zgrat | 7a6e7ce0b1d27034eb2743bb25305b2ac9a9a950b3ccbb43d5d3c5ba2d43122d

Analysis

max time kernel
130s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-08-2024 22:42

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Sentinel.exe
Size

1.7MB
MD5

a991bca8b1b12edcef7ea9365083910a
SHA1

c2a87723dc3a20162e84062fd3420c07be74f56c
SHA256

7a6e7ce0b1d27034eb2743bb25305b2ac9a9a950b3ccbb43d5d3c5ba2d43122d
SHA512

edf63d41a1b2bdc5db90bbc33254a400c3ab182fd8eea530c326907208857a3a58fe5fa379934daf41423576f8b589a41541c62f302cbf04028251fe6faa7e4f
SSDEEP

24576:6Z8lPrl9NaJd9N11gdlCaGApu8Fk1VM+q2fv3BrUIQxgcEQXwBNtr91L8Cu:bPpuW7G98FkPMYv3Br6ZDStp9

Score

10^/10

zgrat discovery rat

Malware Config

Signatures

Detect ZGRat V2 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3680-3-0x0000000005A30000-0x0000000005B10000-memory.dmp	family_zgrat_v2

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1896 3680 WerFault.exe Sentinel.exe
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Sentinel.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Sentinel.exe

pid	pid_target	process	target process
1896	3680	WerFault.exe	Sentinel.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sentinel.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

chrome.exeLogonUI.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683218152032597"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "182"	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{EF511C5D-AC9C-4D4F-B1E0-061BFB5CAF98}	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

chrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
3640	msedge.exe
3640	msedge.exe
4888	msedge.exe
4888	msedge.exe
5796	identity_helper.exe
5796	identity_helper.exe
224	msedge.exe
224	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
656

pid
4
4
4
4
4
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4116	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

5596 LogonUI.exe

pid	process
5596	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4116 wrote to memory of 1032	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 1032	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3044	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4404	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4404	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3956	4116	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Sentinel.exe
"C:\Users\Admin\AppData\Local\Temp\Sentinel.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 1400
  2⤵
  - Program crash
  PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3680 -ip 3680
1⤵
PID:5060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaabaecc40,0x7ffaabaecc4c,0x7ffaabaecc58
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3580,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3696,i,15660139078019731759,13531414202711038238,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2296

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa59746f8,0x7ffaa5974708,0x7ffaa5974718
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13872561292733706496,1320013743965776860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5188

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38c7855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5bb31e99f06a66acef25a9df0b33d7e7

SHA1
b22d46f4e6bf42e150504b9a44348f5ca8eafaf4

SHA256
802cc09ed6ce136df61f8bcbe1857c228841e6484105fe4d095844a55d92cdf7

SHA512
7cc84bb8f8fdcdb48541f9888a47ecbec8072d7acdc147bcbbf1cd4f1d6d520d4d4cd9e4d906214d280fa498a0ff331c7b1710d62c85c84ce1f76d9e67c91c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3f0ec2547e50bcf4789a9a144655179d

SHA1
d8ea370c69e98b2970b9bcd9a046d7d392f1c000

SHA256
5c43b5ce03568ee5d2b39e5ca3c0fa736ead69b72cb0931ee6277ad343de8a96

SHA512
37603e75790876bc640b1bba48ad268717cfcfd33d5133b14c616535c052d874534f7bca5e5761723f2720f42edb02b77f3434952b98474c386f04b0208953ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
601da5aa5eb2130e2435cd85ae655cfe

SHA1
f718d80a80615b286d84f4d01682327f005b0d1e

SHA256
3e1f6d89f16ed8a7cc9196900b0d415947c593119db632e406e45a945849c8b4

SHA512
243e9b639879ddb0747ad4a8936df0fa1b9f1e412c270aa3c18501a1eeea2cbc34c7b2c9ed647ff7ac71eabff62d34738574ff140953c521ac6bef55c9896b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\924402af-97e0-4980-9e89-fd8af3081b0d.tmp

Filesize
356B

MD5
807cc1d2775fc9feb233c965756d9eb3

SHA1
8e065a5e7830f873095c51d927c34655dc62cd41

SHA256
502f38ef756a571cf2dce9baedab5e1586f450cb7b87c28278e787b3a4a2fb03

SHA512
9aae36b19d9e10cef996096d4ccfdba5afcfa21d225bad339d615b756a57ccac1260151ac2b87d35853741ca46fe064b5f55376a90dede1908b7bf88657d956e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1bc9391b5e311508960b4c588af125a5

