Malware Analysis Report

2024-11-30 18:48

Sample ID 240317-r28qlahb2z
Target Silver Rat [Re Lab].7z
SHA256 a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d
Tags
agilenet
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d

Threat Level: Likely malicious

The file Silver Rat [Re Lab].7z was found to be: Likely malicious.

Malicious Activity Summary

agilenet

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Uses Volume Shadow Copy service COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies Internet Explorer settings

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-17 14:42

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:17

Platform

win10v2004-20240226-en

Max time kernel

1347s

Max time network

1178s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Camera.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Camera.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 80.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 199.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 201.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 50.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:35

Platform

win7-20240221-en

Max time kernel

1566s

Max time network

1568s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Options.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Options.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:37

Platform

win10v2004-20240226-en

Max time kernel

1319s

Max time network

1168s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\OptionsForm.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\OptionsForm.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 182.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 195.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 55.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:43

Platform

win7-20240215-en

Max time kernel

1563s

Max time network

1565s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Ransom.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Ransom.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:41

Platform

win7-20240221-en

Max time kernel

1799s

Max time network

1818s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RDP.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:00

Platform

win7-20240221-en

Max time kernel

1013s

Max time network

1026s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Bunifu.Licensing.dll",#1

Signatures

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: F:\d92c78b14adba5270a94\Setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WindowsUpdate.log C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
File opened for modification C:\Windows\WindowsUpdate.log F:\d92c78b14adba5270a94\Setup.exe N/A
File opened for modification C:\Windows\WindowsUpdate.log F:\d92c78b14adba5270a94\SetupUtility.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\d92c78b14adba5270a94\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz F:\d92c78b14adba5270a94\Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8DE9651-E46C-11EE-9E6D-5E73522EB9B5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000849d2b6bb282d6d3e95ad7fb65b18c0b0bf72471c41bcd0349ef9918c7411a02000000000e8000000002000020000000add6a9673c4212b8761d382163e8689663513d9525f8ea77dda3c957cf2327e82000000063522fdb3b26a7d65f90fec651ed3af6e747303dbbcf1cfa3856621e65bd619540000000a5b2a16ef74f6b710431d12bec258133dc7d5e6e296ede233248a3c48c986bba6f1fdd5cd283969fc3aa9ee6c7366bf6e138de9fd73278c0ce13f9bf2c21cf16 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000e0008537dfc7e18f4e2d969b72ed39270735bfe1e3b4bcb9c3df00038e64e149000000000e8000000002000020000000d1ab3410bcd7cf5eb2a5b29bb667d2d8e472caf04cbc71c8897a49060edbd4f49000000000aa14a18991de811c88247118b4213600b0d286e1dcf121a6145c2108d7a5b1030df0e316bcf79f878c994ef400cd3a3a3b432c83ecc0b2c129d7c2bab4d198b5384ae3cf639e8748b4523ae55a567d77c59550a73cd575a1b8a06820332e60c92bafb43f3fe0e3f82b4536cb0fe3150501959df06bf493982e278a6796df81c3d9df7ac962ac409106fd5df52140de400000002234021f90646714dd877facaa67776dc870ab000f0fb0e265a4092e0ff7ba672d7fbc08f6fbbb61e17c337e650896149bbb56260c6dfebd253e1878ede51cae C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 508909d17978da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A F:\d92c78b14adba5270a94\Setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 2704 N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2704 N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2704 N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1704 wrote to memory of 2704 N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2704 wrote to memory of 1188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 1188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 1188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 1188 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3948 wrote to memory of 3872 N/A C:\Users\Admin\Downloads\NDP481-Web.exe C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe
PID 3948 wrote to memory of 3872 N/A C:\Users\Admin\Downloads\NDP481-Web.exe C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe
PID 3948 wrote to memory of 3872 N/A C:\Users\Admin\Downloads\NDP481-Web.exe C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe
PID 3948 wrote to memory of 3872 N/A C:\Users\Admin\Downloads\NDP481-Web.exe C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe
PID 3948 wrote to memory of 3872 N/A C:\Users\Admin\Downloads\NDP481-Web.exe C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe
PID 3948 wrote to memory of 3872 N/A C:\Users\Admin\Downloads\NDP481-Web.exe C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe
PID 3948 wrote to memory of 3872 N/A C:\Users\Admin\Downloads\NDP481-Web.exe C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe
PID 1684 wrote to memory of 1252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 1252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 1252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Bunifu.Licensing.dll",#1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1344 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=3196 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3176 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=4100 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3392 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2428 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=3360 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4020 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=696 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3764 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4232 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1124 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4216 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4464 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=4492 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=4500 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=4812 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=4840 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=4848 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5328 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=832 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5624 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=5316 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5696 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=5812 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=5932 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6164 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6280 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\" -ad -an -ai#7zMap12658:98:7zEvent11114

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f0

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=SilverRat.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=108 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=2124 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=1060 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=6420 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=2788 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6396 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=1968 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=4540 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=2296 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=5480 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=4968 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=5040 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=784 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=2532 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=6236 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=4288 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2496 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=4828 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=5728 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=5996 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=5356 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=5332 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=4616 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=3444 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=4804 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=1580 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4772 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=4644 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=6128 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=5912 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Users\Admin\Downloads\NDP481-Web.exe

"C:\Users\Admin\Downloads\NDP481-Web.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:8

C:\1d1ec384aa70cc12b5df38179f0e\Setup.exe

C:\1d1ec384aa70cc12b5df38179f0e\\Setup.exe /x86 /x64 /web

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=6544 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=5280 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=3380 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=6964 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=6996 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=7012 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=7024 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=7040 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=7056 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=7072 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=7100 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=6988 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=7132 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --mojo-platform-channel-handle=7144 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --mojo-platform-channel-handle=7160 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --mojo-platform-channel-handle=7172 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=7252 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=7404 --field-trial-handle=1140,i,10407940103521215922,1789175339367744098,131072 /prefetch:1

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5df9758,0x7fef5df9768,0x7fef5df9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1652 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3928 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3484 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2600 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2348 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2316 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3832 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4112 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4612 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4672 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4656 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4728 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4840 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3788 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3800 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4848 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4744 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5492 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6004 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

C:\Users\Admin\Downloads\ndp48-web.exe

"C:\Users\Admin\Downloads\ndp48-web.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:8

F:\d92c78b14adba5270a94\Setup.exe

F:\d92c78b14adba5270a94\\Setup.exe /x86 /x64 /web

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6564 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6580 --field-trial-handle=1120,i,6931727143030305840,827873672956483330,131072 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

