zgrat | 7a6e7ce0b1d27034eb2743bb25305b2ac9a9a950b3ccbb43d5d3c5ba2d43122d

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sentinel.exe
Size

1.7MB
MD5

a991bca8b1b12edcef7ea9365083910a
SHA1

c2a87723dc3a20162e84062fd3420c07be74f56c
SHA256

7a6e7ce0b1d27034eb2743bb25305b2ac9a9a950b3ccbb43d5d3c5ba2d43122d
SHA512

edf63d41a1b2bdc5db90bbc33254a400c3ab182fd8eea530c326907208857a3a58fe5fa379934daf41423576f8b589a41541c62f302cbf04028251fe6faa7e4f
SSDEEP

24576:6Z8lPrl9NaJd9N11gdlCaGApu8Fk1VM+q2fv3BrUIQxgcEQXwBNtr91L8Cu:bPpuW7G98FkPMYv3Br6ZDStp9

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V2 1 IoCs

resource	yara_rule
behavioral2/memory/4124-3-0x00000000058A0000-0x0000000005980000-memory.dmp	family_zgrat_v2

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
816	Sentinel.exe
1376	Sentinel.exe
4760	Sentinel.exe
3816	Sentinel.exe
4252	Sentinel.exe
4872	Sentinel.exe
1012	Sentinel.exe
4840	Sentinel.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
103	raw.githubusercontent.com
104	raw.githubusercontent.com

Program crash 9 IoCs

pid	pid_target	Process	procid_target
5056	4124	WerFault.exe	83
2304	816	WerFault.exe	128
3660	1376	WerFault.exe	133
4552	4760	WerFault.exe	154
1064	3816	WerFault.exe	157
4852	4252	WerFault.exe	160
1688	4872	WerFault.exe	163
3480	1012	WerFault.exe	164
3524	4840	WerFault.exe	169

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601050860268682"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4200	chrome.exe
4200	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe
Token: SeShutdownPrivilege	4200	chrome.exe
Token: SeCreatePagefilePrivilege	4200	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4496	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe
4200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4200 wrote to memory of 3532	4200	chrome.exe	102
PID 4200 wrote to memory of 3532	4200	chrome.exe	102
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 208	4200	chrome.exe	103
PID 4200 wrote to memory of 2184	4200	chrome.exe	104
PID 4200 wrote to memory of 2184	4200	chrome.exe	104
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105
PID 4200 wrote to memory of 2284	4200	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\Sentinel.exe
"C:\Users\Admin\AppData\Local\Temp\Sentinel.exe"
1⤵
PID:4124
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 1388
  2⤵
  - Program crash
  PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4124 -ip 4124
1⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb221dab58,0x7ffb221dab68,0x7ffb221dab78
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:2
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4228 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4860 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5280 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Users\Admin\Downloads\Sentinel.exe
  "C:\Users\Admin\Downloads\Sentinel.exe"
  2⤵
  - Executes dropped EXE
  PID:816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 1368
    3⤵
    - Program crash
    PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=848 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6048 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5900 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2228 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5856 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4884 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6112 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5600 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5536 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5668 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5228 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3416 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4316 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6760 --field-trial-handle=1640,i,14921686193639282032,8852685933814729778,131072 /prefetch:1
  2⤵
  PID:4576

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 816 -ip 816
1⤵
PID:3012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:648

C:\Users\Admin\Downloads\Sentinel.exe
"C:\Users\Admin\Downloads\Sentinel.exe"
1⤵
- Executes dropped EXE
PID:1376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 1388
  2⤵
  - Program crash
  PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1376 -ip 1376
1⤵
PID:2324

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14459:78:7zEvent29214
1⤵
- Suspicious use of FindShellTrayWindow
PID:4496

C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe
"C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe"
1⤵
- Executes dropped EXE
PID:4760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1388
  2⤵
  - Program crash
  PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4760 -ip 4760
1⤵
PID:440

C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe
"C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe"
1⤵
- Executes dropped EXE
PID:3816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 1360
  2⤵
  - Program crash
  PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3816 -ip 3816
1⤵
PID:1672

C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe
"C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe"
1⤵
- Executes dropped EXE
PID:4252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 1360
  2⤵
  - Program crash
  PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4252 -ip 4252
1⤵
PID:4420