SHA1
71e7043d4918ca23e3ba9f8234487f0ab1f29a35

SHA256
08ed410abb95e60f61f0c5a5247637a25a381bf65d9e820678b1c5edb12cb27f

SHA512
0d6cdc73a62273e13c5d9e70d59b6228e92103f6a0553a9f3b3e26586829d364ad7ac1be9cb8ac8b9d1ffa7b225384362a09a8df5b68aa5fbb4ae95cb149e9c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
85f16437d0e74aff2d7c9137aa5158dd

SHA1
0f9da515d2966e301c2ce0b31386aeb3a8eb91fa

SHA256
90b27f946434b302d5e445894cca41b0da1fbc1ac5e9e7d9f279f6c3a04b1aea

SHA512
650ed00cd1304d87c3ec1c6d94ea34682ee440c517cbf59dfedc583ca7451ad4449279e95abc3b8b9e1865c82e9cc2d0406bbf9a75fbe2d8ed0a513421918e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8b3f78a5f0967ac70b7b207de4e1c0a

SHA1
6ce69de78339d23f5494a9afde71f53c8a580eed

SHA256
3eee8f07c3758cd538bdf42435224df0d2e21d8f2a73d4bbf4dd5ac0296c1e89

SHA512
4009a3a55973d5d336775e81cac222e47b1430077862ea610a11a8e8ca9dc09aa0bfc76a62d17fe1555ac71d6c998872dc4767d3dd4121581854b4c14a9cbc2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f16d21213b2d162f446645f121aa5679

SHA1
751c3b10730e635ab3b488c0bd5ec1707358b55f

SHA256
3e783f03c14b76add706df992dc1e6529ea7949964290dec5cb05d9c7c31098c

SHA512
77f817257ae2c70195320ff77e4ecf0ffa4b44809c89d63be690da8dee114d3a557d57ac740cd8e86fd302a401d968c55b28c2a79f3de389c95eab1df17483bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f507080e7809cb0eb5d63579eeb3ac2c

SHA1
f301b765b1102dc9047ecd9f605333ddbbc57d10

SHA256
d97b1f3f7cac450b98537a8133d9a3181c21a544be632d646cd4be87462fa69d

SHA512
d1747b1d59e606b6ff3aba84179b7926596ae420bc95098d1811f7573cc8d52c83e39f8503447f400672a905619943ed9dafc620b960ce604d775d6bb6918525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bac8673b4cfd9549ea5e25a56571454

SHA1
7caf4b3d95352737af2691495f8325eb2de5708f

SHA256
875b76e92610cab06a1a5f8af3076a82bb6428c9ba8be52cf80386961c6b47a6

SHA512
593a415bbd5891d961861acec7bde3229e446fbd36fd812c74d342cca19a1f64c0342c093ce74138c81f5fc99451a697786fe7292c81adcf27a97b49b60f0dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8840433ba7200fdcf01e72eb5b6d8bcb

SHA1
3886142ceb88e09d4f67a65522ec36e665945e35

SHA256
81e1f9c36ede1cf614ef455688726b1966422ab858a06386f3018c72681b7311

SHA512
96760be67d529679d3831081c8745dedff11780c9922c16ee2e66faab353a93a9368b8fff9dd90727dd265674aa2e2f542d506f5f9d52f8e3618655574fb872f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
9d3fe9910e68be27f588a41ac42b6c7e

SHA1
44e46b441f46adfce5e03a1a3c40c1d7227eed8f

SHA256
990761ae5ae60e16d85ff34fac8ae8cec9200229691a973e3e9033eb3c748a23

SHA512
1a21458201ce9c717349e97542c5ceed8f8fb385d2c654dc9ed08af00836a4ea82ec6cde1887c5ac491309f0534ef68ba803cc70ea22d836207058dc031a59f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
5c6043779c404145e06393f537f95d92

SHA1
047aad2886c96fdba37dec25205b3cff81ed3a68

SHA256
e5d261fbbf5801bab66698cfde2a7c7e7cc120dce94bd6a543fd1c28b2edac22

SHA512
085c0657ea313ced740dbc4ed62830a8308b2c5c54b56d115a9c052c371764db4760538cfc24bf7a376a685e54aab8a3e2f029b49751a6e94a10cc6e4d51a625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
4ae0294cd1941d31f4c9b0680c3b7cf6

SHA1
fe43a8d295320f06a782114348dacdf20685eecf

SHA256
c983f0b3f67f1b79749f30ef5a7102647c5d3241e791db3c9fe93274340c85de

SHA512
5e6571d9967834ce8f9e630a551694b84ecc186eb71e2d8e81ca3c86f0ead1fb652d3e6797d0f2f600b802c23a24b578472251c3acf26b1f753efeca2c8ba302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
c79d8ef4fd2431bf9ce5fdee0b7a44bf

SHA1
ac642399b6b3bf30fe09c17e55ecbbb5774029ff

SHA256
535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

SHA512
6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b02b7ce7d14dd8d3560a332ee6d0f808

SHA1
f8206616c7756418205c8723e43e306ba73e3b14

SHA256
f439b20c2334d2dd712d3102312244d0aae34125e5c3a5abce6d1a46eba07361

SHA512
41db07f39a18221334a3f711c242c544a7e05e8cd6097bc675b6886af3240904362d3135b338fd61ca208fd7c7b366f4a1198bf7dfdb7a7f4771c9f05c688f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
834B

MD5
f35cb7ef799cb24b9d2263afac80792d

SHA1
971b76b181119bbfb63e3c9e4780c98974baccf6

SHA256
828278d7f9d73fe540ba53920a52fd2fee748501cf8b2d8402009a7e38d5c8ab

SHA512
842b93f81436530626d87e63ca4351f3caa9ed0760a67d5120fe0fe359f69e5ab3e572d7e5edefcf5742c5f318933232134d7448ef65abae67ba095c55a5f1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f020f2873a191e9401ab709b0a3aacd0

SHA1
51bdfabb69cfbaee00c629a095bf66a6277e0dbe

SHA256
ae473187c5a558fa50c39ac0903cd822a12cfeb964dfea73964c2d288d03dd7a

SHA512
e5d66bb3bda5d0bb87fef51872172873b482f831b1f6ef19e634d344572503d24e26b740ebec1003dc85e6dffb4ca029689fc913ec0ddced5de8dfaf58dda793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7801766a177816f4d1dae3692107cbea

SHA1
3e9ec0aed9683135c019b225880938d328c41dbe

SHA256
58a0faad122ebbd25b7742a481fa66692cd7950b8d8779b38b7e76a874343bf1

SHA512
d0e62f43c8df0c9becd0af128327006cc9001c32526486bb4daa3b0ba823ddc18103f65a206921c3f94d9db0d19aa59484e58ec23d0b0ace1fc8314f4fe6098d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ade4cabac1268b229dac5ab30a335a40

SHA1
4bc269666ce5b5aa894e86dc6131301f5d8d1a2e

SHA256
58b16bf69b0f9e115d11c47859c288ae4657262d9b349f80dea7c665b0d3894d

SHA512
3049f1ec03d6fc6f8f96f4981043ef55a203ec00f071e7312536cdc0c51c12c68a3ee03f2979ee161acf44dac35119b1786fae3f0b9c24a8ad546204ad6323d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0166cb252b64708342c51444f41dae3

SHA1
68d3656d72556a9cf131530cbd0a24801f48ff8f

SHA256
ef2ca62314e188a1c1cbed1509c2ed8d3109f2027fc3c708ad56fcd5c897b53d

SHA512
fd1fcff4b75b23776dd1ad5643870389ad7d41166f410710a94c71b3643cc6be1cf7dc604f3abc9e3c182586c5354ba703a48d597c21f2c07123017671556e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d3b96020d2333b89901fc2679a129b5

SHA1
f032ceda7a0aace8f78366120c17bbfa025830a4

SHA256
7a0593c798bf5626e462d0fc8a1f2277e6e493f9f6f6db2fbedc494bb07aa9e6

SHA512
bd72ff504f8ae3ad9accfdd242ddba3c61b708daa08eec38e6e288dfecb31bd1faa9f5d2d9bcd477c0d2ef8c52b63b1f05cc7b945fb8e6a491b067c0ceedd760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec92e4bad2724ed7883e6ac00fa4ad09

SHA1
d4176a2a25a6b7b6b321bd21abe3839e9c9f62e9

SHA256
51d910e568070b6fe63823f0514029d8e996c75298b943e5b73d6bcada96f502

SHA512
f7d6fe5ac8c3527fde114b43009975491554a63b26aa45f0da3e2dfe29f7cbe43e4f68481b7d2244abd6225fcad6ad9f216fca9732e66988deb9328c2adb32d3

Download Submit
\??\pipe\crashpad_4116_BSAVIVBSCBLHRBOQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3680-0-0x00000000750DE000-0x00000000750DF000-memory.dmp

Filesize
4KB

Download
memory/3680-5-0x00000000066A0000-0x00000000066AE000-memory.dmp

Filesize
56KB

Download
memory/3680-6-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download
memory/3680-8-0x0000000006770000-0x00000000067A8000-memory.dmp

Filesize
224KB

Download
memory/3680-7-0x0000000006720000-0x0000000006728000-memory.dmp

Filesize
32KB

Download
memory/3680-9-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download
memory/3680-4-0x0000000005B10000-0x0000000005BAC000-memory.dmp

Filesize
624KB

Download
memory/3680-3-0x0000000005A30000-0x0000000005B10000-memory.dmp

Filesize
896KB

Download
memory/3680-2-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download
memory/3680-1-0x0000000000DF0000-0x0000000000FA0000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads