revengerat | af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Analysis

max time kernel
652s
max time network
629s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
26-04-2024 16:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

10^/10

revengerat nyancatrevenge discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

127.0.0.1:333

Mutex

c2ca0f57ddbe

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Executes dropped EXE 1 IoCs

Processes:

Client.exe

pid process

1316 Client.exe
Loads dropped DLL 3 IoCs

Processes:

advbattoexeconverter.exe

pid process

4780 advbattoexeconverter.exe
4780 advbattoexeconverter.exe
4780 advbattoexeconverter.exe
Modifies file permissions 1 TTPs 3 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exetakeown.exetakeown.exe

pid process

1436 takeown.exe
5076 takeown.exe
2560 takeown.exe

pid	process
1316	Client.exe

pid	process
4780	advbattoexeconverter.exe
4780	advbattoexeconverter.exe
4780	advbattoexeconverter.exe

pid	process
1436	takeown.exe
5076	takeown.exe
2560	takeown.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

Processes:

flow	ioc
32	camo.githubusercontent.com
33	camo.githubusercontent.com
34	camo.githubusercontent.com
35	camo.githubusercontent.com
43	raw.githubusercontent.com
2	raw.githubusercontent.com
3	camo.githubusercontent.com

Drops file in Program Files directory 1 IoCs

Processes:

advbattoexeconverter.exe

description ioc process

File opened for modification C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini advbattoexeconverter.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Client.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	Client.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Client.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

4796 taskkill.exe
Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe

pid	process
4796	taskkill.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 45 IoCs

Processes:

Builder.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Builder.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4076 chrome.exe
4076 chrome.exe
3768 chrome.exe
3768 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Revenge-RAT v0.3.exe

pid process

4292 Revenge-RAT v0.3.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier	chrome.exe

pid	process
4292	Revenge-RAT v0.3.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exe

pid	process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4292	Revenge-RAT v0.3.exe
4292	Revenge-RAT v0.3.exe
4076	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

chrome.exeRevenge-RAT v0.3.exe

pid	process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4292	Revenge-RAT v0.3.exe
4292	Revenge-RAT v0.3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Builder.exe

pid process

4952 Builder.exe

pid	process
4952	Builder.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4076 wrote to memory of 1096	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 1096	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 260	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 2868	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 2868	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3572	4076	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ffec85dab58,0x7ffec85dab68,0x7ffec85dab78
2⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:2
2⤵
PID:260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4756 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3916 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3912 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5292 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5504 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5580 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1472 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4140 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3280 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2188 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5976 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3216 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:8
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5888 --field-trial-handle=1832,i,17719895860706555439,9951300437234386952,131072 /prefetch:1
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:248

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2156

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Builder.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4952

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pp1cn0ag\pp1cn0ag.cmdline"
2⤵
PID:1180

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAEAB.tmp" "c:\Users\Admin\Downloads\CSCAEAA.tmp"
3⤵
PID:5096

C:\Users\Admin\Downloads\Client.exe
"C:\Users\Admin\Downloads\Client.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1316

C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
2⤵
PID:832

C:\Windows\SysWOW64\takeown.exe
takeown /F "C:\Program Files/system32
3⤵
- Modifies file permissions
PID:1436

C:\Windows\SysWOW64\takeown.exe
takeown /F "C:\Program Files\WindowsApps”
3⤵
- Modifies file permissions
PID:5076

C:\Windows\SysWOW64\takeown.exe
takeown /F "C:\Program Files\System32
3⤵
- Modifies file permissions
PID:2560

C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM svchost.exe
3⤵
- Kills process with taskkill
PID:4796

C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe
"C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4292

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
324KB

MD5
692857a9af6dd8bd2b391abdda228a49

SHA1
229e85df70c6f28b89dcbb95712f677dbea9b31f

SHA256
531bea83103f619a02c2f49ceead7ad2f55210ea4c3bd47de2c4be61b4f7a6dd

SHA512
a26813181998bcb25e813c1bb47ac44a08a608dbadf9920f05f9887d15ea54ff963c0e4e77e29a1e9da6f52c7c32625eecd30461028271f0117fe70a62829a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
138KB