C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe
"C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe"
1⤵
- Executes dropped EXE
PID:4872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 1352
  2⤵
  - Program crash
  PID:1688

C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe
"C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe"
1⤵
- Executes dropped EXE
PID:1012
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 1352
  2⤵
  - Program crash
  PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4872 -ip 4872
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1012 -ip 1012
1⤵
PID:3016

C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe
"C:\Users\Admin\Downloads\SentinelUIsource\Tutorial\bin\Sentinel.exe"
1⤵
- Executes dropped EXE
PID:4840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 1360
  2⤵
  - Program crash
  PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4840 -ip 4840
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
51KB

MD5
ffe655bcf75706fdc948330bb20116a6

SHA1
cfec8da2fcaea94fd96410cbc3b2c7c4cc0bfd2b

SHA256
48475ae95eaa5ff991ee638676459cf7518fc16f00f8650052c27c21fba03e0c

SHA512
448b050197e8c2439ad177f6d53ba4c52a5a75ccc7d7fb95668aef1d0e7bf0b11d63107cb982e344babdd7a2d8b0e247c71e68340710f19f40484f2d7fbcace8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
198c08f2c17e52d4c7b2990d01065133

SHA1
9d79c0f0b085d1472cd845c317087b1cb945f8e3

SHA256
7663505d1971d2111f78c0f7d0251ea782db2ef439692815773cf01f63d0c2bb

SHA512
b14808ba862cca7f1ef118e50e5fe453fe3c6c0645d7617d1ebee34bfedbaa46f0ec117d1b97dcb5e336e1930ef45f829401bad3cd12a981e3d536d575ba5fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d6a919ff2e368c997a1c6b34bb3fae88

SHA1
bd8e875966785332b627caeb059b4fb08e1d10b2

SHA256
57ca09d1ff69fef3c90dd0b607b47ab5bf518f77d002dad29f8f39fed6634cd3

SHA512
8270792548f3dda984ac1abb1427caabbd874a9dcaff7cc165fbcdeb74b38b3f51dce079ead22e648406b2a7207d0434a3892a4ac0054fdb961d464f4794dbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
8c0fc1d74e4eb5a36721962932fc855e

SHA1
e5890c5c845d0c600a53115f17c0a0242833dec0

SHA256
5a3bfee6e8b66db231caf2b4c73477a5a7aa010f7f1805018110844a84340236

SHA512
4ca3835336e765b96041f70edbcb2537dcd7d59f89a069e06a7036979fcc6b4eb4cdfe5a9c7871388ca5a772c7f0eefaa1cc1e69206620241cbbb3d71a4ef98f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61102149d15f846e41dcf136119835af

SHA1
833ffa3f8cb3d53e297c54e31f3482f04534f65b

SHA256
1c2692c11f62ee248e6282a80a9e6435ddd545b23dbce7984a0d97c5e3fb322a

SHA512
eb031e36ac74d0c810b547589c5d681edce3d0d5687806a7bbaa6020e9447b732159e2bf32c1bb57a92b36ab7769fe796e48618786e24d433489c3ddd995b34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e96e09d888fc5a94ae4650caa5fbf11c

SHA1
104a37176d2bc7bb34049bddfbf56b9ef06ab624

SHA256
863f3992ae0b9dd79624a96af76851539bb5133f9de5a8f6699e44aaeb830f33

SHA512
c313888ecbab3dd221ee811957c83fa503c08acde1c094ffa3373c9fdc4972bd33130c0fe5a18dbd6f1e764627a69cf515e021c71974fa535852189e1ab0c750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
51c0141da0a49a2f16b1e71f82a162cc

SHA1
03b7b6fde6e6109f1dac3d9399eee53ed920be55

SHA256
cbdfe2c7ac4d1f8a8088001a87b02d65382a3c12bff88e52aa8882ca65555149

SHA512
e40110adde619cf0f10b25461c4e551dce5ce8849070a83e2037fe7589f61e53125163714d6c4e5e2508d80be36b95ba6c16d7f343779518eafb8b9f65b196a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bbf8b1cb7b945cd5aa12427e0dfc45cc

SHA1
77d9d8641003feca74e67d7a6a7e01cdc3cce1ee

SHA256
745df4ce5a18150899b486f04c353ffc0e94dd781ab59b8b82d1e4b42034b28c

SHA512
e8c3d06920a42a4a1073a54a36c5088c037efddbf86b4b87d2de227e54a22cd30a9468e27bbb454b217304103ee833124c62f4b081ed32e914a7040f7a8bd73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3774b2e646f41ec623c4f553cbd7a2b4