F:\d92c78b14adba5270a94\SetupUtility.exe

SetupUtility.exe /aupause

F:\d92c78b14adba5270a94\SetupUtility.exe

SetupUtility.exe /screboot

F:\d92c78b14adba5270a94\TMPD8CA.tmp.exe

TMPD8CA.tmp.exe /Q /X:F:\d92c78b14adba5270a94\TMPD8CA.tmp.exe.tmp

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ac

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
FR 216.58.213.68:443 www.google.com udp
FR 216.58.213.68:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 fiel.io udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 fiel.io udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
GB 18.245.218.91:443 www.file.io tcp
US 8.8.8.8:53 hb.vntsm.com udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb.vntsm.io udp
US 172.67.36.131:443 hb.vntsm.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.156:443 stats.g.doubleclick.net tcp
US 45.55.107.24:443 file.io tcp
US 216.239.38.181:443 analytics.google.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 142.250.75.226:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
GB 143.204.176.125:443 cdn.exelator.com tcp
GB 143.204.68.101:443 cmp.quantcast.com tcp
FR 142.250.75.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
GB 52.84.90.86:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
GB 52.84.90.86:443 config.aps.amazon-adsystem.com tcp
BE 74.125.206.156:443 stats.g.doubleclick.net udp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
GB 18.244.114.118:443 cmp.inmobi.com tcp
GB 18.244.114.118:443 cmp.inmobi.com tcp
GB 18.244.114.118:443 cmp.inmobi.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 35.157.234.54:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ad.360yield.com udp
US 172.67.23.234:443 ids.ad.gt tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
NL 185.89.210.153:443 secure.adnxs.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
IE 34.246.66.7:443 ad.360yield.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
FR 142.250.179.66:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 u.openx.net udp
FR 142.250.179.66:443 cm.g.doubleclick.net udp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 secure.quantserve.com udp
US 35.244.159.8:443 u.openx.net tcp
DE 91.228.74.166:443 secure.quantserve.com tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 164.132.25.177:443 prg.smartadserver.com tcp
FR 164.132.25.177:443 prg.smartadserver.com tcp
DE 52.58.127.133:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
DE 52.58.127.133:443 btlr.sharethrough.com tcp
DE 52.58.127.133:443 btlr.sharethrough.com tcp
DE 52.58.127.133:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 track.venatusmedia.com udp
NL 147.75.84.158:443 prebid.a-mo.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
IE 54.77.218.18:443 track.venatusmedia.com tcp
US 8.8.8.8:53 pixels.ad.gt udp
US 8.8.8.8:53 cdn.edkt.io udp
US 172.67.23.234:443 pixels.ad.gt tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 34.120.111.33:443 cdn.edkt.io tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 104.26.9.169:443 script.4dex.io tcp
US 151.101.1.44:443 trc.taboola.com tcp
IE 3.248.54.142:443 p.cpx.to tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 api.edkt.io udp
US 34.120.111.33:443 api.edkt.io tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
GB 18.244.134.43:443 aax.amazon-adsystem.com tcp
US 34.120.111.33:443 api.edkt.io tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.95.69.49:443 i.clean.gg udp
US 34.120.111.33:443 api.edkt.io udp
GB 18.245.187.126:443 rules.quantcount.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 34.230.245.49:443 onsite-tag-logs.apps.nielsen.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 49181a93c074eb80daafff860aac9ee9.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tg1.aniview.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 23.44.234.79:443 tg1.aniview.com tcp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.74.225:443 tpc.googlesyndication.com tcp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn1.vntsm.com udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 x.bidswitch.net udp
FR 142.250.74.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 88.221.134.51:443 player.avplayer.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 54.82.57.110:443 cs-server-s2s.yellowblue.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 88.221.134.51:443 player.avplayer.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 st.pubmatic.com udp
FR 142.250.201.161:443 49181a93c074eb80daafff860aac9ee9.safeframe.googlesyndication.com tcp
FR 142.250.74.225:443 tpc.googlesyndication.com udp
FR 216.58.213.68:443 www.google.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 ap.lijit.com udp
GB 185.64.190.79:443 image8.pubmatic.com tcp
IE 52.211.109.73:443 ap.lijit.com tcp
US 154.62.101.30:443 ads.stickyadstv.com tcp
FR 185.93.2.244:443 cdn1.vntsm.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
GB 95.101.143.233:443 feed.avplayer.com tcp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
DE 3.120.42.162:443 match.sharethrough.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
GB 185.64.190.89:443 st.pubmatic.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 8.8.8.8:53 cs.openwebmedia.org udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 18.244.179.51:443 cs.openwebmedia.org tcp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
FR 5.196.111.69:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
FR 5.196.111.69:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 gum.criteo.com udp
DE 141.95.33.120:443 id5-sync.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
GB 96.16.108.246:443 acdn.adnxs.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
NL 147.75.84.158:443 sync.a-mo.net tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 s.cpx.to udp
IE 99.81.67.10:443 s.cpx.to tcp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
IE 99.81.67.10:443 s.cpx.to tcp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 216.239.38.181:443 analytics.google.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 creativecdn.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
IE 52.214.42.159:443 pr-bh.ybp.yahoo.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 bh.contextweb.com udp
IE 52.31.254.42:443 match.prod.bidr.io tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
GB 108.156.39.69:443 s.ad.smaato.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
FR 216.58.213.68:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 172.217.20.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 is.gd udp
US 104.25.233.53:443 is.gd tcp
US 104.25.233.53:443 is.gd tcp
US 8.8.8.8:53 dotnet.microsoft.com udp
GB 13.105.221.15:443 dotnet.microsoft.com tcp
US 104.25.233.53:80 is.gd tcp
US 104.25.233.53:80 is.gd tcp
GB 13.105.221.15:443 dotnet.microsoft.com tcp
FR 172.217.18.195:80 www.gstatic.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
GB 13.105.221.15:443 dotnet.microsoft.com tcp
GB 13.105.221.15:443 dotnet.microsoft.com tcp
GB 13.105.221.15:443 dotnet.microsoft.com tcp
GB 13.105.221.15:443 dotnet.microsoft.com tcp
GB 13.105.221.15:443 dotnet.microsoft.com tcp
US 45.55.107.24:443 file.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
GB 18.245.218.29:443 www.file.io tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
GB 18.245.144.237:443 c.amazon-adsystem.com tcp
GB 143.204.68.101:443 cmp.quantcast.com tcp
US 8.8.8.8:53 mydmp.exelator.com udp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 sync.smartadserver.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
IE 52.31.254.42:443 match.prod.bidr.io tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 52.206.164.43:443 onsite-tag-logs.apps.nielsen.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
DE 91.228.74.166:443 pixel.quantserve.com tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 18.245.185.228:443 aax.amazon-adsystem.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
IE 99.81.162.178:443 track.venatusmedia.com tcp
IE 52.31.254.42:443 match.prod.bidr.io tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 s.cpx.to udp
IE 99.81.67.10:443 s.cpx.to tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
DE 18.159.198.61:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
IE 99.81.162.178:443 track.venatusmedia.com tcp
IE 99.81.67.10:443 s.cpx.to tcp
US 8.8.8.8:53 api.edkt.io udp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 34.120.111.33:443 api.edkt.io udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
FR 142.250.179.66:443 googleads.g.doubleclick.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 89.149.192.201:443 sync.smartadserver.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
DE 18.158.75.183:443 match.sharethrough.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 81.17.55.108:443 ssbsync.smartadserver.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 89.149.192.201:443 sync.smartadserver.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
FR 142.250.75.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 2e43c35785a465c05b6e852ac055ad38.safeframe.googlesyndication.com udp
US 172.67.69.19:443 ad-delivery.net tcp
FR 142.250.201.161:443 2e43c35785a465c05b6e852ac055ad38.safeframe.googlesyndication.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 216.58.213.68:443 www.google.com udp
FR 142.250.74.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 96.46.186.186:443 track4.aniview.com tcp
US 8.8.8.8:53 player.avplayer.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 88.221.134.35:443 player.avplayer.com tcp
IE 52.208.248.28:443 dpm.demdex.net tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 c1.adform.net udp
IE 54.72.96.86:443 sync.crwdcntrl.net tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
IE 52.30.18.244:443 a.audrte.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
DK 37.157.3.20:443 c1.adform.net tcp
GB 88.221.134.35:443 player.avplayer.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
GB 23.44.234.79:443 play.aniview.com tcp
GB 88.221.134.51:443 player.aniview.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
FR 172.217.20.174:443 analytics.google.com udp
US 96.46.186.186:443 track4.aniview.com tcp
US 8.8.8.8:53 go1.aniview.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
NL 147.75.84.158:443 sync.a-mo.net tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
GB 108.156.39.10:443 s.ad.smaato.net tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
US 52.73.237.27:443 sync.srv.stackadapt.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 52.73.237.27:443 sync.srv.stackadapt.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 34.120.111.33:443 api.edkt.io udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync.adotmob.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 ap.lijit.com udp
IE 99.81.229.172:443 ap.lijit.com tcp
US 52.205.90.189:443 cs-server-s2s.yellowblue.io tcp
US 64.202.112.31:443 b1sync.zemanta.com tcp
US 64.202.112.31:443 b1sync.zemanta.com tcp
GB 18.164.68.91:443 api-2-0.spot.im tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 ads.avads.net udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 bttrack.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.128.133.112:443 ads.avads.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 192.132.33.67:443 bttrack.com tcp
IE 52.18.135.246:443 jadserve.postrelease.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
US 34.128.133.112:443 ads.avads.net udp
DK 37.157.3.20:443 c1.adform.net tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
NL 35.214.224.196:443 csync.loopme.me tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel.onaudience.com udp
IE 52.214.42.159:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 idsync.frontend.weborama.fr udp
US 8.8.8.8:53 cm.adform.net udp
FR 142.250.179.66:443 googleads.g.doubleclick.net udp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
US 8.8.8.8:53 token.rubiconproject.com udp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
IE 52.214.42.159:443 pr-bh.ybp.yahoo.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 rtb.openx.net udp
DE 79.127.216.47:443 id.a-mx.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 35.186.253.211:443 rtb.openx.net tcp
US 8.8.8.8:53 ow.pubmatic.com udp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 odr.mookie1.com udp
US 8.8.8.8:53 image4.pubmatic.com udp
US 34.160.236.64:443 odr.mookie1.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
NL 79.127.227.46:443 c3.a-mo.net tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
FR 141.94.171.216:443 pixel.onaudience.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
DK 37.157.5.133:443 cm.adform.net tcp
DK 37.157.5.133:443 cm.adform.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 track1.avplayer.com udp
US 96.46.186.15:443 track1.avplayer.com tcp
US 8.8.8.8:53 id.rtb.mx udp
DE 79.127.216.47:443 id.rtb.mx tcp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
US 8.8.8.8:53 sonata-notifications.taptapnetworks.com udp
US 8.8.8.8:53 d5p.de17a.com udp
NL 35.214.224.196:443 csync.loopme.me tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 t.adx.opera.com udp
SE 213.155.156.184:443 d5p.de17a.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 ipac.ctnsnet.com udp
DE 18.184.111.139:443 sonata-notifications.taptapnetworks.com tcp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 core.iprom.net udp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 green.erne.co udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
NL 72.251.241.204:443 cm.adgrx.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
FR 141.94.161.190:443 green.erne.co tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
SE 213.155.156.184:443 d5p.de17a.com tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 matching.truffle.bid udp
NL 72.251.241.204:443 cm.adgrx.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
FR 141.94.161.190:443 green.erne.co tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 172.64.151.101:443 ssum.casalemedia.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 52.73.237.27:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 ad.turn.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 192.132.33.67:443 bttrack.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
DE 37.252.171.52:443 secure.adnxs.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
NL 46.228.164.11:443 ad.turn.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 192.132.33.67:443 bttrack.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 s.tribalfusion.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 match.deepintent.com udp
US 38.91.45.7:443 match.deepintent.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
US 38.91.45.7:443 match.deepintent.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 hb.yahoo.net udp
US 8.8.8.8:53 live.primis.tech udp
US 8.8.8.8:53 cs.minutemedia-prebid.com udp
US 8.8.8.8:53 s.seedtag.com udp
GB 88.221.134.10:443 hb.yahoo.net tcp
DE 18.158.75.183:443 match.sharethrough.com tcp
GB 108.156.46.47:443 live.primis.tech tcp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.213.68:443 www.google.com udp
FR 216.58.213.68:443 www.google.com tcp
FR 216.58.213.68:443 www.google.com udp
US 104.25.233.53:443 is.gd tcp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
GB 18.245.218.91:443 www.file.io tcp
US 8.8.8.8:53 hb.vntsm.com udp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 45.55.107.24:443 file.io tcp
FR 172.217.20.174:443 analytics.google.com udp
FR 172.217.20.174:443 analytics.google.com tcp
US 8.8.8.8:53 cmp.quantcast.com udp
GB 143.204.68.116:443 cmp.quantcast.com tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 mydmp.exelator.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
IE 34.254.143.3:443 mydmp.exelator.com tcp
NL 89.207.16.146:443 proc.ad.cpe.dotomi.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 pixel.quantserve.com udp
DE 91.228.74.208:443 pixel.quantserve.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 18.245.247.198:443 aax.amazon-adsystem.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 52.58.203.207:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 elb.the-ozone-project.com udp
IE 99.81.162.178:443 track.venatusmedia.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 104.18.43.178:443 elb.the-ozone-project.com tcp
DE 37.252.171.52:443 secure.adnxs.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 89.149.192.64:443 prg.smartadserver.com tcp
NL 89.149.192.64:443 prg.smartadserver.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 34.120.111.33:443 api.edkt.io tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 52.203.183.25:443 onsite-tag-logs.apps.nielsen.com tcp
US 8.8.8.8:53 ids.ad.gt udp
US 104.22.4.69:443 ids.ad.gt tcp
US 8.8.8.8:53 pixels.ad.gt udp
US 8.8.8.8:53 a.ad.gt udp
US 172.67.23.234:443 a.ad.gt tcp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 s.cpx.to udp
IE 99.81.67.10:443 s.cpx.to tcp
US 104.22.4.69:443 a.ad.gt tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 81.17.55.170:443 ssbsync.smartadserver.com tcp
NL 81.17.55.170:443 ssbsync.smartadserver.com tcp
FR 142.250.74.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 6214f6331b77cc0bf70501050fceaff7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tg1.aniview.com udp
FR 142.250.201.161:443 6214f6331b77cc0bf70501050fceaff7.safeframe.googlesyndication.com tcp
FR 142.250.75.226:443 securepubads.g.doubleclick.net udp
FR 142.250.74.226:443 cm.g.doubleclick.net tcp
FR 142.250.75.226:443 securepubads.g.doubleclick.net tcp
FR 142.250.201.161:443 6214f6331b77cc0bf70501050fceaff7.safeframe.googlesyndication.com tcp
US 34.120.111.33:443 api.edkt.io udp
FR 142.250.74.226:443 cm.g.doubleclick.net tcp
GB 23.44.234.79:443 tg1.aniview.com tcp
FR 142.250.74.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 96.46.186.186:443 track4.aniview.com tcp
GB 88.221.134.51:443 player.avplayer.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 34.255.66.42:443 pr-bh.ybp.yahoo.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 54.144.120.173:443 sync.srv.stackadapt.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 216.200.232.253:443 sync.mathtag.com tcp
US 54.144.120.173:443 sync.srv.stackadapt.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
DK 37.157.3.20:443 c1.adform.net tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 69.166.1.34:443 sync.go.sonobi.com tcp
IE 34.247.62.134:443 match.prod.bidr.io tcp
DE 52.28.186.109:443 match.sharethrough.com tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 198.47.127.20:443 image4.pubmatic.com tcp
GB 96.16.108.246:443 acdn.adnxs.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
DK 37.157.5.133:443 cm.adform.net tcp
NL 185.89.210.82:443 secure.adnxs.com tcp
NL 185.89.210.82:443 secure.adnxs.com tcp
NL 185.89.210.82:443 secure.adnxs.com tcp
GB 18.164.68.59:443 api-2-0.spot.im tcp
GB 18.164.68.59:443 api-2-0.spot.im tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
NL 35.214.224.196:443 csync.loopme.me tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 ap.lijit.com udp
IE 52.18.135.246:443 jadserve.postrelease.com tcp
IE 54.76.208.25:443 ap.lijit.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 bttrack.com udp
US 3.215.162.122:443 cs-server-s2s.yellowblue.io tcp
US 192.132.33.67:443 bttrack.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 u.ipw.metadsp.co.uk udp
NL 35.214.132.90:443 u.ipw.metadsp.co.uk tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 173.0.146.6:443 go1.aniview.com tcp
NL 35.214.132.90:443 u.ipw.metadsp.co.uk udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 track1.avplayer.com udp
US 96.46.186.186:443 track4.aniview.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 tr.blismedia.com udp
NL 34.91.62.186:443 um.simpli.fi tcp
US 34.96.105.8:443 tr.blismedia.com tcp
NL 72.251.241.206:443 cm.adgrx.com tcp
US 96.46.186.15:443 track1.avplayer.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 34.96.105.8:443 tr.blismedia.com tcp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 rubicon-match.dotomi.com udp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
NL 63.215.202.137:443 rubicon-match.dotomi.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 104.18.43.178:443 elb.the-ozone-project.com tcp
US 172.64.151.101:443 ssum.casalemedia.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
GB 18.245.218.91:443 www.file.io tcp
US 8.8.8.8:53 sync.outbrain.com udp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 34.107.140.113:443 s2s.t13.io tcp
US 64.74.236.159:443 sync.outbrain.com tcp
IE 99.80.232.0:443 ads.yieldmo.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
IE 99.80.232.0:443 ads.yieldmo.com tcp
US 64.74.236.159:443 sync.outbrain.com tcp
US 34.107.140.113:443 s2s.t13.io tcp
GB 18.245.218.91:443 www.file.io tcp
GB 88.221.134.51:443 content1.avplayer.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 34.107.148.139:443 prebid-s2s.media.net tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp

Files

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

MD5 b22a885c3d2fcc773821a9f003c5aa1e
SHA1 1062f929a6e8e5a60fd529e31b78c316400f4466
SHA256 092201e66c07b7be4c498a110eb7a1509bc00158e6d722e8234f22e11ceab26b
SHA512 71b8bb588389b36a230147886f7ae2c035484c870e296db35724f09599b01b14e8c5ff885e90ccbb3228b31cf5bafb0c35e393171a6000891edc62ba1af3c654

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe.config

MD5 d6f1152d647b57f64494c3e1d32ede94
SHA1 a35bd77be82c79a034660df07270467ee109f5ac
SHA256 a47f3f83cdb9816f03632833dc361ac5e7a4c5c923af1fdebfa16303f9d68a72
SHA512 699b5ad93d3497348f8aad8e15d54ddd789bbac43f11a7fb629f19cda3749bee0ae06dc83f4e6246df631488169fda5d15c48585581d3a96d2523b8b45e639bd

C:\Users\Admin\AppData\Local\Temp\Cab56BA.tmp

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar56EC.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

MD5 d0df2d8770d029a15b162149bc04bfea
SHA1 9e061107dc8b51c0c078900d22b46f84fd44e810
SHA256 20a71727d9deafb87d49be1f364c4ab61cbef75bf35c199dec206cbfb07cf100
SHA512 92cdd15a2305770e2507a7952e5b34b3a4b2900884c4c93faf6dcc2a38267175620edca5d5a84b386bff1b1442bc7d25b31ab5784e4a763bed84f7caf1dcab56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d3cc295eeb63785e860087087807386
SHA1 fc2f0ef74c7444a0b47732e4f8066fa8d1460450
SHA256 76549670d5bc00e53bc94f90cff6ed9ac3c4bad70b3f8645d163d2d7beeb25bc
SHA512 47541ff14781c4677f21086c38a64491ef1c8057f0ea0065abdce95db20c2c49bfffa331d75fdb9baf4a090b7adfb3390cf34a013e754ad7d7f8ee8178864f77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21c2be41b44ea86db1d5a11faa17ca7e
SHA1 a8c29731d155116503ab52256fee5f0278375b1e
SHA256 cb1e45b4f86020a2ae2e6b9afbe8ecd7ac9a5f1aaaa7b7372eda0b4aa91b0b1b
SHA512 397fedb6d850cf5af0eca8c86783c8497da0d028aa8a3b49eac3fde6ab890cd37ff69f91ebbb780693ba617a188778c5ab838aef758ec74a62de6ebada95e7c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 769258478cbc016ef0db3ea9b3e421aa
SHA1 a7a55e70fad6d867a93cb4625ed8ca7936a1d4d8
SHA256 453522502f9fbb6048fe52dc2400f55ff3e88cbd484eec1e734a8883e0e14e2f
SHA512 60202a979d37877d3c76f1ce8b8d9e6685c2590bb5cfdb1a53416e27ed1b904ee89ff29dac776b92e7081782f57160055fafa61fb25b980d0288ebad8159979f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab2c9229f2490881d44376f9b0828619
SHA1 e91fdd2962348bc964df6b0bb1a32491525835a6
SHA256 a1d0e5284aafe2cb197b6c08495d1fff8e509f551ef97da099ebbc413181af9e
SHA512 fc47cf53cb44b8a12c14e4703cb4e139ecb71a5705ab08184311a3884def8da7f9e6471a46e5cb86941550796bfdba38532ef5ee56564076efb0bd8e43d0b8ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29678f09c942511be2863589d899ce62
SHA1 2d6bdac6b1ea669b1f6eaaf0c2d971de9618b07f
SHA256 8c074630add5e4e88b5ea845a1f3aac5db881c2b0e7977222b4222268e0ebfa4
SHA512 6c4f16245f1e8d2b5890cb6b47951846d751b9217a274010a68b8acb220e06d517be66c2a561e7250621b6117de7783114a24605989177a1db2b4af93c5f61e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f98c73c28e0cfcef1cd8ac1a8f8cacca
SHA1 239b18e7e9dfe97b096ffbae0d5b229f1cad6dd2
SHA256 5e015e0b2f1b42c1ac52fe430fb690bfe14d5e8b51f3bec527662e2cb36697ae
SHA512 a710b6c1a15bded2072b84e9d1f9333141297da8a537d9f9ceb1cc19a06419e5cee1a2ad213e0b66e98a9fc59916ed42b2a787eae68f05ff3dc442230ab1b018

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 024f0104c71cd6448254baa53ac610b6
SHA1 d6ebb8fc83a70ec446245bd70af1cf80b8ac186e
SHA256 3613c6be8591c5958ef35693a6cbd9ecdbd032b27d98534d34e7ea1624ca9058
SHA512 e47c5991901c97cc89b8943fba6857bfe449fbf33b546f550a3f1119c368e18130c615541da100299118f1439da0a83903429b790c146eb19e259ee371b8e9ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15f2d1bd3d10d504490e4dd2880ccfad
SHA1 5e5d5d5a14fbbf1dc16e5f45939acb3007cebb90
SHA256 29023637fe8ce390aa5128c047b4e94ca2549ecdf1432edd21217af29d66ee68
SHA512 de32b7d13460063aaa6366e7f21017af5de7e305fbf258478fab2e0f173bf106c3ce59cb6e5df216fab858ae488931d0b403d11f97d4b503dc76e93766a780b3

\1d1ec384aa70cc12b5df38179f0e\Setup.exe

MD5 f7a63e2d4217b71d39e4b18b3dadf632
SHA1 c3446cd1a50f6374c3ad3446607864bee97426d9
SHA256 43290269962f9edb13d042d54973a76570f6e4b6a4af33e7362f8284b9083720
SHA512 1703b6c1b1f96febdee8663fa9e8e11939715781810f5feccc6f11b0298fed4f83f6decd975ed1c05dd0e976a12b0738040d0c09db46389a2720462a6624c942

C:\1d1ec384aa70cc12b5df38179f0e\SetupEngine.dll

MD5 9964ce1f4874a686910dbc1aeec1a326
SHA1 0b434c566f6722c765245a1228b7600fd10ba1c9
SHA256 3a45fbe9c5e03f67b49808c068eb2ce831e4eebdd1b38e520e4be5a5537a72e4
SHA512 8d123ab8e6b767a80d122b021a77460373e2b0841c92375ba1f56830529a2610bbf3749ce95aa64b67f45591378246409f035518feced582c7ebe1b6609dba99

