revengerat | af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Analysis

max time kernel
1821s
max time network
1831s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 17:41

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-25T18:12:21Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_7-dirty.qcow2\"}"

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

127.0.0.1:333

Mutex

1e76ad7da99

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Executes dropped EXE 1 IoCs

Processes:

Client.exe

pid process

3544 Client.exe
Loads dropped DLL 3 IoCs

Processes:

advbattoexeconverter.exe

pid process

1068 advbattoexeconverter.exe
1068 advbattoexeconverter.exe
1068 advbattoexeconverter.exe

pid	process
3544	Client.exe

pid	process
1068	advbattoexeconverter.exe
1068	advbattoexeconverter.exe
1068	advbattoexeconverter.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

Processes:

flow	ioc
11	raw.githubusercontent.com
34	camo.githubusercontent.com
35	camo.githubusercontent.com
36	camo.githubusercontent.com
37	camo.githubusercontent.com
209	discord.com
210	discord.com
10	camo.githubusercontent.com
44	raw.githubusercontent.com
208	discord.com

Drops file in System32 directory 64 IoCs

Processes:

Client.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\sysprtj.sep	Client.exe
File opened for modification	C:\Windows\SysWOW64\bopomofo.uce	Client.exe
File opened for modification	C:\Windows\SysWOW64\chs_singlechar_pinyin.dat	Client.exe
File opened for modification	C:\Windows\SysWOW64\EventViewer_EventDetails.xsl	Client.exe
File opened for modification	C:\Windows\SysWOW64\lusrmgr.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\NdfEventView.xml	Client.exe
File opened for modification	C:\Windows\SysWOW64\fsmgmt.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png	Client.exe
File opened for modification	C:\Windows\SysWOW64\typelib.dll	Client.exe
File opened for modification	C:\Windows\SysWOW64\WsmTxt.xsl	Client.exe
File opened for modification	C:\Windows\SysWOW64\azman.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\diskmgmt.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\dssec.dat	Client.exe
File opened for modification	C:\Windows\SysWOW64\l_intl.nls	Client.exe
File opened for modification	C:\Windows\SysWOW64\perfmon.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\AppxProvisioning.xml	Client.exe
File opened for modification	C:\Windows\SysWOW64\comexp.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\MixedRealityRuntime.json	Client.exe
File opened for modification	C:\Windows\SysWOW64\RestartManagerUninstall.mof	Client.exe
File opened for modification	C:\Windows\SysWOW64\eventvwr.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\lcptr.tbl	Client.exe
File opened for modification	C:\Windows\SysWOW64\tpm.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\WwanFeatureTests.xml	Client.exe
File opened for modification	C:\Windows\SysWOW64\ole2disp.dll	Client.exe
File opened for modification	C:\Windows\SysWOW64\storage.dll	Client.exe
File opened for modification	C:\Windows\SysWOW64\wsmanconfig_schema.xml	Client.exe
File opened for modification	C:\Windows\SysWOW64\certmgr.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\devmgmt.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\license.rtf	Client.exe
File opened for modification	C:\Windows\SysWOW64\mmc.exe.config	Client.exe
File opened for modification	C:\Windows\SysWOW64\odbcconf.rsp	Client.exe
File opened for modification	C:\Windows\SysWOW64\@AppHelpToast.png	Client.exe
File opened for modification	C:\Windows\SysWOW64\mlang.dat	Client.exe
File opened for modification	C:\Windows\SysWOW64\taskschd.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\DefaultAccountTile.png	Client.exe
File opened for modification	C:\Windows\SysWOW64\lcphrase.tbl	Client.exe
File opened for modification	C:\Windows\SysWOW64\ole2.dll	Client.exe
File opened for modification	C:\Windows\SysWOW64\pcl.sep	Client.exe
File opened for modification	C:\Windows\SysWOW64\NOISE.DAT	Client.exe
File opened for modification	C:\Windows\SysWOW64\slmgr.vbs	Client.exe
File opened for modification	C:\Windows\SysWOW64\UevCustomActionTypes.tlb	Client.exe
File opened for modification	C:\Windows\SysWOW64\12520437.cpx	Client.exe
File opened for modification	C:\Windows\SysWOW64\12520850.cpx	Client.exe
File opened for modification	C:\Windows\SysWOW64\certlm.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\gb2312.uce	Client.exe
File opened for modification	C:\Windows\SysWOW64\korean.uce	Client.exe
File opened for modification	C:\Windows\SysWOW64\services.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\sysprint.sep	Client.exe
File opened for modification	C:\Windows\SysWOW64\xwizard.dtd	Client.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	Client.exe
File opened for modification	C:\Windows\SysWOW64\@EnrollmentToastIcon.png	Client.exe
File opened for modification	C:\Windows\SysWOW64\boot.sdi	Client.exe
File opened for modification	C:\Windows\SysWOW64\ieuinit.inf	Client.exe
File opened for modification	C:\Windows\SysWOW64\ole2nls.dll	Client.exe
File opened for modification	C:\Windows\SysWOW64\OneDrive.ico	Client.exe
File opened for modification	C:\Windows\SysWOW64\rasctrnm.h	Client.exe
File opened for modification	C:\Windows\SysWOW64\WF.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\winrm.vbs	Client.exe
File opened for modification	C:\Windows\SysWOW64\rsop.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\srms-apr.dat	Client.exe
File opened for modification	C:\Windows\SysWOW64\SubRange.uce	Client.exe
File opened for modification	C:\Windows\SysWOW64\compmgmt.msc	Client.exe
File opened for modification	C:\Windows\SysWOW64\ideograf.uce	Client.exe
File opened for modification	C:\Windows\SysWOW64\kanji_1.uce	Client.exe

Drops file in Program Files directory 1 IoCs

Processes:

advbattoexeconverter.exe

description ioc process

File opened for modification C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini advbattoexeconverter.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

Drops file in Windows directory 64 IoCs

Processes:

Client.exe

description	ioc	process
File opened for modification	C:\Windows\Cursors\size3_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\arrow.svg	Client.exe
File opened for modification	C:\Windows\Cursors\arrow_r.cur	Client.exe
File opened for modification	C:\Windows\Cursors\busy_i.cur	Client.exe
File opened for modification	C:\Windows\Cursors\move_i.cur	Client.exe
File opened for modification	C:\Windows\Cursors\nwse.svg	Client.exe
File opened for modification	C:\Windows\Cursors\person_rl.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_link_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\up_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\wait.svg	Client.exe
File opened for modification	C:\Windows\Cursors\aero_link_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\arrow_m.cur	Client.exe
File opened for modification	C:\Windows\Cursors\no_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\no_rm.cur	Client.exe
File opened for modification	C:\Windows\Professional.xml	Client.exe
File opened for modification	C:\Windows\Cursors\aero_arrow_xl.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_nesw_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_nwse_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\ew.svg	Client.exe
File opened for modification	C:\Windows\Cursors\aero_helpsel.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_helpsel_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\help_rm.cur	Client.exe
File opened for modification	C:\Windows\Cursors\up_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_busy_xl.ani	Client.exe
File opened for modification	C:\Windows\Cursors\aero_person.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_working.ani	Client.exe
File opened for modification	C:\Windows\Cursors\aero_working_xl.ani	Client.exe
File opened for modification	C:\Windows\Cursors\pen.svg	Client.exe
File opened for modification	C:\Windows\Cursors\person_im.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_working_l.ani	Client.exe
File opened for modification	C:\Windows\Cursors\busy_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\busy_m.cur	Client.exe
File opened for modification	C:\Windows\Cursors\lns.cur	Client.exe
File opened for modification	C:\Windows\bootstat.dat	Client.exe
File opened for modification	C:\Windows\Cursors\aero_arrow_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\beam_r.cur	Client.exe
File opened for modification	C:\Windows\Cursors\size4_rl.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_pin_xl.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_unavail.cur	Client.exe
File opened for modification	C:\Windows\Cursors\wait_i.cur	Client.exe
File opened for modification	C:\Windows\Cursors\wait_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\beam_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\cross_m.cur	Client.exe
File opened for modification	C:\Windows\Cursors\help_im.cur	Client.exe
File opened for modification	C:\Windows\Cursors\up.svg	Client.exe
File opened for modification	C:\Windows\DtcInstall.log	Client.exe
File opened for modification	C:\Windows\Cursors\move_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\size4_im.cur	Client.exe
File opened for modification	C:\Windows\Cursors\up_i.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_ew_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_link_im.cur	Client.exe
File opened for modification	C:\Windows\Cursors\cross_il.cur	Client.exe
File opened for modification	C:\Windows\Cursors\ns.svg	Client.exe
File opened for modification	C:\Windows\Cursors\pen_m.cur	Client.exe
File opened for modification	C:\Windows\Cursors\size4_i.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_ew.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_link.cur	Client.exe
File opened for modification	C:\Windows\Cursors\aero_pin_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\size4_rm.cur	Client.exe
File opened for modification	C:\Windows\Setup\State\State.ini	Client.exe
File opened for modification	C:\Windows\Cursors\beam_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\pen_l.cur	Client.exe
File opened for modification	C:\Windows\Cursors\pen_rm.cur	Client.exe
File opened for modification	C:\Windows\Cursors\person_i.cur	Client.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Client.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	Client.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Client.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

2264 taskkill.exe
3180 taskkill.exe
1652 taskkill.exe

pid	process
2264	taskkill.exe
3180	taskkill.exe
1652	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585405281210441"	chrome.exe

