Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Resubmissions

15-06-2024 11:57

240615-n4nlnatdkn 10

Analysis

  • max time kernel
    125s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 11:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XClient.exe

  • Size

    34KB

  • MD5

    9eed0214b9eb8c9d5a721f41f41c9fb8

  • SHA1

    3a59a5641eaeda215e210ded035ef7e2b4800fca

  • SHA256

    035800e6324de9cfb66ecaece7cad0653c6fcb60f02a14ce3f7f6871ece13a79

  • SHA512

    cd711a3c3e6b9dd5b7181cfbc5d50faed6fe5c28e62e68b91aa1c5cc508185d31ba6eea33bad6d4b13d324870b089d85ed547d103e55d770ae149b9accf185bf

  • SSDEEP

    768:jMeXO87baKUjA8OinWvCr70Yf33pdF73HLFl98LOjh+fbqtE:PPaTBUvW7DN3rFl98LOjkwE

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.168.68.59:2509

Mutex

TMtr6h2oEQ6hqVEG

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XClient.exe
    "C:\Users\Admin\AppData\Local\Temp\XClient.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4880
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2020
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1384
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa71f1ab58,0x7ffa71f1ab68,0x7ffa71f1ab78
        2⤵
          PID:4636
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:2
          2⤵
            PID:3500
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:8
            2⤵
              PID:4024
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:8
              2⤵
                PID:2084
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                2⤵
                  PID:3344
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                  2⤵
                    PID:4404
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                    2⤵
                      PID:4956
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:8
                      2⤵
                        PID:4612
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:8
                        2⤵
                          PID:2356
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5028 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                          2⤵
                            PID:1336
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4540 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                            2⤵
                              PID:1684
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:8
                              2⤵
                                PID:232
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:8
                                2⤵
                                  PID:1824
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:8
                                  2⤵
                                    PID:2596
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3320 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                                    2⤵
                                      PID:4620
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4524 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                                      2⤵
                                        PID:2372
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3368 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                                        2⤵
                                          PID:4628
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3188 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                                          2⤵
                                            PID:2232
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3168 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                                            2⤵
                                              PID:4988
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2268 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                                              2⤵
                                                PID:3364
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2420 --field-trial-handle=1960,i,1975625913337566366,11505829329592655761,131072 /prefetch:1
                                                2⤵
                                                  PID:1624
                                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                1⤵
                                                  PID:2596
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                  1⤵
                                                  • Enumerates system info in registry
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:4420
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa71a546f8,0x7ffa71a54708,0x7ffa71a54718
                                                    2⤵
                                                      PID:1104
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
                                                      2⤵
                                                        PID:2440
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:1772
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
                                                        2⤵
                                                          PID:2304
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
                                                          2⤵
                                                            PID:1476
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
                                                            2⤵
                                                              PID:4156
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                                                              2⤵
                                                                PID:4292
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
                                                                2⤵
                                                                  PID:2816
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
                                                                  2⤵
                                                                    PID:5264
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
                                                                    2⤵
                                                                      PID:5276
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
                                                                      2⤵
                                                                        PID:5480
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5656
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                                                                        2⤵
                                                                          PID:5776
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                                                                          2⤵
                                                                            PID:5888
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
                                                                            2⤵
                                                                              PID:5896
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                                                                              2⤵
                                                                                PID:6052
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                                                                                2⤵
                                                                                  PID:6140
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                                                                                  2⤵
                                                                                    PID:1668
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
                                                                                    2⤵
                                                                                      PID:3324
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
                                                                                      2⤵
                                                                                        PID:5560
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                                                                                        2⤵
                                                                                          PID:5960
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3149156909186069383,1740023389886137635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5916
                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                          1⤵
                                                                                            PID:4456
                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                            1⤵
                                                                                              PID:3216

                                                                                            Network

                                                                                            MITRE ATT&CK Matrix ATT&CK v13

                                                                                            Initial Access

                                                                                            Execution

                                                                                            Persistence

                                                                                            Privilege Escalation

                                                                                            Defense Evasion

                                                                                            Credential Access

                                                                                            Discovery

                                                                                            Query Registry

                                                                                            1
                                                                                            T1012

                                                                                            System Information Discovery

                                                                                            1
                                                                                            T1082

                                                                                            Lateral Movement

                                                                                            Collection

                                                                                            Exfiltration

                                                                                            Command and Control

                                                                                            Impact

                                                                                            Resource Development

                                                                                            Reconnaissance

                                                                                            Replay Monitor

                                                                                            Loading Replay Monitor...