C:\1d1ec384aa70cc12b5df38179f0e\sqmapi.dll

MD5 6404765deb80c2d8986f60dce505915b
SHA1 e40e18837c7d3e5f379c4faef19733d81367e98f
SHA256 b236253e9ecb1e377643ae5f91c0a429b91c9b30cca1751a7bc4403ea6d94120
SHA512 a5ff302f38020b31525111206d2f5db2d6a9828c70ef0b485f660f122a30ce7028b5a160dd5f5fbcccb5b59698c8df7f2e15fdf19619c82f4dec8d901b7548ba

C:\Users\Admin\AppData\Local\Temp\HFIFCE6.tmp.html

MD5 fdb5fe4e263c9b5d343d768cc7e50802
SHA1 15ba4d7797b7e4234a933f141ac04be8768ec96a
SHA256 08054d25d1f1c4f895463533f97a8a046cc3b063ddd2017c7000d52b59dfbfce
SHA512 eafe743f402fbe4583b9d094ff29ee47bf0d456d60410c23a5834e04380cc940c4698741d71472eb15c4662c6e221a25d45fbdca2c7a70b5bd5d5dc23c73829c

C:\1d1ec384aa70cc12b5df38179f0e\DHTMLHeader.html

MD5 cd131d41791a543cc6f6ed1ea5bd257c
SHA1 f42a2708a0b42a13530d26515274d1fcdbfe8490
SHA256 e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
SHA512 a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

C:\1d1ec384aa70cc12b5df38179f0e\UiInfo.xml

MD5 c99059acb88a8b651d7ab25e4047a52d
SHA1 45114125699fa472d54bc4c45c881667c117e5d4
SHA256 b879f9bc5b79349fa7b0bdbe63167be399c5278454c96773885bd70fbfe7c81d
SHA512 b23a7051f94d72d5a1a0914107e5c2be46c0ddee7ca510167065b55e2d1cb25f81927467370700b1cc7449348d152e9562566de501f3ea5673a2072248572e3b

C:\1d1ec384aa70cc12b5df38179f0e\SplashScreen.bmp

MD5 bc32088bfaa1c76ba4b56639a2dec592
SHA1 84b47aa37bda0f4cd196bd5f4bd6926a594c5f82
SHA256 b05141dbc71669a7872a8e735e5e43a7f9713d4363b7a97543e1e05dcd7470a7
SHA512 4708015aa57f1225d928bfac08ed835d31fd7bdf2c0420979fd7d0311779d78c392412e8353a401c1aa1885568174f6b9a1e02b863095fa491b81780d99d0830

C:\1d1ec384aa70cc12b5df38179f0e\ParameterInfo.xml

MD5 4a0c5e0d81034c74bedc85b7f4759888
SHA1 d2c13fca6d918c7b4d25c8b9290bac053c551694
SHA256 5b872fc7d87f00634137d4051ee6f4cf481f9f7e0163ae7589a6c40a7c828569
SHA512 913425ea56c02ec136ee6eab4ab6a44e6a61f428ee431df241e2c745377d33835a6ecac69a8d02596f2adbbbf602a8afe578a05a1e3d253aa6e60e5666e1214c

C:\1d1ec384aa70cc12b5df38179f0e\1025\LocalizedData.xml

MD5 075961c7e742c66ee4cd8b614a778141
SHA1 a5541fa0487135aaed1c336bba79e8025ac2804c
SHA256 4198a6ae89b0be8bd07ed3c18dea6ca87239a5a47343b73ff612ce0ab47e08dd
SHA512 c6881fc501805d0cb5aa9b42fc14029404a236166699e3845586e0609c26e4536bdd6ca2181e1139f83d5cb78c35d0fa7d158134f522fb9f4736880e330fc8f6

C:\1d1ec384aa70cc12b5df38179f0e\1033\LocalizedData.xml

MD5 31bff8efc0cc701092ab7fe606271d65
SHA1 844cc4837ebe3eea9563df6613989b4588d6f19c
SHA256 b3048715a23d9bd77e9b3e1ec8577f94cfc8c2dd30b61dbf326871a97aa6e22c
SHA512 472b881df9128c93f9183ab05d2406146aeef8ce9723c9dcfa6e93d093d90b2db75bb4a3f784d26db187436242409f021fa8b7844aa04bf9cb58f48a6c4822d5

C:\1d1ec384aa70cc12b5df38179f0e\1028\LocalizedData.xml

MD5 8b37256ce099957b91ebe1d51ad8f61c
SHA1 6bf4bcf46781126ffdce92e39ad4d1d912e75ac5
SHA256 7d6777e8c9484229c1b8e3f2e354a88f57539503c2c56f2b0ee47679a6ef9cc0
SHA512 6659dec6fae7a7f733a0c9e44a04f178a6732e1b9b785833c63efd8ed6e25adabb58e37b2ec039dacdb071732f8ee42ceb297cb2ec72b67e8d25eb093d5423a5

C:\1d1ec384aa70cc12b5df38179f0e\2052\LocalizedData.xml

MD5 83242627ea9f4ea7c346a8830026eeb5
SHA1 75a8f52fa3e03b2f04b168d517117f80212b5672
SHA256 4577902142bb96b849f6b78866a5e81c761109a454470948902a40c73f7b9b7f
SHA512 cd27e3ad4168b7bb61b2336f73cd9f61516b953271aeecafbe22cbcffe18ef45d4a4e2c7513c3986939ffd635f2e7d1868798182ffcb4ae0e7aa207c5bc67bc2

C:\1d1ec384aa70cc12b5df38179f0e\1055\LocalizedData.xml

MD5 c515bca575c7e7e7dba8c1ac2a3031d7
SHA1 3aa307513e55a2ada4866ff8fcb2de4e5184a1ad
SHA256 98b5b75b8a89606dfcb54c622884671211199dffced96c29269010b81b06231a
SHA512 5a8c51f55aa6ae44f0a6932a30f0054e8c012080696d5fc784a3ec89aa63275978440364e6b9663eab5466af459594fd1c5d517c629f312bc9b4943e9e040a29

C:\1d1ec384aa70cc12b5df38179f0e\1053\LocalizedData.xml

MD5 a6f6198758552f453df96c4a8fb84134
SHA1 c40dd5faafe457c6c814695b4885f065f9d2f4bd
SHA256 b28bd460c2df31315297083c5507c233a569e1e89547127191468598b35eb36e
SHA512 9b958a0556d5989f71d1e38848c8b6b54ff6bfe292ad599b81e808f4c193cd41a23885d806539a0c246b811519a73d5fe7b0ce679c53119cfa97f999784fb66b

C:\1d1ec384aa70cc12b5df38179f0e\1049\LocalizedData.xml

MD5 f65088c4998e6ca3a872fc66bdd2a192
SHA1 c697a3a043a6104befd6f8e1b85e746c3d84e390
SHA256 3b2c633bb0a7342418aef0ce29331643a4cd48a572ddbb90c3d3433d135fd952
SHA512 a5938da7cab6e963c553de1c135ee9c7ec565fc97ed4d433dfff9debb5d31ba3bbf3d1b8a12e814462fd92f4c39680ae71dbd2e3df846f23a1a98921f3981992

C:\1d1ec384aa70cc12b5df38179f0e\1046\LocalizedData.xml

MD5 361a4c229849b55e4540943b5c04403c
SHA1 46a0751432df223c936393f21a7543a3b314157e
SHA256 c2afb880f0986ca807b1dacbd5a9f2a5b9be4930c29379cdd88a6ebf9b0618c1
SHA512 40ba8c19286f992e5742f342532161062c36504aa3a364cdaee15e2e3ab750012d6502278d064f45b3df13b3063c66a361d688adbcaa6eb7a657c9a50e0e9380

C:\1d1ec384aa70cc12b5df38179f0e\3082\LocalizedData.xml

MD5 14005b857dd90ec8bde8e80c3cb0faea
SHA1 7aa4e6f4c9feb808b2dc95f7541bd10aee02874b
SHA256 9d3fd31e3826b91d68ea34a6961cf288e23251cdf8faf0aad02653a55c53f2e0
SHA512 5ad424144a47fcc47ce5a33225a7cb1017b4278b5e3241da48213e132c4cef549ea3c107e7789f42886bdc0a343f50fcd0fc0b287efaff010bc1186251c5c0ec

C:\1d1ec384aa70cc12b5df38179f0e\2070\LocalizedData.xml

MD5 50b9f5f566fd83ceeb0fd0992739388b
SHA1 c040e31d59580541bbcbd662598e8d3fbf52b51e
SHA256 4aa6b559e8993de92797e0d1c595cec0bf305403dd275a231f8417ba4c09c1a1
SHA512 87736f5db8bbcbe4924667e8f5820dc5329e902632d22480ac4768023215fd0db399f442eb1ba76ab2c5c008e58611f006cae4307605a5340380127fd83f70a4

C:\1d1ec384aa70cc12b5df38179f0e\1045\LocalizedData.xml

MD5 5eadf11a5b9af3f40b21328474ba3b7e
SHA1 af456b6123f9adf4ea0b926124b926ea3056248e
SHA256 4362c962c7611190999b36e139370245104b66398ebddd56b210810440c43e88
SHA512 e0f0c32c736d23d40508daaa2fb7b7033034154869a4f411aa4ff96c7ff197d97b1d89eb4a6da1dbfeacdd3373c45f22bdda70554521bbce409c051ae4573e42

C:\1d1ec384aa70cc12b5df38179f0e\1044\LocalizedData.xml

MD5 a9998c1f395c44bcd41faa0ae60439e4
SHA1 4a267707c7dd8a24eed4c433b3c41b7e1a6a936b
SHA256 8165d0b468d73347a495f525dc81d847bb84b3391c8af1abc95e2b8f4a51d620
SHA512 9f0fb00c34ee788f9e8058915794b822fcb31f1c35a1d47ce5da2b15bae904cab513d55111ae4cccbf4da2587a4c3e045f0cc2e95654c9b5631a3a4a86632bd3

C:\1d1ec384aa70cc12b5df38179f0e\1043\LocalizedData.xml

MD5 18efd16361a280efe263f261a4faa21e
SHA1 6e5bbbc46b2decdb00cd957d02e27bbbf2a4d880
SHA256 88de82f8c0934f23e0eb16224def959ff55da396610bd34149e4fb9aab24fb03
SHA512 b4bdaf600c5a855c040db974744b780c4860474c38ec453c4bfdc5a11c8beff65437d17c5ab0c3c78b5b861d93b0d41f1c3f4d5d435d233ba3719f78c9058446

C:\1d1ec384aa70cc12b5df38179f0e\1042\LocalizedData.xml

MD5 401f386416c7c37f92da9ec1688d750b
SHA1 c6565b80ba557827e3e6b96901f27fdcd1b525c6
SHA256 721cf8956fb2fb01df302713351eb9721cfccff096dc429d02b0f2b150855919
SHA512 f4ac60826287262b87bd407c85091d583ac504645faabd6fe8e116ac50e35908341d85850e8888e5928cb8235101e6b7a1074597946d584550e8aea6a7fba591

C:\1d1ec384aa70cc12b5df38179f0e\1041\LocalizedData.xml

MD5 4cfdb16e84869a51119e17a545ace7a2
SHA1 5eb358e13291d65ff8805513254b02ff3b83d7c6
SHA256 1c2587f7c0d7e57494061d24638a83c8f9d33a4eb192cfe6bd65c172fb6a76a4
SHA512 381878c16a98aae9ef688bf4735b13d2d42b2c115d76c1677f5c275db3745b35fac35468f11d80284307a6f5ed93265fa2c378a5199284d848fdf984f2a88daf

C:\1d1ec384aa70cc12b5df38179f0e\1040\LocalizedData.xml

MD5 3192c0f7f30df881ec199d77b095b93e
SHA1 dca1cfe248a9de56f2d207d5f1979c92e006831c
SHA256 5dceb300d25c68003d61437e3802f97e1d5503e27032989338f7d260c7b0904e
SHA512 42a5f98103e23d7e8d7a34f8ba08d027ac4317d92109565b5f3fa4fd7057104d3a12b88846bee1914451cff59ed1b46e9146592784c09cd724bf004eb65864c3

C:\1d1ec384aa70cc12b5df38179f0e\1038\LocalizedData.xml

MD5 1b59e64e51b3f9b96e8897d5b9b17c37
SHA1 1fdd8951133add26ae062da306133980e31809b0
SHA256 5dfa759937eb0ee393d94485e0ac74546d344f342fc3d42ad33847ebbd5163e4
SHA512 f1cb4670805ccd1327a7ea31b98caccc7c5bc7cb7ea7817a5749b0e176f4bdae36339d25d1037f9cdb19a47bcaac4e53fc49656c365ee7981473264b55f2a996

C:\1d1ec384aa70cc12b5df38179f0e\1037\LocalizedData.xml

MD5 a258bd1060df46dcefe6257d4af638dc
SHA1 9e989db32e94499a717c93e889ebf47787509a42
SHA256 83120845e156ecbd401a9047365647cf8e9b2ec75d9295237da33c53eda365e4
SHA512 6f69aa98e264e3de3669f52e34140bf3a1bc333e3e3c4e06228eb1a78aabde380c8a444d9086a1f1188c49ead7ca73962db488dfb8e4e13c09ebf539ae53d011

C:\1d1ec384aa70cc12b5df38179f0e\1036\LocalizedData.xml

MD5 d7e814adae1a18958416b7e29ae7078b
SHA1 857fed2c8766102d1a64d91eccb0661f6de750fd
SHA256 c8c847bf9ddf8998520123ff0a638c6e9843c860b68943275b7f0256f324c4ce
SHA512 73ad8b3d24ace1795c93ef807b3e644512fee2a295eea05a93fea07d131746aa99f895a68075efe44c2c4e305da3881c27a342d2fa13dd6d1f258a9cc669491a

C:\1d1ec384aa70cc12b5df38179f0e\1035\LocalizedData.xml

MD5 c78dddce3189c67c23f60561dcacd4a8
SHA1 e375a6d1f71709ead1ad4139b1c16476019666d2
SHA256 e9353dedb338ce826b3b990851a955da1b04e484a378cac7c3c17a2de26d14a4
SHA512 a58d995936f5c5310e04f7514c177a071f3451638f0a9692593c4d505c5f48caeca1cee9644b092bf32bd70c52bb956f0b87ac748190aea2040adc3afbbab3b0

C:\1d1ec384aa70cc12b5df38179f0e\1032\LocalizedData.xml

MD5 233d0d1551b17f2284ad80674569de79
SHA1 67cd31126c6e5547e60d7266e61b6835b80b5916
SHA256 7106a1121056a73fed77aab7c7293dddffe0f5aecd7db969799a121ad5d88181
SHA512 c3375081c704fb05c7335929505ef4589fa728c97bb58738932b7ee05dd6e00c19d8ba14bb0a8dfce0d51ac73fa76bffa0ccc00772b73850eea37d39088a0473

C:\1d1ec384aa70cc12b5df38179f0e\1031\LocalizedData.xml

MD5 74d28384c38283518c6490bfd068ebf1
SHA1 c52d2fd41a59691e18871ec64db10c43f241fb6c
SHA256 01afd814b009538f387812f6940c863a9d0cd7dc4159050f34f82e50ecbc33f8
SHA512 e23ae604eafab0c3a0d8aeb07321c0dd629d21c5ba47d37958f48f1b9f27d89de4db880ec3958ad1e5f2165a69bed18d61f73f71fd743a2d7eaafdc0ef8d1cc0

C:\1d1ec384aa70cc12b5df38179f0e\1030\LocalizedData.xml

MD5 e1f2f586d75650df1a751d86bb659df8
SHA1 283097241e6b1acc8f30ca822585df104c918e51
SHA256 615a6380adcfa3a0e7a5db2df9b98dad650678d8c46b1c7c3f2d2854204f079e
SHA512 b7fb3e366a7e5cbaaf99e8e14731653dd14885cd0b3d5462c091113f12800478ff2e5bd351bd403abaeef3041cdd5a7693825e488f27ec48d087686c95daa774

C:\1d1ec384aa70cc12b5df38179f0e\1029\LocalizedData.xml

MD5 aadf97951359a8267f7990cdd2cc950d
SHA1 61f626b44e252e916c9c70a4222efc9c21d951c6
SHA256 e28d2d89fc269d25272956cee4d7150a30706f58ad305e84e3c1c9fe7ac0ee86
SHA512 2d352cf7d8d167b2a9fd4416582328d894619f2eb213fd334e1b15ef1044735a69ffca36fba02d9d1af6355e9d1a55d38c3b7f5339ecacb8c1dfdc4cc50c5342

C:\1d1ec384aa70cc12b5df38179f0e\SetupUi.dll

MD5 b90a60068318cefa24e3344c4ef71649
SHA1 e61893f999442bbf6c0b1fa4c154fddb3be721f1
SHA256 1f757ea33835920a08fd9558f973761f70bc63a8c01fda4db1170e19ebf0c73d
SHA512 372d17ddc5ecc1190a81be67d1e9a256e9d52d1225a0de064dcebc3b7da983412a3ec1c5cb4f3f1abfe5a1fb3cc69157abbdf05e1c6bbea368d0a357afbd611b

\1d1ec384aa70cc12b5df38179f0e\SetupUi.dll

MD5 c0144258d8f4432b959901df9001f8ab
SHA1 20db1e0cfaa202fb7d82537ce6693c4012c0a4b4
SHA256 10634628eb5cfba5bcc1852e727ce5a994aec5cb352482383a5272833414ba9c
SHA512 f228d77e33ab320d3ded05cc79826ed7fed5abb1f1918f80cd20aa41262bdd73450930abf644e689b3c103a73146772e25df1036dd92b58478822e3bcf811439

C:\1d1ec384aa70cc12b5df38179f0e\SetupUi.xsd

MD5 a9f6a028e93f3f6822eb900ec3fda7ad
SHA1 8ff2e8f36d690a687233dbd2e72d98e16e7ef249
SHA256 aaf8cb1a9af89d250cbc0893a172e2c406043b1f81a211cb93604f165b051848
SHA512 1c51392c334aea17a25b20390cd4e7e99aa6373e2c2b97e7304cf7ec1a16679051a41e124c7bc890b02b890d4044b576b666ef50d06671f7636e4701970e8ddc

C:\1d1ec384aa70cc12b5df38179f0e\1033\SetupResources.dll

MD5 49a9bedc81cd400abbf794f272883a8d
SHA1 dc9aa0fe56bc4f0d5fee333eb28a29bb4750eed1
SHA256 197cb97902aa576a8a4dcbc5b4615a28943b1941d67c6fc163b5b4a034c650d0
SHA512 bd579834eb275cc07d458052317f1851380c5a510869b224c0441f70d2cb468c5cea034649704c9cced28cf2425fa1c67c0f8c22011b81ce98ed243647422415

C:\1d1ec384aa70cc12b5df38179f0e\Strings.xml

MD5 8a28b474f4849bee7354ba4c74087cea
SHA1 c17514dfc33dd14f57ff8660eb7b75af9b2b37b0
SHA256 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b
SHA512 a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

memory/3872-1048-0x00000000004B0000-0x00000000004B1000-memory.dmp

C:\1d1ec384aa70cc12b5df38179f0e\graphics\setup.ico

MD5 6125f32aa97772afdff2649bd403419b
SHA1 d84da82373b599aed496e0d18901e3affb6cfaca
SHA256 a0c7b4b17a69775e1d94123dfceec824744901d55b463ba9dca9301088f12ea5
SHA512 c4bdcd72fa4f2571c505fdb0adc69f7911012b6bdeb422dca64f79f7cc1286142e51b8d03b410735cd2bd7bc7c044c231a3a31775c8e971270beb4763247850f

C:\1d1ec384aa70cc12b5df38179f0e\graphics\stop.ico

MD5 7d1bccce4f2ee7c824c6304c4a2f9736
SHA1 2c21bf8281ac211759b1d48c6b1217dd6ddfb870
SHA256 bfb0332df9fa20dea30f0db53ceaa389df2722fd1acf37f40af954237717532d
SHA512 16f9bf72b2ddc2178a6f1b439dedabe36a82c9293e0e64cfaccbf5297786d33025a5e15aa3c4dc00b878b53fe032f0b7ed3dee476d288195fb3f929037bdcdbe

C:\1d1ec384aa70cc12b5df38179f0e\graphics\print.ico

MD5 d39bad9dda7b91613cb29b6bd55f0901
SHA1 6d079df41e31fbc836922c19c5be1a7fc38ac54e
SHA256 d80ffeb020927f047c11fc4d9f34f985e0c7e5dfea9fb23f2bc134874070e4e6
SHA512 fad8cb2b9007a7240421fbc5d621c3092d742417c60e8bb248e2baa698dcade7ca54b24452936c99232436d92876e9184eaf79d748c96aa1fe8b29b0e384eb82

C:\1d1ec384aa70cc12b5df38179f0e\graphics\save.ico

MD5 c66bbe8f84496ef85f7af6bed5212cec
SHA1 1e4eab9cc728916a8b1c508f5ac8ae38bb4e7bf1
SHA256 1372c7f132595ddad210c617e44fedff7a990a9e8974cc534ca80d897dd15abd
SHA512 5dabf65ec026d8884e1d80dcdacb848c1043ef62c9ebd919136794b23be0deb3f7f1acdff5a4b25a53424772b32bd6f91ba1bd8c5cf686c41477dd65cb478187

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

MD5 e0869fa68f658deeaa00cdd1455c902b
SHA1 b2ab6ac188a6af0fbccf3cf0d32b3aeec5ab7ed2
SHA256 8a4d43d098945be624d6ca276fbbee9154fc7f6f7707e2389af7e38b04118422
SHA512 ea91d317eb79891cd6a23f103fa9d4d935f0894a39dc82f6be6ce767a5478b0b3aad6b2caecf5fbe4ed94de772917e3c2e4545d3f10aa38aaf521fbfa5bf28d6

\??\pipe\crashpad_1684_FDNPGJNBZVMIGJPA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 7448c50978ffcf991779dc2ebb56cccc
SHA1 5078fd8b137d3b43d76807452eaf9be0e0134361
SHA256 abdda00a3ba90c7912f929b6f72ce9b6a19b45f036c06cc8c539721f469ff16b
SHA512 f78d66279838664de56bf8eef8d57dfcd9733f992eb757ac9222924f014c2fb04f9575a968edfb00e8498ae8502f1b07b002723accabfef1add33112981ae544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6ecc5dc29f4213277c230335a2b4135
SHA1 2fad0ca6a7ecffe9029c6be432ec6c6fc99e1d61
SHA256 b021a523993ede7a9864e99fd44a93d948ac967a05fae5b383fda68285465b8c
SHA512 e5da09aba351f291cefc227a9cefaec2ac14e0a67043532b75af95971cf7f855629646225d1b475b9faf8374a79ef125619c95d0604352cd60c41bd8aeb047ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76b67b17f13a7e11b17fbe5a033fb885
SHA1 e00ba756a8b7a15314f0c384875b36c2cfe3b523
SHA256 1967ad01eb1502ef0ad0a86044e268381232bfad937678d44bdf20f8966b3e6b
SHA512 97e10574c4dd7fab4788a8ad76b03454d3eca4117a53d275ddd4d1a02020342cd805598271bf507d759e253786b28e1c27acaaf597fc9f9d57b6658b1d6537ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e5afc0c51772bcffa32248144df50ad
SHA1 2abffd771cc2ee9ad3d845ed4e906a8ba13ba682
SHA256 86e086dcf4dc689b7ebd46c31a09786a2bb3e8df79360ec0e7856891f2f96b7b
SHA512 99151c9380c26e569e3740c9b18533ccc3acab6df9b9d175a7395c61adcb32bfc4db89476a0bf6e4e77b3680cf64522dc3bff002e67daff23522fb5549e4bfcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9199542debf787bc300e1b4e160f692a
SHA1 1b48e1b16c7bbb26756d5ea10bc82038622d4530
SHA256 333f0ce8db540dafb766ea6dd4c06e0711dd9d5c4431579a180e33a74d14968c
SHA512 a9b57d629d341788d14e7ef44e32ffb9cbb218ed543d9d9111682555bb6dd4c045cca7723fd2f2e4c18539d30895255b1618a2664af678da36f75d0a21801b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c3078d60e0a82eeeae34d9abc8155c7
SHA1 7cd51202f1b021b544e2ce3090d68a3aa005cd37
SHA256 abd3ca7faf0d4a1cc4e25efaf58340af3268f2f26d3130c357a10947ebbf637a
SHA512 03a217440548b7815e2bc9870699a569221d8f6db8e2761dc295c52f917630163dd328894d5d74219c4b93a3a8a71290788a1e5d96550ae0a8be805113abbeee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fd5c752b74ba608583dfd1555c77a24
SHA1 c384708e61d24b1f6ffa2c37658728765cf87dc4
SHA256 f5d3d31a27a8144430d2b788650acc1fb4def774469b406a4ed1de5c8103e066
SHA512 c04e8713299cfce6186e6f155f7ddd0a5d53abf8ee77cf1773cb89c78bea13c90526c40247ec3c99407f7f16b4fe34f7c74a4e48bca8f851bcf23a1fa4ef9f08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc9a8b0d8483df98693d8746f0424445
SHA1 a20b7ec2eb61b956a754fc32583994ddd784beff
SHA256 1352e09b7cefdc13dfdddfc9db781ffc9fbeb4d77cb71572140a11bb58de63f3
SHA512 bf4f75c64b792ca30e370df02d90cd6862f5ed026af39a7d08195533e3759bc6a474e7748b137812564ba791543b190b3e3755b29347e7c7706052483b60d168

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a9f30d6381c70edaa07271319dac905
SHA1 0aaddb8f4255bdae08e89809630b7284a50c5bf3
SHA256 e22b90792f4a4735afa9114add2c2b4a0eaad76b24eadb795d02ac3b624cfa6f
SHA512 b0fff1f1106bf66e8c3eb53000d943594520728f5e838b10022858a864a844e4968923e8de03969be0a6bb6f98e50c1570d196376ef646e602ab52016fc53e82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c981565732617b24f7d27503a446431
SHA1 9660aa6f5e149a407df3a2eb5c68fac7374e4ed5
SHA256 0109d82c589dd78598af9c2dfe5ad3c4fde8116f7e06fd535858bdd6bc26fe73
SHA512 e1212fe84589267c009d69d6215d5f57e4c2d75c17a8f23c7a6a7ecae368693ba3372a2fa817f74dbe1360e6b79843c043553cdc5b020fcabd48cfd0980e30a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41ced1e8d7b6755e10ab54cf1602609e
SHA1 d4ffaecf766583ebe58e5b51324f44831386d91a
SHA256 6580486b202c554cf5dc735bec1f55bd748780b41fbb4f75a3d518af01eb20c7
SHA512 c9d9e3b25c84bd9e05fa41fdfdc644257419b5bdf2b74d51624d5d3cd341d58cbaa00c20308b1bd55c94408f0aa9434c558cd9624f88c9558668bc5461c57a7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ee3ac231a422498700e42b534f6be9c
SHA1 bbc001a30b64249095d18a0e4aa56033af5f3d36
SHA256 e320c68e9d2b2f5cb61419b3df42d1e7fd83b88a2e49564383b5683fcbacc785
SHA512 f4b4af23f9bff665d5a4786a31aae7188fa967549e1d090581abfe959ca7f494bd7a4e828523403526d31b2537efad5a784a2b0f718bc138907be37155aa6ba2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6ece839b538d3142559fa654f3fc697
SHA1 9cb72c484fa83c6db74fae2b8faa839233a46db1
SHA256 35b5002443002f00a662915466dd7b79a6b81763967540f6d44db66e409ebc7f
SHA512 a28481d7c24fb62557bc061e73ffaffaf38839b59396db682846bc0f1601fc3e16acd6dc976bef94f701c9f865e0ef234b2dcfc49ddcc705eaa521a55bbce87e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 717b6bca2b7e3b96063a428a956fc6f8
SHA1 8a923b6a0109323990f84a2d405b6f140876b4ed
SHA256 6bf6eee363389cff8351b2ef2185953ecb666b2a8abeba98b736fd329bf2d20a
SHA512 6353d31e324fba716a576b1d74144a90ef8ccac3c209a86d7a40982ca7cde3cc3f9f80dca90a4a30807bdce1090a2d3287b12764353cd414abcce284201ac07e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0057e70e1bd3bbdbe513523e17bb62c
SHA1 ba230819afde7de5d20c0a2a292bba4e8720cef8
SHA256 819feca5c6c540c99544dee93e574b27bdfc7cf89cc9c0b7e204889105046ae1
SHA512 4cc31b88f0814686c680ff7832c4e89319c61f533bffae4e385b68b12de640598ea564c730a8505764476e2a6f23e550f6fd59969724ae9db39f50aa9c42181f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0d485582da1dcd97d89332949823bdc
SHA1 beb64e7582a14e5608ba263ccf4e6df98b80641d
SHA256 840740f93b711a529eb0bdf9e75d2f11fd05f114d5156b454cf7225f6a2df66e
SHA512 4feb061c9330587bcd033a7fa0d0f6d2956553546ddaa668e4063d3b4cfc28d214d368f523cfd05e0e5a0db8d9d0782847b98446b479ae5bd77de0e0eac462e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37ee96ccbdc9e8666ab948fb94446701
SHA1 815d1867035416e9c88cca19e437e97bf0eb9de8
SHA256 6b56d920e94045164b67402a177e8739d29d90dc95848aa28b0a881b371151dc
SHA512 d7e353db999096a33418c78d9b3d443212d05bf2048ae9c812a4be0300875a93175fd10452cfe160e587cab4274c4cca6e43eaad2aec2faf87e2adce340c28d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b436045de928ad61b58b72c2c30b84d4
SHA1 82af0c09f807b5753e90ab91998254c578e9cced
SHA256 469f4c341cbdbd106eecc57ba18bde6298c7f1bcc7511c3fcb3c06843a5d6a0c
SHA512 c193d839abe04f5e9f7cdb66d199005a6233de48483d5e7565c93547be12912424d48a4dd3831d21f1d1832c78c694c7c84ee7f923d86a9a1397dfd41cceb7e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dacc490307e996bc83a38ceb2095150
SHA1 bbc45770bf355f881912cdb0d54090a077cbe263
SHA256 1d906b8740784df111a7f040e33e22a5606eadb6edd8ac9629637518ac335314
SHA512 fe3aecc1f57fe828d9c76866e1432a3e84bf35edb6d515ae78be6d0f1209b491df75ceed7181c63666219d1134fb0ddcf8a7354b807a492808f9481d4acedb76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf9759578d026700914400c70cb25bb4
SHA1 7f18c2338b4acdc8eee26002d55fcc5e79eb587d
SHA256 2107cb3052633892234883a428926dc3c8548768b57764b8980a59b3ed2ae1f9
SHA512 7940928b1cc30c954a277abdedb0b7caa87f66cc7f6c0e1718c001d63473ac2916648fda56f1e727cef6039fbdbc7046918e71962ec83e72058730ab33173e2f

C:\Users\Admin\Downloads\ndp48-web.exe

MD5 34a5c76979563918b953e66e0d39c7ef
SHA1 4181398aa1fd5190155ac3a388434e5f7ea0b667
SHA256 0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa
SHA512 642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afb30e732cf0635cb2100cda5c98e44e
SHA1 3f880567767d903df32d38fe73ed77d94c8cff6d
SHA256 e5355d6f9b9a1c21715c1b66a375aad74db3424042e63d503db4dd740b6db205
SHA512 bfc58658242b20f42345172e13eacb82823dbb424f5bfd5c92e4e689ca74c0bf429db7e11fb451beda9c8c29e0d9e0db6501bd7d0cd47d2657281d8122376237

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13ba3876176ed11b3fa34e01fbb94a36
SHA1 2f38822f48e7d1fc81d1c64d4bdc2e68edf5aa82
SHA256 e5180fa2d72c553a0ceb9da2b5993c2c2eeb4967d53acce7ea68bdc4dc6801d5
SHA512 758fc28100ff6f31d440dfb561c9ca3b3c63034c9123c58beebbc8b3833d896c747af6db2eb2ef73372418ffe40e37d106f4b058c3b6dd4696dee52e86680df0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8309a97d1e3a114da855c20ba01515f7
SHA1 8d2e967f807bb1dba640b28d8b19f5b85ef0daa4
SHA256 c9b699d257f29c7d245aabf3367a526c603b618f24ea67903135f80417fed1b1
SHA512 276f88c1dcd2111aad277f3f07d6583a9cf5bf529334daffd785527f23b99dc1739121a5accdf7ae0a12b93101b60c418c7bb89cfe1b1e488ae489f0347ebc4f

memory/2720-2599-0x0000000000920000-0x0000000000921000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d320f320296678ba32f72e7b9f0f175
SHA1 f02a2b267ba7f3b9aa9bc6034337d64a070b7a60
SHA256 4038700fbd6c4703ed41b9ad5138a2dde970b0234726567c339534db1c6d1e73
SHA512 20289b6233a9066e6e5319a70f6e7c2ea42181a8c69c5e78ff5feabe9600be0c24843076f4647129635b0ac5208c809fe53162c9d6fdd28098161aa6d5c61181

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67d0a1d4554b37edbc7428ed8008c1b6
SHA1 c2ad319ffd748066cf5243050af0a086fc56c0ad
SHA256 a448fcd3274a6735bc51d8a5edb5e8a764a87cf295c7c3320f28e6155b1611c3
SHA512 bfe3091e4b355360274496688792ed55818f68584abc1b7028cea8bf341a0f1bce55e4aa7eb691e7e0f82b764c306ce92ef262f849e39c9a05a707a73d1bd495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3d2d0afae248079795c6f166b817018
SHA1 ca5583842e437883d427f1ab52eba5b1841ef938
SHA256 5bbba9a24ba7cf3b044512d8f4acf79f47d04505bc7f0e1882e0ddac85b323a4
SHA512 0ca8d6c50405a7e7ddb9b8bb8c2a7973311caabd751d3ba5980b2ef317c97ce2db9f38d569b656771e82b91fcf23945a950dc29f39ca8767b199bb1d0650a6c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c59f95821768d79b7c143264672b03df
SHA1 288a12035eea152a1621775689f6edf24a244c3f
SHA256 6ada99f7c4c2f81a9cd0b2752ea785520fab4e35a9678cdc23a906ae758b8e3f
SHA512 6ebe96ff3b2b5a70c8d2b62b91a5a2719ae4fc41bd98de9d3817eeb9482e0fd00a3e02ee43d1a185f2a5f0d6102c7a6dcabbef37dfe744bda632b9cf137a2276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 413b141673da0ae5591a30dc8b8852f2
SHA1 4fa7450d8467717c575b41ef805171129c214b69
SHA256 f0ad18bbf190722ddb5a163f0f849078ffd35690967bb0aef6a1927358f2a232
SHA512 9dce08c65da818e8afe62eea17c28e60ee54007babfa1626fcf8557f0141c6bbef3ebe5a8fcbe7e15a9ce827491501ab6ee5bf70277a30e54b506e80592112a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3811f4d4718ea196f9db58553025e856
SHA1 0d27f76160eca1166bb094c1e6be28d29ec3fdce
SHA256 271205e46d94e76a00fe5d2964bf354ec44d85d1eb3427dc90f25af70972b047
SHA512 65dbae7606189b5e44743dfbcb278b7489eed0d5ed098b7c1a078270dc3c62b90720aa6abadd0d6825dc0c5893ca15180f417f98d813e377ceba158c19f49215

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 92c92f55ff563bab4ac08908a04e5f54
SHA1 70010662ebb8cee56d6698f9756d2c29d1a0239b
SHA256 a070c759c2bc209fddc739e6f40acc947fac1579f2a80d670aaed9182fea3671
SHA512 4ae62cf9fb753f3ce7de684d9cfd494ee3e355cbe8061b3b80fb21bd2ed8414b88ddeff0c3a746c99c33e51a2cc167cd584364dfca0199d3689388f414e7edd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3916182bce19e53ee3faa8912d887c68
SHA1 96c89c577f1d85fdf4032d0ef0ed2136de77afb1
SHA256 de8aea0ae11211937e298e671b8ae600273074305395b37acf222998f5eb22f0
SHA512 7fd3dc20dd0f295bbcf61ceaedb20d89140b22c95d4d1cc7c04634e9031f803646b70c1684647ddb7241190d04767bb93c97cb2d9121031de27440add2246556

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bea3fbbd-3c4f-4959-b526-db9c6c5a8d01.tmp

MD5 cadd01ced0d0d6f0b1a9f56b4b69f0da
SHA1 91a6179c25265c17157f4c0c52a4e282f648096f
SHA256 422b45c3e38467fea98876321516f1088eb9d5d9f1dc2d16a43f765285509f0a
SHA512 59e7639a7a87d446c27dc5e2e869c6272b1a9c7345995285777821fe16e93bf11c957b800d1b1bb51f375b8189c75cfa7ae91229c0179ee912bbf45202de6287

memory/3040-3024-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/3040-3025-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/3040-3026-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/3040-3027-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22cdd5d2819d73084b1990feaa5a03a3
SHA1 d3a5b1240f229d5929024a647610a900626d669a
SHA256 22fd5aebddea8d69bb92dddef2849071677f28ee3f57a3f4334fc96ae18a5feb
SHA512 3e15409865353d414d5ef24b4330a5234a939286c8f9deb36098c7e999679de8abedde2141a5b5e4af2a6c35c2b6d5cd62c75a1a658138e6246856977ad81250

F:\d92c78b14adba5270a94\TMPB180.tmp

MD5 ae21a58bf369355a47e410d4c12f8268
SHA1 82ee9f591bf02003c9d3402c14017f0e50e58d32
SHA256 605ac363fa1ea76b2a7fe6148c6fdeb3c524570a143771ba0e3edc78f32c8e08
SHA512 d8a5dc4608e3390d307a62986f78a486b021efe9c389b32db889e8b684b96d9f9a122f25533936fc42422ebef195d7d1588b770f3d6d21d89fc668d5b9498a0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 289009e69a4ce86213d6713be1b28d41
SHA1 239bb2348097e8450535107da62d1ca221baf7c4
SHA256 78ebcfed2e3ca263fb67d04dbf8b123cb3cf12b82eb58aaf439d865d6ce403f8
SHA512 abb2f32acf798a21f8b4c774acb73c2b483e2de21d694f91f1fbfc72bba23875f7ece22b7cb2501f24d5648d1974fedcebb0718476466320033685a999e32099

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d31a842443206ccdc07cff4780e21da1
SHA1 94b5f742e73f90bc201309ec1c39da51024cf9dc
SHA256 38820dc7031686a481d1cb78b609f2a580dfeb28375c82de6d82bc36afbaa52d
SHA512 6d389f5ce48e23c7190b9c345bf56db814e3fa268e1f71ee84b2082a4e797e8b03e7e776728e1d4c0eb5a3dc486313aefe0d717df81e7c1ea77decdfaaf83748

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7a4cfec442f70d7df380abaa77e3dc0
SHA1 59dd0774961e8a793c214cbdaab8419926fb2435
SHA256 8b1312f405d1ba1b07ff2c44be6fb750c8680bc2869e634dfd9cab3a0c4be0f5
SHA512 d80ed28adea2e76271f410517716f27ea759a7e23fd9ce7beb37acef013a6d70d78a462c858c9b0312f601998dfde8f2a1f11514487c950b3b89beadd3cb905a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfe1587c06b2a6b96297cd9672b21d20
SHA1 0aa04123608d7a229e2b54d0a09f07bdb018928b
SHA256 6d12246b129c48067bca38e3de4beabc9632837e73b8af091808d21300e2d8e3
SHA512 2c42183b519c830d5bd3d9a441fdd0a3ae8c61395094fb827d398148688d1fd2039a9ea668ea5a3aea52f76f9224589b07992ff74304edd68b8d7fd97c91f651

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3016f0e3eb160a270423734177fc58e0
SHA1 179a3e816b2528dda04e9fb8ec470e98db30455c
SHA256 529dbf467fc630025a7ab530bb740b1ebe7739ce8e7e2a7ae7b3e4cd520b5dbf
SHA512 629e8ac90a8a85d5faedb7dabc1795753edd159a8bbe7e1ac29e04990ee36ed56e7a946e5e9eb35d0be95a238e504aec0ccadf0577a330d76db4b53f4345eb3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 425a36462a2943651394667097f7e690
SHA1 433c2ade17c49cd61519474cd3d7946d9ec8a32d
SHA256 8c52389db08f26b1399b778baa518f7c5c6b990a00052ccb446049fa23c66bc5
SHA512 a1b936176941bf66f4e1c7be8a786a2269e18d3fb4f71aa3248d822f56ed473d552070fc47a7ada94a597ca10871eafd44ecb462f7c3bd38fa6be6562aa88f55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e4062a98713c17a15064aa235909aa7
SHA1 f9160b9cc1ccf5543aec29c11160b258687ccaa3
SHA256 07973ee127430a811a65f7dcdc2fe183efe524011d3f5fb87a6636bbb2a12d70
SHA512 e13d0fd7d5f1dab6a450b4d3a60c677a800eda66d99b41440d157510c94cf33202f07fd9e54ae9047d543b8118a9a877712928d05f7a3fed2ca2459485a0367d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0da05cc8a568f2e6325463b938f5c15
SHA1 62f83e00fad4c88ccf0c3f9b0541374ec4e23a91
SHA256 70318a7aa470528ccd0afbabdc70b3735a3096a31fadcb9513a6d45bf285fdbd
SHA512 1b87c2e275ee9aa9b290d589e90d207122438ccf3004a42393d3076b8b92eab36fd365dac24f124aa53d865841dd4d64709a68403fce6bbf1e0ec5f397c89e69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b166d9fca55c5367fd9e2aff808a4043
SHA1 8dd93e7e71097c8754be915ad4c406966801e20f
SHA256 66682a5042e08408cd68dded57985970fdd262839c1d110c07ed18ef1e2dc938
SHA512 aa12a6c21d43ecea22ca556737d2f682345e7a07d6696f02c04dee694e455d620f71a7207e46668b963e5e4c2e8c8ae1acdfcb13e60d48613b8f11de65a8ba04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7454e00902c15a39422cd20377389f5e
SHA1 0aed1c2e12330f29ae40c03a2bf2ad4f323bd991
SHA256 ad0e33787d66742563f0a32cb6693e78a8a807e74482c0706c8b872d5d6161e4
SHA512 1f5244d62af240b4c8919ef2a3b88c358b6917afb837da1cb1f6f80ca47cf58fab51d45af2d48a250f0bd43e78ba8a832a399e9b1b29b0a594b4af2c2b2b4288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4926745b6ef2415ca9888af0fbc5618
SHA1 a9fc183cfdb30616e4d4999ffcf77a7546acce2f
SHA256 37de1df27b1f4ce66e6c0b92d1ca8a0a67cc1c4eebb197d2341291430bec34cc
SHA512 422bd4e862410bd3425094c2042d8684491cf2dbcabc5a437826a74fee49db9fca7ffcda411bbe7e3ef82419b4d23d80cf1be51da226b498d0cce41bf8620954

memory/2124-4139-0x0000000002B50000-0x0000000002B51000-memory.dmp

memory/1352-4140-0x0000000002760000-0x0000000002761000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:36

Platform

win7-20240221-en

Max time kernel

1800s

Max time network

1815s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\OptionsForm.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\OptionsForm.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:36

Platform

win7-20240221-en

Max time kernel

1559s

Max time network

1564s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Passwords.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Passwords.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:39

Platform

win10v2004-20240226-en

Max time kernel

1517s

Max time network

1175s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Passwords.dll",#1

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Passwords.dll",#1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 207.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp

Files

memory/3084-0-0x0000022785C40000-0x0000022785C50000-memory.dmp

memory/3084-16-0x0000022785D40000-0x0000022785D50000-memory.dmp

memory/3084-32-0x000002278E010000-0x000002278E011000-memory.dmp

memory/3084-34-0x000002278E030000-0x000002278E031000-memory.dmp

memory/3084-35-0x000002278E030000-0x000002278E031000-memory.dmp

memory/3084-36-0x000002278E150000-0x000002278E151000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:39

Platform

win7-20240221-en

Max time kernel

1560s

Max time network

1565s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RAPP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RAPP.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:13

Platform

win10v2004-20240226-en

Max time kernel

1379s

Max time network

1159s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Bunifu.Licensing.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Bunifu.Licensing.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 50.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 189.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 197.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:14

Platform

win7-20240221-en

Max time kernel

1564s

Max time network

1570s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Newtonsoft.Json.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:15

Platform

win10v2004-20240226-en

Max time kernel

1790s

Max time network

1802s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Newtonsoft.Json.dll",#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3912 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 192.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 138.91.171.81:80 tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:32

Platform

win7-20240221-en

Max time kernel

1562s

Max time network

1563s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Manager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Manager.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:26

Platform

win7-20240220-en

Max time kernel

1560s

Max time network

1561s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HApps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HApps.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:27

Platform

win10v2004-20240226-en

Max time kernel

1373s

Max time network

1172s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HApps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HApps.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 42.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 207.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:30

Platform

win10v2004-20240226-en

Max time kernel

1496s

Max time network

1187s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HRDP.dll",#1

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HRDP.dll",#1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 50.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

memory/4712-0-0x000001AD92A90000-0x000001AD92AA0000-memory.dmp

memory/4712-16-0x000001AD92B90000-0x000001AD92BA0000-memory.dmp

memory/4712-32-0x000001AD9B180000-0x000001AD9B181000-memory.dmp

memory/4712-33-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-34-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-35-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-36-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-37-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-38-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-39-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-40-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-41-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-42-0x000001AD9B1B0000-0x000001AD9B1B1000-memory.dmp

memory/4712-43-0x000001AD9ADD0000-0x000001AD9ADD1000-memory.dmp

memory/4712-44-0x000001AD9ADC0000-0x000001AD9ADC1000-memory.dmp

memory/4712-46-0x000001AD9ADD0000-0x000001AD9ADD1000-memory.dmp

memory/4712-49-0x000001AD9ADC0000-0x000001AD9ADC1000-memory.dmp

memory/4712-52-0x000001AD9AD00000-0x000001AD9AD01000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 8118c31247caa137652ada498c90b14f
SHA1 2bf130da1c3240060859f2456e3f3a40aa9ea851
SHA256 4c23e3d2e46923cb1a68f5e6ea85b3b6ba8af3114079922f6b481b1cfcfcf9d5
SHA512 9e76ce2a116b5f0c736c187abb2a4754a4c96f25405f76935043dc8a4eba353e42f9150a3784dc57c7be2f2e97d7463cebe5dbff8b568255abec6d7a3b7a3997

memory/4712-64-0x000001AD9AF00000-0x000001AD9AF01000-memory.dmp

memory/4712-66-0x000001AD9AF10000-0x000001AD9AF11000-memory.dmp

memory/4712-67-0x000001AD9AF10000-0x000001AD9AF11000-memory.dmp

memory/4712-68-0x000001AD9B020000-0x000001AD9B021000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:18

Platform

win7-20240221-en

Max time kernel

1561s

Max time network

1568s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Chat.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Chat.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:27

Platform

win7-20231129-en

Max time kernel

1561s

Max time network

1564s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HBrowser.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HBrowser.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:35

Platform

win10v2004-20240226-en

Max time kernel

1386s

Max time network

1180s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Manager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Manager.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:44

Platform

win10v2004-20240226-en

Max time kernel

1384s

Max time network

1177s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Ransom.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Ransom.dll",#1

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:16

Platform

win7-20240221-en

Max time kernel

1561s

Max time network

1567s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Camera.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Camera.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:40

Platform

win10v2004-20240226-en

Max time kernel

1382s

Max time network

1162s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RDP.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:26

Platform

win10v2004-20240226-en

Max time kernel

1698s

Max time network

1170s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Chat.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Chat.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
GB 92.123.128.185:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 185.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 199.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 42.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 207.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:27

Platform

win10v2004-20240226-en

Max time kernel

1381s

Max time network

1180s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HBrowser.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HBrowser.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 195.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:27

Platform

win7-20240221-en

Max time kernel

1559s

Max time network

1565s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HRDP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HRDP.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:40

Platform

win10v2004-20240226-en

Max time kernel

1376s

Max time network

1169s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RAPP.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\RAPP.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 184.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 68.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:30

Platform

win7-20240221-en

Max time kernel

1559s

Max time network

1564s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HVNC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HVNC.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:30

Platform

win10v2004-20240226-en

Max time kernel

1584s

Max time network

1176s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HVNC.dll",#1

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\HVNC.dll",#1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 50.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

memory/2824-0-0x000001874C240000-0x000001874C250000-memory.dmp

memory/2824-16-0x000001874C340000-0x000001874C350000-memory.dmp

memory/2824-32-0x0000018754920000-0x0000018754921000-memory.dmp

memory/2824-33-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-34-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-35-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-36-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-37-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-38-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-39-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-40-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-41-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-42-0x0000018754950000-0x0000018754951000-memory.dmp

memory/2824-43-0x0000018754570000-0x0000018754571000-memory.dmp

memory/2824-44-0x0000018754560000-0x0000018754561000-memory.dmp

memory/2824-46-0x0000018754570000-0x0000018754571000-memory.dmp

memory/2824-49-0x0000018754560000-0x0000018754561000-memory.dmp

memory/2824-52-0x00000187544A0000-0x00000187544A1000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 49bdbff58762c8ee6a29e8202717beb2
SHA1 3013053cae673a760c479aab96d690ed2a4e509d
SHA256 a6d18eccb39e4f97bd5e88b66e0953d3b6d2a6508ad2b95dd2651b8840c0f9b4
SHA512 0d06ac115e0b1a7a46442783428952ff97353bac3ba63d9418f7783d98a5c577f2bb6a632a89e7d35785419aa39cd676570f6239a44867a27e1f659e3e32112a

memory/2824-64-0x00000187546A0000-0x00000187546A1000-memory.dmp

memory/2824-66-0x00000187546B0000-0x00000187546B1000-memory.dmp

memory/2824-67-0x00000187546B0000-0x00000187546B1000-memory.dmp

memory/2824-68-0x00000187547C0000-0x00000187547C1000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:30

Platform

win7-20240221-en

Max time kernel

1560s

Max time network

1562s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Keylogger.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:30

Platform

win10v2004-20231215-en

Max time kernel

1167s

Max time network

1169s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Keylogger.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-03-17 14:42

Reported

2024-03-17 15:36

Platform

win10v2004-20240226-en

Max time kernel

1478s

Max time network

1170s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Options.dll",#1

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\Plugins\Options.dll",#1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 201.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/4520-16-0x00000214F6880000-0x00000214F6890000-memory.dmp

memory/4520-0-0x00000214F6780000-0x00000214F6790000-memory.dmp

memory/4520-32-0x00000214FEBF0000-0x00000214FEBF1000-memory.dmp

memory/4520-34-0x00000214FEC20000-0x00000214FEC21000-memory.dmp

memory/4520-35-0x00000214FEC20000-0x00000214FEC21000-memory.dmp

memory/4520-36-0x00000214FED30000-0x00000214FED31000-memory.dmp