Modifies registry class 34 IoCs

Processes:

Builder.exemsedge.exeClient.exeOpenWith.exechrome.exechrome.exeOpenWith.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Builder.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3263309122-2820180308-3568046652-1000\{91563C78-DB12-46C3-9E2D-FA0AE0348FF5}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	Builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	Client.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3263309122-2820180308-3568046652-1000\{0329B38D-6010-441F-B9D9-72E601C4E081}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Builder.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT (1).zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
768	chrome.exe
768	chrome.exe
3436	chrome.exe
3436	chrome.exe
2824	msedge.exe
2824	msedge.exe
4892	msedge.exe
4892	msedge.exe
4788	msedge.exe
4788	msedge.exe
1780	identity_helper.exe
1780	identity_helper.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

Revenge-RAT v0.3.exeRevenge-RAT v0.3.exeClient.exe

pid process

3384 Revenge-RAT v0.3.exe
3120 Revenge-RAT v0.3.exe
3544 Client.exe

pid	process
3384	Revenge-RAT v0.3.exe
3120	Revenge-RAT v0.3.exe
3544	Client.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

Processes:

chrome.exemsedge.exe

pid	process
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exeRevenge-RAT v0.3.exemsedge.exe

pid	process
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
3384	Revenge-RAT v0.3.exe
3384	Revenge-RAT v0.3.exe
3120	Revenge-RAT v0.3.exe
3120	Revenge-RAT v0.3.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exeRevenge-RAT v0.3.exemsedge.exe

pid	process
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
3384	Revenge-RAT v0.3.exe
3384	Revenge-RAT v0.3.exe
3120	Revenge-RAT v0.3.exe
3120	Revenge-RAT v0.3.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Builder.exeOpenWith.exeOpenWith.exe

pid process

2948 Builder.exe
3300 OpenWith.exe
1032 OpenWith.exe

pid	process
2948	Builder.exe
3300	OpenWith.exe
1032	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 768 wrote to memory of 3332	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 3332	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 2832	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 3404	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 3404	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe
PID 768 wrote to memory of 1892	768	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffbd3fcab58,0x7ffbd3fcab68,0x7ffbd3fcab78
2⤵
PID:3332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:2
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff70cdfae48,0x7ff70cdfae58,0x7ff70cdfae68
3⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4356 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4672 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1168 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5376 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:3500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5412 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5412 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5632 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5328 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5876 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5992 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6000 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4956 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6104 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5720 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
- Modifies registry class
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4900 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5220 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5308 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=1052 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5716 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5144 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5512 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3172 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5320 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6188 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5600 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4200 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4288 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4284 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1052 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5448 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3172 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=4696 --field-trial-handle=1796,i,16246397292596145352,8382245959883246204,131072 /prefetch:1
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4756

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x25vrro4\x25vrro4.cmdline"
2⤵
PID:2624

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCCD2.tmp" "c:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\CSCCCD1.tmp"
3⤵
PID:3100

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Client.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Client.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3544

C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
2⤵
PID:3108

C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\vcredist2010_x86.log.html
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbd0503cb8,0x7ffbd0503cc8,0x7ffbd0503cd8
3⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
3⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
3⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
3⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
3⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
3⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
3⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
3⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
3⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4812 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
3⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
3⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4892 /prefetch:8
3⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5740 /prefetch:8
3⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
3⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
3⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
3⤵
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
3⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
3⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
3⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
3⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
3⤵
PID:688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
3⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
3⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
3⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
3⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
3⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
3⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
3⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
3⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6663591352903113330,7467785579100475803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
3⤵
PID:2060

C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
2⤵
PID:2484

C:\Windows\SysWOW64\cmd.exe
cmd.exe
3⤵
PID:1004

C:\Windows\SysWOW64\cmd.exe
cmd.exe
3⤵
PID:2056

C:\Windows\SysWOW64\notepad.exe
notepad
3⤵
PID:4836

C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
2⤵
PID:1284

C:\Windows\SysWOW64\taskkill.exe
taskkill /IM svchost.exe
3⤵
- Kills process with taskkill
PID:2264

C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM executablename
3⤵
- Kills process with taskkill
PID:3180

C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM svchost.exe
3⤵
- Kills process with taskkill
PID:1652

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3384

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Theme Compiler.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Theme Compiler.exe"
1⤵
PID:1668

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Plugin Compiler.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Plugin Compiler.exe"
1⤵
PID:1848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
PID:2516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3436

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2d26afbfc5ee42318f6f54c56e7113db /t 2084 /p 3384
1⤵
PID:3592

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3120

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
324KB

MD5
9482f666a82f6de0e484edb1de3bd74c

SHA1
66e8c42f5075bd82db12331a8a08db67d721b6a5

SHA256
9d195917ae00174c3d933bb5ccf516e605ffc1bc54c9cd003f61ae4402d6ef78

SHA512
460cbf73e59c279249d77206891da742a39927b66d37ff086fb6bdde04f271bf04f769b93c89f6bc8bc13978e5c39551d47bf410a55afcf0ddd022728bcda1a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
138KB

MD5
583b2258fc701b198426d0db23906049

SHA1
5c56c9384c7a1979aee0e37aa1ff9e009925bb43

SHA256
ca67c473c710643baf624d49909c09e9c8d5160d68ae0580ba0789d3a4804260

SHA512
afb7a8da0a49b09e462a1287e5a14e98f037705c101fc5dc4bc6d4bf0a488ac48105779922badb57ff63da89dd7ddcf7d7eaa2c885abc6159105f00a0b8d0921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
250KB

MD5
53adb15d1e7bedfd9d97c8995a5180e2

SHA1
7c1ad369d58d77b28ab6c21d28a71bd61c998ff9

SHA256
9834ab572c255a3b9bf15c75063afc471e1e58df306d135c530c85048b7ce9e3

SHA512
55722a6a81ecccac0a84d640c6a0b4061c8cc04d6159fbb04ba6739b818415d6422b69aba8e9360075d7fc4108768877e566fccd56623199ad6d5a9494ad9c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
170KB

MD5
706f81b996b25597708a2f311ab6ca47

SHA1
5de3a4ce0892142f31300378d4c20a689d5607f4

SHA256
66a2ea90cb0dcf684b6e74168d53970a2b8c034758c8959da5c756c7f49a361d

SHA512
ccd35b1f8b03b192cafb70a95f752f675c55ff0e891560bf37c767d7665408573246a14d752d11af4ec522e38818c5ede4daae1b2b916ad1e9c6e2452c115508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
213KB

MD5
2dd35ee0db0380eae43132add10e858e

SHA1
ff7f73cffd97bbb47de34d6429de5f1f0330873d

SHA256
003d72a5ec8e81a3d8a05900b932a05e750df577eb0077a37d67f76e0452511e

SHA512
e03b607cb9f0911eb1fe28b912360619dc4fe84a740c0683acc621ff66e550821bc37be036c589094f5679da04d776951052d4d3bd60f3b4bb9343bec983f60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
41KB

MD5
afda7e3222a5ec7053e1592254e954f5

SHA1
cc7e785fbaee5d7eda52dc59efda35edd9d4ec0f

SHA256
56f75ffe62b1fb3165ca86214951efae98561afbf157356ae97047915d6c892b

SHA512
02b753b6d563855fc373b38a412b712b854f99bccf1af0e7f633f7c97e9a3135b8522e08083197fe2bffa3b74b109486e2409da634546f31a5c8047f3b03aab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
14.5MB

MD5
92100f76eec604e09dccc3f260100376

SHA1
c6b77d72bda8cc86675d2a4f970455e4616d7701

SHA256
2cf26e5fe9f31386d57170cc51ec46d6e4b73e4760826d65ca1a7afc8c82acc2

SHA512
ede71db1ec3c55f52a64b944ae240d5d94e7b7d28d05f3369d517bed421e732093ca949b7e1ea316b88bb79e74075cd45bdb6e236a304fa5ba0f997c18a4b360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1417bac8dcc89056_0
Filesize
347B

MD5
eb7e524a45a937fb0c606e4f465ebe67

SHA1
73c862d21ed9f4e9d0ad38dd7eb6f757c577df80

SHA256
418b733fe336369b9d87449f597d6c8b37d97eaf25bd3251166f381eb46e1c94

SHA512
a5d10c237b736eb59ce48f67ba459a0439308386cc0e6c56ff6114f0cac0f94619a1074fd6b6e3ecf67449dd2eec15272f82abdc5cbec8c9657c0467a40735c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\87635055299f1b12_0
Filesize
228KB

MD5
b2ea171421256a8de2f64d0f3aa02fb8

SHA1
94b3a87257e6ef3c57cafa2f7f9a6957ee7be54b

SHA256
3028ea86a429f2098eced6f6c4e55a79a1c1fc6acffa6f9dc44d54f8bf480c34

SHA512
fc087b24ef48fbbdb8f7787faac3f16d6d11c24ab4692dbcb2e76d9020918519646dc384b413a13f1683e2be668c0cba1661e5fe4332b1713418da6f4a575353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
5KB

MD5
9984bcc33e594acf39319f7b292bcc64

SHA1
81d26e2105911711a118267ba949ac22463218e8

SHA256
033993f0e50ccdef9f99056c98f913dc9bed6f9e4adcf0023d1f7a369e47a7a1

SHA512
082c268aff2d8dd17c6e65ab5c6c54800e2fc6a61772db1e2e653297b213b219fb866b94aca2eb68a5f97e6fecb22b13b231084fcd246bd181010bc683d54441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2c1dca23609af84afdfdb75563d3ff43

SHA1
c572b71b5038f80a9ff2669fa06a161cb19e2208

SHA256
0c6b58accb238af09b8c40e08d4fc4089762b2d496704709d6c876c2236fbf90

SHA512
26c94e89b9635c1ff0a8d86a01da5f1da7446898de90cfb5fdd3ada0c4446060f180e01929824616db70bdf3be5f3aaac66f6c79a7283b69d01d6cc803e3611a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
fd27af61ee086b3ab6db6e23e48e6e28

SHA1
dc4aa70d2b7816cee1ddbab23c00d0c732cb4521

SHA256
931e8a6671754489d1b3730051c23d06bdbab745432ba73e5f3d73e8d308a388

SHA512
523f44b83ad75ee77df4f3453d66f05538e684edaee6a6139c873ecc2745fdbaac4f242b20adeb7bfdfc577e1978d941adb4dab762ad7107e486e6c17f48fe2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
19381099fbd51794715402420405a9d9

SHA1
29f19426decd53671bcde33fdcc0390862095505

SHA256
4cc4802a8f2cdc567e445144d48d87b955aa2e8bdd00eedfb56f9e794b02faba

SHA512
3f50a81d6a69a731dd055bfdf634fc4f4106bc682dde80a49306c4e0b06a18ccf133f2280c543173417bbbbdf25558c4e7e34985e73b4ba772774cd4b95ddd33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
496807b2ac8d4f102d459a397b49af02

SHA1
08aba92758884a073aa3991ea0977a57d840d933

SHA256
9359f550a43ebbf7f7be7e8e503096aff61338e11cda2f1490c49b182944735e

SHA512
a8eaa08fa4f38a4cc7aef15d413a4d0c7ee7ef0b65d822642f446993a126a97d933fbe5d7b109abd97082642a6b2b2020e06286d4adcdea174e2222eeb8d51f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
bb941750ab483b11133c78c5f13a4898

SHA1
20c1018b9bfa21fc9b28b17ad0a9f5eb27944a4c

SHA256
318aa32ea3762a26d8067d2af4151506401537bce6633ee58f00c80a5f02b5aa

SHA512
ff7cd7fdcf7133f7bc9fe7b52d43c3a5188538214a43d1e6cbbfc3e918dce5ce2707622d758b67011b708da0b124134b15d8adc92aa34747dd2a09da9c353d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
c26b9d995a9481aa7153c283404a14bd

SHA1
0f731f02f66d0a1e7aa90eaf73b66c3b5db416ad

SHA256
817ab055db09752a7ca26d1ab2dab1f858baa09640853a38f8879dd9b4907b7c

SHA512
364b5797170fb5748d21c8dfaee0d8c9567ed6f4e786669ebb0780d7c359dfbfd85d0a581df7f10f88f1120b49da3fee80a2804e1872cd210bef1875d608de30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
d3001bc7d20d08ee8c0e11ad25ae28f3

SHA1
efae87805491214db8f82c6a89761064fd5fae78

SHA256
e16d4df39b03f7096a1fd99a2e58e92a02848f2b7a9ee5e886ea2b2a19a308ab

SHA512
4a794690b3fe5256606c0f7661428328131b08282abe5d2090f32651d21783d18db4cc026ac294d503707fc75574c3e6b7656abd76bb69d50fe0e7673b6b792d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
569b0151b42320be5291c379d8000e26

SHA1
524ce0f8c2a377ce098fc722a278fefffba231c2

SHA256
df6abfca1f9f68641e01448c9600a8cc4c618325eaa9e447c4f3f9c4c9a36392

SHA512
c285c04255a2825acfda567f619cf59a8440492a3098b9983cb2e521782cbdb421f7e69bc34e94a5fe04b64b89b66e6f9b6e24243368ba674f841d71e23b24b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
43dcfb060445dc285abdc821ff3e5419

SHA1
ac55a48fe0c8555efe4cf9c95415e01ad1061a4f

SHA256
a9fe083130671c1f55adc7b6c6cab646421dff83c551060415a73932d5b4f7b5

SHA512
2cd6a96091e66727bde84e1de966040acc23d498b70344cb56e4203d2f9b46f76e17213e8f16d16caf624f4b8c38d513f582203f63409adbb8b1070bd97efb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
178f4b8e0aef4927d6982e1f63a9c91e

SHA1
a737b202dc44baa70615bbb5d3a23a18d074d256

SHA256
be5685a9e69092bcdb036df656f790d1fc226346bf1d5388043df1a80c195fb2

SHA512
5f7b0fa1f41f33b815f73bb7fce5065f9a29ad23a90a2f751fd02b1968d0fb5146105ca73a9280dabf15f281e50a69724adeffb4504545c87d1b68fbdb30deab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
8ab4f2ed148aa265b20a0997d1557943

SHA1
8cb86084e443042962e2c9e5a2c7f389b190bd4a

SHA256
0423ec5ca79e97e80ff89797a56d4a4e61e074117f7097718e8fcb56c10cd65e

SHA512
a64f78715bb9af50f7176f39f5850c6c079db7e61c6ac850b375301a1ba07cd30c3414de5e1c158ccce35235165384e5a86528ccfad4fe9844d57ef1562a2d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a15e48ac0307f6afef6ec2e135f1d7df

SHA1
d89335848510f152c5a5dcafb6dcbf278684ab8f

SHA256
5cda4dd53df54ee03abf4f8e0545b5ada55f2de46e5b92104a9611710e7d8adc

SHA512
a5684238cd2628a1c9fa9f82971d102656e8346086014887a021a81d443dd0f9a7247ce9b204ea4c546f9a77ced1b58d0d0c4e870562f6f605cc2d42a9725814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
88f7419fda5720ee0e3802ea89a1d515

SHA1
d3c5a8027a491cf913ea21cdd3f9b98202a06e97

SHA256
e9face54fb4134a438e9256fcce4986c5f382d2491159562cbcff214c31bf9f2

SHA512
f5be794af0225b3fa42d9a2c48cce89592f31443937b4c954cadec34e8c64e59817e3410bda94f06d90b825acf86533657133a953e8a092390aa81dbf44d33af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2657068bca06b6987ddfa5971c40aa6c

SHA1
ab2dc557ad8de19d9b159c638382daa906f53cde

SHA256
e48e9a085b6b5a7667b2b5535de40560cfc05c0cb567b533c32e27c9b177939e

SHA512
33c65c74d39880d5fe71d9bcb7e0f2a730bf48bb623d1bbb2bec0cf788fdcd9218466a0eb2812dd99a8fbd37981e23f83b015e9ad70a325107da9f8880f864b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
380d7ed49ad2a7243e1751dc522f7051

SHA1
c6905c4f36c08aebd2dfbda3819c3843d07fdc40

SHA256
e92106272bdae3ac9726b6d7ea9d0053c4c270fd598d921d25a97738af50374b

SHA512
98216c0c6555df5c638e6e54800313da45461ac0dfe2a28e5af8c94d3e2feda48c4396e7b944699e256a9cdcdd046f7eecba45e42af2ea0f0af3cf1afda44b8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d672800a58a78c4d0f1f3d3fe5aa2906

SHA1
4c45a276701a8fd110589cdbb5e9bfb1ad0b17ae

SHA256
e4e31e1fb4e0ae249a52c9ee068831a8e5ab89723994f42e15bb2ad36ffdcacc

SHA512
5e4e397df3353779a3b9b947fec9e28df846c2c940f6c71d3bce1cd5e6f82574f2ff4d7a38496999f9bf1432b1c54e292c459310c0d675e448c275aadb72c86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
8b983f59f64e6a93a9b80a26f68def76

SHA1
2d93be6a02840a86ee4f9b9064b5a19299732358

SHA256
4a55f7ad4606bf6b891ecdf8c7e49ecbcdbb5c737104740624b112b97ea523c5

SHA512
6b322b1c6121339fcf90ad8a064e0eceaccb07b45d68bb6798b85f9b61a6d5c5155f9e83f2acf60df9b5676ff2e8b99e3fc4a8d6a2e46829fe09359055d7a08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
315b80923b127a1d31c8c01d14923594

SHA1
0bfa039f45a3bc95f76e9b69c5add346f8287538

SHA256
e1f0873d74c42bbed04ba055a7ca8974daad5664eb0df10fcb6cb365d69285fb

SHA512
31ff5d39a7696609f81a56b7c562b3047ef2bcb63aaa77fe139a2a4f34bc919eebb7dd41963c4796bbaae4ff9089895e4c654da6a947a3342adff7d705993c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
684fa6dc7d40461cb32513e270ec3f58

SHA1
b5e916595759000d4a8e1a65a93aec9241ed0f53

SHA256
a997cc50f44b65c47950f7977d33346f40150157db30acbc77d764c5f44be690

SHA512
acbad96a35f766e5a2410dd4704737a4672c3fa138e090b61dba5976b64e69c0b1a0d9dd787943e7f070c14383d5493dd72d4141ff299ee78399de2c3639f771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f1978d64f5204ec9a01eba5afc15412a

SHA1
29ba042ba8cc335f0379d1c1a3ff4f26deb1164a

SHA256
881d1ecefb92ac73f2b1733967f4890a792138a4d616059582c13948ce00a19d

SHA512
04fe6c8cde11eca12f3f3950f2819295a3ac1c3761fb6c67519663dc18fe2f2b4a78873d0a1b8ee1c44e63b7afd5e9ee45ce60c84aa0f5474244a400488cab21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f06f45289a5baf1d7b974456a4dafc45

SHA1
60e63cdbcbfe73eb16da43c1122bf13cf9b9cdaf

SHA256
d4e3220d00c76915ccc6fa670293d00039dcd3701f2b14691c612265f89b3450

SHA512
c48b01b7990f68523481c79f65301e0cf4691e27789369566b9d51e4388e80e20a94a4b4549a62dde5279f7f05c782800bceb937135350d99cb8578dd15057d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
94cd688c216ed0b848fd46e49a21a4e8

SHA1
756e7799501d7ba117a36b4472a734b933924278

SHA256
da88e2fe3b1e51cf2232f56eb6090734afdc7bfba064f639bc532ee4db41a40c

SHA512
e035906942bc02d884835b32575afebcb886e5af70e2722d628982d30d4b25665b575378b34c4d93e213f518f3cf5d0d296918973eadb775f6c7a764dd75b7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
f62e2a9824131fd60750ac59523a9c67

SHA1
a398126711505dcc635e75f37c60bb694e0f3041

SHA256
b8a5f1c7e9e8678f89c9fb4ef5d9036c145d4fcd526d7d03248edef22596462f

SHA512
64cbe5f2e81660a1ea29b38cd0a41246d49116d18eeea12b10ce58a3ae2f0095848e1682a19a1910afcff6f997a6ecb0d3ede4c14c919281b6a6b695b99a655f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
5883bfa732a43001e458970b4eafbe0f

SHA1
e1774181c77175bf2e54e1ddb3c3a2538a7bf6bb

SHA256
a3f29b43cb09be0c350e5003ed71bd6f93fb1bf891a5b92eab0819a48222df57

SHA512
d18328087fdc34204c45f516892bfd8f3bec725678479b3c13e3b8be15da4be3f2135124d96a78b204c5ad316491ef37dd0f20545302745579ca8cc3ea91b902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
05a05a31e96b7dc5d318dfb66997a61c

SHA1
c07cd4daad09ad6913d5bffd81e1760b03dac0df

SHA256
81ef9ad8fcc1ab35a960e4d230c56f4ee784317e7bea6c86566358870c254cf4

SHA512
b65c4ae05c40b41cfdcf91239c6c0fba8c56eea72b630eb16678ee81369ec341c2942e6656d88d9bed1cf72d5d51e9d7ece9a79bb303970fd85fa6017157be2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
0e9bb333d520ac5057dc5952c2c78150

SHA1
dcfe78ce9dbe9514a848b92fad8c45d9360ea4e0

SHA256
5b4169bd2ec4c07da6b6a11ec0290a35e7e4edf690b6905e68c4df31c51538dc

SHA512
f187c10f058e1102518e21e028dae41cb64a2d6d7e54713a54c1717243b52a7f1ce6bea28e79a0c3d8380d46647a6be20ddc72eb16af9ffef60557dc6338a4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1a2e717b2c4ff454580b7f56a59a244d

SHA1
28c976cc659b1a1987dcc370c91eb9a26f549f82

SHA256
6eb8f2be7ab564651d3c7ab89092f0a638a4b40c39d194226f7b3ed3f390fab0

SHA512
bf870d81e146fa6db8fd8f290e7ab2a5bec338fb718dd3737a26a2a08dc2889bb0b29e9946cfb68cf3f651622ad6346fc046dac4488c83431abb77aa360f39b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0453d4e0ebdc3ec17775deaf8f544973

SHA1
2d5f6e8b46e265ce919dfad4dbee836b2d2bfe6a

SHA256
24989ebe2a88996d20901b58a5b9c87ee9652ba2f4e47b812d0de04c209e876f

SHA512
83831c7e814146da27761e4c50e6a82cfe44ee24d7a978563df7bae492dd1d7a8d7cf91aade8903dea133dc76df243a379d2470f0ed4d8ef78cfd6afec206573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
4a6e9122f5401164090e890a5a277372

SHA1
20ac97cf8cf240d18f5591ee41cec1d16bcca9c2

SHA256
5a20463dd13edeaadda0a1e2d69eb310f9416c7994769e7f501d853d831ec8e7

SHA512
05f64556bf5eaa1d766ccefd95c0d6846a97572f81dad52b27e58b1ef75d9a7049661c96e3ab526f2baed1c69a9fc4d2e9d931f3e449e3d25ded47b620bd3559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
39a18869498c2e2b2fe3af8850769ceb

SHA1
78f2236e85a1405628be07e2aa945d1e1c917167

SHA256
6bbdbd5d7c61c31dc7cddfc01d045cafaf315cfcecc5f8af0aa031ed1705b2db

SHA512
69944387f7961063246890db823d7dba1ca4f6e20174bda2094b3bb6b576798ed6dd8c16195dae6c86542c303317e3ac3055d7730f28799f2445d1ce388ffc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
77b6c89a2986c94ef5895b97ff72b74e

SHA1
70fa2a92c735a65181b9b7ec4efff6c3115c29fe

SHA256
b4da296ae066bcd04fd8abcb8868fe025d885eb3c27dd1d8f23d97e80f4d6657

SHA512
11035388b4faa892190c0c3a22d95cfc5f5b4c48768b86db0a5bbe1f638f1ae55305fb901e4ed48356049b61deb86ee827c6620b266ec035b74aba1c40ba29bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
85992db04b7b6cc05681546dcd8ca8eb

SHA1
272b6c183656a55d05851b17302ccea7d259ec99

SHA256
614d95bc34b0f9a7a0dc5cc69eddce4d4b70dc6eabf81f1055d4e794cbf6a4eb

SHA512
061b0e2fec0238b0096af72794d72921c996499aa5f9654a9e8c096da5766d839552388bbf51966733bae33d865dba8d15b20952193d70f0237d65c80bcb6131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
ba6bda7f52ad41028dd70025292487cd

SHA1
613880502b77165fa8e01f83c32a7e8bb8915808

SHA256
bfe7b7b7ab9deeb8c4caf2edaf292b1eff0b4c68ebcae047bf9e13c2d0473a7e

SHA512
adf94d22827fe5c53c31d2248e4dbee29fb7c8e17bc649acb18fc2e18ae8976735e9ff31acf658e45e062f3d14a0b099161c19276877bf1e35d4a61e4d118af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
deec3364cf53642cbd083ca82005bd50

SHA1
7eef65a95ab7c02a264aff68ef2b555966477a83

SHA256
e22b5e96a37293269f6ef554f90b2c7b3591cc1949b8138eb7cf38751d0ae237

SHA512
18e46835a0e9776257a89b403b9d85f459abef326e7fe05df05b457ac4b11ba81a386cf8d9c2ab8a962e4caafe17689b47ee496fe86de76a23152c6027b8770b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
bc8f791e23ca998fa6258c43f2308b3a

SHA1
cc3db49ef26faf4e9a66568c90e0f62f8abe6f8a

SHA256
192c5cfce4bd14a8883fab36b5ae6265877473b53122932bbe094bb59f85caa5

SHA512
9e72059612223c428d0c1ca1357a612ab51bf53142f5ed9e06c01fab02a09db1fb9a8a925ca87c91d13d5e3dc6da990bab28654df72359159986cf57b5a7dc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
69deaf99e993b23d5b926a14430d18b7

SHA1
ef40ce0a7398861f683649a7e7294ff5ef7f4aa2

SHA256
14692a0b138042624df14853d806d26800cb9e9898f336a1220cf2f07d68c7a4

SHA512
a9c56430288ce969da9652d74a5580bac0dd23b319106d2068a497e5c8709820b038b52584e355c4ab342cd02dbe92095385e11557c4f4d88ae0b8c348f626c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0e7ae73b1212fd7946bd52a317c2d23e

SHA1
b63868999ab6a58549d8b65bd23d94324140b2a8

SHA256
cca7b571f8d7de8e10db16c7754b2a76752b7968e8ad686ffa3e424f060ec619

SHA512
40d07bec4ceb306f5b3c2d9161218d6ae6b84512bed77d5dca0316b11900c09fc9f92f6d2948547859cb604549951e9d8e1d48e51828611569a95934aaea63ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
92b14d826fac2f1064abace3795a184d

SHA1
540cc5fee240f985f715b9066dc90ca8766f859d

SHA256
c375f5de51b382111b47bb8a0d06c533317f0c4a1658bbc0380abd8fba797310

SHA512
7628ed5556d29ca4cee7d1e6cc873930e90312de55a1608ff0f500f3dd453807fcc8cb337ac8ad03b3f55baf24ca355cdbdb9a646c1f96810db74569f9c1105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
b7ccab7e729ab75dbe006652066628c5

SHA1
ffe9ec12da7f510453e086c3988bbdd6ad4bd258

SHA256
ce4833e9f0e0d31dd55d8a637e33cb3cce3a0e1c72ed0d5473bea86879512d0b

SHA512
8132a9757470d6843512a23eacb5ec2c0b36c36e86cd6f61ef28ba249c0386d5ba43a5989dd63a98282cb58fbb6f7af04056f8a4f8babc4322436a676c0ac5f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6c9dcae3693b7d704f333569419d7662

SHA1
c6901aaf02e3fcc42d1ced51a8fff20b6352ea53

SHA256
c17e3e7d8a8a632abcb50d2260017b036fb2307111e7c384967d43b01b39992b

SHA512
8fb3b85304d3e3b03c7f612e19b0e102693f4d093e38614bfe5b19d6aa7d9759b477b78aa4dc440506e5576a0fe898bc4987f38efa3f691f82ef3bec46096179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
4365c67722c489b75ab3c1257d9a72a5

SHA1
c6f0e04232a8c35fa37a0806a2b9da04a0ec7227

SHA256
f420b96399eb544145d1b30b795c2fa3a02f484df8b174662f57b9b3699f2c74

SHA512
0da6fb876fffaf50de3b4280371b003d76b683f2936e7fa20de05d2eed5ee68e6928276974f87d165339dade8732d6df38936c423ee5f6cb07e371441bf3f469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
b7e8cd1bdeef77ed10fd8a0925b78f35

SHA1
59df857a0e2a2076613587ea425d4df5f3ab821a

SHA256
281e906d929fd304956e654ee849301a51cd6a28e4a76255f5c6b9e350bf6bfb

SHA512
d390bbecadb6f08290505860713803889dc4b6175c54af9e57182707dbfe1e22e4cd6080cad3191b89e63c977604348d8ce970e445086f2b27587c997dbfaa90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
baf6d58061d9b203aa9a34975c5f479d

SHA1
4e48a878542fc43399d53d8367adda6a0ea73763

SHA256
10c659ddc58fe95137bef62f9f19da953ea4d72dcba502f6ff019295d605af83

SHA512
49a3fde11ad00c10b41be0f830520e1faa91b3ea17ded59f5a53c79e2900082236c73c2fca218b0fffd477e161f18a6efe39dbc0b2c6c7fb2a5688e123a3e6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
2832b5e9d5f19d88b87dadc0f79855d5

SHA1
a86aa5ec82291784eaa65a9b28f9cbff1ecd3fd2

SHA256
cc8bca96747674ad567486fc8b890a448c6ca6f6e2fd51deb2f2a8036cacfe31

SHA512
155fe3295068e84aa384c5fbe6f3fbfdb194183a5a18f1013a5fb784e632d297bef2de1e67a20f0f323f7f54783e78406589782c042b318d663f330acec4dfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e9341bb1a73e106a5d8385a1741dd724

SHA1
bf4fad2fd41d140be49d95397adf91d479b5c149

SHA256
13c5ada3bf55fc97add08ab8f1415904f7e673e7c24b0edb74e0caf798c72e5b

SHA512
e5328b86b58c9df6656288c4379edab4485504c81466c1744e6965b89189835e0914a28518b32d5c00a865b54e5c478b0722630b122556a9b8091821987ea02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
bf79e2ac234fa75359724957f498294e

SHA1
89172781ee38d4b250974422c413f001db00c84f

SHA256
1945e5f78b0ee49c1aa6c05902b9b0f53347d41f5ae3ab89bf8b6a757d76c788

SHA512
edaad804dc0ba637fadefdeec173bb520ddb0fbb16a0babd4f30dc2beae164ea30ae031127b38260f6877005afcf8412faa32ad72a6a57a4575038ba3d09870f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
b72ac0ed5af54b1d6fc1c03917d5ce6f

SHA1
f09611f3196a787e74c5b26b60158f518f1cbb5e

SHA256
602b1aa7cca17c4d13a4a6936a6e9731681353863461a1978b708d9e2676370a

SHA512
08174a057d35cefd324a44e1928a1a0da9aee51736753e68b34b81e77d10528df1c9b10b205d86ad9ac78a5d8b8a476129eaab5253d5a83e03ed6e1690850091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6285b158cbacce44a4e650ded64d760a

SHA1
79cfcc474dc593e9f151fde271b37602e901c6ad

SHA256
98cb370085ba60eb5791cf1d3fc55c9e5933f3026bf31ea627c01f50c2c80cb5

SHA512
824df3558d179fd48d1cad589221945c21faa9f1342dbc8a92b514fc2a6d71a1e9d9005bf0d2088f09f62e02db1f0a7c396aba56c06578b7fcda87d13ce904cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
894af786e7a59cb2b64e34a071804531

SHA1
1289121cd7e41ef3148e34ec236b7ebe8cc29798

SHA256
421e96382e638cc22c3015582b5ce211dd723cec17c16e6bf1c404bc3d39f18f

SHA512
4d9dd68473c019f0eeb7f9e11b574d350a40b1de454660271311eb5266108d5f81f8da32f7d44788e351d4a5421b40c85b1f3c5449d9e43f917299f015125466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
2ace68335fbc3e3da8b4ce1d29ad3030

SHA1
3d2f710b3519dd5288ae3cc2b6fc8d62dd31f09e

SHA256
1ce0b9a5e1a86348ddcd7906e62959f1ab018ecd6835a1bcd7444ebef5396cf1

SHA512
8f6b1b3634ee6085eae5b1ffaac6fc615c06160897dd2e9964c04ea85083a70dceabf060e8f981f29b7c4db4d561dbb49d598f1f4d800cd7b84cc812964dd6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3569236f3f8248c2b5a6d4f6801a7e16

SHA1
c39e910471e5abde1c618fd5d420d2c5a7ddec33

SHA256
3a24a4e6584c6f4563eadf73d600a2111faaf3a95776da0bce2b5af8af569b2b

SHA512
4858399638b61a182bdb1a0ffb9eea043371b619f4a7b1e822a33c1a796e7a1581cbdebc197d4e6e93c4105d52c3e9605bd230f89bfa9df35d58147cb3225df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
802bb4177dffafda0c34347837e6a1b5

SHA1
08549f8a59a17f088837318138b948a5c8e0f0ac

SHA256
e1e3a76fb2c3e3978c11b16ea320502d5a864528da6b25dd4fb31acb47b11541

SHA512
f661cc463a3769918c8d6fcd82da6f9b759a4f39f54b26fc524a723aad1042407dff3b4bac0e0e6a04037b871828cefb0cb3cb471f9ad561ebfdf26dd8cc4eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5be972.TMP
Filesize
120B

MD5
8027d98c05281b3a432bb0a32428890e

SHA1
a3c16e8e10b79cecabe68cbff09d1408c022990b

SHA256
a0030c25724694f8661180a6d076a61d98b0d5302817b1f1e90deb30136c2dca

SHA512
44c5fc6d7cf01300a96da221c50a18463aa213adba80561bf7e47a5e48549ba5b7684b1188a2c786b0517b4c35b801f1891d103205724af31aa67e2105d28be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
e39adee605143ebbe961be08cc42dd20

SHA1
f57ad135a249cc3f5b1e8f84b7b63110adddc8c1

SHA256
95a9e1a00ab3aae0c22660aa5421e733856f70d4ece4966b5a33ad5b048458a2

SHA512
b97a8bd8f614e34b9bd07da9188ab226e78cc2201200ee8042126ac107ec490ff0dd900981432c391d433e4fdce7b581e12db756ddeb40e850ae99ed3124006e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e1914.TMP
Filesize
48B

MD5
075955fd734c6246d3f94e5ff9f14478

SHA1
9e214d8268af1466a8d600501a921676112ebed9

SHA256
79c1d1ca409af371a92b3a66c68d10b98014fd1afc6a5991b1b5eaf3ec633f34

SHA512
ac6693312116260b69dbe5209b706708e63de3178070bcdd0bd3845c17de2e757f0adaff291ca4d9d1477293341b3f17a73f2bbbfa769134e532680fe05d57d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
24969bb1c6ff4ea8157f7409960ac400

SHA1
34a387e551bdcd55ca2a8d9dced8f96bac497109

SHA256
f370da901c83d19459039eb6667026ece089bcad7980a558cc2c8643438af965

SHA512
b11fd5b56c2c43364d63d5f196779ba06c80d303b03b6f2e88bd0bc3718d2e1eb6ec3348fdb1764c40d3977ce74191a39e813305df073094fcccb1c386ace1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
fdfd65357e90baa6f0926c8e08da51da

SHA1
b3b12bf86586807dffc8c6bc7150a794fd7aa08d

SHA256
9765806abc72df62d4c230a2e25f1a766426d436879cd2e1f47fc1fe6f82cc49

SHA512
350ab6877fb822144e3143c03d6e37f74801b8889a2a36014d377aac1e70002c26cbec50cf1b02af3c1430aaeaac11ee8dc3e010d83faf71b13b38aa604de9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
8ea175b4a30855169a72aba1189176f2

SHA1
ad9c8bef99938a1ba02742c9e97b456d10cd2348

SHA256
9861926648a253783fa3ce94c5fc27d3e21c3b49e32b5926c7b7bbfe7676cb3a

SHA512
d085bac441725ccf386978e6d344e1e01402070ae875ab8a3d09df84ee181e8242b06de551e3e75a2f4d0c532ea5d30b8515063da1958ccba0d21ee2d760b6eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
529aa9944ac64cb03b905fd9e8381f6c

SHA1
b1d1e5cc945c35444b7186b7fb45b1607ead731c

SHA256
ffe0202383aa41b8541cc1244e8ead76eb0ca0c8fd5c218421be00a82f54abbb

SHA512
1f99df27d261415b1658ccc687f0e2734746c0e3e262f755c5dbbdf5c6952341b3c533c3f533d64ef5e5fada99e8199a32c3d79bcd3549df9218020495795735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
6588de99319421f38e8bb4f7f2c5705d

SHA1
b56df5e1a4895e03f1fadf73768cde2ddd65324c

SHA256
2be38f49bb21ef5d21458a92bcf1736788717c3f1584334e896784386d92fd9e

SHA512
81034911bf2669cb968ee680becd3cd084e1823806a6eec2d0b1bf52b26d8ee0065640855f96b99da2b779e5b50a92225011092622999a1f2e10784fac8fc8e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
443f3b8017d62c4898b6ca61030b2619

SHA1
e35b19f93725129f6639fb0733374910b9eae90b

SHA256
206d3d2bd9498d0dd4935bca57611082bb01816f0505287ed297c1a34da27e81

SHA512
75b385b59ad2ad362b3c1ecb098d51f584b53e952c47d25dc9c656275012ad5a9e3f9ee3d13719af4491a7c16518bdb2c6974a9fe92c967a3d1e303edceeb7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
d175b32810857c7f30399991a825fc16

SHA1
9d6f3016ead88a2092781b101a64c1a9663c7406

SHA256
a692031828497034915800f1b95a9ffcb5f1b74d80fc8a088cde03b657f24599

SHA512
c53bacdd3607a908845e596545e4a7fbdc07e8ed223fd75ee7ab120c727988cb4972cb4369893fee4dc82243cfdaabab9261b97747b29da160cb0a1f6ae6eb57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
382502c7b2fce221e797c21f0553bf50

SHA1
9cc35c35c1d488c0c87ed8f5948abf7b63a96790

SHA256
86ed36ca25d09928bbe3959b3dd7c50670222fc9d08f7c286bbb78cb16c377e1

SHA512
eb254b940a6187d6fd27ee17482db756d4dc8618516a8f8971774e256120f4b78c87eaf287b71f3d763d64547ee29fe3c64dcc09490e521bdf84ae0c55eeba7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
ab1cb5c852870c010c794e792fe17bb1

SHA1
29644c750eafda1ce31d71be2329ddc9e1b097fa

SHA256
231b4487dbaf487dd6a3d7027e96c10f495cbe5353346c7f8e6c7332f740c816

SHA512
94b727173033a0ff3e28a4b56521b33fc8d4492d2822d4187f6648f421e5fb45f9e80bcdf52d7aa57163753b585a5e39921bebc3ac4d6edcafce42842f8ef100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
f0a2de2ce512f2505d24c0c9584b1c18

SHA1
c7d65fe19e2e9031550f82bb1d2b468d8bf7fefa

SHA256
8c034477edc7aa6995f363389be14a447903cdfda3d9bcf409ef0f72e558c971

SHA512
95b7b619cfea4c62ab24b0bc8288a223fd23e11e981ff134d5efa77ce239eae0702c0ee5ffe22c5016af98df66e01996219121890adcccc631ca80ed438db841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
6f60b8babf2a43b5b1c91d1effb206a1

SHA1
3dcbf94ba935870bbf433ec893a925bbecaf4f8c

SHA256
6e6926ec73e1fb7c7a39dade018a10fa50c9115913a58b6a708a82d3315880b9

SHA512
082bb911b73db2fb3b23ce86fc1095c5414c4bc68ae9f71e8f2a98a5543f6ea9f10e02dab045e4bebe2f5f83b3baf1be1aa6a7809255f324822af551516605c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
887493badaf9482faf7752cee91d750b

SHA1
cf24f656ef30976fd7155b4b71f44ea2f7e3f375

SHA256
87311f00372ce0f7557be207814c6e63adefe92e8aaa79594701de2ea4696e9d

SHA512
57f33b62a31558db631c5f2d99362d2cc6e9d1d3a7b8917c1a458bdba0d55fd4acdb5ee3f0e0559ec2a8098551fc3865cf311b569279160f6321398122325505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
b383a43f4a92820f2099cff22b4947cf

SHA1
8ffbc6d4f44032c8d4577502d2036a706cdb006a

SHA256
f0b02459f560381b47883197c4d7d659c01adee515fb65a57860a5ec7dcfff71

SHA512
e51251f5ad906caf0df6127e4dd91267a7bfad998d12509c231d68f9127bd78a22a50c897dd54b89c8d68785235a3e3ab492aa4dadbb3012d640723251516c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
4f482fd9aa31f547be9c320a62d743e4

SHA1
fe024fbf68f31916a49268b2cfc58e81461b4999

SHA256
28e308be19dc7383e75003b08900a3ea431bdaaeca76938ca20df3cea6e907a8

SHA512
9d0182d0359d8b4ef8ee79620b3d79e72abf6ec774b6c21173be4db7406fa913661cb937dca5a0f7b6315fd85caa635d00a63ea69ae06a7b9badb54755c45d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
1c293846d59277d41dc1e94fd30f2859

SHA1
d6a64fe9ea5e1258f99c206835cfb0aff40adf15

SHA256
104aa0a5865ec91ff4054021970fa77798ab9ab10a254ad66d25d6149e253f9e

SHA512
cfd34d103ecccbba0d1aa4fcca44af9f0f5c8690103064c404fa1c5a0c1ed62a6b134b8774c882b74b4fd12a5b887d7e275f59f3d145e570f173f37c1ed32693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586b57.TMP
Filesize
83KB

MD5
55fa3f8e091f377d259ddd818b53f185

SHA1
be7e43a86173bdc3d35cd74b11ba3a0c4249c756

SHA256
881bef667c4a3e422d3c001d5bec9784bf4186d2c7eb868069adeb7e0f85e732

SHA512
119ee532e0afd68e35fcc13ca424bad299f7ac8ebd2f6de285653b94dcdff003d87e20095e922c70a457843e1a9b964f38a1991461027b2cd2ef29b578c8ba31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
493e7e14aceba0ff1c0720920cccc4a2

SHA1
468f39cefbcf14a04388b72d4f02552649bf3101

SHA256
a0dd32ed60115f661a4ca537472e0d4e230ff844d56a3db766299cf4cd817842

SHA512
e16c748e4513ea10bf7124cef7b50dc5f3a1802205af9228e0c33fdbf3c24286739db08db4b813079ed7cc36be43d7457f4c26f00ae3126a2fafd77d2696107a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
57e5c5a9236321d336e2c8ce1eeff844

SHA1
8fd4288af72ba3f7a0ecc5583a9265723fefc096

SHA256
ae6496cf397848bf3139858deaf567e3df991bab5a7704a0fa7aae95474872d7

SHA512
bc3f24afe6ce0494022d8201a01a60239ac5cfee54e0650a337036817056424b418cb636d58d07e5034dffe2226906202b56509e4cc07562c0b60f618c420080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
36KB

MD5
f3dca1f4589b33edd4379b23dd83aa9b

SHA1
46109e3f9a58c6877a94a9208248c49af0422bb1

SHA256
87dfe8e44956959d8ffcd078390c5561e321d5c13864e2857ff46d5bcfc081f0

SHA512
92ba53094c9607ee3289a19a5361e294384e7f8753ece56a05bfc243a544b2143507ff5a8d157aaa305438125ca8d61d8a29dc351e686ecdf23ccbf4617c2316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f1391b30484554a9519cd819f02a4fc8

SHA1
49a42718bfecefe979388fd5b2b25d5bc17ed123

SHA256
1b2c117c651bc747e5bc6a82db1d6dd94500bf8f4f06e85249361b28e688c375

SHA512
fbad68bf19dca1ed61cb75f49c44c1bb28a720580a4899afeba05144509614ea303577b69c9b6cbe2f29a89117c1beb31a929d5ab977c75a161e7415c99da69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
ad95aa244a5f5883ffdabfad608b721a

SHA1
700929ee4e87ad47ef4aa1e0f3918e164148f820

SHA256
9327db980194b0f39880b75ce15a30d49f2c10ba1232d409c59c8f789c67850a

SHA512
a1aceba1ca592298248e09778aa7805c387570b3aa4637d4694de2c5e38bd16fec11cf3c4ad5821cfbbb4fb5c6cf66993a7c373b83018f2398926676e08fcfc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
91aa7ca581b022023811c0b6df7fa259

SHA1
41813c2708014e6aeeda58b2b9e881867f724fdb

SHA256
8f04f0ff8853b92a9e749fa0199a8d22f8608a8073220d0b3b613ae30892c80c

SHA512
bfd1df61380c3cd8e64daa8c7205c565558ae97293fe26ffbc8362b1f35bc4250610973711387799bf3469bf5b99d39b09c9c3cdc94a9126fa5a757d96a2b582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
a6f9b6e4da1938fc027176e2722d8b8a

SHA1
e8d9e4a5ee19fabd1bee134b138f7724fb922744

SHA256
e123fe05dbf885653189b62655c85113c1465ecbf8f631a2f90fa708d8ae1af1

SHA512
ec7e239a1c8a29f94639a5d000b686ed850c002b0c4766a94596fe07e95c855692f03cd1384f98d6fe31b1d054fb53bd3c00b6f7b0e5fcce24e6372841ec495c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
f1b621de905ea3be27301663e7603759

SHA1
d7472213767db626f093c143750f91bd2b5f23b0

SHA256
ee9b36e3714366a9c25f4ba16a329f17662428afac045751cce47b00d7eaa456

SHA512
75a1e5b1c6c4a85e57252732f7e911c5fce68603fa9080dbee98715033d3fe77e5ee38cd4f426d20304ce8a6fa5a1e8bc088623279bef5f2eb1827be7698c23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6247f2d83e193f619473c286319a1f31

SHA1
71a05663b3f68ccd97057d99d36cd3d5f85e2dc4

SHA256
df13c597cdfd8c4611dba8ee9ddd9986e18865710070a83d25ed4e6f88bd4be7

SHA512
aa0921e9cbd691986decc203ea25831aec57a6f7614e87fcb819107c84f8305d8ec020ab4ec887bab4a8c6ff89364805b58ac7da6797c19b50cbaf102a59552d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fa39a40ec7f128f1bcfbf0b181d5f380

SHA1
836d7da71e7cfa973bbc952d56846582e789d272

SHA256
44dc5c67ef8aa30ac6e96cafdb086954aa2de476fd3a378263476accd35c180c

SHA512
d3c1f1a3c3a500ce9cd496fac19538b32fe93316a392e0db8d0fd5bb177c87bb72716848381c33cfffefaa2f3cb74692f1f0f92bea74e630a3df9c0e48703da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ba5b09c4f5b2cd65c6e085d7de33ed1b

SHA1
d25d9f90e8df16fcab38d9aa55a18eef9856aa37

SHA256
d498868b9e0f67fd57704a2980db09ef3a5d418d65d026960e95bdec310fe39f

SHA512
bcfab105d360a526678d99d07dd65932a5c2d8b5c9f187b25aa4ec2580683f463324ae4eee4323d6d8ac481faad6d6ca592b41f9fa93bafbaea6f44e1af63081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f2e7483175c62f80535e244cd77f421a

SHA1
a925b61273e4d83a561d7f5bebe9c732601b7acd

SHA256
8496459c5e24718b41e0f005fd6b3683b55201efa43d5a5148324c44991913b0

SHA512
8b0f5a5cec3d79ba5e06def4fe48255076d146627a75dbd6fdbb1a482dbf819d9e4d5737b29f6df87b925b785d079c1b4e416610b8cd0d0a09c52df4bf9e7da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1aac1e44604e5260b439267b8f2dd50b

SHA1
1f19cc494c6c13d2ca5196fd5700ed395b4f02ee

SHA256
44f3eb2a7514c67e490a8183e57247938a3ed0493df3bc67677b5ee5e62fe8dd

SHA512
b241fd6b1fe85f4d299f43b8bae2cdfc91a846b2777de227a9133ac4692fa489376f0dd5e1a718b97bf0e4cc0d614719aae9e866fa465e01b2a7dbc0def583f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
bdd0fb18b3c928cfb8dd154e66f704ca

SHA1
51e4de69d69a64726c942ef539141ba7b729df95

SHA256
a25ec0812c84273f846cab1bcb25b98f370b2f8ca1ec320a6bc4e84ceb08b5f4

SHA512
78bc60359e0ecb19038a45cd2dad73432b5a15ed7c581ce12b6056fdf85ffbdb324f765bd25717f5f734ef55f954ca9f2bf7741498283b67250c2977069d6a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a81805b83b67d7590f12922f7d915fd9

SHA1
91c8528b7ddf3059f77c6ef23680394165ee5b3f

SHA256
71964539e613bb45eaa058556d710bec269611f4ead457dde109356b3a5c4597

SHA512
bc738e6a1ce5c3dabfb362ca9531ef3291342362d7b4069bff450ca104833fce3b7cdcf19dc4b2bc54e3a598ca6f3b5d9c36fe8297ba0d3d0f193b3ad02e4be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
584d40c59491d73873fc844f84810668

SHA1
53c03880efc093924e42d9e4afa230719fc6b19d

SHA256
f4a9af7093d830b219f0cda1880b005094feea71b409c9d9a0644f98a9a3e6fc

SHA512
d705f9cb0a0bfcacbe2cd43fb3a216dddbbbada062e5f4ff4dac951d9cbb9acec754031d75434af78f3b14e0a3e503dcdbd941628e67b4f9f6d044bfba658392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
3ae672723928e8903adfeffac29fbe4a

SHA1
2cc1b63fa91e77571293cf94c45b47b23e896b90

SHA256
ff8938959c57e6d98db258233a21cf376bd3da110315d9cdd514a6a0830a7a94

SHA512
b515c881cfba8a48287f8e6496e17de6021ed825160474ffe802723a402a0107cfcecf2d90b81b4118a7d7e4ebdb47769883432697df4adfb72ff106aa5eff3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe7138a5.TMP
Filesize
538B

MD5
8738737fbd6730c52d62c662a7afe418

SHA1
857e5dedeff6d84ee3e5d1d471d976d9ab0af5ac

SHA256
a0157844661c1a2eae8165622a0d7208c50c6f53c68c51bf7dcf5fe557668da5

SHA512
03883174a5bf69f0ad150165c19456e80819c7ba924050b2d0899f4856bc08205f19882064f214c12698b8a552c4d45e66a2ef499c1f51cb91a5dcaa5360f3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
54cff749d8995d1902128553bf78ed97

SHA1
0368e60a55430b5fb77a75e30e1cc27829035668

SHA256
778f228812ef28fc4ae2f5a438c19ab5090a015d0f8ec4f946d349bd5bb23570

SHA512
e0992b78adcedaf339997f7547bc63b0bd5921c1d0bb9989d9427a4ef762a2cff56686e93b997a30d23eb3d29ef34434b67e4101e647228117c2459e1d91ddf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3adb1b6d3d01def0dd93994066544f1f

SHA1
dbef1fb638fb25cd9e815524f35028723a54717e

SHA256
13a4944cdd69a0dfb96b20cdc3b44d1c80973e8a53197b39a18e68aeeb2977d9

SHA512
9c91bb722b2be2e463c807ced2b3d95133f549bc9c5ebae7c7d86f63e9e9f4a0b348c21c7ca61b93765270c9a5ad6d5ad7c317ac5080a2761dc5a7579782cf3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b7b9004ee9f057010e3c2092820229ef

SHA1
55dbc76929813449164b9ad33801bc1769a792de

SHA256
4197f745df108d09494840d26bcb69631379d27d6c0586fdb5cfd6310776b463

SHA512
327b1f9ad179fbeb452c32b45e83d9a221063e7580123c3f819e23e930d0a372c394fd371adf9b48f7fd478121288ddd23217f39a6c5fa73bc44644982f6b1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2f287d1b1306b11a41765b2119ad30d6

SHA1
37015dc55b6784c1b0c5dc1061b13a0c6ee29131

SHA256
58a6d17c1e39ffe911e235476a6fb52b3ccee45e8117429be954a5c4453b0b15

SHA512
1bcb10a03355a352a1ab00dd085f811ea56d1f95694914b78828c034aecbb8271530592ef7b9c569ec68853b5e35deb503aac6409c902d9ad2a7cdefdcfe32be

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESCCD2.tmp
Filesize
1KB

MD5
bdd60205fa952a1d959f94426be0c1b0

SHA1
5487a3a01e1445bd79960d3027c1d552fb67e86e

SHA256
ed777c3140d4c0139f904416317bd4e48344590636012515e0a0c76ad605a673

SHA512
1ff3c2d0248d198c0d527935f2294525189e295afada5aec670f1c4eb6eff679cdf125be39feac94b88a0b0d6ae02a191476d94d75f147db0c5a80edd14bacbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll
Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll
Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
8KB

MD5
b4ff31e116040325dabf6fdfae80afcc

SHA1
b196d6834460f2ad97df62a50377712cde39058b

SHA256
57e954bde08871396f811c6f3738f41be14ba2c0a5a1af645a353946aceb2646

SHA512
f4ffbf8578223bba56467809b2c6649cc5c2900d854555fde43bf3bbc51989a8c4617cbad59cbabaedbcb39d5c0e899e73e080b99ece5903878655899b284476

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
11KB

MD5
785742d034474a54d70aa46e09fbafd7

SHA1
2cd9b1af529ff048109f7ad5d0d08465dca6e8d2

SHA256
b91ca7f71f158a21a2349f79d33cf7342210338ef09b825a839c7117f098a314

SHA512
170039eb0c80c9f7abbd3e29b12ebe2199db6509d011adb9fd22f3438b3e9148e9b281a2b58f853540b40758366b79c291493f9cd054f4f02bc88723a7440a19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
3bc2297c01212231941436f8d941e987

SHA1
3a8b855b8ae884bd835bde9c9c29285b4a583918

SHA256
589693bd513cbef46c4f475503e7e2ed9adffa1946e8131210810b41fd258ccd

SHA512
9eb0d2d50c48e091b594122e9b4b2d5b8c6d40dc7f2197a39b065d08eec55811fa45df0df7ed9dad702623cb6aeba9f360252466532a35ee01dc277f5d1bf06b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
11KB

MD5
107830e1dd92487469b60115f014626e

SHA1
999a6223c6d602c6581bdb3f2da4b04c39f58f5b

SHA256
3522c5a7e4b4383aefced964c438683d648ef738d8fa8af810a0b3eba8c917bd

SHA512
9f1806a2623abcdc48dd893b00b2e0b060d3e652bb4384b669870eb45ba1cefc791a4fd226e59e0d95434e1908d529cf15e6bee0abe9414ba26f4b423b2a21dd

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Client.exe
Filesize
24KB

MD5
362b59ad47a1836454b87d07905803ed

SHA1
62431542f480a437ac79778c2a543e248f59f2f9

SHA256
fa0065b46c2d1b0ec01e6fadcc09fc537117451e74efd0a269a36daa80585d91

SHA512
6beb41970f30a6ac9ffdd4a8047e61bd63ab851861fc04e17d6f3902a2d7c15ff6ff1f5fc8c4bad8b89c080706c9b2b9e83ba2812e5a30f5405861aac577da96

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Config.XML
Filesize
826B

MD5
51b31e3200c4ef7c876e73e8e86fd49a

SHA1
9ff16e47a2577c368133fd7da7f964ad63ade46c

SHA256
273f455b449111f77ee84103e6316302656e5f377c1db3de522d9529033cc08c

SHA512
0c1e5768c47a596f13d2fa74d5fdd87c43456169ce68f9600c3f34a29f7f0927883f4e46fd7b08e97dca69d3cc39247d7a499b0df6373b1aa8e951004496b71f

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Database\2024-04-25\5-43-57 PM.log
Filesize
184B

MD5
00ddf75fcc3c9ab8191954b009088552

SHA1
c7649e483488ca915d46837521a6ebc13e43c239

SHA256
25c27285a1eb183d786f4d8e8a3ca268f99c0b5a80a2282443dd5bd184b870da

SHA512
76e03bea5b3246e72b9d4c0a12e171011298b9c4cf1dcfe5f7a7a53536f632707839348fab18932cba1162f8756f07c90c6b2a0c9e59105675d114157a4556b6

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Database\2024-04-25\5-59-21 PM.log
Filesize
184B

MD5
9a682023b359caef20d1a989886bba7c

SHA1
7e6ccec26b31dd6dee5a81839a1baaf20ebde698

SHA256
eb0b64bee27a9e3f960541dca299d36f11357b3eb6233361fad6e78bc313e85c

SHA512
b32989aefa1c315b948baa9635fd04f43506100c1a846b710f433e97b33da780fd6caebeda29aa65572d89c89cf9393b228678c575afd1714088f9816b05e96a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\x25vrro4\x25vrro4.0.cs
Filesize
21KB

MD5
c0c1dbb7d1721d27d517313a7aa319ba

SHA1
562d8af96412047482b74d900f6afcaa345cefab

SHA256
2b9a3248cabcb7e614ad6f4b202e450ac7a56bc16de1f1d509388fc868663958

SHA512
03682de1e984a899cc5b111b8e3038d60c5b75196cd8401e54456fec09673ee13cac17ee136db719f4693faca6dab2c7af5571eac592397670d50abef1956038

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\x25vrro4\x25vrro4.cmdline
Filesize
336B

MD5
4bfe103490d389e03a4a0c89f1f94d48

SHA1
df3e10cb51e395a11b029dc0f1aedc6577fdcc0f

SHA256
c1b646b14cce425ef50887c4582a0b268fa4ab768343e9458f6b27c3290daa71

SHA512
b2b86e50d6ae1620ee7d94c12ff89bb8f327cd1ef309d6888dee17cf19d689c9a49bdbe72c2a3e0e8f019e1d853df1e86ce31328e54924022f727ff92fbeeac9

Download Submit
\??\c:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\CSCCCD1.tmp
Filesize
644B

MD5
23c5f6c5bb4e5de59ec5aa884ea098d3

SHA1
7240ba716de1d9ddaa3f9e3a0adcd7e00c4e6a83

SHA256
7e090465b6d810c988f61a89f11debded56b4bff54c07369c26ab8afd9e8ba27

SHA512
bef35b5af9bb58041f3783a43e85f204a088f44e19168815eea881c2864f9c9038f0e8ba2ab136b6514028e6c22652496cee61fe6dab467b56f0a31809ca1f51

Download Submit
\??\pipe\crashpad_768_WSMHNVDGZTUDISCX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1668-646-0x0000000001040000-0x0000000001050000-memory.dmp

Filesize
64KB

Download
memory/1668-637-0x000000001BA10000-0x000000001BEDE000-memory.dmp

Filesize
4.8MB

Download
memory/1668-638-0x00007FFBB72B0000-0x00007FFBB7C51000-memory.dmp

Filesize
9.6MB

Download
memory/1668-636-0x00007FFBB72B0000-0x00007FFBB7C51000-memory.dmp

Filesize
9.6MB

Download
memory/1668-639-0x000000001C030000-0x000000001C0CC000-memory.dmp

Filesize
624KB

Download
memory/1668-640-0x000000001B510000-0x000000001B518000-memory.dmp

Filesize
32KB

Download
memory/1668-641-0x000000001C290000-0x000000001C2DC000-memory.dmp

Filesize
304KB

Download
memory/1668-642-0x0000000001040000-0x0000000001050000-memory.dmp

Filesize
64KB

Download
memory/1668-635-0x000000001B460000-0x000000001B506000-memory.dmp

Filesize
664KB

Download
memory/1668-647-0x00007FFBB72B0000-0x00007FFBB7C51000-memory.dmp

Filesize
9.6MB

Download
memory/1848-651-0x00000000016F0000-0x0000000001700000-memory.dmp

Filesize
64KB

Download
memory/1848-650-0x00007FFBB72B0000-0x00007FFBB7C51000-memory.dmp

Filesize
9.6MB

Download
memory/1848-652-0x00007FFBB72B0000-0x00007FFBB7C51000-memory.dmp

Filesize
9.6MB

Download
memory/1848-653-0x00000000016F0000-0x0000000001700000-memory.dmp

Filesize
64KB

Download
memory/1848-655-0x00007FFBB72B0000-0x00007FFBB7C51000-memory.dmp

Filesize
9.6MB

Download
memory/2624-443-0x0000000000B30000-0x0000000000B40000-memory.dmp

Filesize
64KB

Download
memory/2948-437-0x000000001B110000-0x000000001B120000-memory.dmp

Filesize
64KB

Download
memory/2948-452-0x00007FFBBE840000-0x00007FFBBF302000-memory.dmp

Filesize
10.8MB

Download
memory/2948-434-0x0000000000580000-0x000000000059E000-memory.dmp

Filesize
120KB

Download
memory/2948-435-0x00007FFBBE840000-0x00007FFBBF302000-memory.dmp

Filesize
10.8MB

Download
memory/2948-436-0x000000001B110000-0x000000001B120000-memory.dmp

Filesize
64KB

Download
memory/3120-1992-0x000001A74FBD0000-0x000001A74FBE0000-memory.dmp

Filesize
64KB

Download
memory/3120-1993-0x000001A74FBD0000-0x000001A74FBE0000-memory.dmp

Filesize
64KB

Download
memory/3120-1985-0x00007FFBBF3E0000-0x00007FFBBFEA2000-memory.dmp

Filesize
10.8MB

Download
memory/3120-1986-0x000001A74FBD0000-0x000001A74FBE0000-memory.dmp

Filesize
64KB

Download
memory/3120-1988-0x000001A74FBD0000-0x000001A74FBE0000-memory.dmp

Filesize
64KB

Download
memory/3120-1989-0x00007FFBBF3E0000-0x00007FFBBFEA2000-memory.dmp

Filesize
10.8MB

Download
memory/3120-1991-0x000001A74FBD0000-0x000001A74FBE0000-memory.dmp

Filesize
64KB

Download
memory/3384-460-0x0000024BE53E0000-0x0000024BE53F0000-memory.dmp

Filesize
64KB

Download
memory/3384-481-0x0000024BE53E0000-0x0000024BE53F0000-memory.dmp

Filesize
64KB

Download
memory/3384-477-0x00007FFBBE840000-0x00007FFBBF302000-memory.dmp

Filesize
10.8MB

Download
memory/3384-478-0x0000024BE53E0000-0x0000024BE53F0000-memory.dmp

Filesize
64KB

Download
memory/3384-467-0x0000024BE5F80000-0x0000024BE5F96000-memory.dmp

Filesize
88KB

Download
memory/3384-461-0x0000024BE53E0000-0x0000024BE53F0000-memory.dmp

Filesize
64KB

Download
memory/3384-468-0x0000024BE53E0000-0x0000024BE53F0000-memory.dmp

Filesize
64KB

Download
memory/3384-458-0x00007FFBBE840000-0x00007FFBBF302000-memory.dmp

Filesize
10.8MB

Download
memory/3384-459-0x0000024BC9F20000-0x0000024BCACD2000-memory.dmp

Filesize
13.7MB

Download
memory/3384-491-0x0000024BE53E0000-0x0000024BE53F0000-memory.dmp

Filesize
64KB

Download
memory/3384-1637-0x00007FFBBE840000-0x00007FFBBF302000-memory.dmp

Filesize
10.8MB

Download
memory/3544-456-0x00000000009B0000-0x00000000009C0000-memory.dmp

Filesize
64KB

Download
memory/3544-455-0x0000000074CF0000-0x00000000752A1000-memory.dmp

Filesize
5.7MB

Download
memory/3544-457-0x0000000074CF0000-0x00000000752A1000-memory.dmp

Filesize
5.7MB

Download
memory/3544-495-0x00000000009B0000-0x00000000009C0000-memory.dmp

Filesize
64KB

Download
memory/3544-494-0x00000000009B0000-0x00000000009C0000-memory.dmp

Filesize
64KB

Download
memory/3544-476-0x00000000009B0000-0x00000000009C0000-memory.dmp

Filesize
64KB

Download
memory/3544-475-0x00000000009B0000-0x00000000009C0000-memory.dmp

Filesize
64KB

Download
memory/3544-474-0x0000000074CF0000-0x00000000752A1000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads