023a48f8780b1447311149652f85031679909a2dbad04c6a7dbec78c9f7c1bc6b878276a18d848b851716c6375f8c6ff43a96c795a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3e7d524f798ec056d06e9457bc500a5d

SHA1
ece79833a064ce1954bc37a05bc88ad014e1005d

SHA256
c404574153dcf1d94a4230266f01a7049e8018559ca46fc46bf131fa1a3f0f5a

SHA512
f2adf4b2483d395532ea69ab77254b9a0efdf1bda5f80f4e368e1bd91c233e64f6749d0a893b1a10d313273bf2d841f9faabbe32b2a3c96efc9f471f36b260a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
75395cf2fe4e6c872ae7dda80a3d4cec

SHA1
092a11a4d0ecb328c9c8cd92f67931c19f858248

SHA256
8fb1d63652f1f755fac6afa638f06c72bd7c9509978d2f3c044890cd41ad8de6

SHA512
4c1274c4baf5f081b872ba67be09c34a98f5f49954c94c53eb7bd87dda58ec31a9116868f80d28df4dac0739bfa4cbff6b4d38642b507442ab925e5b500adada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aee6178cd57747ee84ada7bd36dd373d

SHA1
6423b3e61e6dd3900983884e1fc9d0b14b50b056

SHA256
c1c7744ec85817fff04bfc8046ea861169d0ee7467314c54242f2c6974e6ee76

SHA512
8d8684b42822ba77992d0f4ca0c8621d98d160adef8cdab9fab62f5751a94c55652ea246373539c515417a2cacc7de8cf4b052217a2b8c87026bda54b1945a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
631a5a7f6058856fec2c353cd0847709

SHA1
0df510aed341af9a99328176d7e567c77f6acc29

SHA256
f98ebc4fd5c189a2b5f2fe7350c28445633bbade1ff363b408c3d4c8d1df6027

SHA512
8a3b2b98efb073e2fbbcbd36ad848a16ad04803f2663866142214ab3493780ed4727bca24db73452f3b3b49ab088def20cf212233a2bcd44c80c353b49a47f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4b0b082740d780c6fbb7ec7b0af2aa7f

SHA1
4f047b7451d83c8be31965298fe263627cd6ff51

SHA256
2b8263ef9ae95e958259a16c8aaedde906e7736ee43632db14d2f7293c4ab091

SHA512
b4730b29511de2e2498cdd2d7f9aae18197eca56180035712c13bdb6e21dc62b22b25f469282330b5c19a6c76fb5d8494d05f12b84650df9897cdf7dd6f73dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\609e2696-de39-4212-8726-7d2b62b03829.tmp

Filesize
1KB

MD5
241e7cbd1f46932e7b9470c5cc368484

SHA1
6ac8aae6e12b251897707af4cb6dd32c09dbcf07

SHA256
06ac42f30e37be6c87f8fbcca806b825f45f24ffee57c19bbdc8871cb84686fb

SHA512
95739e5f83914e305ee6fd6905e74c7093483b0440bc93cbe2577524c44a68f0cde8955b1b4dfea621a01d34cbb2a6f9fafe1a21c2f33c30e9d024125d590a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\981569bb-c56f-4dd4-89a6-b42b9daf8c3b.tmp

Filesize
1KB

MD5
240243d9c65420dd352b1e3826b2a85e

SHA1
bf0cff0da39278e8eaeed9ddd5eefa2c6addf8b6

SHA256
610800ef0c8272752050798897a131a2a771860bb1d843e530d86a86b293dcde

SHA512
3f7df8505765c854089c30cdbee159f3cffa05b56d9dd24edf1a33440f7dff2fdc99be4005d11728c8f13ebddcf9b5f50592c8c97719747dac2d8c9df905daf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
49ae8c18ea28f962bddf2781fe40fc86

SHA1
b93e8c7556f2d9a0f1bb6cefc2d5de4500b2ecb0

SHA256
f96c73949271fea4f0d0844e6296bd42638d5bc5332bb38f054b7a41a4e0adce

SHA512
ddcd56d22c3df09389c3d9d6a7c43bcf55f7b4024d4274ec5462971bcec41df73d78f6b0e5c24e9af7bb61ab8dcebd06c94fe780d8d67f960babdca4d475ae42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
091abd56634f9c1fccb421be2ae6eead

