Analysis
-
max time kernel
285s -
max time network
283s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-09-2024 22:09
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/5212-243-0x0000000007CA0000-0x0000000007CEE000-memory.dmp agile_net behavioral1/memory/5212-248-0x0000000009740000-0x000000000988E000-memory.dmp agile_net -
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
csc.execvtres.execsc.execsc.execvtres.execsc.exeSilverRat.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language csc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cvtres.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language csc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language csc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cvtres.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language csc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SilverRat.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
SilverRat.exedescription ioc process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 SilverRat.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz SilverRat.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 64 IoCs
Processes:
SilverRat.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" SilverRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 SilverRat.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 = 700031000000000022594db1100053494c5645527e310000580009000400efbe22594db122594db12e0000007d35020000000800000000000000000000000000000076c06b00530069006c00760065007200200052006100740020005b005200650020004c00610062005d00000018000000 SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" SilverRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000624c7b65d7e4da0162de1ce984fdda0162de1ce984fdda0114000000 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000 SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000000259736b100041646d696e003c0009000400efbe02597b6322593ab12e00000067e10100000001000000000000000000000000000000aa28ff00410064006d0069006e00000014000000 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\NodeSlot = "3" SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 780031000000000002597b631100557365727300640009000400efbe874f774822593ab12e000000c70500000000010000000000000000003a00000000009ef4710055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 SilverRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = ffffffff SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "4" SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" SilverRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" SilverRat.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e0031000000000022594db111004465736b746f7000680009000400efbe02597b6322594db12e00000071e101000000010000000000000000003e00000000009e96a2004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 SilverRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff SilverRat.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exeSilverRat.exepid process 5000 msedge.exe 5000 msedge.exe 1148 msedge.exe 1148 msedge.exe 5232 identity_helper.exe 5232 identity_helper.exe 5412 msedge.exe 5412 msedge.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
SilverRat.exepid process 5212 SilverRat.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exepid process 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SilverRat.exedescription pid process Token: SeDebugPrivilege 5212 SilverRat.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
SilverRat.exepid process 5212 SilverRat.exe 5212 SilverRat.exe 5212 SilverRat.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1148 wrote to memory of 2852 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 2852 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 3548 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 5000 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 5000 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe PID 1148 wrote to memory of 1876 1148 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/o7vtuvd83d4py9w/silver.zip/file1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a3046f8,0x7ffa0a304708,0x7ffa0a3047182⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:32
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:12⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:5576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:12⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:12⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4004758428059144253,11907647839012279513,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6300 /prefetch:22⤵PID:4012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2028
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2212
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2220
-
C:\Users\Admin\Desktop\Silver Rat [Re Lab]\SilverRat.exe"C:\Users\Admin\Desktop\Silver Rat [Re Lab]\SilverRat.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5212 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\obtj3ug3\obtj3ug3.cmdline"2⤵
- System Location Discovery: System Language Discovery
PID:1656 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE93D.tmp" "c:\Users\Admin\Desktop\Silver Rat [Re Lab]\Resources\CSC7CBDF7F356FF48A29ED7ED4737F86358.TMP"3⤵
- System Location Discovery: System Language Discovery
PID:4352
-
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lyfvxjm0\lyfvxjm0.cmdline"2⤵
- System Location Discovery: System Language Discovery
PID:3628
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\brleevkf\brleevkf.cmdline"2⤵
- System Location Discovery: System Language Discovery
PID:1892 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF8A9.tmp" "c:\Users\Admin\Desktop\Silver Rat [Re Lab]\Resources\seYRDLpVRESDRdA\CSCB921D644AAA04B1A8624B3C7327FA62.TMP"3⤵
- System Location Discovery: System Language Discovery
PID:3016
-
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\z43n4k33\z43n4k33.cmdline"2⤵
- System Location Discovery: System Language Discovery
PID:6092
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:5612
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\d46c3beadb67447d8b1e6e4e4bcb180e /t 5248 /p 52121⤵PID:6088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD55225895b0801d5a03d91060cbf611f84
SHA102eba9541dcb0dd9ec114fe98a2042f0cb5512f7
SHA25685c81d38cd995470f48d6643313a1783bb9b199201c67240c9eeaf25c90f4744
SHA5123f91e23281b1537bea09c6dfcc2b44abd52ddb9e5c2c1f97e714737342b34da84900f9cbbdbd54309f4a7d944c25e6d68581cdee46c4543d5db96fe77d958a36
-
Filesize
9KB
MD5b7c19dd628c99c930513ba61ee7d7bdd
SHA14f8d1d0e55af04b736084bde1dbfaf8e89804009
SHA256872c77b39eaeb97a3153f9e3434bf2ba9e6f30613513d644afb86f4c2996fd13
SHA51266697e3c7b0e56b11024801ff4124cace6734489b330b96d3d177469e303718b25c5b465fd1aebbb22458bd36045fc410483a5b13f8f42a170f9892249e23937
-
Filesize
5KB
MD58f6933184a7eaf018f847574e3c9e90b
SHA1859887bbcb41cf76357af02b312302881d23c8b9
SHA256ca3c761019d801697e2c23f0978cfd64a5c21a8e8ccc00bf5a83cd0401436472
SHA51282a854c722f4768e14a1ed3847b74db47a6eeea68cc84a98fbb0ab60cfc9c7c79fb128c7e8f6263c8f2834ccd5b4cd727125ccb4fa41e6be50447ee40712d872
-
Filesize
11KB
MD578b68ac3308c142250bd43510b22a0fa
SHA1397e63bc8cdeec3143109448cf7110ac6d7b1213
SHA2564d02e3767e882208f8a858b5b6eb5e36752870492b197142ece0c8b17eb76e63
SHA5128d15811c99abb13fe51719ab871465cabaa0a5af583c24b06439d350bd82d2023ef5fe0b263b3f6d7f72c5c5fff69865c33a97c622eb99cac17328ca88def02a
-
Filesize
11KB
MD52bd0e92fe83d0fa2d3e6d169d4e9031b
SHA1d4f32573aef079fa3cb850a167c7b09d536fcbf7
SHA2569bd3ba15b3a775bced8f9989394b5a2bfae3efae870d454ce4a70f2dc07e5b13
SHA512ab7643af7e9bb8477e5458f8baeebf6925290416c7f69eb7fbf441d8c6b49c0782b2ea4138ef0923fb4431bc8b4c9665bc6cb90d15fac47a83c0e09abb99290f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD571cc26f28b46e3e2aea5d6abef99d0a7
SHA15c2ff282f3c43b718b1276a3043ede556a0a4f3a
SHA256aa3cbb688862ec99a470b8274430716209f3d98cd45d2c609704cabad70281d4
SHA5123fe879a5496e950c9237aabf652e264d4f4041d17909702a11d07d4410d2ae53c5655ace24ed583b1bcca09ff5a729738b159bd7953846cef11471168686754c
-
Filesize
10KB
MD5b93ef58691b77835aa733c12ec0c63df
SHA1fd5d2826711a7ac34b5bfc4ecf24afd6d2af9d8e
SHA256fe3ed51db3859be4d748194d1b1cc59ce6fabb4977ede467b570bf4db1fc0c04
SHA512a0bd7c68361d088aace187e53febc67f588cd65ce67323794b63558c10e650dceef3f806961ecca1dba61f63a3d8de51470b251a9d8ad83de77a7b636662da2a
-
Filesize
10KB
MD588325f788aade46d7bd912cf85bbdc9a
SHA10f67c57ce27cbbe2e04fe40dfb246db0b86f5272
SHA256c3b29805d24e981c5746ff2088d335d9a78e79d8a030455f618250d2fe6deb4c
SHA512e3877149f5f29d4a8bcb70164528fa58433262b244e985de0579e366f30045afeed068a40d0d0e4b2eb2c4599e69aa61960d63de311f5046380170d326d404cf
-
Filesize
1KB
MD5e0ebb5736c5f3c86323c31f0a19ade10
SHA1847e054d78ef423fceab4195bf5f2be71768ea62
SHA256e3a48f1a85d5f694ca21c6804f9cb66c57f6cdce429ffdc27047b7a9a7b29450
SHA51258c6ad3cd8a417308d7d7550a23000c97a4d7cbd90211d38be933f1c1d2415b6cc0402d98048821da724e9366660c4158a1f253b0791cfecdccc5e6a188b6637
-
Filesize
1KB
MD5f2e00657c1c9c10d4fe72baefb32823d
SHA16a137fac53facba9cb3abdf563cf22232d5d87e0
SHA256e4db3a5300720446d9fcfd3764cb4faf7920af75507ac45b1a8898879efe24eb
SHA512e06c6bbf6340002fa822e571876c05ffea84d82cc14cce5e40a6ebbccc539747b648a223d514f516e3b7166c128c872b13775b66676e96bb0466fbd5f4683462
-
Filesize
4KB
MD5e1a48ec781542ab4f0d3a3368b2a1d05
SHA1a35670f07e5320a1591a55d903b35dcdd1d224a1
SHA256f41d8818774f3ec0bf936e564f50008b46f5e4060edaab3bd72ffa389fb9ef21
SHA512d3e756d8b321d38962a7b36af617d152e9bfd499b31f1630a24ada435715ad81a29ab73e4ab4aa21bbc9029b4177a943303e7df922bf375c2583607cb6f6566a
-
Filesize
41KB
MD5e922132122d756b6e849cedf7d7334b6
SHA1842b92729f93d38b3a1e9fae298e90b314345312
SHA25605caafb1530706a25de8cd650cb2b9f5d33c7a83a97608841f806960252eaa33
SHA51258b2e00e1ce85a5632e5b34510487aad38b9f7a29b8f18fd33509084307c4b9b7af60b9a6afe3d9bf26b6a9fc97cfc4bbbc2073579f638791ba1d84fc2ad1d47
-
Filesize
18.9MB
MD5821bdcdfb09d4e8591c29ab47bc2b5f7
SHA1f4b8028baf943ca1faeb07cd1b303f9b8b4afbad
SHA256c82f41b4d849fe9dcc1765ec58501645b686d6b287e02daf5aac1bd9903b028c