MD5
fb0106776500301508440a5d593fe0da

SHA1
b7dff2c241de32ce03aa258b5e58ddde0ce1dff2

SHA256
3c7f0dff2d7bc607c6729b0c38ca69875bcf40efb1f276dc581f4cb2273f87f9

SHA512
1fc3b1f2d2a170764ba018adfdd9363c0a1f363b11d27f22af9fecde3ec470299d3cc042897ad98bd92f5f991a1d0fe555df4b3c3048835ed76a3f674aceea35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
27KB

MD5
c248c2a76f1cf3738262d42e1735d974

SHA1
36420dcfb05fab81bc6132f5123cb3965f6c7ee5

SHA256
1c7ff9598576af3313ecb5a16e778b00f51fc1e09606e63472056099383ae5ef

SHA512
a2cd9feb585be8228db4660b345cfe8365dea286626e900f599583c96e0b01dcd8d5cd9fb63e15b3f2e7e3f94c3ca3f5d3357831e1c8b59652eb45760eddb761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
Filesize
66KB

MD5
c8e40ff28cefa80342ea0e35a7f6e641

SHA1
a75971552516e2d053ff79ba5918eed2b3dcfce2

SHA256
b178f5be39a50c3b4042ae323a9e17179f2c6de407402b5d2528287d97675b97

SHA512
2b71c3b37bbba3d2ed50d0b372a4fe5954e87eb3d7d427ef8090660c2c4081d48159afbb78a9d3cba2595b5dc846545aaa29955c78d8546b1292a920a77f243b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
46KB

MD5
fc61620b49e35cb359b1f0cf208f6a87

SHA1
54d6ad78961f356ae02cf52144e2baed96f97485

SHA256
65cf192b867dddedcb10ee782d29d0989c00395fc6ff6a0923e23756ab8e0eba

SHA512
17ae00dcb2a9293e33007c623ebb462ba4961e345255733b03b1dcd4bbecf34db280e77b57813e5b5c42467ec0a7c7af1b40fb038650fe526be380f4624dea17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
Filesize
17KB

MD5
aaa46a808d6f22dcd1424b64d8a9d811

SHA1
8fc0a6876897a96a58aabdf413de84d163a79049

SHA256
4aceaabe03f61949a6840f7255cedba05572fc58b6d54d06b438ff1126ab7796

SHA512
f67e3638a68860923f47b1d83a5b978217ef942ab6f94ef04cc4fb891e2ad7cbd51c0292ce15a952b9378608a19e7072a67c1c8eb14e7de6f987850bfc425af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
95KB

MD5
f7eaabc62f76e352325094b1dbee1026

SHA1
e105dacc3761d76dc69e6c89e2fc2ffe1a22bf0e

SHA256
ca82161ffacf45c52bf82d20af9b05ffb115c1fa1eb3836924db9c4e7890504c

SHA512
0923d252ba9ed3394c1d68b183594277dbf5d08f1f7cc5a5d039c70374de3fe9efadb1995195a1b080791a01ea7da222dafe2cdbed0bb5f6cb7256a8e8b036d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
Filesize
790KB

MD5
d3caefdb725367df55e024a7b2b07fdb

SHA1
43e17631f1f5afc1d4eb44520429d615a4c1c4ae

SHA256
7052bba6a95a3eefc446fe5056a331cf0a8a09b145ed17e7f55e6a2da9b70f98

SHA512
b021efb73fc8e0f1f19037bf5a4b78991c16f20a560babecb490bd7e74117565c0c760b5517b6f31a503931ed055d90b8015adbad097a936f5424a13ff351cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
Filesize
32KB

MD5
fe8d1927850115e93c0fff338d26e33b

SHA1
fb05c4baabff24a080803100504fc6be93c17097

SHA256
a4626c2caff7fb896eda12142bbf07fd0d6ee79db365e994a9bec1935ea29d89

SHA512
a187213f00c7a15231d0b9899611c0cdd6688a6d49812005e2a166017bbb105ef4494bd4783d98c8de2f0495ba3eaaa3c39daad2231027b74a6460d296c16c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
67fb375bb4d946d8950c332311eb7024