SHA1
a42cd9ba4f6bd00572d20aab8f7adadf7ea535a9

SHA256
95846d9fdc6cf5bc6905bf1ed43373e16a795eb9a2f516dcfc4bd25adfb0af94

SHA512
887c652f2c3f1a1c674db869c1ff8e351c9d62360526e2eabd5efc32566bd8c150b49f8295faf82d920f777bfb994d5c83fe807eced05e3bd0ce379388920201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6a07e5be51f5f2c7fb6cd7bc65baedd5

SHA1
adc2f4c0f3ba8d0f94e0d206c5401898feab7f53

SHA256
8b736c3faa51ffe3d530b0c3777f8fcd0c8353197375c98dfc6fa0dabb0a236a

SHA512
16089267d550cbe926ef60b2c9b453455a3b1739903a35a008e0f4750aca13df9b2be90a02787b102b0ec81ad73b1a7029bc820f2d96ca243ebe7af8e86592e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4ece6b43458810b7a0f57aa300fdc848

SHA1
5ddd8cf3cec34bbd67868066ef257142ccb4274a

SHA256
7059901e7bf48fda9b295b0f6c6403d069a1ec8d2f9353788eccd58dd192f466

SHA512
994178409f0227d7428e3efdaaf28b3e693d153b09651ff605eda3e1850989a2a76fe2ac5db493240dad8864de8f7df64ab4591929ae8b0e65190c84c44a8200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6a161a8361ee6ff86623ca33a49e4486

SHA1
1ffb1ded9d432a6e6f59d139e607859444d0222e

SHA256
86038dead253fb3bf6e8a513207ba21bab7ae506f9cde6330c2e0427678af79c

SHA512
a1c1f890a99d68fb1325e5d7aacd4d82d6d63a7b588a866c24224e87072cd50a7ff0306f29ed131e3d7cea3fe98093c44c79634f02f79bd5b14f626c72b50e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1eede87469dc20fe539e76d03daf2430

SHA1
f2bd4effc359dc2401836b1be18610069f2b0617

SHA256
cc08c3df6f13d231fd652da1a222c1e3eb362ea5d9a1af3fee6aeabd1afd4c77

SHA512
cce846c6c53e762ad263ae1be32767228fd06061106d37c29eca6213d1c404cf5f9189d917af77767baeee6e33f0b40062786fd98807a8a0a7d1e32ccb28ab6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
575d1b21cd91b26c39b34def160a1e11

SHA1
523e870502d344ec532d425dd2d26ea8d5a5e3b8

SHA256
f2e794ec7446b0da625ddd5d40e91d68881bd8297f6cfaa7ade1fac178b2b57c

SHA512
246ae7c148bce9e269f609df04375ec7c2a45fe2a61bbdcff45ce6d2e9f7a4f964a38f47588b62cf7353bf1abe2cd4b1ef81c4de76737d6b21111b1c55eec6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5fddbc41463b6a3a6a9e819f101da4e5

SHA1
308ba9816aa74b27a01bba26dcb937f63a779314

SHA256
e5d2cbdca1ae7d5ed0b73be4d95e3e6bd267eefb5285ea4a9d0765b35aa10e00

SHA512
696f128f02bf0b949ad49cb8f8e5c3d63bb610363b1d9db02d3a3a37fed333b1ee54417c831e6943ccdb3fa0f829fdfe262a300a15889598a1f60ccd3a869263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e073da5c7ad94b76cafb251b8b738bab

SHA1
df7acbfd1261646941f9dd133c6c0aa1f621077d

SHA256
58708247b8389fd795b0cfcab78735af5dec4a23a22e9067a98b3efb9440ed22

SHA512
16f123ed93400710e08396a83790c20e449c0b7c1d9c27c8e9cd0ae4225da76e08000ec07fa50def31a4187bb3016470a755b4ab111118e75eb7843f35e452c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8cce221c894ccbf1eac3091088cf06c2

SHA1
e6d62d96993fe15ffcb92be17316043cee2fb3c6

SHA256
96f3067a4f22a02a83a1ec753c2c4b8ccf2f83512067488a494ba5d00ba512e0

SHA512
f34590c5da3c23e438f684289e0377e7927f4ccbac3815196e1957e3815981720b56eb2260a6f9f0bb22dd61f23cf3171e6bc89045fbe92aa9d43d4204d05a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18962c95296802802bdea6de5cb888a5

SHA1
96f175281b34c33f366c53a28b86e12618feb05c

SHA256
149c1a10ede054c9ac01b28601632efc5cc024d987565d92286eeedbd372ec2a

SHA512
c4cbb412f725738509c1a68550a28a1801cf87a676ee94176bcf05647c0f2bd30f02ca14f8e5d52094e33b6a36d6cac1e5d1f10e93729950ed2fcab1d2f952dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a75d40056d4751f21cd3c02e511599f

SHA1
28a7cf58fd0a9f56ece61c2fa038248d55554701

SHA256
ebf2c00e09db78aef328a5e40318b799db79ee97486031c10e1bc814627d4090

SHA512
20e2c26828196b80da1fae1541d1b572411e79e79fe8e62029809dd677b3128522213161f4a3f56b94a06d8b20ab2d5f0baf42529ba2e7eb42efea2fb15c4ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f10d4fb53cca9feaf29bb9e56a85d376

SHA1
39af2cfae31ba7e7ff007db4b62b61d11ec3c80b

SHA256
c6e8c42ab8ce35c800800525016ed12fb39622323123420684901acd174b3eea

SHA512
a621997b964f6fc3f6590b8b3a794761dc5754702b7eca74c910a6be1767bc1578a7c4990372c3c0d623308ec3a58996305b1d52536888e92491b83891c98a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e98bedbef65bae224033ed915e79f407

SHA1
2d5a2bd2b277ac704642aade9aa373a8cdd4e1d7

SHA256
486242f752cc3a57b70431269fd02e962fed17ccd91d9828f68a97ae616744e4

SHA512
59c50047fa52966cc16f20d4016dd21485b988f3002d72966c2ca20f0544598e139430f51cc37e06e8b7c2b8e0465392603b37787993f93d67021a73436595ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e6b03afcaaa2713eda9458b2a5fc09e5

SHA1
146a237f979984e38522f1f3578bb20a6152433f

SHA256
e66e1c2e93b144e1fe41a143c8305e95349110e1d455c4d0ba656fe06e3d0e92

SHA512
fd624930111ff5ccb27ea4b1a9a03ac2f767693aec70c0549d38b03c8171ad5928f8fb7539440956bb0191ab7ee146dd72bed7476d38a21b7d0ad1de1cc3fd5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a9421c36e026dfbee48c59af1ff2367b

SHA1
8553cefdb697169ed866b82b4f2d05c26569df86

SHA256
d85a233b2b1cf1303bd8bba6ad16ae33cc8a450b5ea2178ada7339a153f588e0

SHA512
2b393963a4ed426d0f982e7b94d4d116b951b3dd5fe8d58537615ce6558a584fc1bf295bc266c3a140fe969c12092b719385dcdb10490dd6a37e31e9829c286d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c6bc77129526b4036f2b61fb02c0b4a2

SHA1
d0804ae279674780a5c22ec3fa16c4390ed4ece7

SHA256
09b55b58fffe9736f93cfe96d43f8009b3fafbb1502771684645a9e59b94943e

SHA512
a0172cd12fab489a134bb05719a827a51906a1dd604a57c33ef57f7d2b5c82e12ce2d78d7fa8aa20823229ed8e5c366f561cfdfc57f5a25422f273049062c5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
789dafb7f7e852884acf3bd48bf51000

SHA1
520ec4bfc8efb43a5b2c4357c7a40add49fbdfe0

SHA256
2117f6c0a4dcc23dca84492bb58987fb119470ade1bb070e2690f63aa1a514c1

SHA512
a3e1be16335b6ebf5ab0eccac978cc352537f3c779e953e15849ace98a4d3edfd5163d59a9faafb9b65c56064eee546f0f352a68385355a307bc5c17e2e2cde3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
72a18a2c5d96fae90f02df13d877aeda

SHA1
0b653f5d3ef7cd8c62763f09f40a29152c84d0fc

SHA256
cef87b46b48fa6d64f6e131802c37a51a9bc262088121f3d81b24d649c6d11ef

SHA512
22b492e4df9c4b44f58655809309d92c8410e42f16426e34e8e1e07b09ce8a861db8003c4b6182cfeb59edb85b42d690f900d27bb588a8f4e06e38784019ab25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0f276e8f7fc8a3ac12bb2120f90be5d9

SHA1
935616134517f052fb162a1a300c9318e959f4b1

SHA256
a7ed1bdf91196fb6954d17f2a335d8fe723b4db4ccf267c8d8918be65c6bb51c

SHA512
fdc909da25e5ff43f5acd3d3ac4da0fbe33f90dc982068f9512c908091924400c50eb20c9a3e28b591c29f301454e0358b384a365f2057c03431a07771b0592b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
3804572d30006c23e1b17785ed9d9b4f

SHA1
419897cd462d729331f38bc8a668f835b233ffc3

SHA256
88abf4ca8b5bca441afe6786a389eff976bd454aed9c16154bbd99f9302110a9

SHA512
3a08e3de772c4669ae35e25dda2cf428a07334948b97bd79d7e9773181ff00e79358cf0c32d3999395c91500c9239c6b7775ef7ec2c574dd7d3ada8032800424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8e5f4b368dbf232474cca73c73bdc9ce

SHA1
b5e81e95e8fda20e3f476f076e224aacdcd18e51

SHA256
508eb20c389fd37f221dcb1faf58d2ab3bd50416c3a2ec5f5cf34f62b30087db

SHA512
0b3def79a320371ff2572800139cb496e359c41e00c6d106b6e5184c241d05a170cb862c85ef7662226f15db7cecf785468775669e9c4a1e6932c14b428d5736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
9363c72a29e817ce086f71292e109fcb

SHA1
27e1aab0bfd65523e8da319ac0c3b720e750fb11

SHA256
959c41c4c3b2d253f06b6764886c058cbf8b08e4c096d5b4f22d0411b4056742

SHA512
f1e2d7ed00241b19c8e613192124349cb65e759afdc334ab03127879dee018511e9e809924586d4cdda74bef107818d0e7bc6a3a79502091fe54499802dbe629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
bb33ec1cae7f16b0b8905445db3cc704

SHA1
5595f85e81164cb6a369578056e14987f63cf36d

SHA256
a9b9d9f03bbd96aa291936a66b3f59fb18fbb106208b570858052b02bc0e5130

SHA512
f881477916af8eb90742c20e3394666cd96b040fb23a5de08773eee5d7df92d07be08880d82d66d44cb9c5c8ea4f5a2244a825b37a61587692f4d892664dfbba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
abe17ccd8dc511584ebc18744fbf996b

SHA1
6e2c3a4f091d1de56fa5de048d79f5754fe61fe4

SHA256
1f5f3d12988492d0580f45746d765f1e4c1d134c5bc8cbed4d5559efdd4e7022

SHA512
3d7d87b5f2b7f2ed322479072e92b788551d254a1b97f09da1f95a558514806d56fd7fb6a3006c2b03fd1acd833da1f9ab712244230d4e7703427b4bbf146910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ad2d2.TMP

Filesize
101KB

MD5
7147b40ed0cc5cd996b6973540bf5496

SHA1
3e2974367cb2a11b8e5bb50804eb43573556a62a

SHA256
45382d5621ecd8134616ad8f223f375878e63a6684d9eba938238318ed283517

SHA512
ab1cadc2b3988ae37c9c859f79826b575ad2a7140b31fd6ae8d297360be98e5e5e8c055e7854fcdcac46a8210d3b7070bc4b7a2770fece4735a9987407f656d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
eea3d49bc124bb1f7455e2b993452670

SHA1
a7ecbf93987347e08b77788ccd3c1e148efaad75

SHA256
6eec5b5438e40966f1421fd6d35b02ff2f511c599603c8450588ad6f09d94d75

SHA512
f7d9b572e8fadd2b081ab0eef020307808c4c342c8e3a732e8807511029484fe62abbf5a5ffcee7b68d9ff5b03f55d91c750034650e7a0d3f014c0eb79dd5a16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\da\xClient.exe

Filesize
227KB

MD5
cab668afb625208ebfb90cc278774803

SHA1
8b5674c7058d48deeae9c8aea523d85856744e81

SHA256
067f33ff1f4d4007a7d37e93f271d4def42a065ebc307418893fb08c8322c027

SHA512
a6547cfed0d3aab2f11587c2bf03ee36d312ec83f20c003a9b5afd1296071c78b44e7b70d10d0c1ac2b97e65c622dcd661ad66e5ba239374bb7a4a9785aaf7b9

Download Submit
C:\Users\Admin\Downloads\Umbral.Stealer.zip.crdownload

Filesize
3.3MB

MD5
f355889db3ff6bae624f80f41a52e619

SHA1
47f7916272a81d313e70808270c3c351207b890f

SHA256
8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

SHA512
bff7636f6cc0fadfd6f027e2ebda9e80fd5c64d551b2c666929b2d990509af73b082d739f14bb1497be292eafe703ebd5d7188493e2cc34b73d249fe901820eb

Download Submit
memory/4320-660-0x00000235E8920000-0x00000235E897A000-memory.dmp

Filesize
360KB

Download
memory/4320-657-0x00000235E8880000-0x00000235E88A0000-memory.dmp

Filesize
128KB

Download
memory/4320-662-0x00000235E88E0000-0x00000235E88FE000-memory.dmp

Filesize
120KB

Download
memory/4320-909-0x00007FFD099E0000-0x00007FFD0A4A1000-memory.dmp

Filesize
10.8MB

Download
memory/4320-775-0x00000235EAAE0000-0x00000235EAAF0000-memory.dmp

Filesize
64KB

Download
memory/4320-659-0x00000235E8850000-0x00000235E885E000-memory.dmp

Filesize
56KB

Download
memory/4320-658-0x00000235EA240000-0x00000235EA2AE000-memory.dmp

Filesize
440KB

Download
memory/4320-663-0x00000235EAE00000-0x00000235EAF4A000-memory.dmp

Filesize
1.3MB

Download
memory/4320-870-0x00000235F29D0000-0x00000235F29EA000-memory.dmp

Filesize
104KB

Download
memory/4320-661-0x00000235E88A0000-0x00000235E88B0000-memory.dmp

Filesize
64KB

Download
memory/4320-869-0x00000235F29B0000-0x00000235F29CA000-memory.dmp

Filesize
104KB

Download
memory/4320-656-0x00000235EAAE0000-0x00000235EAAF0000-memory.dmp

Filesize
64KB

Download
memory/4320-867-0x00000235F29F0000-0x00000235F2A4E000-memory.dmp

Filesize
376KB

Download
memory/4320-655-0x00000235E8860000-0x00000235E8880000-memory.dmp

Filesize
128KB

Download
memory/4320-654-0x00007FFD099E0000-0x00007FFD0A4A1000-memory.dmp

Filesize
10.8MB

Download
memory/4320-653-0x00000235E83E0000-0x00000235E8402000-memory.dmp

Filesize
136KB

Download
memory/4320-868-0x00000235F0A40000-0x00000235F0A4E000-memory.dmp

Filesize
56KB

Download
memory/4320-673-0x00000235EAAE0000-0x00000235EAAF0000-memory.dmp

Filesize
64KB

Download
memory/4320-674-0x00007FFD099E0000-0x00007FFD0A4A1000-memory.dmp

Filesize
10.8MB

Download
memory/4320-699-0x00000235EAAE0000-0x00000235EAAF0000-memory.dmp

Filesize
64KB

Download