SHA1
3f35a302fa7334d961b92a0086a48aa56cba2423

SHA256
bf6ffe04990e480fbce47e190432cbb3f6c44f47bbd4d7b7e9f254c02fd1a527

SHA512
1ed2c1dbabd182f4ce23fe3a631abc030ecb1412b5a1bd390407c7b7817d67da96aa3b66ac57e0a5dd3bd9305779ef444d775f5ea5e068a45f83b019c5c7a4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1b3517e8271d2ee86bb478c79919be1a

SHA1
fd9ad0d39aafde94fbd2a82f80b8a9b28643fde7

SHA256
4d9e0c561482b137f8cfa69e26a81a3f76121362a3aebe8d879a2c19f0fcaade

SHA512
1b85bc0335cc4c81d998dda902dc6f45a7a05f99c98eacdf4912c30e0171e7a60cd54e0c4cb4de989702977928e217d95de029ea9e53112dbb73f624cfdc7ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3add344680237c0ca52b14a63b84fa66

SHA1
689a48054a3519b17f82c52bc20685b45d7c3d9f

SHA256
51709033fec449803ca962cd02b9b9d1d4af420349e8ddd9ea25f43e4b699705

SHA512
4d1f027ec2feae1764721084c1fb0c7a9be4029ba1251fe8fd74341a71740f1ccd033b4082e40012da85f5076ce1987d36a0fdcb3962a2ade5dc7bbb2dbecc59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8574bf941eb6b32c006ca620fc1517e9

SHA1
0964970f18c21881fd7fac36091ec7e24a1fc906

SHA256
5b4f96dfebd96427e55d9645ebceef6936d31e65bb0d21ffe772905fde59f5ca

SHA512
275807b7065abcded5fd0d097b00e24115cec5ec3d7de58671bafc231e1002c54f6e4cba37ece9370f1d61e24ef5a7bf69f029544442a6de983843d575fef242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
337c8918a6cf03e36e9a8c3df7f3a941

SHA1
31ad125b298a6baf2d2546f8a49ae48204d778b8

SHA256
44b0fac23a8cbd04b4ea4a06281890f92300ea2387534e748d456c2c7d4280b3

SHA512
e891d7e39ad58d9668eb3a7e89c462cd930be34147d2df6250f93f29772574ba0defab0a75aeda25e57dd82f6ab2344757668722655e0390e53458031fbec2e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
6207e0886db4b82eba1632503b39f1ec

SHA1
faa46300d2b179acd69ff6933b630af3ee84b15d

SHA256
d7493ca2aa23539f88b7d367cc51b30ba0ef9e5cc6dae9ddb3f5409346220e6a

SHA512
9ba5e9f0403a3c63acf1ca2b5607662b070178a6fd589e3ef2ed65cd2d229412df38d41523b6987280aedbd9adfccd3828e8f2ecbeee847c2f6e2995f6883833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
936216b0518057626a83c2e225176118

SHA1
5e62d6141d31d5dc1b24a3cb6a87a28741ae36bd

SHA256
a37ff713f213130f80cb53ef0f23743020fce75f47ebccf71ed5cec91e2f6f96

SHA512
2cd6c16317d41d8ffd0e5821004b029a02a52c0622e2e9004f78e0ce671ee86c7dde648016cceaad4ad3ecf93438e1aac5c338b5f7200d7cc524eca6e581e0d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
2ada82acf92708c9371347c9706aab63

SHA1
bf231ce7b9d2bd92959b0e27381818d3cc9b670d

SHA256
34360b7ce514ae829aba60f76c8f3a24bf890360af5918599ca9ee12b70f9ec3

SHA512
c5c2176bcd2c0e4397bbe9cad26a0d03a79fab163d7008e9772dc4f1d7b0db84113fcfe34d38ed4c5555812fb47d56e4e2f59b5c50b31df6dfc69d50b4202638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
8467acdff0dfa92a4929e5dfdd7feca2

SHA1
8d066f1b0795a62d89dfc2bdbda4786fd6da6414

SHA256
9d8985ff8ea5847e85293c8f5e810713f046d7a9c70f060bc204ad275d4a1cc1

SHA512
f63ef878dcacd64a1124936aa39f1e4376ec349c75cb12c827dbcf6fffb814c2603b90ef1c66017ba5fad23b70d89482bf825511c64ad8f850ad73f51d87535a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
aebbb7607b7fc407f84bbfba56436a9e

SHA1
310271cc9684f2f24a470e0ccbfe715f60d6f2e2

SHA256
454fcbeb21aeff4c7239cb225414de4714aec474657fb8a0d4739e1eae299003

SHA512
ba4297df3f3297237a5f9649652c038d273d0fdfae7b9969637a6b4dcd850ff9e11af72079fca7cb32b5994fa627eb1d4a0c198e37ab6e137977abd8c27d713d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
882030b0987f12942b3b52b148e121ec

SHA1
a4b0e04b339d00e57b4669ad103f17e9a2799331

SHA256
a3942882d157ab837e7ba37d6ee008614e0fecd7b5ccc006099eca41f5b03679

SHA512
d6b94ae9d30b41be30d738b7e24a8025dc6d371ec58a857511ea96b9da0368958902cbc1b394fcf930949e29d56fbe73e4dae6231192281741eb9daf7ba23441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
cbc917baab1ad41bffa7dc75ce5d4463

SHA1
238fdda7abcc7eeebceb7a9e8af9116abbbb071b

SHA256
0a7dbfacadd373c329bfb202f4163740944eeded5ffb610dc77c695a2308d055

SHA512
baa2c099f0924cb5b44e0553d04e96010d0c9ea46547c3a1c3adaac438b1978ede51fa2bc7740fc491387c9a9a279fa1bd91178920673019a70bd79e7e1dd32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582584.TMP

Filesize
88KB

MD5
141c4c10fc4c75bac469fbf7469d234c

SHA1
5cc17ba539c5907d4d9d1afc410e4855203cf0bd

SHA256
3d6823c633d3f022c3c139b797af7b00f2f7fa0fb47536f657e54dc56b749ba5

SHA512
1b3e28585288ee48adcd87b2c1835e45ea949bb1080950f320adfc4fd7d5e037467258931cfa0f406a54d85bc5df1ff18bee3d7264a0e60da95ae03fcfb6423f

Download Submit
C:\Users\Admin\Downloads\Sentinel.exe

Filesize
1.7MB

MD5
a991bca8b1b12edcef7ea9365083910a

SHA1
c2a87723dc3a20162e84062fd3420c07be74f56c

SHA256
7a6e7ce0b1d27034eb2743bb25305b2ac9a9a950b3ccbb43d5d3c5ba2d43122d

SHA512
edf63d41a1b2bdc5db90bbc33254a400c3ab182fd8eea530c326907208857a3a58fe5fa379934daf41423576f8b589a41541c62f302cbf04028251fe6faa7e4f

Download Submit
C:\Users\Admin\Downloads\UISource.zip

Filesize
239KB

MD5
a8d890e319c27e0b5c0f40146b1ed744

SHA1
2d21398422bf46da3ae5e4821697e7449bb347ac

SHA256
e6c05445618b95b77fd7dafa530fe543abc6ac9cbfd6cf131b99d409b18e098c

SHA512
92ceba773f527e5fbebfca0192cf62fb93fc5a319ba317a211316cfc45f6bcdb541730fdde0c2771ca8c2c87ecd2221afa313160fc850f463840ca42abeba459

Download Submit
memory/816-313-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/816-324-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/816-314-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/4124-0-0x0000000074D2E000-0x0000000074D2F000-memory.dmp

Filesize
4KB

Download
memory/4124-9-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/4124-7-0x0000000006570000-0x0000000006578000-memory.dmp

Filesize
32KB

Download
memory/4124-8-0x00000000065C0000-0x00000000065F8000-memory.dmp

Filesize
224KB

Download
memory/4124-6-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/4124-5-0x00000000063F0000-0x00000000063FE000-memory.dmp

Filesize
56KB

Download
memory/4124-4-0x0000000005980000-0x0000000005A1C000-memory.dmp

Filesize
624KB

Download
memory/4124-3-0x00000000058A0000-0x0000000005980000-memory.dmp

Filesize
896KB

Download
memory/4124-2-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/4124-1-0x0000000000C40000-0x0000000000DF0000-memory.dmp

Filesize
1.7MB

Download