SHA1
33b94c8ffda4862b77fba6a9fc601ec436c61ae5

SHA256
e7c2d52cbe347cea8564b6264060f175c2e4abe59f528d2017ea04c8807892b1

SHA512
5774f8bd800f84f35d99c5acf54ae9944d4f29c11d6cd1e187f2587810f4ea23076ce116085b1b42a3b78e1ccb7a0cfead0e8b39cf665b44aeff6760b4df4ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
a3133899437686369d1826952026ec5c

SHA1
c5715ea2734fce235e3440a575d45db7ce78786a

SHA256
7a644fcf69755935aeffe6f516b452f66e85ea4820dc0404bd7049f652978ea9

SHA512
cc66865a0e8b564095356d592e6b7d67c7f42c228e100724977e0f30fb19a0a404265b4be286ff6b6903e17fe84f810a41237d8c0d372450404e615d648503b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
00038a22e79b334b2ffe87c5464b7cbc

SHA1
85e5cdaf2cbf0a64250980cf818e2e4986dd7ff0

SHA256
fc494e704fffdfe9f44afe20d0d66cd99418265e55f8ad26095e182677b57c31

SHA512
1139aefe143a195d9a6fe5a167a579546ce119d2091be1a6a15a8b6769fd98b446ebdb12347ad987a611fa6142f6f94ca23fbed7f86917e4487263733ec357e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
bc0a513c91fd2f61c0834fc0d40532ad

SHA1
bd3232422e17b0f036219264df1af9d8bf3cf1e1

SHA256
09b31c0abcf06fb76d4e6de37cce7d08201ea42f9e881d5d2e2cd00bd74959fe

SHA512
4c373f7e74192d9f8c2c251281d4388421ae369b00e2db62623b7d842fc01e08019f6967a484cf1745679a07a3f8275283c45117f019085b634b6845c1be9d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
5fd445ab58ac0a3277ae3350bbb64d66

SHA1
4e4aaa8e38e142a9056ad755efce3ebb2327bb6a

SHA256
a6468aa69126a7f2af43b67445738cc1f1c0a72db9a79b100971aadd38aa220b

SHA512
9dc3015256b435525c3e715140da282e35e05d2f63e2e8cb2df17f71b20ee4932ab2bfee8338b081d2a6b4e7c1efbb84aef950c3f8af0a8193bdee4211877a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
8e0df7a11a8434b38575f1e2f61550d7

SHA1
1a517317a739b85af6f5316d4d69006b8b5ee516

SHA256
f442c1ef341cc2329d56ee33fd496103d4c72e1ce4c20c3a796e554332773c92

SHA512
833f7be6c510d4e7a61df97d3cfd0e46ec982ea403a2d478ccd417c504dca5bdd0bbc0c4c83d449cfb015e28d4d3cdaab4bb4344894dc924a16b3bda106d64b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
4dd92b1032fcfdbcf73eeaf4bcc3baa5

SHA1
7e45b3a6c4d43a1d63b5de79e58fc386b01cfa79

SHA256
0bd379d39ec3113f25fb92b716b8611ee7e0fe3e795d91fae749c9a139ebac82

SHA512
9636c7af6fd20f34d93bbcbb754b9982919262800bb0de1d70268802f3e91b7d99192d789e1bff817e220f471c9ce0c0a04b4b73a9cf4a071b50bd550a99d04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
e8ab4f457a43319e01cb6fdbea683ac6

SHA1
f23c4caa92b3f8d286ed8779fe5bbe66e1cadb1e

SHA256
3359e97b5ab3f730ebe7c9abafbbb5e4495c00173e78c40b3a2bdad74a68b5aa

SHA512
fc7d26df4d8c899d572e85e7bfe1b6ad97d1a60a826dd88a2dbc1322a4814a50ab177f868fc35b5489dd475790d04042480fe377e944b151d12ef4a4dcc18857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
1fb7b6e3d73cabca7e86c7649ca2d035

SHA1
36250f0ffeb7b5766d7ace1b73ca25998c3b9479

SHA256
57eee56d73d81642604612aab1e600a1acf0111506048074d40fd783d8648935

SHA512
66c58f1ba3eb57dc63b923e3ebfbdf7b0cab7f0a1df8f52ee2e0de627da82240d02908cff519a68b0af0215dbe335e4f5fba7143687da90b0bf708a536d502a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5c00c90f3dc79c82f9efbc5ec897f619

SHA1
5cfac68b0658b60e79dfd590335c57126b666721

SHA256
ea31ed57540e941eeff28669ba3fb54f8cfbd697cbedf3387d2fb579b7ed508d

SHA512
6834b8c4c5268828f0ff6e457423509b256c98b4a7539540598adde451b08ca7a90e7926eeb7c78ec622f14ef5c6eb8c35fe716320632610762964dbe44537e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
0c3c6ff0431e16445b0248a8c03e95a8

SHA1
d727a08ead4b77788620afede8b43015c045a580

SHA256
f47e83352f60f383ae9be344d8245cc643d869d83ce61e54aa9513785cc1d2e1

SHA512
24a9ac3e03cbeed73ff6ecb197d49bbf34a06bcc1ccf38a01e04e8c5864f3d79fe69bb9653f876f64fa7cd3972f0d3f9fb3bef0fe7022022e25bf30476323fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
7ef7e241d42b424d13055f73991925e8

SHA1
99ff4bdfca5e6c8d2c2ea16330e938ca149d7587

SHA256
a4c6f43662f72812bebd54a948fbbc63ae6e9becebe2bde073149933a76cbe88

SHA512
885efab9a8ff5bff6b7dee88514c3f8249100f6f54d136ba80c9e3d2532021abbdfdab6266bea7ee4f5e6a269918f6d876bf337926015c810c49d4895ef04282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
01134eb98c469abf393388da380b6475

SHA1
d0ac9d4cec22f5dec283836f8d6a93bad60a7fde

SHA256
93fc2c9f8b9d7b15aa442b5061f221c1f787d1b06da48f7e8a6de82b721972eb

SHA512
5b26eee6cb59971062d063a9a54bc6175e402064c44a0123a2e4ddbaab50f801dde36f6119936c49e912399d94ca0959094e8ee4e5e3a5e8db9d613d9be8318b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dde4445dd68ffced9e19ae50577b2295

SHA1
0a2104754b842a6bfac772be93f6773d1f4f4d32

SHA256
99a2c8032c3909dce506296dfb3ec935cccd60051712ed4c945cd12ddf9c41a8

SHA512
2aee54653600aa1342133a9f0304f6f039b75e8726a1a3c5c28134b4c3beac8e88f3cc4627d3a4344fb2aabe7668883d668783a892be29a2cf65ac1cdb513b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
796267c774b67a195cb277300fa71bbf

SHA1
4b893ce3f874fc03bca5c6f21b3efbaf9d902dba

SHA256
1c04b8462c560c7a549c45a6904c3e345f8a52dcb76d763ad3985fea3c452672

SHA512
76dc2964946336764d3044520e6997fc366e4d236da2601e70376cf475c67c7ecf3ae8d2fe69d9dd11816fa4fdb57fb766d1b9ba648a15b77f79128a4f576822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
22a43db02fbd3d780340baab8890d14e

SHA1
02a857ac4ea2cd900b7d48de4a16980d8289279c

SHA256
d1ac33dd0b152d47e30d311b8db09ae60fab0c8a2f755d7adab31ccaf54db0ce

SHA512
439a386efbb8c647d2e7cb3c8b8ea7d7610da4b4c172ead1ddb827c42526b81342f2fa2df2f50dcb750bedd9a2238ce0768628023f4c0e8ccfa514aadeccdb33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e642ad6fdb4e41407c3d97455e44b4b7

SHA1
81cb3c8f479e9731753f233efe0743a07fc3d6bd

SHA256
93bee3b59a609fcc1ff9bb90447a646791bcc0be630f7678e4c81e4709b46f8c

SHA512
f315ea528f4ae1a45b713264405dff08d1567b7e9807fac2ffb90f83873a01e142705e0bad59d9fda36294b2d8869f310a56cdbbf1203f7bb111036557e6dc01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1623074b66c226caa6c624eebf7a5f2b

SHA1
3bce92366ca08356c1af452827d4cc4276442cf0

SHA256
84907c7198347526def1bf842d6513fda5a12e46e45d65ce0b0db47de7b4dbf5

SHA512
6d6c2001b06d3de39d88e9749875d5e02d57cd9ccd8cfd156120b652435c3ed1db1087909370f7516ad679837cc686668eeade2e4329bab6c196a1028bdaafbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8f1a987e0d7fa1670648ff7772433f94

SHA1
b9e7ee28fa52d16e44e55d76e8cd712d4b6982a2

SHA256
6e2795a9b5fa556b5faeff0bb063435940202420eb23a04db359dba04fb29c99

SHA512
2769a6e4d13de3ff0b2fa75bfbba76d46543b5569c5388a44b85572cebec6bdf9b827f181134b9f3a5b81d6e3b8195fc543c8d04fef0c91d05279d7ad5035f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
85d3d1e127aae385e49fa013827502e0

SHA1
7fc8793556bc54201d2bc6ad7fb35614869ed79e

SHA256
5de09c8fa6faeae03150e160beb92278c617b2b092f72484126c1c8d925080e6

SHA512
364bd1954539bc01872d169839c7eb2451ce75aba6defe77e5107c197abf29004c94e2b5310fd30478c55da3f84740be230d511169d4fb78f31459caa0dc8f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e34f0977cc78453bf723417f4d65c29c

SHA1
d886019975b0d356c140d661cb2694792867e2c0

SHA256
da9fe2640712b3c021c439ef1c08cfa745479a2e2a5378a15dabe4d2b803e2e6

SHA512
66973c232ee64d00790f304fa3fc0f323d9a0b6462df5365f33b71d80917c618e6a42cadd2ed8019dbb1069d4191b4bc06d3c1c168b5cd2dfc90c15752bbd7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dc62237c807f1b0b8002bd9824d5aa1e

SHA1
e5ae8344ca3a486754b03959dcc458089940f979

SHA256
b59849a7cef4c2b12f0c64c277f5828d576a9b94a60ad25fbfa84f5ac898a8dd

SHA512
7e8aadec8ab1e43cf3a6262bd285a86f1fea37a56c76e6b482750f88e7eb3672e90571cef2f44d3d980678090f42ae7d2fdd65b2db066c8179713a3b10e524de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
60e192235732cbe016068126850b6663

SHA1
415765e91d704e9f475e5ca5a64cd60f1dd3859a

SHA256
2cc1391f8dbe3bcd83e75ce0d64940e07ff15d91b03738b79c422a4f5f1e8768

SHA512
c3fc746af34722fd603e39cc127c56af49e346d01b47532d7e9901883cddf3ef0d835c5167fce344f634a8e180a85511d2ae69db52762069280979494654f4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3233afef5d88da7a035a9392ab280e3a

SHA1
eb91e04826fdeea387e148c37238fbb52dd3e5e6

SHA256
466718a6644f48b0723899de33bdaf5a5c0fc3978327ef33e0f525f2fe8d297d

SHA512
4d8046577861084abea5924eec710a92d30fc36a41fceef39897d50bd4a46997e22f690728066a029960130c51a784c3b2a53e5ba58a1f4738878a6c0da0a702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a3249abe0b89a36677f468ef80509b1b

SHA1
042a627f0d301118aef97c013d558d2f9f03c2b8

SHA256
2f3dedcedc8e19926477626f5de5cc7e8896ac9523c936adec0f61b8094fc005

SHA512
ed921853cd2da911db0274ac56828069469441b6e1280e3750d56bb13b060471012f5bfe14432267adaa7af175ad322205981f37563af4af3036925f9b848d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d00331f900c55088e5d46bdc4399c2b5

SHA1
7ee4caf97d827867e9c339ff2ed2d074ad7b622e

SHA256
bca90cde6aa9a464668180f1aad36d7913b8e642d67628dee6c263173fb177fb

SHA512
2f0b2803e752a7201581b557f552c19cea747bc94f2f1889e0802b1dbb53a4555990519c26b066231140fcea9f81ffbac7d48aa1a31f2203876c946029322afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b601f48ebdcb7529a84bc24956fd58e7

SHA1
e85406cde3d426628dbc336c98d822f7fc8105c3

SHA256
55f0f4d0b6edba6c1aaf34ff60419f03404e2c594ca49f6cbd96bafba04b0bbe

SHA512
26e23fc94de7adda3360ce7873d4878a162ec4e3910772aff7599213bf7fee2ed603df7dce7c29d58a6bceb205ecb5fb37620b66750e4a1d256d8ba74ac02d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
551135b2d7cf15cc59b4c94e2d11ef59

SHA1
932099fda9e264e31dad55f7890b4032d980d3d5

SHA256
6d7aa35a212cc2268835eb259f9183be4952e512c58bbe531d7496fd3ed1c704

SHA512
b4cfa3b315fd422f24c72f58fb8e5f99e9d0edb34e660a868d9901b9e35ba4a18dd796e81f1f5641d115fedf5097955bd4e104c49313686ac201797da62d5dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6d7f72a0b914446757c58ae04fa757a0

SHA1
7cf8bed518c35540a1f55392f0db339cef2a2631

SHA256
adf9b17dcd38f626d543dd9edf6ab873034699f44179cb245217b094c49a26ad

SHA512
cf777ee4d723cf173ef9e3b5a72280a4acf4c83368ebf8106519073337b83acb32cf693d8af0a1887cc755c60a070cd90f1842bec6e47af655152f84f9205715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f48605e4f7189cb6df57e111fe158828

SHA1
08e152261bea69c3bb2a06a5b8594adcde858465

SHA256
8c6c78062549ce7dc3da30fcb20fa5000a65f570d8a9ed8def0a9608ad633cfa

SHA512
08a13d5eec876d28ce94362a21555bc2dd0299614d42d0dfee71c953b4b849d296108de2d02e35031642049e46a6a73c24c0358ea6e41da33c4c3798314b3270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
87f96ea0db8c63ec9d8e81db74f2a6ac

SHA1
3dd35acfd990bc22e632153f700cb0cdb87d730f

SHA256
339927feeaa582733757a3fb9becaa0d7531eaa4eaabb7063c481d4f83f5677e

SHA512
189cdacf6e181c64342748904775b6dcc11fd4cce4a0356ebff5396429e4828ef1aa39b868b9ea60bd2ad1b39228d63668624545f18ac950d0e983d63a785608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
54507ea0648ad81caae1faf096628005

SHA1
267fa62c7c526a5ae2557b854f9842539a512684

SHA256
6cc9627f72b23fb4a020bc1d223e8ab447e99ee1c19135bbdfe64ef8719565f4

SHA512
7ff397899bfeebe3f8336e8c55661c06709143853d8e3484d2c70bf943086a89aa597806778cbfd3a4d5f6780997bd59c1250a86424d2398f86a4c6e41c0bc0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
f43286f7f852a2ca5df58f5d2dcf8d19

SHA1
9cdcfe76b4a414bdbdd1d6770be1185e0ef04da8

SHA256
0f889a4f46adef840297a14b0b9c83e37385826caf81926a999c3749e032402b

SHA512
ac263bfc7cfb2765704e973e450c65cbbc67e7ae9e1a4134d251079507d84fa77ffbf57857ac6780c17a0f0e2b8f2a580dc0d3dbea76184a33072a92843435a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
2af44229e31b0de5824350e20d1c5bc5

SHA1
37da413b8e7c19004f9eb12527b1c501f674c8de

SHA256
e5f08f904d1418b57fd5d668af939c0a308cde796ab254dc288d81061ad42a5a

SHA512
f6baa59121704644bd779c029c0f48c771b0bd15c2ca084e0a1b0bf83241374bf953a44e2d405c862f6f1b23e273faed1b48b54aaba80bd47ec806e558a333d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
077e2b54c6520472428c01f18ba16735

SHA1
b87a0230d98e98862e5717066346ff507b114d74

SHA256
b0f4f50ab5d096bcc7f261cf0a93c5ecd578a4179217d60c1a741e40a724de14

SHA512
72ea3f254cd99d1bdae129af52fb541519727d32d33a99ae71b39695075065e08b8f3c92c0717e8bc3ea1ef7602b90ea91387e9f5a5fb9878176e546a57b04c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59d586.TMP
Filesize
120B

MD5
ae109a7176e208aff957f321ab3f4372

SHA1
3f422a4668c2c6e29645509c4ad6a400b9d3bee8

SHA256
d797ba406e947a01a41da2335c272f4b058fa253b33cd4328098696c90e24461

SHA512
bbfb82c35f957176821ac546f41f448566a3a102e98a7c002d95d910112620dc40e1fc0ed1c1c072c465245c3f9fb25bd7c81be722c38a723658d5a0adde01e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
eab500a045d783fd929ac0d488896704

SHA1
4ef756f1841dcb3e24e50ead7b3bca4f335c9e7a

SHA256
21646d4fed1e598ad93c3204d861298b05f99e08d4eba514e3cf2109ab1e8f2a

SHA512
53259c3f24c65117b54b3ff102d9522150a3a65dbb269bb1daffc1d60480622ed21547706d1563ebdb47087cf414a7397c44e68c298eaaf7931a64a6bdf8df5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
6f9e5cc46c719696826cad48f750ee07

SHA1
91706035b194cac58821f3749f88c866327ec72a

SHA256
e7e6f00cab2601c947b975c6a1aa937261809bc37167b2c0fd8418286fecc71d

SHA512
58d46b2c9bbc5af82b7884a4182a52559b10ee9706ead3d0fbfd8024c3e3ae09baf9a9cfb606862719610a106e02c66c96bf0496c8a4e4472b4317aa7c89dfb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
c85cab86c00edcac17c31a094d2fb127

SHA1
7649738d9935328cf5c2111915e06e64f305cceb

SHA256
70cc3a5eeae0d981e71415dab03c5f9cc1efc3b51de9656ff6f38d13203beec8

SHA512
25c64436dfbff2b89cd95f5a05d3e50612458ef6112b8ae174ee6b6e2d438763e826db0488281ddc294dd2b65f9822a97394898adf8728f24320ff5f43340d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
0a8e33b528391d79c9d45002aa22a151

SHA1
98e06255fb0e749d9de4741bdef41a093583d8f8

SHA256
48b3b841c9c3406155a6a5c78271b02d01e7adaf3719b08e9cb11174e6e75272

SHA512
f6a998596a5ccdec7d19330e5f9929a918d0159a605235dc108b63d2e15eaceabda087a23bba4afe3f6c8a8104c7edf0fefe05310a9ab6b88b85adad4352a344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
cb7b654811feafab1c74f44488e0727f

SHA1
222a58a504cd5601563fc402556fcbb14f66884c

SHA256
849832b5bbd9dcee674a0b6416f5091216dc9e83807903c0ea4a4901c5ae97b4

SHA512
23b17b1607048a52eb43b36e47b5516c89de43e1e4dbab596b46620809f601f4bd7582ea5496f4f3097d4440943ba938a5cb2490683cd7a252576652e446ce5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584810.TMP
Filesize
83KB

MD5
072fd583001235c39dbdbf447bd8c99c

SHA1
45ea95c6372fc51081ae3ae429f5f9ffc83807e9

SHA256
5786b69d02c2932108fc921c1bc6d942a1eaa51a12df856ece01bd8ba9824d8d

SHA512
cb3b7cbc3f86ebe36747e1c97faf351ff7e48df34fd7560fbe30b57936c20bdbd15d517db537dd2578112b1472a15b777d85c782f79b1a94e87ea877e878478a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESAEAB.tmp
Filesize
1KB

MD5
e62e25b99357ac2eebd8942aed98753c

SHA1
6f9bd56cb96710132656c5d0c41a706e3e7b8c3b

SHA256
bd9f018641668b135039550e4e97f169c18ed80c5a632be589ef79bdf5de3894

SHA512
dfe324275925629cf7b2fa601e227087a2e743f9c4dd04fe7597717f7bf45b594744c5d82a6f43fc0bf4299f497e48aeae70684248ea12b38012555c91cbb17b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll
Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll
Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit
C:\Users\Admin\Downloads\Client.exe
Filesize
24KB

MD5
a209b624bd6e88a94b4ea294f3145e26

SHA1
ac5e709bd47acfed5275908889a3f8ac48ea5cd3

SHA256
a4af63c4282cdf397a1f15cd21729b1f66f9e47cda72e871b960937b14b02642

SHA512
bf160b2c285c23395f10781de4db2c3f57c9d88cf112825bc11bd2537b99757c217d75a032939799180c15fa4e70cd792ed39c30ca923ec3bced896b28fed4ed

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip.crdownload
Filesize
14.5MB

MD5
92100f76eec604e09dccc3f260100376

SHA1
c6b77d72bda8cc86675d2a4f970455e4616d7701

SHA256
2cf26e5fe9f31386d57170cc51ec46d6e4b73e4760826d65ca1a7afc8c82acc2

SHA512
ede71db1ec3c55f52a64b944ae240d5d94e7b7d28d05f3369d517bed421e732093ca949b7e1ea316b88bb79e74075cd45bdb6e236a304fa5ba0f997c18a4b360

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\RevengeRAT_v3_NYANxCAT\Revenge-RAT v3 - NYANxCAT\Database\2024-04-26\4-46-43 PM.log
Filesize
184B

MD5
d2088fca5faebeea4aee0f2ce6637ab8

SHA1
9ab86168e2f62c75b5d13d84a1f5640f36a4c32b

SHA256
80a92cda1fd226fa4eaec5578b0a4e54d1d44e6870a23c7e1987a5f8105892ca

SHA512
172bfaba055c5386cfd1fe27c895aeccb42cb193286844067399d2473f32b13159563ecc1ac2d300a9534e4591654995f17cfe20c350058388456690a6f31138

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pp1cn0ag\pp1cn0ag.0.cs
Filesize
21KB

MD5
9c8b422c75e525bb8690c4098080dbda

SHA1
adc54c11a4d2dcf17cf8dd5f544a11e221ac3f45

SHA256
b79549ad1f7a7d59a7f72685d05289de6793a9f73872b5eaaca2f8251bcb80fb

SHA512
aea3de501730c64e1dc742eaf5ddb1f2ba37da21629eaae1e440ad40e018d6e2e1384d2baa95e00acc35e636a3d749456c35e2586657e6834c67311102432493

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pp1cn0ag\pp1cn0ag.cmdline
Filesize
287B

MD5
40d539d41b6459cf9f91cf59e363c68f

SHA1
d1383a522f68399c32543d638a96f7eb53940f40

SHA256
8db199480e56b42b3c48ffa503ef0fd731069f4f294e99143b5bda0f0d88d5e8

SHA512
1968ce9139bffadc5bde596e467515561bdc36427707140dd323bec976d41010125eb109ba672588eaab30fa0dda7bc7cb868f3e516d03109efa4e25fa9237a3

Download Submit
\??\c:\Users\Admin\Downloads\CSCAEAA.tmp
Filesize
644B

MD5
23c5f6c5bb4e5de59ec5aa884ea098d3

SHA1
7240ba716de1d9ddaa3f9e3a0adcd7e00c4e6a83

SHA256
7e090465b6d810c988f61a89f11debded56b4bff54c07369c26ab8afd9e8ba27

SHA512
bef35b5af9bb58041f3783a43e85f204a088f44e19168815eea881c2864f9c9038f0e8ba2ab136b6514028e6c22652496cee61fe6dab467b56f0a31809ca1f51

Download Submit
\??\pipe\crashpad_4076_XGFYPQGXKKAVJJUB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4292-399-0x000001BEAEF90000-0x000001BEAFD42000-memory.dmp

Filesize
13.7MB

Download
memory/4292-405-0x000001BECAF10000-0x000001BECAF26000-memory.dmp

Filesize
88KB

Download
memory/4952-381-0x0000000000E60000-0x0000000000E7E000-memory.dmp

Filesize
120KB

Download
memory/4952-382-0x00007FFEB7F60000-0x00007FFEB8A22000-memory.dmp

Filesize
10.8MB

Download
memory/4952-396-0x00007FFEB7F60000-0x00007FFEB8A22000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads