revengerat | af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Resubmissions

25-04-2024 16:38

240425-t5ctfacg48 10

25-04-2024 14:35

240425-ryg4gabf95 10

Analysis

max time kernel
1800s
max time network
1695s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

127.0.0.1:333

Mutex

76e926244ca54b3

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Executes dropped EXE 1 IoCs

Processes:

DCRAT.exe

pid process

4836 DCRAT.exe
Loads dropped DLL 3 IoCs

Processes:

advbattoexeconverter.exe

pid process

5036 advbattoexeconverter.exe
5036 advbattoexeconverter.exe
5036 advbattoexeconverter.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

3 raw.githubusercontent.com
12 camo.githubusercontent.com
75 raw.githubusercontent.com
Drops file in Program Files directory 1 IoCs

Processes:

advbattoexeconverter.exe

description ioc process

File opened for modification C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini advbattoexeconverter.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4836	DCRAT.exe

pid	process
5036	advbattoexeconverter.exe
5036	advbattoexeconverter.exe
5036	advbattoexeconverter.exe

flow	ioc
3	raw.githubusercontent.com
12	camo.githubusercontent.com
75	raw.githubusercontent.com

description	ioc	process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

DCRAT.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	DCRAT.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	DCRAT.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585293834533360"	chrome.exe

Modifies registry class 47 IoCs

Processes:

Builder.exeOpenWith.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Builder.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1520 chrome.exe
1520 chrome.exe
3232 chrome.exe
3232 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

Builder.exeRevenge-RAT v0.3.exeDCRAT.exe

pid process

1728 Builder.exe
892 Revenge-RAT v0.3.exe
4836 DCRAT.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier	chrome.exe

pid	process
1728	Builder.exe
892	Revenge-RAT v0.3.exe
4836	DCRAT.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exe

pid	process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
892	Revenge-RAT v0.3.exe
892	Revenge-RAT v0.3.exe

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exe

pid	process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
892	Revenge-RAT v0.3.exe
892	Revenge-RAT v0.3.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

OpenWith.exeBuilder.exe

pid process

4444 OpenWith.exe
1728 Builder.exe

pid	process
4444	OpenWith.exe
1728	Builder.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1520 wrote to memory of 1064	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 1064	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3224	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3080	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3080	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 2100	1520	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffdbfd8ab58,0x7ffdbfd8ab68,0x7ffdbfd8ab78
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:2
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3488 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4356 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4512 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3348 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3236 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4304 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4988 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4092 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4300 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1472 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5412 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5568 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3784 --field-trial-handle=1828,i,13641632330902072650,8180070218087841114,131072 /prefetch:1
2⤵
PID:128

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4444

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\y52lvrp5\y52lvrp5.cmdline"
2⤵
PID:1480

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES232A.tmp" "c:\Users\Admin\Downloads\CSC2329.tmp"
3⤵
PID:3376

C:\Users\Admin\Downloads\DCRAT.exe
"C:\Users\Admin\Downloads\DCRAT.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:4836

C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
2⤵
PID:1860

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:892

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
324KB

MD5
5a51673d5f494a5ca20aaa57b86baf94

SHA1
78484192b96b0301b88d0daf14b91a320a79fe7f

SHA256
5493b5538d440926458a2777eac5a2fde1ab0ac49f374485f46635a47acb1f32

SHA512
492e239b18d4083f8717102b41d76334674afb59aaf888d22df6600e059365232c5ebb245cef92ae93d086ed5d894a82f03383e728f17baf47a5d2812f2ad840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
138KB

MD5
0db3932215f7495cde50ff6b25f7fd94

SHA1
2570eb064b6f163134b5ba3ba7621c6715146f18

SHA256
ec0e530f2f344d648b08cccf47161c9926423dbed7b5ad62ceb529bca5179381

SHA512
9009c7e9523cd9a72438ce5a32861c733983e9c3b2faa124848635b1113073ba668904b003f9e19dd8a350c98593b2153bcb7d40d4e8c666d3de291fe116c7a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
57KB

MD5
5d8026bac373f550dcecef94c50b1305

SHA1
e00b2594a6eceaf385e50c4c4b330569ee5dc41b

SHA256
980c86eca42b9bab6948b3b67e92ec5d907ee75ebcadf4dc7415aa4241e03a62

SHA512
1945931a9ce1132fb79fd8c5ccfb3792dafc33cd5f3e37c1bea25cf6ec25b503668dac2ef031f77f4cbe2cd72cf1b134cee13db36c4b461c963c979d4a323a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
9047c95d577c859d80f7e907d7f5de5b

SHA1
2ada0264e41142acc8525367907e08ade105c536

SHA256
f88749fca32e43336ee4666f657266dcea8db52148da58d424734a17f0a6f28a

SHA512
fd7fc05aa7701af0a4016b022929666a47fcdcb75bd94956bde3ae945741bd6b56d19a2385d007a0452a064a026925a6ab7b776e15e0459e81db1244b27f2872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
8041205cdbff320ee2b3af6e74077883

SHA1
de42424150624d76557d3c158d5ec542f8b61f4e

SHA256
77024df1a56cc279d7839da5985b05b5ef78a542747f3955bbb11e3c87ef561b

SHA512
4a7d47141dea373dfe2352629766ffaabaf00a783fd4f89eb42e7682b7c09b79cee8657b300752f5aacbe35d9719e9d32ec97e9ff062607273167681793739ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
5b3156a43e4032e945ea2db002a33b7d

SHA1
d872400858819ad10c68b9c5d623f38d0ccc94ae

SHA256
54ca50e623bc29bcfc60fb5077d44797e31fea56ee56f2f109aae48a6e45ae63

SHA512
47eb923868bd53510693ea59f1c6608e928e9dfd01a0e026da469ea9a4241fbe2df4dc7532e9df52c023a3be7f5b3c00388574820b662979934ffe1486c5008d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
170f4ecff69c2047bdd016de7856eb45

SHA1
e0ec839b3e2a2cf912e52240470b3b3f522c6d8f

SHA256
889f32ae55cc083d988ab847c40cd3949e70e188989c14bfd71e16467aaeb9bc

SHA512
a5a9f82046b1b4930765311e06050b0263da16aabf5da6a9f4810197cadd0f1f7dd4159ed946b477bfd536e74c1fc939617092665310e8e8e0954759560990f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
021106c52731ac0414b76066c14d6df6

SHA1
7ca3a9f13c26e32b203786eb80aa5351d5e861de

SHA256
0227cfe2104e1673c6e4f31eda5a0fd90a0275dfc0fbaa99ee073a370cf85846

SHA512
c795a93052d70226c31692d3aa127b3e509f21f96b9c3798075f45c831dfe9a82b6297eb4acb18928899fd894dc43401d02367f3a3a330cbc43400b84be06663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
ea11e1957abcfc915c337700296b3def

SHA1
c04b1a1a96c046b84438020253b888e2a1f7e1f9

SHA256
ea4c0a5ad7c5e0cc764c193afbdd32c88a261d54783585951d3a709b197491ce

SHA512
52209a4f58a80cee90dd0144bdc345da53381bdaca07777f24d21e036f431d194e0da929024281c395e53c8a301e87640f2298bddefc1f87c0ef41a969c25cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
869f1375ce81c9fde603feaa65169c1b

SHA1
6eda6a117b0c2c7ec3aace47aa6878e3ce10e7e2

SHA256
5fddb4b1b7fb763dab1d639a7719a8910f77e14adc1f1852980b942d4be97261

SHA512
519f6e972b8a1c84d66817b5d2a0ade256e96b4e309897e3b8d1be1a1efbf1b8302f1534a52b0efcaaccdb5ce24dbf53600118c187968a870f3f9d90b0e30157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
4c7dd3996302eb92ce2f3d373452f1e7

SHA1
5042c00eaebc92776f2f5a41ea3a9242bec9f156

SHA256
579e47a9ba47f991b37b6f7a9baf83c9b8ed4e05f87eac90b3273d2c421562fc

SHA512
2edc29609465b30cbcb0c76a98b1d12c328e63fecd557b4930307719c11382f397877c6f6e46855d30b381f37e38e46cea6d9e637d693fb81155cec8fde8e1f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
dcc907e702e7fd9cbecf851d01ba69ae

SHA1
c98151e62341e1d1ddde615aa7c5bb8a151cb781

SHA256
48644f3c08d0415aa93c9cab0d0114f62d759a6f1971359e6bc2ef01b80210a2

SHA512
9487d8b6925628fe2cd1553066cdb2e230d70f2a3b3e602d217f72bf4f42e04f41c927a31ef491cf162cf242da91a41ec8c7e77713e049b536822fdc6789d458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
2f0891c6bde8de304309fe4d3230047c

SHA1
21949511164cfba886f7160a76b8e6431e58415d

SHA256
17ee5461003e6d755627653b18646f4daaad5abc9a13626a71df5254f88f352f

SHA512
2b577adff1a6cf46f00a8e88b84f86ef10a8aa7fd605ca5269b98c6b9a6fbc6b053a4f494c34447abb71a6dbe60f69bfe01c7610452a98f839a6236a2b16ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
11d0460af492f34cc259c6acca632a65

SHA1
0862dd88f3d25560ae022796370c4158a2326b42

SHA256
79a19814f9e62d33be03628e24f3db20033419d6bead2a46bb9a4ac222d09b4c

SHA512
32ed9203aace49fe38da4bbb84b5e2ae4acbafcfbf3b00f44987a60695a3354edd30cc4d430fde6b2a9788767fb6cc528d91fc773564e38807ee157e9e780509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9453d434c054ac45789a781843429c91

SHA1
eb7c62d9204b3681d4d5690d920e5b81ca8bea9f

SHA256
eb910b86acd1e40bd601f95d38b27d418f4163a783c591c365c69a1a6d8f13fb

SHA512
d34fbbfd64a1d8eeea2224088682e6b8ec0d8588c5127d584327ada3a609289ab55a6259ab6fdbbee1b5eb9ba11c09bf2eec8bd70ef35d543a4269a59e679296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
4cf23f2d87596c9c301023769d4f5239

SHA1
2357140ca05fbe8f044f7a9d27dc09a08424bbd7

SHA256
27aa355028dd6f7c18fa077905b4edfa6dced0a496633b95f142868fc0e43f35

SHA512
f8a4ff5b970248df3a939d9ad54db3b51b93f06256a9f005d1dcd71bbf3281948b9f18ed131f98d9bff92032afceea93fce506525499cec2833fa84b7c4a3786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
dda46cccc46dc34bd46d6a65d98e5c09

SHA1
2f5e4d11dfe09053a16a18b9169b06ea7045582b

SHA256
b8decd6efb19755014b186bb073a702adaf8b60f3bab851b606d33199c527955

SHA512
3552d4512bead4699f50b547e2041f29eb54c8e0b1e02dbf9e0ec627507edc2137bae9b6fefd90441a9b35b5d6a6c0801c86c00b3861d0a3c37692d7378ac609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ff38ab0a07a1d6b1e2656fc11a6c414e

SHA1
17cb1a26a3fc555148f23be82f93551fd2ca48fc

SHA256
190db5de4ee8a4fcc4dbdde6a7847936dd52a14571a5ed50114ad1ce3bd8f362

SHA512
fc3cf8267b0dc09c9395d3a89942586af8004fb23dfe8d138ab7afe0dbe11fba94930c5d24829c9a9431d8b45a696cf6c2ddeedffa051deb149204700e37eae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
69c07d659ccff50279016d17e2b6760a

SHA1
72f1df6dd8a1a1e6ad7953405c7a55aad3025dcf

SHA256
8aafae45a023427df1a9d5aef56956eb6bb3a127662b068aea7160e508e0129b

SHA512
637578f57282db6545460fa48ceb41a3455037ca5ff652db5435498c0758394d8f12f694ce1624a286ba0f96a8912efb4b85842f81a8c1ae13d2a94f83002a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
0bae293280bead401f211b907f725eac

SHA1
73d409d7dd6688023c344a1b72f6d87c8f1d7058

SHA256
d14cd1803a93be71ef57b6f07b45690ec6e507e40285a141324c61179ceee9c9

SHA512
c7e35a9921f74c96b4e2177b3fe639495557c363319865fd2ad7877ee8b74d8648aa2669a9811f7510584ea4e8868f9438ddd3b03db9e8d94c04e1c009d251a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
41f9bbffb5c4031698944648d61e8f06

SHA1
083be4f627ddfa8564d4cc74581d7fc28bdc232c

SHA256
6a9aba9d5a9625aa14ce9ab9580c2f043069d3702faf7433b6384e8b8665320b

SHA512
29cabe603c600387b5e8d476f860a0f9c232bc3331f55643e53342d86b4736992835a5b8f11fb1014c4be91c5f8a9cb965a5d58db0f88fb1a944d3bce278479c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
034c2f4e578d4b58693a17d3a1e15020

SHA1
dad081bab0eee76f47bc8abb65b630bdd801e1c7

SHA256
0635cd913824d83e1a034bea876d65d5fd7b85bcb21841399a11067d4d3779cb

SHA512
eab31006d51f0e7c2ee2cb9c6ff1c31758ff7169cbc546328073a4bfb53327133b2ff2fb6677e8dde236d24d6dec14c13dd9a931d27af5c7be40289ca9140d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
cd0cbabd061930e8ceca46c4bd432d7f

SHA1
81534b31308d5d9aea6602c35559e1f717a2781c

SHA256
70138c7452a46b255b9b8695e1c00ef6d0bd8b5cea840866a372204565fe3b4c

SHA512
e0efcee5f0c25034874a0fd099488e5fe16a3392c5c5f78a1a1102b82e189cf150f0323491acd2ef645bac07cbcba1e5881c1be58c28e9f0d4045cc537c5001d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
433e7cd880e039c98d06a40f6afe7b87

SHA1
f8f68be5803b46607939a827558bbf4fc96b367f

SHA256
0159d6a6870176277f93f27a60118c687fa5b9b6a8baad176212ac10d0af005c

SHA512
726aa5edfba81ea225bd1b35e9dff3d8bb8649d4bbed66f40609b687774230183ed243d9129f85ccffd6d5016f33fe1d2b6381079fd174f06fa0f81365611c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
abe4f0c3f380fcb443f2416e4f2a199d

SHA1
56a4776f8c7a6bc6741cbb3e77a9288ec78186c9

SHA256
6d25e24ab5801006ca3a26b4fab6838e7e74520ad1775d681889e30dbb3c342f

SHA512
0b7e467cf50646c1309d02076f01b91f3a11a465ecf832b84e948dd6ee326234e3a3024f478ece1f3115ad92c00add98e98e56bc24717afc5d58872edae40544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
d8ca519e499041eff93ae3501b104c4e

SHA1
bab74fa4da66f5931d962b54234553f30e62e0ad

SHA256
ef09af12ce7cdce44f5db8eb30faaf84a6fb7deb6f971a46733532e61cd41ef9

SHA512
6498d93d809b7f7e4adecadf477fdea9ec94388ceb08fb6e4864164d7b692992e87f127931512e0c6706571d4d16bd7672e8e993bc513229424037b7d7c5422e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
1eb28f9ffcf59426bfd5c405a5dfcabd

SHA1
040b1abe012703114b42cf92dc8ccc153862b097

SHA256
1831bca9f27cf51e9c43dc7429a2b15b3342d71685b9fab2dbee654a8ae7a423

SHA512
bfa5c4b50fc7cab99d1a950b46f505035e3f9bd6c0d818cb9ec604b76a2fc3ddef0df06958ebb826d7f7a88746fd8596dadec59226d98b47b2ef0ef3f628634c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
33c66acd0841f45fdc4137aaed586d54

SHA1
386d16f7938ecd8f6ec10f8cd79896f08886b255

SHA256
ae1314b245a7b417369836da7279c418403cfa4277d12421ba7661e8eb773364

SHA512
aeff20ab3ef5100fdd09a2bf5622ef685fb7a6773658b5a466e0e822aee31307fe153fc77ee704d6c37e2901a8991ebf45ad15b44bd9cd780e906b02076197da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
77ac1e9263d3f82fe7967b27a01b518e

SHA1
bd9a6b34ed25858d88cfad66cec1d002907c8221

SHA256
0c713dcdb7b4b99e39cafe9fadc68e971a2c265cbc990953dbe466034b740c2e

SHA512
ec39fb1971d1749a059a96bff528cca6d598109cbf7aff72157f519ca069aa0895d0497b572e99a55725b1c57b898fbbdf35fffca3b150dbade4d4ac68d663bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
bbb4e0439c067489cf54c409cae4bf5b

SHA1
bfc2b7cca4a789c4a043d8fb12e66033b7218bf6

SHA256
75cd7704bb3e47ccbe641de9904ce9381fec9316709ae8b1855525f9c9c93548

SHA512
a690046a71abb98f69c5df902fb2703950d6dbe6a27d88a633da69c901c9b6990cefa379a9c18e8571521d817cb01cbf2603c30b62d15f944a9a244687253f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
86fb3dd070750e5816d1255a26662e5e

SHA1
82ce02d82103079757ae452acc0508cc398bb1de

SHA256
30434467e9595ff751a82abe46e16f5232898a5f505d158aaebc4ce197b1b3fe

SHA512
c297d4a9bd6451035682d35be3990313553962f958af11e4c5e30e4c6bfd0d607b1887ec0e0ae6912f560fd3f9b81c1a53a39383093dc100a6190eec474c8118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580f4d.TMP
Filesize
120B

MD5
d069b231aed3d4d9561aa0b2d5f2571d

SHA1
1107836e0765cbf9110e3a31e8efc5251bf311be

SHA256
2f2ec15cf2fb8d14130737dcdcd5eaee9254dbf97ff53c74870faf5cba68d1ff

SHA512
cd6532e96a16180172a56e12090b0856127236c837a57d6aec8e8e72a249a7c48d1aeb8656d90120a2c7e8a0333fd0c93a052987bb5753011b06f14e97ad5bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
fb9b6c07c30cae6c9f925260ad9605d4

SHA1
14647f8fb55a9cf1b78d301846f34e3113c65e1f

SHA256
ca7dd46991035e278d08bb847ee67b8a1ffda89556cf9e6399ee9285fa0572f8

SHA512
98fe9d8bdff6703a965e7328caade6abb81894ebee2143d9a29f2078ba0bdb221a07b50a6e63e1467e0708ff7baed6208b727ad53f40e4b4fe7a175e3e1cba64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
d9a805affeed00b54b8d4149d1d58ef1

SHA1
7a6c4a942367b431d7b67fbc3bde4c985fffeb58

SHA256
7ed89d2867c424d43f04fafcbc6e53b965969a6e67dc5d6df1a948664e2e927f

SHA512
a7436b598edcd7ee087238709cc0b7ca89c7bb5c9ed20533642d3caf801a97e49af11fcb232d6df59f1b3d252780728048f3cd79ec2423c3cec807abfc7b9f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
8b72db58f09944516a5f90f5ea8b6824

SHA1
6f527100004d151016b6c3b0f535297f2b2c3ff2

SHA256
09d5c51ab327d145faa00fd1f98b0ab1224244cb62c3b34b0ce7835db01fceaa

SHA512
c2d4064a3f8a9d17aac054e62dd4ea62ccd979b545d5a4b4520eb28bc59425100a45d3005476398d517510e5b9f7da3d8f85b74baa8c8911e3e32882babaaefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59427e.TMP
Filesize
83KB

MD5
2daf357b6061b9fcd1c79ab34be8405f

SHA1
6b07225aa9673c4f3d5a33d128076139b658ce14

SHA256
6d34e12b3b2b501c062769c933feaa666349ea5ad9b008f2056e7a168c0f0e84

SHA512
b1bbbbd05e91fc4fa72f4237bf213edba146062d1f26e316cf0f542ed4b260d305069e2b8d02c65ad1ead32ae02946ed0c2f1950d65672cb32a85ec71b0d7195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
0fb5a5a30db02b0ba24fe5d7d6a43a4c

SHA1
1ac55ec8d57c55837da44e63f24069c9aa3945d4

SHA256
84ede0112b942dc39820f48ac3e7baa2e765a4489b163b7ba4aaebf13506065b

SHA512
e4a2094e9a0e4b38a6ccd08058e491eb6a42fba00d1df7d8422e2ea659571150ef72bf44aa2b9f58ce0905f663ddbe807f2e58fdd411ea411b50d40afc3c36f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES232A.tmp
Filesize
1KB

MD5
6abf0c8076b1093ab21126a1c958f78d

SHA1
4f8fd5ab30f4662272471bc7e1e7090e3220fcc7

SHA256
4b8379457aebb53418f25ac52d07ce4865d6da879b2cf50fe2cfe5decbe9bde6

SHA512
0fd911cf58ecac53bd6a6b786ccdde941f5deb1cb45aea3d52d17ace13fe1d6d9e57172aee4878e7d1914d5262816ef0790e1a9f644ec263e5fb764c541048fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll
Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll
Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit
C:\Users\Admin\Downloads\DCRAT.exe
Filesize
24KB

MD5
3a5da452742a6b4015a35ec949f6b77a

SHA1
f19a10d1f11edddeedc4a3f5e6466cb79a26180c

SHA256
8e8401170c47664a67851cd9dd32878edb49ba49acd67f36c894e96745998fd6

SHA512
db5200d5f1bb8c2d4c194f43e9d52d0b09ed85b84b91fbd4c5f2ce3114e146f89a6ccd2ff3f8bd04e5ead0d920ec7c2e6d7fea3eb64dde93304db0dcb298fc6b

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip
Filesize
14.5MB

MD5
92100f76eec604e09dccc3f260100376

SHA1
c6b77d72bda8cc86675d2a4f970455e4616d7701

SHA256
2cf26e5fe9f31386d57170cc51ec46d6e4b73e4760826d65ca1a7afc8c82acc2

SHA512
ede71db1ec3c55f52a64b944ae240d5d94e7b7d28d05f3369d517bed421e732093ca949b7e1ea316b88bb79e74075cd45bdb6e236a304fa5ba0f997c18a4b360

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Database\2024-04-25\2-39-46 PM.log
Filesize
184B

MD5
1aa8078ebfc0bbb39f9538b5be8dcc5c

SHA1
a8bbc42f136dc91a05bf7cb28f0c28e98b862d29

SHA256
e0a5078bcb81607075b2469004ae77e6372be4025f12607a30365090be6132be

SHA512
3f70f53800ef03c0785b5bfe677eacd874b1f37faa7b1195e8379be6c882b0b6bc78e778bd15ecd09bd2731f97b58f40f730f7b037ae4f4ef06f6978e7406409

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\y52lvrp5\y52lvrp5.0.cs
Filesize
21KB

MD5
88840b45135884a8fbf974865099cf53

SHA1
211b11bf0364ea2a3893c85658552a9c5c8cf8dd

SHA256
28fe681d2a5f94bac0bc125b9eb3e3b9ca4d4c775821113eb4a0e143875a663a

SHA512
d136a9171ec2e613bc38bffff2987e1aec2fd88c19b46de1ade5e919a19078179802bc503838939ebc2d869c42a2426f57525ae957d5f85230ec3c3cbbcf370a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\y52lvrp5\y52lvrp5.cmdline
Filesize
286B

MD5
9a6d6c59dd53d35dbc80335e5a5fed86

SHA1
be70ba3c92c95727f5d0182925e7a1178b8365d4

SHA256
b0645610285ff3c4d192cb54d4ccf06cc002fc57880c0902943b33e7cb678d1b

SHA512
c2b69a6b5e6f3cebd53fac4b7a19609a23514fd1aed15425a9a7cb6eec33877cbfe45653050812d5c5bde17ec2795bc85e89eb98d83b9b62ce8b0633b523c692

Download Submit
\??\c:\Users\Admin\Downloads\CSC2329.tmp
Filesize
636B

MD5
ddc84013ba7ccdee6db31b70d03320e8

SHA1
a85139f13b9c4bc2876e7f4e84255b4bfd1c8981

SHA256
1c5f1e0d17fe5f04fb798259f13011130b2a449276865bb04a3bf6301b67e11d

SHA512
a8a26b8922ef6210fc562bae6dbf883f956c2b83b3b8b96a2723a4a6be14198b5d37290483b83d08e94a35233a60ef361943bbd2c9712affcb2f81d604c8c6b3

Download Submit
\??\pipe\crashpad_1520_RMAFKBXYNFQAAEPW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/892-868-0x000001D92C7A0000-0x000001D92C953000-memory.dmp

Filesize
1.7MB

Download
memory/892-882-0x000001D913A20000-0x000001D913A30000-memory.dmp

Filesize
64KB

Download
memory/892-856-0x00007FFDABB30000-0x00007FFDAC5F2000-memory.dmp

Filesize
10.8MB

Download
memory/892-858-0x000001D913A20000-0x000001D913A30000-memory.dmp

Filesize
64KB

Download
memory/892-1196-0x000001D92C7A0000-0x000001D92C953000-memory.dmp

Filesize
1.7MB

Download
memory/892-885-0x000001D913A20000-0x000001D913A30000-memory.dmp

Filesize
64KB

Download
memory/892-866-0x000001D92D2D0000-0x000001D92D2E6000-memory.dmp

Filesize
88KB

Download
memory/892-867-0x000001D913A20000-0x000001D913A30000-memory.dmp

Filesize
64KB

Download
memory/892-857-0x000001D911000000-0x000001D911DB2000-memory.dmp

Filesize
13.7MB

Download
memory/892-893-0x000001D92C7A0000-0x000001D92C953000-memory.dmp

Filesize
1.7MB

Download
memory/892-892-0x000001D92C7A0000-0x000001D92C953000-memory.dmp

Filesize
1.7MB

Download
memory/892-879-0x00007FFDABB30000-0x00007FFDAC5F2000-memory.dmp

Filesize
10.8MB

Download
memory/892-881-0x000001D92C7A0000-0x000001D92C953000-memory.dmp

Filesize
1.7MB

Download
memory/892-889-0x000001D92C7A0000-0x000001D92C953000-memory.dmp

Filesize
1.7MB

Download
memory/892-883-0x000001D913A20000-0x000001D913A30000-memory.dmp

Filesize
64KB

Download
memory/892-884-0x000001D92C7A0000-0x000001D92C953000-memory.dmp

Filesize
1.7MB

Download
memory/1480-841-0x0000000002510000-0x0000000002520000-memory.dmp

Filesize
64KB

Download
memory/1728-850-0x00007FFDAB930000-0x00007FFDAC3F2000-memory.dmp

Filesize
10.8MB

Download
memory/1728-832-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/1728-830-0x0000000000520000-0x000000000053E000-memory.dmp

Filesize
120KB

Download
memory/1728-831-0x00007FFDAB930000-0x00007FFDAC3F2000-memory.dmp

Filesize
10.8MB

Download
memory/1728-833-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/1728-834-0x00007FFDAB930000-0x00007FFDAC3F2000-memory.dmp

Filesize
10.8MB

Download
memory/1728-835-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/4836-864-0x0000000001540000-0x0000000001550000-memory.dmp

Filesize
64KB

Download
memory/4836-855-0x0000000075310000-0x00000000758C1000-memory.dmp

Filesize
5.7MB

Download
memory/4836-853-0x0000000075310000-0x00000000758C1000-memory.dmp

Filesize
5.7MB

Download
memory/4836-888-0x0000000001540000-0x0000000001550000-memory.dmp

Filesize
64KB

Download
memory/4836-869-0x0000000001540000-0x0000000001550000-memory.dmp

Filesize
64KB

Download
memory/4836-854-0x0000000001540000-0x0000000001550000-memory.dmp

Filesize
64KB

Download
memory/4836-863-0x0000000075310000-0x00000000758C1000-memory.dmp

Filesize
5.7MB

Download