Malware Analysis Report

2024-10-19 08:42

Sample ID 240323-2j3fzade47
Target https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe
Tags
revengerat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe was found to be: Known bad.

Malicious Activity Summary

revengerat stealer trojan

RevengeRAT

RevengeRat Executable

Downloads MZ/PE file

Executes dropped EXE

Drops startup file

Uses the VBS compiler for execution

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

NTFS ADS

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-23 22:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-23 22:37

Reported

2024-03-23 22:40

Platform

win10-20240319-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557070833810586" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3144 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3144 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbca3f9758,0x7ffbca3f9768,0x7ffbca3f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4916 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4852 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3776 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 --field-trial-handle=1840,i,621462791758447111,18064913436125608493,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
NL 142.250.179.170:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

\??\pipe\crashpad_3144_UFRHLCRMFBFGNKDZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28714f2fdd5058d6cabe725850e8240b
SHA1 da4219db7c78690df7450e1d13b2493b5083cb24
SHA256 c440e2b11102cd82796f8c710c7ed8ddabf9e0f3ca5b4c225cbfd2aec281d6bd
SHA512 046631d3aa7756827009175f081899f4e36404df2e724fcd5a5739d04098d7e9ce3ca9e0a3c7b1d729880572bde307cadf1a90aceddddeaceb502591a95370a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00196538587421a905c55a66e26331b4
SHA1 ed3a84072e6ab8911ea900dabf420d8f6f789728
SHA256 ad96f25f2510cd227f5724c9bf49916d52974c187dc587f71b6ab906496f6fe1
SHA512 7652db7a3d950850aa14879bcbb62ffcc126785e5c257c8d9ee6bb99db34010604405b086861e93e077f5a6d001f33dbde14f9cb7db3a0d4897e2d59ea3bae18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 406f9b991593ada8465d80318c5e17e0
SHA1 578106abf82e53ef521f5a61cdfa93ebe10b1d91
SHA256 26e4f722e9b1d6670c940f94a874fbf7b7e17cc282713bba2df4fbf87caf2b03
SHA512 b21963c8753729076078250521089ef7179e1701fdb64e522d420976dc58de572400d5a22b8f3eb3ad3ab06603d3146b3a3834c21e69984172923127894ce895

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3537a36e3343f2e3809ca4421f1a7e07
SHA1 e534f439c78210c18ba86a1706f024103a25e786
SHA256 bb4ec04e4eb6483ad4c68aec8ceee915d42d0faaeed78d4ca94fcddeba35adb9
SHA512 a942d168910695723587e27f152e9686e1dee522d95c781e0fc794afae4c644a9bca718f4a5d7fd3ac39ab65ce494d32102b175463954a34726da433695318c3

C:\Users\Admin\Downloads\Adwind.exe

MD5 fe537a3346590c04d81d357e3c4be6e8
SHA1 b1285f1d8618292e17e490857d1bdf0a79104837
SHA256 bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a
SHA512 50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4821bf108568175a83c057c1aa166278
SHA1 12f49311fab3704adf021f0e6bfe6826cc94c5ee
SHA256 4adc912c8bd28bbc3ab7ebab7425964c7eb770018b64de4a6407f85cc687e582
SHA512 bb067226a3f2176bb020c49cbf4278b28eff680e0a11093eb406a2196f11dad3ef06e139b7710aa6b68b530e0016ccdf1460ac1f2e0fe9709a534ba36ded4275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d897de3ed8f855c7fda29ba7792886a4
SHA1 0637ca7fba554e294e9ddeae71f2817185390120
SHA256 68531a19147c440623b64d5c2f1e087b3b67330ecf69f3d060c5058f8497dada
SHA512 ae779d04076333f5706e67b821dd857289fd9278f58d3d91271860015d3ed7fdf430b9fd0ea24bd8d8a418dfc0c4e4c964bbe3cef850793b1ceadbc6cb11837a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d5c7b5e0cef81acab3ae0d5aab0b5a2
SHA1 b3a8d1d6af9417f64048876aa80854d7672bc43a
SHA256 87f838b8447b065b05979d778e484c76e0c3aa17d68def3fbdb49d76cb4355a0
SHA512 f580c5109c5fc4c28a41a9a53d3148420d42d568693303917f60a246109164baa8d189efc85a18317c9758708ab10f3e6b863dd99ac9598e3f7d57049adac267

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd7257f1134afddc506f73e53aff1171
SHA1 e94f1ef3414908ffe9733101549718c2738fbed4
SHA256 b741369c2d52ef75ff31e63953b95953243454678ef172bad5c3aa3b0b5b302c
SHA512 b94e2eac144f2c8e66f203e23e2c873c3e7010946fe1b6af823f998d12f52ef1c574dbdd8b902995cf8f47b07768ba7062aa8aa150341a1b17e3f6f7edac92be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0186f3fee4017f7581901be3fd556a0c
SHA1 6f5baec6c5e12b1f57449be789765b5d19c548d3
SHA256 d50823cde00381f83f2f776a2b05f9c781c61e2c9f0084d5a48c8022a3d61b26
SHA512 ef16ff86ca5bc26252a378a09537821357cbea56daa3a4291b76b5bde7315f9e677d7f46e9d3dfa75a79f9ed9970756eb320f91060c575eaf2c7a75952521622