                                                                                            Downloads

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\318d15b7-9e04-40e4-b7ec-abb98f99de18.tmp
                                                                                              Filesize

                                                                                              91KB

                                                                                              MD5

                                                                                              fbaa38e6b29a51e2313c1c84b50d6eaf

                                                                                              SHA1

                                                                                              a3fd7200c6a3cf3758c639d5d46da8edbedf2980

                                                                                              SHA256

                                                                                              593c54116bd557f199f64102fd03b709dc9313eae00b4563a18d0a4003001205

                                                                                              SHA512

                                                                                              c0c653aac82a6bb8e1942757746b4a5c2e80932a49727a4204a15d25498d8906444c642e86640546707e44b6d1c41db7840e72ad3692e081e291fc563bd1de21

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                              Filesize

                                                                                              2B

                                                                                              MD5

                                                                                              d751713988987e9331980363e24189ce

                                                                                              SHA1

                                                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                                                              SHA256

                                                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                              SHA512

                                                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                              Filesize

                                                                                              7KB

                                                                                              MD5

                                                                                              1829a432a308c854142491f55085cf4d

                                                                                              SHA1

                                                                                              206e1394560107b10d6979b50d7a7b1c71bd2761

                                                                                              SHA256

                                                                                              ecae25d93e7a6a611d99f0ee546150cb174ffd28413d5230bb1349247655d6d8

                                                                                              SHA512

                                                                                              c95043f9bcfbd844034930a0ebf65c73a58b8aff32c1b9cebd5e55d099781023613431ac11f51ab8f7de39a3cf9aa76814c1eb70d04585c14357f2d16fc17954

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                              Filesize

                                                                                              7KB

                                                                                              MD5

                                                                                              9fcc6e4087f915bf6db84c40dde15d3d

                                                                                              SHA1

                                                                                              04f505adc0a315fb3542e7755963748de8e13c1e

                                                                                              SHA256

                                                                                              df232e3d4b6108b4ea273a5fc23fe7f5d799bf948e4bb04673dbb53156add167

                                                                                              SHA512

                                                                                              49de70fbc0f03c8497276ac9a37ae82c50140835a8bb3835c949c048c83d6ee9905dfbf0c2be0a7f498e3ed1b49dd2dd3aefe7345ad7b07ae679625f67eb7845

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                              Filesize

                                                                                              257KB

                                                                                              MD5

                                                                                              0c4e6faaf7a2f57a0d182a37fa67798b

                                                                                              SHA1

                                                                                              53084b086161c1183ab26d652634b7eb5e9844ac

                                                                                              SHA256

                                                                                              68f5b533b4356a79799ffad98eaaacf2dcc1cd0975205d08552bb0bb05999df0

                                                                                              SHA512

                                                                                              0869981a5d3e0fd314aa04429aff6e2f470b41f6a322d0d95e5fc5bb8ef1e2b1f5277d3b3fd27a52ede08f03e0101effaab45f39a29217562aeb19613b48163d

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                              Filesize

                                                                                              257KB

                                                                                              MD5

                                                                                              00e18deb3201842d8af7e1289af73c11

                                                                                              SHA1

                                                                                              a18e30bd9dcd5473a22c6963332e24f47e90ad73

                                                                                              SHA256

                                                                                              61eefd93f32fc558cc4f79723861b9b9b5c6e5528d1d25c2bbf2681cafb74a80

                                                                                              SHA512

                                                                                              a8962413de7616a6c278cc0df8e6ce30bd05cbcb8e693b783bcd47247478cca84da7046cd9eb562c3918a124dd915d3bdc85bd9ef8d08f1d75fe4efcb7f5c6ae

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588cca.TMP
                                                                                              Filesize

                                                                                              88KB

                                                                                              MD5

                                                                                              60d32360149e683069e1b8505bdc3099

                                                                                              SHA1

                                                                                              cbcddc872d6e1451b1fe28d277cec47755e29b6e

                                                                                              SHA256

                                                                                              5f7653ef6308cfb70cce1c813a2dfd004d521d35e0783c18915d51e9cb812863

                                                                                              SHA512

                                                                                              959014c92c7869c5f0c39b489e8fbd4ba61546b4fd4d7bf0f351173e65eac96282e38e15cdbb5561f7c30ad0f1f87c6e790b3661a995440e9e9d71366c9498b6

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                              Filesize

                                                                                              152B

                                                                                              MD5

                                                                                              4158365912175436289496136e7912c2

                                                                                              SHA1

                                                                                              813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                                                                                              SHA256

                                                                                              354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                                                                                              SHA512

                                                                                              74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                              Filesize

                                                                                              152B

                                                                                              MD5

                                                                                              ce4c898f8fc7601e2fbc252fdadb5115

                                                                                              SHA1

                                                                                              01bf06badc5da353e539c7c07527d30dccc55a91

                                                                                              SHA256

                                                                                              bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                                                                                              SHA512

                                                                                              80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2382733b-0019-4500-8639-fb5f4cfce0c7.tmp
                                                                                              Filesize

                                                                                              5KB

                                                                                              MD5

                                                                                              8b0e927497c0bcd2f9833c2a68c2b47d

                                                                                              SHA1

                                                                                              4f7045841d85eb2b6130aa24360715aaea783f82

                                                                                              SHA256

                                                                                              f360fb65807f05f75ba7e4d206cbc9006718841920c88e1fdc9cd55b19ca8127

                                                                                              SHA512

                                                                                              c0de8ee80ce3a105608948b3ca62a3d59faf20d98b195b10c088b474eedfb0af4cf233896dddecf13d03918981765ed515a6d846a8f6ad6553fbe1a45598d7a9

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                                                              Filesize

                                                                                              264KB

                                                                                              MD5

                                                                                              ae7ca545a89bc8a969cbb32e112b7457

                                                                                              SHA1

                                                                                              46128b2f1ec4ac2b3e8c52a712b3093b046a66a9

                                                                                              SHA256

                                                                                              a94d74ded7fd206c8e331c96b7d3b8f026638f619adb9428c6eff05d9ecc5300

                                                                                              SHA512

                                                                                              941de4064fb5d930a386817fc7b7e8a248a969eaed2ebba8a4d9f005a8cce88216aace30a3e0154e7edb21ef210909bb6ec587bfdcf5ac7c5bb0c84c4eaa8aea

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                              Filesize

                                                                                              6KB

                                                                                              MD5

                                                                                              c06b7737e62d874d6eea310c76fe3373

                                                                                              SHA1

                                                                                              56b99a8aaed3b6d096370fe029b874533ef28817

                                                                                              SHA256

                                                                                              f55f3ffd44f048444490819b27d12fd1c4d7fc81b91207df61ef4b506304f312

                                                                                              SHA512

                                                                                              755ade53ccc7cac9e5c8d59fa5f56b50975fe62c8abd3cd51bb2a7d4cb34dbe46c1b155a78f513b06355d220226c220af1c46b07985d7479846cdb62cee77fa9

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                              Filesize

                                                                                              6KB

                                                                                              MD5

                                                                                              f98142dfd5b3ed6b266bec93394cb781

                                                                                              SHA1

                                                                                              fba7cc7c8ba0bb840e469bd2b9510aae256940a7

                                                                                              SHA256

                                                                                              00b6cbf3e8dff3bf3d176e0e1e3b62d9253a5d746f5a1e915ba8c9cf33bc938b

                                                                                              SHA512

                                                                                              e30a5a34a1fc206dcef77a12aaee371cd238dc4c4dcb3eee5f8afd82818f12acdfaf23159a5bbbe57466ea3cb2e419725e24771f3b78bd6698d2e955bfc033d6

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                              Filesize

                                                                                              16B

                                                                                              MD5

                                                                                              46295cac801e5d4857d09837238a6394

                                                                                              SHA1

                                                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                              SHA256

                                                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                              SHA512

                                                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                              Filesize

                                                                                              16B

                                                                                              MD5

                                                                                              206702161f94c5cd39fadd03f4014d98

                                                                                              SHA1

                                                                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                              SHA256

                                                                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                              SHA512

                                                                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                              Filesize

                                                                                              8KB

                                                                                              MD5

                                                                                              468e027ae96d4ee89d5eaea571868ff7

                                                                                              SHA1

                                                                                              04258ddf430e7873348ea0ef4e61d22344765af6

                                                                                              SHA256

                                                                                              3fff433648b6be76c499269361f7088689678d330df1e6b2e8967697a7207f9d

                                                                                              SHA512

                                                                                              e7a1efeed31d97e053a61961903bd1f19f9d4a3959fd250fa1047b6dcc4d88d3592559ce8252c435e24cda92d9a760550abd39c7be0f38de040a5e435e8dedfa

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                              Filesize

                                                                                              8KB

                                                                                              MD5

                                                                                              b258864a0a21b1fd8bbfd2a5bf511cf5

                                                                                              SHA1

                                                                                              ab7e1fd71971eb5cce8aebefa3816bb4bab406c9

                                                                                              SHA256

                                                                                              dd970cf33b392ceb495db7fc4407d59909546649786be6256e5c626c8a828e53

                                                                                              SHA512

                                                                                              f8c79ec8dffd1ce6e16f4f3cd7e84e2adb92035e9090c3b79fca194eb9c51d7a8536661a7b6f7dd436e1eaaa8e28a4ce748e6035fb0dcbd6eb977d54db074d15

                                                                                              Download Submit
                                                                                            • \??\pipe\crashpad_1384_OXHYWPNSNEKIYVCG
                                                                                              MD5

                                                                                              d41d8cd98f00b204e9800998ecf8427e

                                                                                              SHA1

                                                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                              SHA256

                                                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                              SHA512

                                                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                              Download Submit
                                                                                            • memory/4880-0-0x00007FFA75253000-0x00007FFA75255000-memory.dmp
                                                                                              Filesize

                                                                                              8KB

                                                                                              Download
                                                                                            • memory/4880-3-0x00007FFA75250000-0x00007FFA75D11000-memory.dmp
                                                                                              Filesize

                                                                                              10.8MB

                                                                                              Download
                                                                                            • memory/4880-2-0x00007FFA75250000-0x00007FFA75D11000-memory.dmp
                                                                                              Filesize

                                                                                              10.8MB

                                                                                              Download
                                                                                            • memory/4880-1-0x00000000003B0000-0x00000000003BE000-memory.dmp
                                                                                              Filesize

                                                                                              56KB

                                                                                              Download