revengerat | af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Analysis

max time kernel
578s
max time network
577s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24-04-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

127.0.0.1:333

Mutex

7ec0ad85d6654b0b903

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Executes dropped EXE 1 IoCs

Processes:

REVENGE_rat.exe

pid process

2808 REVENGE_rat.exe
Loads dropped DLL 3 IoCs

Processes:

advbattoexeconverter.exe

pid process

3860 advbattoexeconverter.exe
3860 advbattoexeconverter.exe
3860 advbattoexeconverter.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

39 raw.githubusercontent.com
50 raw.githubusercontent.com
9 camo.githubusercontent.com
Drops file in Program Files directory 1 IoCs

Processes:

advbattoexeconverter.exe

description ioc process

File opened for modification C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini advbattoexeconverter.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2808	REVENGE_rat.exe

pid	process
3860	advbattoexeconverter.exe
3860	advbattoexeconverter.exe
3860	advbattoexeconverter.exe

flow	ioc
39	raw.githubusercontent.com
50	raw.githubusercontent.com
9	camo.githubusercontent.com

description	ioc	process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

REVENGE_rat.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	REVENGE_rat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	REVENGE_rat.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584581858271547"	chrome.exe

Modifies registry class 45 IoCs

Processes:

Builder.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings	Builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Builder.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4328 chrome.exe
4328 chrome.exe
1344 chrome.exe
1344 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Revenge-RAT v0.3.exe

pid process

4012 Revenge-RAT v0.3.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier	chrome.exe

pid	process
4012	Revenge-RAT v0.3.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exe

pid	process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4012	Revenge-RAT v0.3.exe
4012	Revenge-RAT v0.3.exe
4012	Revenge-RAT v0.3.exe

Suspicious use of SendNotifyMessage 15 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exe

pid	process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4012	Revenge-RAT v0.3.exe
4012	Revenge-RAT v0.3.exe
4012	Revenge-RAT v0.3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Builder.exe

pid process

2160 Builder.exe

pid	process
2160	Builder.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4328 wrote to memory of 1980	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 1980	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 4688	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 1008	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 1008	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe
PID 4328 wrote to memory of 2324	4328	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaae5eab58,0x7ffaae5eab68,0x7ffaae5eab78
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:2
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:1008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4496 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4796 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4772 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2644 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:3152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2680 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4760 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3356 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2780 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3340 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5084 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3456 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1776,i,3548860188877356518,9646061161110996958,131072 /prefetch:8
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2160

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3768

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4012

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe"
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q0gzarxk\q0gzarxk.cmdline"
3⤵
PID:4088

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9F17.tmp" "c:\Users\Admin\Downloads\CSC9F16.tmp"
4⤵
PID:1072

C:\Users\Admin\Downloads\REVENGE_rat.exe
"C:\Users\Admin\Downloads\REVENGE_rat.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2808

C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
2⤵
PID:4832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
324KB

MD5
440bf90931db65e09bd83fc76f1f352a

SHA1
bc86285ec0b662c61c95e91212c80dc2626f296f

SHA256
5a2885776af813ea3b7a72dd3454fa1458f83dd3d9e5d33f54dd536fa0268fa7

SHA512
5ba87d74e2d9e012f529dbf0890ef236d3f146851ec21a68866fd36a1c1a2efd3ed3a57408f2a95b65ece8f6019cba8abaadf6ef294cf197957f2cd035c597cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
138KB

MD5
03c2547817ce1c34723e4112fbcd40a1

SHA1
5c2350d28879f305a59279b7f285e42153968e29

SHA256
c877268f0e8fd289731966d15c47b164a59df0b2fce28884ac62c5cd8d06ee83

SHA512
cf11deda0ec1d2e8b0930f49120ad1c7c6650d9d5c64fb3015dad4458435d2b77f622c8cc535fc1370d6abbb99adf1455ff73fff58a7e6945e20c0affb0c2fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
66KB

MD5
e0704231b2bbf3a3ee924a6e9cbab981

SHA1
064bf1d60933219b6b7bf1466d8525f5acb067b4

SHA256
2cdd8bf89c0e16eae914982145d567e80520dadf63affde96efcbf1ec519dbbe

SHA512
dfc4500acf59c56c23fac63503a79038be8706a45d3d38bfbd06f55b07defd2e263c95182b380b9f94f7eca4ba5705800ad1b4a327c35f849447e4d7909966b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
46KB

MD5
fc61620b49e35cb359b1f0cf208f6a87

SHA1
54d6ad78961f356ae02cf52144e2baed96f97485

SHA256
65cf192b867dddedcb10ee782d29d0989c00395fc6ff6a0923e23756ab8e0eba

SHA512
17ae00dcb2a9293e33007c623ebb462ba4961e345255733b03b1dcd4bbecf34db280e77b57813e5b5c42467ec0a7c7af1b40fb038650fe526be380f4624dea17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
17KB

MD5
3dce8de287ca66531eb006ede5b8486d

SHA1
e157d86f85aa30a6045d64f9ec1f5f2fc9a1d55e

SHA256
e0998891742e76c963c3162494bf96821d8cc3f3d7b19d2cdf8f6bede77d2ead

SHA512
9e126d3e7e2144b48abef2ff74503bf56b20310512a67c4a528cfa9aa3b0671742521a7f15e1baf8ca7d4c1559b46d6852015e48808099f51970f1357fcb5bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
Filesize
94KB

MD5
f3bfdecd86e09af2ee69a56249949556

SHA1
86405e5f3e43d57ab98f95cd3cd6de18f5b18d37

SHA256
e5dae6757a84e195401e6791184ea90e828b367ec25268f86e5232ff601dcfd8

SHA512
a6efeea9ff6d65995f41c18f821ea2e642c8d2c1bfcde40807a2e0f05e7da9391b87a316d96e6de8420c7410593d4f08c24e9511d277b24302286f8973fd8598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
790KB

MD5
63052f9d32d168ab83c9024441f5fd1b

SHA1
d9907e0248f2d26f63dd4989ee31ef9f8fcd3d9a

SHA256
ab7cb8bd7f130fcfef08bbe8b8fae1e1144ee15f65f28f412385f4339ee9732c

SHA512
6b9ba4c31e5a9fe6a65ab2f612c38158082739878e1d8e43c4113c25c6e5f5d3556606dd11fcb36e46f64cdb6a69213b0c531859217cb9efd837ce251252a284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
Filesize
32KB

MD5
75fddb22b91a194777959bde65b78df1

SHA1
6ea7c4cc7b7ff6450e2c021c7582f5144824e65d

SHA256
156452ba5d501a5ad1a75f32810563b22a75e4eb2a4356298061b21298edd9be

SHA512
4d7c2e914982df41ce43542f29a2f2635c209e0bb4fcca7067ef5c47b6441af45403b6126dd310fd3ba5fce2804941060186c9be6ecb6c077113e53db20ff8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
44KB

MD5
2b312fee4bff7fb9b399aa619ae1811d

SHA1
cf5e3270ef62ea6ce023f9475dbf7ed67e10527c

SHA256
fd5fb41882dfe849ea47547bf38b9abc435683d7473703b4cb37e8c28b1de4cb

SHA512
3a42c3a12da46656d8dca9b54651027873f42d2ec2e6e706a41b4b520d387f0c3c0388e3d117bd49174d7074079f3404c00b6141c8dd22d38ef1a257f52a9791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
48KB

MD5
0c2234caae44ab13c90c9d322d937077

SHA1
94b497520fcfb38d9fc900cad88cd636e9476f87

SHA256
d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912

SHA512
66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
Filesize
24KB

MD5
8278023fac368f67d8b83512b48cf0f9

SHA1
cfbb90dea9e8a9df721806c7d49eff44166b2197

SHA256
1e62f0399a3c5a499b3c93622608d15d3948c3c335359bc695bf3522b03fd48d

SHA512
e04ba7a9402379c064bf5707a5fbe3e5ea6de978b1ad50d38f9b30bef47dbb761f0f8461de8cfaf7c33779dbb47fcf4df7fe387d12fbbf899f7530f6f63a340d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
Filesize
65KB

MD5
c82fbaa7e5113d3ed2902a3500ec8631

SHA1
c9b4889980899c0f2aea9ac8d0bae28b59e6add3

SHA256
4f4e25ef0961b656039ed8628951b5ff6c0a197f8866374b5937e182b12ff278

SHA512
fc3227c51b9bdcf0917b040aeaa925795e153c7a78469b7e1c87717c1664f46208e5fc3e413f93724ef0fa94aea655db55f04c5a61dda0df737c25b75393136d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
Filesize
21KB

MD5
e9a5315fe482aa6a84b4cd461a41a5cc

SHA1
06833b57adceda1c91eaa2072d368c54fe4995b0

SHA256
6a00fd28670b7ddc6725260bf6cf4c345762edcc5e74e4eb77367b4969efa9c9

SHA512
86dcee3ad5c69dfb9bf6f0e8246b1bf2f95a27188c17e1cab7b9270774c37b8d0e6b2acfd33f144ba74d17c849299a9c750dab9c8f1bff09147befb7876421c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
151KB

MD5
7739350f11f36ec3a07b82584b42ab38

SHA1
d97e0e76a362e5fce9c47b7b01dab53db50963d8

SHA256
d84e9971e8c344b9ff5a5968e7252270757f211f0d408e26c12693729068ed75

SHA512
2cb436985e382ec17390a1f8a7c112bdf18206c66d845934a14f9c84781200828e05c57cef5d4128a9d9b96778042ecb7ba2c031563c78ee9b8ec41accf8a537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
437d9dfa56ffc4d4eb87c01964df700f

SHA1
1aedabcec0be4b99d60ef2bef69c199811281046

SHA256
9885aa4b2605394636e8b47532bb35e4a3402ed2dce66531aa2c477e37afb9e7

SHA512
fb0eab2a740211e82a64234ea3643e3f2f97771f8333a3e7e2692e8edf4cad7020ffaa0e22d97d6c28a1280be165ed76c92ef1e91c91d205d2856ff9f16e44b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
Filesize
42KB

MD5
f9a06799316a30ab06fa16e2d0a1ed04

SHA1
4631b21ce9fb722fa9a89c08de77881b0f015242

SHA256
50b37f499e5c8c14d283c1c7c0eef17988594489c63e1f4608ffc8afa1d29c61

SHA512
fa35624e25e76137bfb960bc2d525e880885c2a94fd289e26193883ad9ad1162f03fd65b69c923f99a8c589c1440517d0e441b04cde244d79475fc661bdb8bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize
392B

MD5
5bced263a58ba1e6131a90e9a8446a7c

SHA1
1c27d20c11d03ec1ad0ab676e72a47767a2c9121

SHA256
b07ac5ad4f0495771337a53c43a1d6501d627c1ae684a495e5051ddc5a935678

SHA512
c9fb1827afbf2b8021b39ccc3396febeae3bfef62342cd771547f27e97b3fdf01c1e86fa8571649ce65745de3b2652835bb7c3109957645b3ea972e211e84839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe585a02.TMP
Filesize
351B

MD5
ad04c99b9b7e03c2c24000ba00fbd459

SHA1
5550f133a02985c83f370b93b95d7414f3b7a462

SHA256
53861c09062bd214d7eb9842412e00818433ab8bf98dac042267798c8ad33899

SHA512
cc68fed3d121f2cb8da3c391f68e8b0b6a7d2895966cd5fe516d17d541e7b5587de94a11b07d69f36dac079d93300f5c574ade9de48789f0a445ffe9c2c4dae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
7bbcedc9c5254cbf787803077466e153

SHA1
cb3b70304fa70ffd0c08871775c2b21a0e5dc4c9

SHA256
e632e1e89489918ec1538295d811f1a918daf0e3264057b3ea3b6301bc943fa2

SHA512
d86ee4c549d24629e30c2e195ff74dfa52ae0c86989f527c063098e1b49d12e88d4979013d1362a7e0854bbd216d6b02783302c019b47f1afda19275e86b495b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
12df444078de214cca571b319ce7069c

SHA1
8afed0482a9f83829d15711e078f921276fee8f3

SHA256
bf29dd17fd5c86c4b8e619cf17f513e3f9d8c11c61950751d999b9398b18cda1

SHA512
ddceae9c69c650132e77a5934e942218d0626532633d3b67dbc8f98f95f38380dca95007c14023d50210a6d778a29c4615623d92d70583313ca5098fbb9e3df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
73c215c31a36048bec06cd97b5d5c08a

SHA1
3572c6087b012b0194e069cfe628fc058c6b6f77

SHA256
c81d252369543b6980355e86674c078f13a69741c0a7a00682e923980f5816ce

SHA512
b0775e9fb21272a6d402821a96f1b9238f087ec94d2685f567aea317a3df1be5366013cf388803b0514f1093244718dfc95511513740bb3e572558b4c59d0cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
7e8e0cdece976c0cb5b7cc98c226599e

SHA1
71a11f3eb40931b7ec5d8d88652e74a1ed8c2379

SHA256
2a10171959da6f3bced5a2c0c6f4268204439ede02eff282fa0caab8e2d3306f

SHA512
4619f742f52044825412a0a8159122109b6d879b59f389cfc30dcbe3cb535fc4084877ebb65e4a4a0a3a5cb4d55a233cc31e05debd825fb45363cff042aae6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2a084fe36a5fe9472b34b8120d4fa132

SHA1
0d051607a6a30386e5dd4eb1e5c3cbf55b34ed0b

SHA256
49465ab967b3c79bd89fbf5c7896ba74e2a86a486f45a5985c9e27d2aeba2aab

SHA512
92fa79b2d0f49dc3b50eaa788820552d188da0ee51f56e6c841b3f03c9dc1b268d87b39abdcc182b75a13debc66fa2884d7feeaa63e30a2518fd1178e45d7f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
cdcc0f4b8ad0c17f617fb96b105ec90b

SHA1
9000f55a3a238eb0e868922329195228e79233a6

SHA256
8de6954712f3bbcc3207854528f95465f6494241ad0dc894d4699be27c0ccb45

SHA512
5f0cb786346fc4484cd836b1c5377b6223087215bf8215517c5eb5bcb9516c5131aebcce56dfa136eea57076fe1e03cd96ef2fbda6ddea0d6567d92ea3176cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
72620940e7e5d1d2ab0fe4945802d95d

SHA1
c95c726092202f7535f0f9395728fa0f84792afc

SHA256
d2ac897f99d3ddf53e7d41d35d236a4f1c3cd0cf16328f4947bb0418ca3c8c24

SHA512
845bb05120435b7cb7aa894191b113102e6423d10795b887756bb4c6a8890466bc5244bd7c8c6861e758a7641ddc5de8f9b3a17c2dc5d4b5fa93d3f8d8429d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
989dcd58c51d9ea1530f5b136036d5af

SHA1
dc251a86f44a0f2e5126e788c11b79ab50f0ab94

SHA256
85513972a18b8887592660a9e1205267741ab199e72bf8d83c96b7c83ec7aa78

SHA512
e972a1269684c3d0ce07ebb9da3c9d6765e69769f5f642f57ba6792c6f0d1f3213ea42fd5656bb0da6f3b9d1dbc20cd2e806d351b87912c8d3785a10768ed99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9db8dcdf8b22a5dc4449c09ff9531577

SHA1
f8bf655db1f06db8f158c567af578c2302834224

SHA256
edbd3e03fd46ecafade46b3b4e5e58a9b2a4f89bacbecada8b0be68a91a2c36b

SHA512
2d3f88a1c008239b33fb46079d3320bd73b038c63550285c799bd587cd3750dcfb2d6276787d8820c8c19e8a2c869a467a76f8fef961cd016a791ce2cf84e43a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
312b400d10424a6157a8db6049e79bc5

SHA1
cddee8c2923ab85707283d2a08fbdfcedf91b10a

SHA256
368bcad716502b5839be15aced9d0eea2bd1459a2f4f6566b99ee85f5a69955f

SHA512
9999c8f7e5da2b2ccaa37d1e4c137aa73156714bbb66588b4d99aaf5feb8aa1dab11251870757b1b5a2949a13560bca7e5a309de436561ef1fef49d81609ba6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
88b600dcdf9c290bbd5352a65032e541

SHA1
e1c43624d507150e9228bb5e6bde6f413a97ce8d

SHA256
0c29c0a289220c91061d49e72daca6006d7e2ce987694487b492ffe33ee139a0

SHA512
23b4fcca0821cc5ce0ad44f27990a97bb1705f44574838e7d4a19dda0db323d40f25adb384369a9b2e5cc174cf94c68c9dc66d18f7183cf2be47d3dde75a04c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
71c1deb7bf5530ff866c1c0088659bc2

SHA1
32f4b0af85b3f1ddae71679a4bc2d48065e6de57

SHA256
239d7b7c242cb038fff538b0307e22bb97c9565fdd7a7ac090302a9de114df48

SHA512
25311d08bd89640a2ae0707eae0158221b6ac0428954e8029354a1e6eceebe91f3b67bfad5fb0c02534e84a823b2d3add63581dd6b0bdae8555af36a6145d520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ad7b9a1648d05eb075f3cbae003017bc

SHA1
873bc53e630aaeb67f87956670f487b02a32cd1c

SHA256
b86c6d9b9e09d13e60e3669beae50b64580636ee3dfd3ab8e76957de3ffc0630

SHA512
b1f7d6f0fe31f899836e8b63042c18b15961d1cc890ba05ddca85d21ddb9d67a6e234cdfeef32ba8b87e2ca77eafe1dcc6467e0f21b28012dfca1ea7b0f0ad60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d5d9de5f71961ff5d989056902431983

SHA1
7dd6651d50acd3f833df3573df9d38eb37be0925

SHA256
ed4f977580e472280c633ba122ca7ae572c2f357bce85405ff84179bb0c68a3c

SHA512
0105b4586f03df350f79cacb9a4acf352b949204771dcc366c4f44d970edbae0fcd6802b3df288602fc49447c2d658d422d7b5caa11e9bc61edb3bee399e48c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
066b56e146e8f6e606934289cc7c59c5

SHA1
6b598b3d107f17516a502be446aab5fb48a196eb

SHA256
a499ab8afb2aa0969e534807acc3d20f378c3f4a8147347d66e1667308f9fadc

SHA512
54589fcc74efd53dd5b7a20bd1ad1b6ac88c83a39e7283740e9b05ad1a0cfa21901a23d787507fa88fb49b3b2ba7e38ad472d07f3ce10393d6d7572595a75bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
46dc81515db34fcefabc6b5fd7d87242

SHA1
265737250d3df8acf4100f805c95f1667d225cee

SHA256
d4bd43ea9ae00a452c0501b793f4216d9fa15f09d22f2663a6b7e89103e65e1d

SHA512
15a7c7c15a5bec8fe332f455be1caa77009fd3250da2b5119a4981ab1b6c4e1fc2c7ca5bf1679946a05dcc6ce638476b4c626cd0ac71451944aa9dc958728601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4781b9a039c772108fc0a8298ebb014c

SHA1
9112f5ff8bccf8d8fe30723122d41f96aa705bf4

SHA256
30675dc92cda77514568be2e5ed04d31e4520168bd699323bf567ee2ca1a29c2

SHA512
08a6f9c38ade49811f1948919c039fa2842652268b94e3ad0711d5df271e52d3c0eceb05f81433727d669b05b2f00b59d34949c7be26ff8b9e04643cb536bd12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
71689d2ffc133e658700eba9173f98b8

SHA1
709f94dad4fdd882f2a9b79501a78eb908f7b459

SHA256
2905a7ac4ea64f420e0a08f2332afeeff7148b82196ade53bee68973e11198ef

SHA512
8fcf279eefb85ae80c1d2d39c2c3e7480946d2e17cf737bffe8196fec55ff4bba26ee393b21344cd04b991df855680a828f56967f0fed5fdf5633352a7e4ee4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
2a5dfa8554a3a47d5b4d6556ca9c3c96

SHA1
3c4b856e49f63681f27381466af24cb3d9192331

SHA256
2d6ece8f0d823c70c36d8730f687cf65a282199f536a63c56762dda6844f6eb8

SHA512
0d13bbc2f1fa1ea692a488de17c6aec4881737535bfd5f4a95d1bb0c2bc16144034c9943bb0b51b67512035486993492164b0463b6ca94fa71f0714a91754e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
d1ca60167283cbbc3c969181c508e2a3

SHA1
87179bba05e82eeca4ea7c60f3f11c10b3a02f45

SHA256
2b606b21067f668e60b441a94936823e45e568dabf22313687a82691648bd176

SHA512
b3c04091b8840164773506dc7d6a89ceb171a80194f7eafeb9529a1b0c660238798f773f5c2910a4fdec2408dd473410ccfeb8ef3118d686a2ab93058939bfd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
fd532bb8bd09121965bd95ac6498cdda

SHA1
55b4250b186fa9c8b5cabf28cd69e11f3d2417b9

SHA256
ad8ee0aee35383019a62772d84751262907a7e79c81309ee2f9ee8cf063c7d77

SHA512
bce85f5e8ba24166fad13c1b577012e2859becf8b9333a3cd405c137b706ebbec97cd8dacea98df26e2969602cce826e91c8af603bcd1f526e7b5f21e98e5246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
369f16533a851818a02db82f132f6ecd

SHA1
0b6535ab773ee9863ca0904037849fd17253e83f

SHA256
90e8534ebda771185ebaf748e22a475ee4f63220931ac779482d2b0601fd2979

SHA512
db5101f0986d67949beb5a1fa7103e5f1f11959ee59f1ea23736ad06e08c20fe9d1d87338cf0cb204b02502f622427422ee669f44990b0a0c48218971b9959e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57f9b2.TMP
Filesize
120B

MD5
5b2e69fde0c26c311134bb259cb0b6c3

SHA1
f451e11d54846cb882e0962b077155b22a7b5627

SHA256
98c303def208c1dc86ad2a050baee28223219b072bd14df8e8037ec251c9577a

SHA512
3efb3db56e7fa9c1ac6f950c7a540b1694e610839719d5b5f987b4ccbc28e16d374b4f12591fcc7ef2cfc32b855774796906116b29b40e51a855805984071b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\afd63831-64cd-4f10-8744-9d67e578b9ee\4
Filesize
7.9MB

MD5
d8fa34fdfe53c99cd9462e4300b24634

SHA1
6d51dbd004e3e5251ef01657ade52dd17f01d14f

SHA256
1125a8953674519c2644fde0091382364edf52eda21cd328a88ef4aee6095609

SHA512
9315f85bd0f3f24b1e86315ca3799453e0d97029d58cfc7c263a6bafb416a4f4e3f123814a146d693085bf581197557b58a530e05b25fd3cd3b15bbbb996e17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
a68063afb864e6c249bc2e70e90a63d7

SHA1
34a2468c56351774370c4549a06671b1cda18993

SHA256
288833ecbe74a5453e27da167f72ae6171a5a4f318c71cb92ae27610a3c496be

SHA512
c0f3f622b6203d83be37706145071b33e18c7d24a5b781c2ac2f995a9fd184d7151fef7209b9b5eaa212b447addfa502d2948a7d829b71eb3cd9f9eef839fdc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
d26171068eb052e26815cfe28f784342

SHA1
a6a260bf14ed2c66d06aa653df56defcc69edbdc

SHA256
68cda67994f95c5fc587309cffbc5aa36882aeac8ab9b4c2d2f87eb12501346e

SHA512
2346fe3a4d75205f322d6824b70c74949f2030fd0ca45b2262cf01ebaf0e5ba10f89da0a140b868cf2e52fe093e3ad4587d803a713a40537f16d684fe324bc73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
e20b1945365f2e869fa7286a7819bcce

SHA1
d145efcf886b49f1e2cd5db94f1218e876d56595

SHA256
dbabc13fbda6ff16c99a634ad9f06dca19ca95c6d2c6592fac8978cb8dd9f2f3

SHA512
6843816f4fb652754fb67c0d3be8164e4f5a0887ca562e14def73c035bb8db2384e103ea31509dca0a5895823e7cfee4a71c4dc771c8e87023c92b0b808a48e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a9433.TMP
Filesize
83KB

MD5
ccc137ad9aaded482bb7464611ae585e

SHA1
f2d351d2dcbc3dd3afb69cb9da01ac8e8c1fddb0

SHA256
f552429a6eaa49d6a2973b8eeef22a76d1ed01024f8e1e694b490f98467ad754

SHA512
44523e6bb451c8ce8931c19f9e0bf5bb30a72c310e482a7aad10a833dfef8797810bb3bff4c35be1ab5822040c51b3c84a919986668f1ad22cfcd9d26211cad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES9F17.tmp
Filesize
1KB

MD5
63a6b1237dfc0356a517505b6e8b2bcd

SHA1
cab8e5acdc684a572bdd38c8ad1ba2c1fdeaa269

SHA256
b0571c8e41d02dbf421ff7e51434ba7f44217183bd961b3d26f0ad1cca3229aa

SHA512
65a8162f5787af3769a947bb227fff4b622b716c923342502f90073750e3dac4d436df828c419ba0b2e19589f55a20718df2a1ed6bfc8dab377f0a6e0bee0795

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll
Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll
Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit
C:\Users\Admin\Downloads\REVENGE_rat.exe
Filesize
24KB

MD5
0c1225f7786e62399bcb4fa0babd920f

SHA1
91a6adb179531aa365a0d588b1d31b80fe253de3

SHA256
d68159c38dd92a2ad4ee5241b4ab1c8aeebb521467e40af46445c6f17dfbfe60

SHA512
29b6abbf2c0501366f00fdec75f8d0ee61929f4d768a1ea58564edb64745c7ad006172ab9d240b96b014cfcf7151d6e91c2e4a219e1936bed9f6f3f626744baf

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip.crdownload
Filesize
14.5MB

MD5
92100f76eec604e09dccc3f260100376

SHA1
c6b77d72bda8cc86675d2a4f970455e4616d7701

SHA256
2cf26e5fe9f31386d57170cc51ec46d6e4b73e4760826d65ca1a7afc8c82acc2

SHA512
ede71db1ec3c55f52a64b944ae240d5d94e7b7d28d05f3369d517bed421e732093ca949b7e1ea316b88bb79e74075cd45bdb6e236a304fa5ba0f997c18a4b360

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Database\2024-04-24\6-53-24 PM.log
Filesize
97B

MD5
6c531f0f8ce4c5c4a9f731fd1b13e03d

SHA1
38ada845cf69f260861ada71cc5d5848d47487fd

SHA256
f8c7ac4f49d5a2e964154ff4bfeeee02d252d1cd650ea17c9ba9d1ab032b8eaf

SHA512
47139db8e50872b2b2e8123205099f7e63cab670810a5e56f1e1e6974f9c685eb085b09f09d6149c7c5e1b9f781a6950104494b01a1c0db11daca6630b41e11a

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Database\2024-04-24\6-53-24 PM.log
Filesize
184B

MD5
49edab8f745ae6caebc42e0604939ca6

SHA1
8a98d40dfea0c197fc3f74d889600ec6d20d4f95

SHA256
d176bdbc4a72da76d293c6b8e4e6ec3e400d4eab91003a78cc230c5211cc3b72

SHA512
de0c4ba95552130753cd748baa638f5c8e10f20acc59a6278d1f8112346f83ed81406e384cce019a618632a94655578cd9585e2ef8b56600c121f0aaf9930e83

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\q0gzarxk\q0gzarxk.0.cs
Filesize
21KB

MD5
c118e8b65c1bbbcf8bd02b7dc4e24e7e

SHA1
adc2eb9e456c3ac7cac24cae49a0349586a8e17d

SHA256
c3e897cfbfef428fd9fdfaafd85dcd80e29152ca7b769ae37a147d9c3f24b008

SHA512
84aad3aa6d9c60b5a6db1b92d9901045cdaa8f4196cac213d870f6ee3e527ec0f7154909d8dcc7c9378800ef0d049aa04502f8aef1f8fe4a13c297bc90a756e3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\q0gzarxk\q0gzarxk.cmdline
Filesize
292B

MD5
53fe5d86cb094f5883c0a3d0179502b0

SHA1
2c5fefed54909cd9cc353c363927f1b44e4e4df3

SHA256
12f7fe2df62bef204573c36da917da8e8b4980f9d828f31b071f3db9dc02c2c3

SHA512
b5b13ff0ce688e11c083e221db27165288ec3fc79e8177a62f0ee38f57a581e8b24c5cf9cfab6ab9b256b91eda0dc8a64677da71a283783f9c440927e4fb701f

Download Submit
\??\c:\Users\Admin\Downloads\CSC9F16.tmp
Filesize
660B

MD5
870ab24de2b5adfbc3f7dfca8538bc7a

SHA1
b94c4a3af57fe48494338fe6479bba17cc0a76bb

SHA256
4645f56996589c0f95fc645dc3519217e942f27d9344a83c3510b19f0b38338c

SHA512
a842a24be1fcba7db90314699770f15860144819af378e3b278412939c18a539607bf57631d6bcceb0ad10fcf39ff2c50d50b383a2bed5329e70f3bc385c4c9c

Download Submit
\??\pipe\crashpad_4328_KBFNQDWDYIICESGN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2160-1085-0x00007FFA99F70000-0x00007FFA9AA32000-memory.dmp

Filesize
10.8MB

Download
memory/2160-1081-0x000000001B410000-0x000000001B420000-memory.dmp

Filesize
64KB

Download
memory/2160-1101-0x00007FFA99F70000-0x00007FFA9AA32000-memory.dmp

Filesize
10.8MB

Download
memory/2160-1086-0x000000001B410000-0x000000001B420000-memory.dmp

Filesize
64KB

Download
memory/2160-1082-0x000000001B410000-0x000000001B420000-memory.dmp

Filesize
64KB

Download
memory/2160-1079-0x0000000000550000-0x000000000056E000-memory.dmp

Filesize
120KB

Download
memory/2160-1080-0x00007FFA99F70000-0x00007FFA9AA32000-memory.dmp

Filesize
10.8MB

Download
memory/2808-1107-0x0000000000F50000-0x0000000000F60000-memory.dmp

Filesize
64KB

Download
memory/2808-1106-0x0000000075200000-0x00000000757B1000-memory.dmp

Filesize
5.7MB

Download
memory/2808-1122-0x0000000000F50000-0x0000000000F60000-memory.dmp

Filesize
64KB

Download
memory/2808-1121-0x0000000075200000-0x00000000757B1000-memory.dmp

Filesize
5.7MB

Download
memory/2808-1108-0x0000000075200000-0x00000000757B1000-memory.dmp

Filesize
5.7MB

Download
memory/4012-1054-0x00007FFA99F70000-0x00007FFA9AA32000-memory.dmp

Filesize
10.8MB

Download
memory/4012-1059-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1053-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1046-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1069-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1045-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1057-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1156-0x00007FFA99F70000-0x00007FFA9AA32000-memory.dmp

Filesize
10.8MB

Download
memory/4012-1055-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1118-0x0000018EC13D0000-0x0000018EC13E6000-memory.dmp

Filesize
88KB

Download
memory/4012-1070-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1056-0x0000018EA0D40000-0x0000018EA0D50000-memory.dmp

Filesize
64KB

Download
memory/4012-1044-0x00007FFA99F70000-0x00007FFA9AA32000-memory.dmp

Filesize
10.8MB

Download
memory/4012-1043-0x0000018E9FB60000-0x0000018EA0912000-memory.dmp

Filesize
13.7MB

Download
memory/4088-1092-0x00000000022A0000-0x00000000022B0000-memory.dmp

Filesize
64KB

Download