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6c5ba6c15570bc67439d5e0e2a97d878
SHA1 4c1fc61bdee287b9c836b346c43d0a0d1518a3b3
SHA256 2c6238e9a1199c6e992aad9488a504d654afbf97c91543d33cd5c97662365712
SHA512 17ace0eee8160b17cdd518a829799f93b415327cadc8aaff2e4c16884f5e2d1cc5cfd06b6dce013159f112d380bf2616d23fd538325f3e1fc370ed35ecc549c9

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-23 22:37

Reported

2024-03-23 22:40

Platform

win11-20240221-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe

Signatures

RevengeRAT

trojan revengerat

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:Zone.Identifier:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Uses the VBS compiler for execution

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557070778865663" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Adwind.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\RevengeRAT (1).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\svchost\svchost.exe\:Zone.Identifier:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4440 wrote to memory of 4640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4440 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/Adwind.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd76a69758,0x7ffd76a69768,0x7ffd76a69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4952 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3460 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=832 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1796 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4680 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:8

C:\Users\Admin\Downloads\RevengeRAT (1).exe

"C:\Users\Admin\Downloads\RevengeRAT (1).exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5744 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1bqmqzcz.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES361.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc61E0F8E8B5E442A9B5DE314F3AEA2CF.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vh4kyi_d.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES42C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB66BD05DC7B743ABBE10AAC1E6DB95FE.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\roxmsboq.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4C9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc927842EDF3847D8A5A3B2E1325E65C6.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pevurp3f.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES555.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc223E487D175E4C5BADA2947243FE7389.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lkgryhvd.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5F2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6592B02B8F3F4FCA8C7E7EC232FC727.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\c8xkawj3.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES68E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5CBEBE893BCD491185FEA8B7B7172E42.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fclddasw.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES70B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2EC8D42B422849998A45F6AF1037FACD.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uzewnjbg.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES797.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAECF094127584FDC9B39D83325211E9E.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tengqr84.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES824.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc78F8344B42D2402DB24F2592EEF9CE3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dhloguo3.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES891.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA80551F28950453882102BC2165273F.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cquw7ost.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES90E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc19B88AA9F586439A9231844E8976D81.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x1y6nkyt.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES98B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc46E16C5E689B49BE81CB78321F119E30.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\j2fzo-pa.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA18.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8B54D4A6F8DB45B488835C6F3D1E280.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vynq7wgh.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA95.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc11B82313779540AA9B72EC291378472.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2bbyx7yr.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB22.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE2A1E10E312A41B89476732599B9B7BC.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x8i4ga90.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB8F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF5E253501D1E40D7A7A9B5E636F1B1E.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jkhp1hvt.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBFC.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc925BEAD59CFE4C88A8EC8DEBFDAAC2EE.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\b9lbgh0s.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC99.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6D24491082D54FF984DCA2BDAE597B39.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\umavopk3.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD16.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4E7F5B7972F648C5AA4E6325828B48D1.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xyqadjnj.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD83.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB85DF25D54BB43E195D69B28D0115739.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rgozn2rm.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDF0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF4F5D987DAFF4128B8AF8014F648B4BC.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ya3-wo5g.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE4E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAAB9238053564009A3CF9B88770428E.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\b18amtrp.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESECB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAD1B5636BCE4DA78A733B3289B8F4A1.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hp0c2llx.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF58.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5398EBEAD434158B867EC47AF2FFAB6.TMP"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3124 --field-trial-handle=1816,i,1639954072201184362,1574065475113731406,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.5:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
NL 52.111.243.30:443 tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 3.13.191.225:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
DE 140.82.121.4:443 github.com tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
DE 140.82.121.5:443 api.github.com tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp
US 3.134.125.175:19521 0.tcp.ngrok.io tcp

Files

\??\pipe\crashpad_4440_CJQCTILJOCPRZKHR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bd3a9362e3b1428050fec400f376c36c
SHA1 8f43d6f266815d20af92ed49820f27c1729c18b9
SHA256 da9e6a7334e5c96fec081c5320ddae6dbf504c10c0208db56af7ab90e0ac1568
SHA512 5f4979a1442cc556dda43ce1be37028955870e6ec2279740729bc1bb3fd1a5bf5a7a4ecfc84abff3d9ca87b1b5e168a7dab012a173fe36a9957fed6935ac6fcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 718b45ba6c56c6fe665eb8a3f9da9bc4
SHA1 d4852881b5e66d96b8cfa5dd74e419976ba9b147
SHA256 c6debc07db9858b1f8a83cc83111bbaa9e2867d351e70a4c7765d39e7936e872
SHA512 669f3d89d463c658308924a8c9cd070ed4460b4acd9e7be33c0b798eaefc648fd59d87baa6033d488d1f0f779766a5157f8d7a439ef0171517883af7b92d8117

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64115210f5882d5708bf85532fa8088c
SHA1 e7b55d2170590a96b43440b7944ed79faf0d5225
SHA256 677b89c5f492b327307db0a5f9230866af6b2eee14d7a3148a4fbe18f2d99508
SHA512 baf4061aa3833d9da71877df3a1cb3683b69585c4495b1f1b54ca6122be8a0b06c20f2fbd0f343a4040087d027551fca84ff52246f8024b7e96b61f18a4b1c3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a296ad5fff04f9ca0c6a7aef272caed
SHA1 c559dff829ffaf4b53f02efd5ea01963bd90af9c
SHA256 14439e2401db56543c8821cbaab999af4284fc05bf190a28634b0ac0be17bfd3
SHA512 c4dd7c1490c98524af1b911c4a61ef2ef09dff7c10d7ee2197c3b20f2cb78dab6192a43c630b7b1624f22ce54b8e9482dc4e9fd6bbd4075664d2b1361c2b28aa

C:\Users\Admin\Downloads\Adwind.exe

MD5 fe537a3346590c04d81d357e3c4be6e8
SHA1 b1285f1d8618292e17e490857d1bdf0a79104837
SHA256 bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a
SHA512 50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e84ff35b3099f7fe8114124b9fd0b50
SHA1 23ebb9360e9de2ecc6350a0a0ae0505b9ee5495c
SHA256 288853d48bd6b086f8e5a87152ededcf3fd307d1dee9e426c08cc3ad9616abf6
SHA512 468313b4c8964bf5a42cbe00ae4bcf2c7f7ab2f09036ed54e5e9d7a8652b020081be68593224a3a549f80e810c599b8e20e1b5f9c5a19374ce5a4945f97180f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fe37209945f354dfa644bcc27b400434
SHA1 dd5cff1f3c1e04bdbccb7fa70a38802b12100bb0
SHA256 701bf70664e614b81f851187eb23a4404bcf868fbea8d332ee99832fbeae2ad3
SHA512 65b8fcaa741fb5334f2e82b85502d5708b9eafd9a15935b76ab6842c7182b45384f5a41cf6f26f1c8b41cb2f6d459216b061114610fa59b9888924ca1a7fcafc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1628af88c37c3a2298533a1f29e1426
SHA1 1df529ea48be6a229696258f8d3c9248bae1be67
SHA256 4ed0da0c1e7df585607158e5a8563868c15fd21ee8989dd7e65f3fa51c9fbb9b
SHA512 113bbf937361d2399a35981a1723ad3fe6fa4eac263399230e5b5a49be0e1206fa99f38a1143506a691354f1a01e7089ffe266e97422002504e8b19f59eaff01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e8a018d435051900ba83a1ed83932c2e
SHA1 49666364a5f31b1998d9b81fe7a3c2d8b5c28783
SHA256 2b9ff3697efdac5907add76f294d7b95847882ddcff0e1961616f5c8508ca076
SHA512 eb9702423490d6ecfdb32faef793ab6e56543f1df587b1ca870440a1e102c6461f9eda1d5ba3bd2fad2b8b3f1f811dc88017d5d75e6a1079c3067f7b5c3194af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580450.TMP

MD5 7d7767c9d0906feb09e9d798166783f4
SHA1 5724a4e21755608c87654d94e8d63ab589039ca8
SHA256 d8906e383272f50223d930c3d2ff8a458040eb95b2c202a99e6bfefee624f2eb
SHA512 07535201e274f22f289ae65af4a49f730d6588f5ec1b5e9ce2d7b59f6b22648325cdcd5eddbc36136e3237970b0aa794b859ce71c29fe9411896d648249542c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\41f43cab-13c8-4625-8b7c-54c1c2e3fa01.tmp

MD5 c5266a5cbd639e57c0c18bc53932245d
SHA1 b586a36010f22999f99398ccd14292570e6fc1f9
SHA256 e1dfb20c948dbda74da8a0248ea7e1ff298acdeeaa9751e7c630ce05f9cf0a35
SHA512 7f4c8b93208a498570cbaf511a3a392ff642fe114922da6c0024ed591538f353b9a74050f245a76bc01eb7036e0a2f3d9d6dcffe3a9f77eb3c5fa640df0c8aef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 088d0e06c8c6df77f22383baa1946639
SHA1 1a300f9cdf965014efcce62acf507220838f72ee
SHA256 15bd2a308f7afc6c01f6bb3044b52db25256c3a0f5a510732730ecb52520d530
SHA512 ee5a8ac4ecc7658f9df1d51c0523305d15c27cac0f555d0b0a2c0d1e54740bd06331698c05e230b4fa20be56c7588d03a21b1ea7dc6dd8a42654831207d9f878

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a51a5b7e62a7e6b4950e6ad21a252e3a
SHA1 6283ecf39c4febafbb4f2018ae876de9d39fd816
SHA256 35802ea6e46cbc6b198998f7498c2800db8891ca5266d2e9baf9d8b431ea849e
SHA512 58bcaaed35eab7f731f939621367ddcafefb7efcf49ec36473889309718189551aa569d46d0170e9bf5c9b1f94f73a8f206b9ddd8fb5c96311f0a3c2f9b3fbd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 027a6a6f240c1865eb8f6984cb3b0ded
SHA1 b71296b03ae8173867bc48f6d941a882cf3187af
SHA256 e7f83d1dca8a578c7c109bbce04d57082a622fa80c28255ce69b795b008637e1
SHA512 054c8e5d9e968f6b009b0cc6f70a30f05a508991057db5ed84f9460fff3146e0cf0856e8a29c77542dd64e8f899b13f6a35df0d127c74ce70684a302e99c3d37