SHA5124f831ef49e5480064238302f0cd39c97eb5cb63e4b31bf8bbfe38fa27b7083c5a9fe47056015f6e2f3819bba918cf69445d27312db6f1dd595a1b6c77674a47c
-
Filesize
87KB
MD57cc23d21cb7c30cbd08f4cf5af8ede7b
SHA1fa352e7da51a27a860e69eb910f44ee0031aded0
SHA2566ec294c6769a32f37a27c382ac4c3d0a6c9658740a3c76ad13d14818a32e2557
SHA51289bd5dc33e8e191bdc9034d4c1e4297e9cc0ed5f6ab46b46b908d41d358649a6fc5ede77b2f31b2def1a3967cae8604a0e9d10b61e2c0c39092a6644d0fad4f5
-
Filesize
337B
MD54c5c828774642a2d25af7eab8089e070
SHA1da09a1b181408b9adce9b6b171dcc368302b5f27
SHA256c1b134e59a16ae07f475fb97a7fc112cbf35245ca1a874823cda84ce80c56b12
SHA512ac124983667451697a6c5b9b4d154500c6a2069487a112f96f6f21256c370ba2068767d2b70e7625da720f35061e645b0b0260dc44c86e1f9dd92eb0ad795797
-
Filesize
1KB
MD50afe6c992b64cbec12518e1793eb51ce
SHA12c439f166e7c21810d1d8c9eb47ad521d9bfbf3b
SHA2564bb926afd3b5ac0d6aba92ae37ed80c8a13b0b3305cb7b34125ca23f4e723f6f
SHA51297048180c8a923b84e9b1fb64f9167a0fd8aae31cedd06a1aa4dfbedef4bbc67b91e6dd2fb163237285c93b7b923f0de9ef773163085cc33329e887998498b2a
-
Filesize
292B
MD5b6105739f30d0b17a14cf1f5a8126612
SHA1e1da8586301e0e8eef81fc3957bd81314ce7baa9
SHA256a4df3dacb590f4c34769264475df1f901d72784473ffcfb762ee2a24b1ecd2f7
SHA512f3d2027ff02d6e69136495a4bd4a4a33d48840fd6f67a5222d8c35582c7945a69a3fb6b960728ceb0dd2e3252b1cc346496af2b21a56f728011b8e25a215bf46
-
Filesize
87KB
MD5c209e5ccc8f05e36697ac0b75854334c
SHA1836cbc55d7222887ba3782d6b0e8e20b03588d32
SHA256067a3ee9b0f91ea53e2f496bc0dea0b3f4ec4a6b7f182ab4395abf0e09c77516
SHA512688fd93fdf826fa873e8bdcc4af7a7a6eb173037b6e0ba7a14272811079170630caf4ce551f367d77b6088457ba1fe2a17915b2e96ee71795ba098dcdc8d5059
-
Filesize
321B
MD54e384ae70b3b8cec98386d29373bce48
SHA1727751d96ced208d7d19e90a32a4ae8ddab3bb3f
SHA256311b8b29ad3dfd6e67dc1960ae77e34ecc6f693cb825bae2bdb7b1f2df7d0091
SHA512cd196594493e279b849110060013b2f7d1d17f5e6bf14f2c4f19ddeb1af5bf92a1e716bd962e30f5b56e0262d32b435a8e6dfaf9a3065e21c9fe27861e2ed0c8
-
Filesize
87KB
MD5c1a099780e6e04d4eb832783f785a8cc
SHA1d46830dc53e930899c7f953cddb9a68bd240c1c8
SHA25612143b19f72d37f0a51610c467770dd585d3dbad673d5603e770cdab08285939
SHA512fcfc2f0c76111807b8c19ac4b871d45e5e2adceb38eb354721e80e3dd979f32d5fb5f646648bd75ac3941a678808c535cede786c93d04383c19ef3aae0ae0c47
-
Filesize
353B
MD575dbaa43310e033f2a7eb14fbcd80bfd
SHA14926b65a69ee6436d7ed3a9a7ff46168b76419a4
SHA256b234ea7c64088296fa9acafdb908187f366764318943c5a18b13c94d9ea7464b
SHA5123f7534d0183cac08b9f0f5a075482f20285d35a8f3d027e32916405a2c1a984bd08d062911e4ecca7e3a1fbd0940479b91dde6b99372715cfcc5884358f59bc5
-
Filesize
1KB
MD53d74f6c5dde7f5ad443ea9acd669e57c
SHA18b8d0644398a0883b0bed0be3c491c92c35e7051
SHA256fa1671d014f177fd77dfb92190d436c362cf4f1db542a0f094fee292e539d53c
SHA5128951cb984103d9146c264e4d2b834f62d34d5fa765acafe409c67d527d402fc7c0d7dda7f65b91ebe3118442a34a8626958cbb475f75ce0352f3a37f63f89ab9
-
\??\c:\Users\Admin\Desktop\Silver Rat [Re Lab]\Resources\seYRDLpVRESDRdA\CSCB921D644AAA04B1A8624B3C7327FA62.TMP
Filesize1KB
MD50ea3497e49fd255ac3b6241841ede6dc
SHA112796330cf3cf401ea5dfb4252df3ed3ca7bd8b6
SHA256c973a71e73f0f5fb06466ebfd195b35cd9897fccbb675c1fb22cb45d4952dbf1
SHA512fac58af018075178b2ac8a599260e21c714d4cfcd6ee8e416c21e6aafe2aeef6577e7b8e439844671d0463bafc9052332ef291c9b65252d047aabd0a59ae2a18
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e