C:\Users\Admin\Downloads\Unconfirmed 485364.crdownload

MD5 1d9045870dbd31e2e399a4e8ecd9302f
SHA1 7857c1ebfd1b37756d106027ed03121d8e7887cf
SHA256 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885
SHA512 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

C:\Users\Admin\Downloads\RevengeRAT (1).exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b50a3d6fa81572faabd98b769659eb02
SHA1 2929d125a78f3ecf070892570a1560134a84c45a
SHA256 e11b2da0a2430fa283fccea655c1caa55bb5b9cb5f54c1d962b72b96c2ae0f1b
SHA512 ffc034b12fd279438e5dd7664d5ed3137cf2f1658553660e729b651c61c61dd497abd25c002a0268bf5702c048ee91daa4d2561bea7919189f4f7a92e773349a

memory/3960-283-0x000000001B890000-0x000000001BD5E000-memory.dmp

memory/3960-282-0x00007FFD62860000-0x00007FFD63201000-memory.dmp

memory/3960-284-0x000000001BE10000-0x000000001BEB6000-memory.dmp

memory/3960-285-0x0000000000EF0000-0x0000000000F00000-memory.dmp

memory/3960-286-0x00007FFD62860000-0x00007FFD63201000-memory.dmp

memory/3960-287-0x000000001C4F0000-0x000000001C552000-memory.dmp

memory/1432-289-0x0000000000410000-0x0000000000430000-memory.dmp

memory/3960-290-0x00007FFD62860000-0x00007FFD63201000-memory.dmp

memory/1432-291-0x0000000075290000-0x0000000075841000-memory.dmp

memory/1432-292-0x0000000000FA0000-0x0000000000FB0000-memory.dmp

memory/1432-293-0x0000000075290000-0x0000000075841000-memory.dmp

memory/2272-294-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt

MD5 5acbc874379d0d1a2b4b708f40bad156
SHA1 c86f2cb979412a8587833db1d1c421686ffe5759
SHA256 af720af30a0fd7a2348cb79bf3d79b427c63b782e20e1cbb425c54a6fea8060f
SHA512 72b248be50b7281b880a3ae5a2ef0a51fbea88e6ce16ff70fb2f70f42e601cb41659e095305ddab4b139acf5870d0c4671367cc3a136bb5d0f5b093047d8169f

memory/2272-296-0x0000000075290000-0x0000000075841000-memory.dmp

memory/2272-306-0x0000000001120000-0x0000000001130000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aadfea738b4b99a10abc4d585d6bae86
SHA1 cb65461416a347109f64e6e4c5bb9fa37f914fe1
SHA256 338ab8cb69ff563a1cb9b152f9b1a1391ba25a19b7846d9f42871b53ee883fe5
SHA512 5a37d502a45b14752e1a9f0d98e885fe461a5d012da094107065f4afcd2b32f27b1f3b68e6ce206eec183b7172304a1a366331d831e666a90528a5d97edd5733

memory/2272-308-0x0000000075290000-0x0000000075841000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1b3bd1d295d3b4e556f99effd44d3473
SHA1 a003577748a6222603c29e50d70efa476dbb865f
SHA256 975fa2b29ed5adf7c6944f8be455011a9b106fb97cf560e7cb7206095f940802
SHA512 db5553b8172715d617710ca25b499ea308fa333fddf07025f567e600e9f54ba313e9c407cb23165152b908aad9fa6daa4149a5310cc1342417dbf2543c193453

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 5e28e72b443ded036a4cf369d0dda3bf
SHA1 0500de4480a54243b12d096745c6ba04c9479e66
SHA256 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e
SHA512 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ca30de58bdef5b8267f01aac59e4d807
SHA1 e005dc9a4a382678f432773c4ccbf3c13aff51ac
SHA256 8641d7338f52a5fdc4782666c833eeb8f22905b21f43bd2501eb6a1f5023ff76
SHA512 4c92f9b4441b1f5ff7e9fde6e9d668605c53ead64d5add4b8fb6c291a1f21aaf0c64bc5286b347aa6dfccdc5e7ac989113ac6ffae771bc4bfb76c6361db62a20

memory/1432-350-0x0000000075290000-0x0000000075841000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\12a22093-5fb4-49fb-937d-1593a455117c.tmp

MD5 2d995c4a80242be1f97fddde112b0dbd
SHA1 c4bd14a31dce35c893a97bdb99641e3a12bb9004
SHA256 c8835e493cbbf6c10e316cbe298f51336f99021592c3d46ed916dcc0b1790740
SHA512 166d92876a8fd9f194b60b7d6492d74c7aab7fc99612d3dd5650b85eece4a4a7f84ab66ddef8c39aa51da2d1eb7b00102377ebbd085fbc3ba89c75369229b795

C:\Users\Admin\AppData\Local\Temp\1bqmqzcz.cmdline

MD5 edd8649c10da19190361f6527b400f10
SHA1 4b39a1a83a9ccada0f9920c6295b7dfe5b2390bc
SHA256 e68400f3362cb957d31777607b57dee3384a0dad31b59b1702af50d45df16285
SHA512 de910c648e98bd8171a0c97bee038810a352cd6f8afb473e5c105632a1c6f4de791f8d88734438943de9f36378505124ab21503e88c7c4f18a259d8d78c7cc1c

C:\Users\Admin\AppData\Local\Temp\1bqmqzcz.0.vb

MD5 8a280ce703f3d84f1c87d2039cfa73b0
SHA1 24d7d6172c2a210579852e5c40e273a4ab31dd1c
SHA256 6abc297b9266ff140ff94573067be7dded9a27b340ca986d88c21d94cb912dbf
SHA512 3eb698c12c854e22f65cc0e93f37319057f7e1c797ff3faf1fc1c0ae5edbca6c8788605b05662af73d810c390c6050f9cf8efed48e8240097d1222b6bcd3c3a3

C:\ProgramData\svchost\DumpStack.log.ico

MD5 28d98fecf9351c6a31c9c37a738f7c15
SHA1 c449dee100d5219a28019537472edc6a42a87db2
SHA256 39445a090b7ce086d5efb4ac35add13672fac9bf40eb481b54fa87302a3f45e0
SHA512 f5c2458348347798304393fdb5c77f4f7ed7245c0d4c7594deb0113262828cb8e210e7b48a4aa7c4d2fe1e31201b4e326cd60a6f9d4e3ba1a7fbef322dde0971

C:\Users\Admin\AppData\Local\Temp\vbc61E0F8E8B5E442A9B5DE314F3AEA2CF.TMP

MD5 33bbefcdccdaf60eed04963e79a70616
SHA1 05b74d77bb3c5896e6551a7d3008535011667ad9
SHA256 3b19c69d21da8c4db7a7f37f620863990ff449454f483a550aca0064d887e609
SHA512 6d7ec2991563a1f0d9db547d949d42b7db227fe7f65cc3373943024b47867a38d1d3432747cae1fcca7960014a825057b56e8a9a76ba5008f58890a9efa0b8f2

C:\Users\Admin\AppData\Local\Temp\RES361.tmp

MD5 9f6b3033bacdeb7298cc15a886350447
SHA1 fe8117fd498824a3ad5bba05663bd444417be91a
SHA256 fd58de2a5937bfe7497639662226904dd9508660620608a32d398d6cdd6eca04
SHA512 188be803ac7bfa24ef8a8f064eab2c7d7694d7f5f9ac947f2c1b40c8b9d4657317634533d3c073ebb8971fb70f12fdc73dfa8f814f7699362f218ccd321805a6

C:\Users\Admin\AppData\Local\Temp\vh4kyi_d.cmdline

MD5 7f2640538568de48b9a003f21e486c36
SHA1 c491e571468518a4b75217503964531838149f49
SHA256 d18de3fb18ecbb73ab87d2a09cdb9182c47fcd7a0175a8790a752dd2b555acfa
SHA512 3299c68915f9710c2827c944be313250be45751c8ee2c10fea3cbda3da9ca81a08e296403898df4806ff3fb305fc39846c48e8fc8d12d1b02ee1f17b18fa0e46

C:\Users\Admin\AppData\Local\Temp\vh4kyi_d.0.vb

MD5 e4a08a8771d09ebc9b6f8c2579f79e49
SHA1 e9fcba487e1a511f4a3650ab5581911b5e88395d
SHA256 ef4c31d167a9ab650ace2442feeec1bf247e7c9813b86fbea973d2642fac1fb6
SHA512 48135e0de7b1a95d254ae351ccac0cb39c0d9a46c294507e4bf2b582c780c1b537487161396dd69584c23455950f88512e9931dbff4287c1072938e812a34dd1

C:\ProgramData\svchost\vcredist2010_x64.log-MSI_vc_red.msi.ico

MD5 602ddd0c457eb622800ec2b65d1a3723
SHA1 e322f2927b3eb868f88f61318589cdbc9b5e4554
SHA256 6491b2ebfda073e601f99be125c6ce0c4a72162e0995c673605c673581023a82
SHA512 eb0cd42b7178ee205af959b3b811bf85c44343c2e3ead6678ece7bc340fd0efdde3067a583649d12aa2123b555a4cc2a7be7a587fb2874a9f9aa666093df782b

memory/3788-384-0x0000000002520000-0x0000000002530000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vbcB66BD05DC7B743ABBE10AAC1E6DB95FE.TMP

MD5 84e9754f45218a78242330abb7473ecb
SHA1 3794a5508df76d7f33bde4737eda47522f5c1fdd
SHA256 a979621de3bcabf9a0fa00116bcd57f69908b5471341f966c2930f07acfee835
SHA512 32b51e82e505e9124fa032bfd02997de6d6f56e0c0dfb206aec2124199048168ec0f7927a0a289f4653662bdeb5089d91db080019a9556491ef111df99b12623

C:\Users\Admin\AppData\Local\Temp\RES42C.tmp

MD5 35e3699258aa34829dac80e71c925bb3
SHA1 f38a81e08282480774159e290f7c8fae8ec23ccb
SHA256 6a86a2827d1ed1dedf7e5f03906472ce91829af3dc949e922dd7be8d13c32b6b
SHA512 90f3365f7de1bea4a00c55f3ac052bbd68367b87ef4b0dabe389988ace34b512bafaedc0f802e63fe6fa96d83cb48c47233a80e3f56ba330ec23e0448681d1a6

C:\Users\Admin\AppData\Local\Temp\roxmsboq.cmdline

MD5 c1958f08c7d4393aabf3822b06adbc9d
SHA1 6b4d634bdf7c442c4974e356d5c25b16ea8e082a
SHA256 c49feac63702796db8ebbd8e4f73f293fae0bb221f1f8f18a3f4c1601e4933a0
SHA512 51ef12ed1c590bbc6dc4e3ef46dfaa80e46ded74349107512a02c9258cf1c0373458ffd70dc94bcdf4e8abe329274227504f102a188b94bba1e00203cd4434fe

C:\Users\Admin\AppData\Local\Temp\roxmsboq.0.vb

MD5 acd609faf5d65b35619397dc8a3bc721
SHA1 ba681e91613d275de4b51317a83e19de2dbf1399
SHA256 4cfd86d51d0133dda53ba74f67ffe1833b4c0e9aae57afe2405f181fc602f518
SHA512 400ffd60ce7201d65e685734cea47a96abca58ca2babda8654b1d25f82d2766ca862a34f46c827249a4dc191d48f56005a9f242765d7becdda1344b8741a9d8c

memory/5112-399-0x0000000002390000-0x00000000023A0000-memory.dmp

C:\ProgramData\svchost\vcredist2010_x64.log.ico

MD5 bb4ff6746434c51de221387a31a00910
SHA1 43e764b72dc8de4f65d8cf15164fc7868aa76998
SHA256 546c4eeccca3320558d30eac5dc3d4726846bdc54af33aa63ac8f3e6fc128506
SHA512 1e4c405eca8d1b02147271095545434697d3d672310b4ea2ecca8715eaa9689be3f25c3d4898e7a4b42c413f258eda729a70f5ad8bc314a742082b5a6a8e9ff1

C:\Users\Admin\AppData\Local\Temp\vbc927842EDF3847D8A5A3B2E1325E65C6.TMP

MD5 abeaa4a5b438ffa58d07d9459e5c1d6c
SHA1 69631de7891162dd4840112a251f6531feae7509
SHA256 ce174412cb2889bbf162b7ebe4476da5a9c928ba5b13111d338753ccc4c0f5fd
SHA512 c9cae8bcc14661e993d97a3c7b658310a8b9c19044817589f92eab66f1bcfcecb3468b0de8b45cd68e218c23cd9c60aeef1d391af36ec03afab5c8b86d7937d4

C:\Users\Admin\AppData\Local\Temp\RES4C9.tmp

MD5 7424660c51494b860243b9258d432e52
SHA1 0c62f6daaaf9dcb1b20793c23e24b93a32c819ac
SHA256 cf36d11dd7bdb5f4b4a6334fb8bc9f70f7a8cd960bcc753ea7dbc17b34ebec13
SHA512 f064e2dffef2dd384323490bb1c5094b66d402050ca4b86e89646cdfb44477943848db17cc3ff9ac837fe00dc7d3909748155c226e850a18e9c1802b31f22d7c

C:\Users\Admin\AppData\Local\Temp\pevurp3f.cmdline

MD5 f2f64aa052784f807052e0122a479430
SHA1 f1520b07ae88537d399c7a8eee003db8d3bb7811
SHA256 63a233921f0cfdf3a0724f7d1f2afa1fa4ac677af14937b6f51ad90491a9f7a2
SHA512 a19a3430e60949b971898b9c31c9116c6961725400a1cfdc1b850a724e2608a9386977d81032a7da4718a0ee3c33c12ce8e349b07cf476f72f6f2b262dcd0c90

C:\Users\Admin\AppData\Local\Temp\pevurp3f.0.vb

MD5 83f6067bca9ba771f1e1b22f3ad09be3
SHA1 f9144948829a08e507b26084b1d1b83acef1baca
SHA256 098cd6d0243a78a14ce3b52628b309b3a6ac6176e185baf6173e8083182d2231
SHA512 b93883c7018fdd015b2ef2e0f4f15184f2954c522fd818e4d8680c06063e018c6c2c7ae9d738b462268b0a4a0fe3e8418db49942105534361429aa431fb9db19

memory/1296-415-0x00000000022B0000-0x00000000022C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vbc223E487D175E4C5BADA2947243FE7389.TMP

MD5 11cb9aba8820effebbb0646c028ca832
SHA1 a64d9a56ee1d2825a28ce4282dac52c30137db96
SHA256 2a1e197c5f17c60b3085782d3c8c97bd9aa2ac1e3a4a721122c0b5ec56d276c8
SHA512 d227b39d5d67c18703730fd990ac41077321054d4f24198cafbc0b7af1ed6c72e7ef7eb626fb558f9407e11b5b9f0d194237400d248a80560d715c88971ad375

C:\Users\Admin\AppData\Local\Temp\RES555.tmp

MD5 99baa7c50527a43f2cdba38a37538215
SHA1 fda6c4ee008ae802625ca4c4c66777c00db1639c
SHA256 975bf60ebd83835f192245d0ceade0b30957ca659e3378ff5bc955cfe1d4eb5d
SHA512 0e86aabb9987a587dd07369ea6d955b42ddb4c4530e4e8f39707d61fc0f2636ced1045478f4e9ac3b987a3808b945a61e811b97d74143b4be1cefab153849f89

C:\Users\Admin\AppData\Local\Temp\lkgryhvd.cmdline

MD5 c2d6c78d15aa0cfccc20f0cf7919db18
SHA1 7f369f161a2c0f1bfc24fbd89bf425a6596f7b72
SHA256 c5557ff86e103dc7b2ff01b2a31d452adcbeaa576fa7a19d40fc446ed715a1bf
SHA512 6cfd5ec6abf5d0f9a81ad88a44d5c70dc7648939f33872cdef498580780b239cccefd2c051495873b0049282e32bd7d7b8be84221526917181c829a0da3b2f1c

C:\Users\Admin\AppData\Local\Temp\lkgryhvd.0.vb

MD5 6e4e3d5b787235312c1ab5e76bb0ac1d
SHA1 8e2a217780d163865e3c02c7e52c10884d54acb6
SHA256 aec61d3fe3554246ea43bd9b993617dd6013ad0d1bc93d52ac0a77410996e706
SHA512 b2b69516073f374a6554483f5688dcdb5c95888374fb628f11a42902b15794f5fa792cf4794eae3109f79a7454b41b9be78296c034dd881c26437f081b4eaea8

memory/2920-436-0x0000000002360000-0x0000000002370000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vbc6592B02B8F3F4FCA8C7E7EC232FC727.TMP

MD5 d56475192804e49bf9410d1a5cbd6c69
SHA1 215ecb60dc9a38d5307acb8641fa0adc52fea96c
SHA256 235e01afd8b5ad0f05911689146c2a0def9b73082998ac02fd8459682f409eee
SHA512 03338d75dd54d3920627bd4cb842c8c3fefad3c8130e1eeb0fa73b6c31b536b3d917e84578828219b4ffd2e93e1775c163b69d74708e4a8894dd437db5e22e51

C:\Users\Admin\AppData\Local\Temp\RES5F2.tmp

MD5 448fb61b1d4a0571fd77f89f1103ca15
SHA1 28e42698e97bb4844c60a66de8b287869129c13c
SHA256 c7d8d326df06279aed8d21a37e7f1597b4b8ccbd20c40e0e8717cc87921aac7f
SHA512 c0eb78ecda38ac97b3f1479192e3718388a8fd6fc375895b3b014e71822573f40b6c4bc15fa4f7c126a1cad26c18b6bc9e75df16586625e63d54598198d6b802

C:\Users\Admin\AppData\Local\Temp\c8xkawj3.cmdline

MD5 e9cc2f3ad8f1ca9cdca189efe01492d6
SHA1 f7b28e1527cbe53545d7550c0101d2c422e2511c
SHA256 039d0278bf7e37fc6a6def410e1f9cdc7374aff882a5524be3b4e2a9c1629eaa
SHA512 e86b532fde23c6d96c7b5f6418a241e5dd16dbb7f97b6f4f56b98204e179757a6797b28b79902eb4c9d1efe1980d5d17f95a13e90ebbd89c52aa7a99e1418f71

C:\Users\Admin\AppData\Local\Temp\c8xkawj3.0.vb

MD5 197e7c770644a06b96c5d42ef659a965
SHA1 d02ffdfa2e12beff7c2c135a205bbe8164f8f4bc
SHA256 786a6fe1496a869b84e9d314cd9ca00d68a1b6b217553eff1e94c93aa6bc3552
SHA512 7848cdc1d0ec0ca3ec35e341954c5ca1a01e32e92f800409e894fd2141a9304a963ada6a1095a27cc8d05417cd9c9f8c97aed3e97b64819db5dd35898acac3b7

memory/4756-447-0x0000000000B10000-0x0000000000B20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vbc5CBEBE893BCD491185FEA8B7B7172E42.TMP

MD5 4a0d9970022b9e7d0066dea49c7639f4
SHA1 6a576f471355762c7dec0b258fa8268c06b352d4
SHA256 b9fc51192ec614b38899c981eb6cfe47429047df1af56226e87da01f95089cc9
SHA512 92bcbbbbade44c91abe5bc4b4633892036b19ea6b0c5007a98ddc102aa41dca5d83568a9a243060a9a5153fea77bf7a56c7612d80881341358b1dcf190d42c48

C:\Users\Admin\AppData\Local\Temp\RES68E.tmp

MD5 2a3cda67c9012ab13eb08f7051f4f875
SHA1 9ef693baac8e89982333bd576caa1b61df2cc865
SHA256 3605ff4e5bbcac8adf98ce0db1953c3c00b14a2e27fab96158fda411ede88789
SHA512 981188f415575019cdaf1d88db76da636348c1f61425747c4284fd9a1c1c1b64b3d41e9bf2a874f4ca964a76f4182a0c08e196b309dbbf7493e38b804c432219

C:\Users\Admin\AppData\Local\Temp\fclddasw.cmdline

MD5 adfabf97af77b88e85518d7b88d33010
SHA1 5d6c4466c859aab3cf66f9982f41dc81e40500b4
SHA256 dff2e07abb80def9b27625d1d1e3cc1d5ce68fc8b30704c131c0ebcab8f0f55a
SHA512 e2876fd5e4d2050bd5b56015999d90320ee22f3ee37c1a53fe66833bb2c8948a66f3bda2316ae337b2c3d4192052ee9c761620e4c58ac96bd976ad0d704a0189

C:\Users\Admin\AppData\Local\Temp\fclddasw.0.vb

MD5 7a8e43324d0d14c80d818be37719450f
SHA1 d138761c6b166675a769e5ebfec973435a58b0f4
SHA256 733f757dc634e79bdc948df6eff73581f4f69dd38a8f9fafae1a628180bf8909
SHA512 7a84dbe0f6eebdc77fd14dd514ed83fb9f4b9a53b2db57d6d07c5ff45c421eac15fdc5e71c3bc9b5b5b7c39341d8e3157a481d9dacefe9faff092478a0cea715

memory/3624-463-0x00000000023A0000-0x00000000023B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vbc2EC8D42B422849998A45F6AF1037FACD.TMP

MD5 0d43c4212c75578ea7eeb11e292cb183
SHA1 30b2ba3ad685b03fe365fd5a78801f039c8cd26c
SHA256 c6eb948ff4f2359dce5d80890ea50516c48a6599fd522744ec0dcb5da8da7495
SHA512 1adc9f10811af124048c36c9f41b48c3e777b6807aa61f148f52448d79d3eaac533fe4b9e7f887c6ab64cf99e9664113dd7fbc98353a1b57fb98db1d7f865b25

C:\Users\Admin\AppData\Local\Temp\RES70B.tmp

MD5 ce34cb61d9f510119bb0d643e2f061cf
SHA1 65de753a656698ba36395deb3970b0bad2371189
SHA256 469ff5280946b80d045e2a04b4406d1dba9cad0ad44eac9959dde4f09bcd2cf6
SHA512 d323b1d99af8192d66ffa4b3a64fd264643d6426a0a3d312983a55cae4f10c60635cc8dabea6941b46ce8196efccb112a443bbc8105e72d8b23eed6ce29239b9

C:\Users\Admin\AppData\Local\Temp\uzewnjbg.cmdline

MD5 ae24b2dbe5c3ce3b9a7bdada762a1339
SHA1 91dafef243cb7dae304146e23d2c0ddf0b6c5cdd
SHA256 f2a8b1a077c8aa9458ccdbdc2cc6717eb00f274ab9a8b8f0971b4f5283bb4876
SHA512 01e9f596c03ab7e82404e508226bb14be4a10a3ec72d628798c7d6b5d0379a3b3e0f9e551e40971f934cc8a0a5973a4c6e417cef27527678630142d6da6f90c4

memory/4924-479-0x0000000000AE0000-0x0000000000AF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uzewnjbg.0.vb

MD5 7d0d85a69a8fba72e1185ca194515983
SHA1 8bd465fb970b785aa87d7edfa11dbff92c1b4af6
SHA256 9f78b435099106c2c3486c5db352f7d126b3532c1b4e8fe34ef8931c7b8968d5
SHA512 e5ef339dc329dbba2ab06678a9e504aa594d2f21ade45e49bccd83a44a76dc657f5f44dcf368f4d112bb3b01af2e577a487c6078751943770e90780fad202989

memory/4600-493-0x0000000002330000-0x0000000002340000-memory.dmp

memory/336-504-0x0000000002400000-0x0000000002410000-memory.dmp

memory/4404-515-0x00000000023D0000-0x00000000023E0000-memory.dmp

memory/3568-529-0x0000000002460000-0x0000000002470000-memory.dmp

memory/1076-547-0x0000000002470000-0x0000000002480000-memory.dmp

memory/2536-558-0x00000000025D0000-0x00000000025E0000-memory.dmp

memory/4616-569-0x0000000002550000-0x0000000002560000-memory.dmp

memory/3780-580-0x0000000000AB0000-0x0000000000AC0000-memory.dmp

memory/2436-591-0x0000000000C70000-0x0000000000C80000-memory.dmp

memory/2392-610-0x0000000002740000-0x0000000002750000-memory.dmp

memory/5032-638-0x0000000002550000-0x0000000002560000-memory.dmp

F:\svchost\svchost.exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

memory/3004-651-0x0000000002510000-0x0000000002520000-memory.dmp

memory/1432-676-0x0000000000FA0000-0x0000000000FB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d55485a081480519de1b9db6692b3043
SHA1 018aeb4c48a59c95716d17cc0e0e432869f15d4e
SHA256 5615e1324013a9e5e82fbcf56b3dec98ea988b5a53aab84c55b4ae22366feea0
SHA512 f6657235a5767ee8fb02ca672bc31edead168a476080e0e1b79d060812dd56712703550e36c2e13e61aa6003f7fbe35da016166472d2223d3426c06c1dd20087

memory/2432-690-0x00007FFD62860000-0x00007FFD63201000-memory.dmp

memory/1432-691-0x0000000075290000-0x0000000075841000-memory.dmp

memory/2432-692-0x00007FFD62860000-0x00007FFD63201000-memory.dmp

memory/2432-696-0x00007FFD62860000-0x00007FFD63201000-memory.dmp

memory/2484-697-0x0000000075290000-0x0000000075841000-memory.dmp

memory/2484-695-0x0000000000AA0000-0x0000000000AB0000-memory.dmp

memory/2484-699-0x0000000075290000-0x0000000075841000-memory.dmp

memory/1496-701-0x00000000016A0000-0x00000000016B0000-memory.dmp

memory/1496-702-0x0000000075290000-0x0000000075841000-memory.dmp

memory/1496-700-0x0000000075290000-0x0000000075841000-memory.dmp