Malware Analysis Report

2024-08-06 15:24

Sample ID 240521-q247qsga39
Target https://cdn.discordapp.com/attachments/1242406758660706324/1242406880156979241/Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar?ex=664db913&is=664c6793&hm=4510031d315419267588364e6f80577ac03d5e399ab0f5d46ac5b46eb82031ea&
Tags
nanocore discovery evasion keylogger persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://cdn.discordapp.com/attachments/1242406758660706324/1242406880156979241/Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar?ex=664db913&is=664c6793&hm=4510031d315419267588364e6f80577ac03d5e399ab0f5d46ac5b46eb82031ea& was found to be: Known bad.

Malicious Activity Summary

nanocore discovery evasion keylogger persistence spyware stealer trojan

NanoCore

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Checks whether UAC is enabled

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

NSIS installer

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Creates scheduled task(s)

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-21 13:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 13:46

Reported

2024-05-21 13:49

Platform

win11-20240426-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1242406758660706324/1242406880156979241/Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar?ex=664db913&is=664c6793&hm=4510031d315419267588364e6f80577ac03d5e399ab0f5d46ac5b46eb82031ea&

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOCDCAECD7\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\PCI Service = "C:\\Program Files (x86)\\PCI Service\\pcisvc.exe" C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3344 set thread context of 2828 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\SC.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Extensions\mpress.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\RD.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\How To Open Port All Tutorial.url C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\notify.wav C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\SI.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Browser.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Opera.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\How To Setup a Rat.url C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Whatsapp.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Apple.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Archive.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Team Viewer.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Windows.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Word.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\PW.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\SP.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Stub.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\TOR.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Ubuntu.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\RDP.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\WC.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Skype.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Notepad.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Remote Connexion.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Android.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\PA.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File created C:\Program Files (x86)\PCI Service\pcisvc.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\GeoIP.dat C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\SM.Dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Vmware.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\FM.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Plugin\KE.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Filezilla.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Rar.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Internet explorer.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Read Me First.txt C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File created C:\Program Files (x86)\Parrot Security\Revenge-RAT\Uninstall.ini C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\PCI Service\pcisvc.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Application.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Excavator.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Moon.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Onedrive.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Picture Folder.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Extensions\GoRC.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Extensions\Resource Hacker.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Torrent.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Mono.Cecil.dll C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Revenge-RAT v.0.2.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\FB Messenger.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Firefox.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Microsoft.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Facebook.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
File opened for modification C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Google Chrome.ico C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zOCDCAECD7\Setup.exe:Zone.Identifier C:\Program Files\7-Zip\7zFM.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zOCDCF0118\Read Me First.txt:Zone.Identifier C:\Program Files\7-Zip\7zFM.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zOCDC88049\Read Me First.txt:Zone.Identifier C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOCDCAECD7\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3856 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1242406758660706324/1242406880156979241/Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar?ex=664db913&is=664c6793&hm=4510031d315419267588364e6f80577ac03d5e399ab0f5d46ac5b46eb82031ea&

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad2853cb8,0x7ffad2853cc8,0x7ffad2853cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar"

C:\Users\Admin\AppData\Local\Temp\7zOCDCAECD7\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zOCDCAECD7\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "PCI Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmpD8CC.tmp"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /create /f /tn "PCI Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmpD90B.tmp"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOCDCF0118\Read Me First.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/playlist?list=PLkoNiUTDHC49JF8aoemdNMuQGpWAFW9lX

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad2853cb8,0x7ffad2853cc8,0x7ffad2853cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3916 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/playlist?list=PLkoNiUTDHC4_dakaSc7ePa5epYLx35DcV

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad2853cb8,0x7ffad2853cc8,0x7ffad2853cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,12046753880658631526,1112989457431520678,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3360 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOCDC88049\Read Me First.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.206:443 consent.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
BE 64.233.166.84:443 accounts.google.com tcp
BE 64.233.166.84:443 accounts.google.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 95.101.143.193:443 tcp
IE 20.50.73.11:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.121:443 r.bing.com tcp
NL 23.62.61.121:443 r.bing.com tcp
NL 23.62.61.121:443 r.bing.com tcp
NL 23.62.61.121:443 r.bing.com tcp
NL 23.62.61.121:443 r.bing.com tcp
NL 23.62.61.121:443 r.bing.com tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
GB 172.217.169.86:443 i.ytimg.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 haxorbaba.duckdns.org udp
DE 193.42.11.31:1604 haxorbaba.duckdns.org tcp
US 8.8.8.8:53 a-ring-fallback.msedge.net udp
GB 95.101.143.193:443 tcp
US 150.171.22.254:443 ln-ring.msedge.net tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
SE 92.123.135.85:443 ow1.res.office365.com tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 20.140.56.69:443 fp-afd.azureedge.us tcp
US 8.8.8.8:53 254.4.107.13.in-addr.arpa udp
US 8.8.8.8:53 85.135.123.92.in-addr.arpa udp
NL 23.62.61.121:443 r.bing.com tcp
NL 23.62.61.121:443 r.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 704d4cabea796e63d81497ab24b05379
SHA1 b4d01216a6985559bd4b6d193ed1ec0f93b15ff8
SHA256 3db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26
SHA512 0f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d

\??\pipe\LOCAL\crashpad_3856_PPTJFHFGRJGHVVYK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 de47c3995ae35661b0c60c1f1d30f0ab
SHA1 6634569b803dc681dc068de3a3794053fa68c0ca
SHA256 4d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7
SHA512 852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6500157a3f9a7d821b4402604aed109
SHA1 28cdb8ceb86a2fcfe8d5748419bd7b0d32fe98de
SHA256 c4dba5a3ef312273e718f1835b7384ac369143505094b28c159032604af58ec3
SHA512 f06f9e632a1731629c9e28e7c64b7819f987ee562ac6f744dfa904df8be0061ff830198e1792c886ef28770a6c0edf1590400fc9a605e2395b7c630a4b2fef3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\Downloads\Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar

MD5 c560d5f45ad5afdebefef38744c86116
SHA1 e957552ab4b41ecb26a7b515bcf9922063421308
SHA256 87ce5afc546db895cf1e8dab630d6a6ad2583d38073101c19f4a8725f040d777
SHA512 6c26362742eca5ca9b8f993ff84e93003d0a50d8d872b204f840e3a8e7c1bac68696a27b955bb87e8de3eb335fff44a65dc303da0f74d69c58d16b595e9764a7

C:\Users\Admin\Downloads\Revenge-RAT_v.0.2_Complete_Setup_By_Shozab_Haxor.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ab09f3e9a036bf74b36554050ddb177
SHA1 92875c5a3b58f236705930cb26c8ff694ef2bb1e
SHA256 7b0048ec2a499aa06f286a68d7c9a17ce22c37152cdbccd5256021920f515238
SHA512 1df55622d66fd55be2bccd56c4260f0900e4853de275c65e884d951275135a40d946ce915d6c6efd093b126d153691139305097226f4955d1395bae4f6061de3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 488b3284dfa8eabecbb0c9a0d6d59873
SHA1 6cbf6f8b46e6226a732996fba19e66c8b652722e
SHA256 ffa93036c5444968f47ad347670938c8c728187651814de0843cb4e76be77dde
SHA512 e7d355fd099c5d3c21edbf126f9f0717ff2a8a396de80c76e3b1a43b7a78205c90c669c3615bf90c4ada2bc7ca47e89e621c0db818e3c2363a648c570257bec4

C:\Users\Admin\AppData\Local\Temp\7zOCDCAECD7\Setup.exe

MD5 40051c0c72c3a595c043a36176790982
SHA1 fe80449ab8e54b170b3edd87b3a0e4bc42a3455d
SHA256 8c3e4bad225ee870b94204e46767d2e7de83644bdfa8293612136be34bf9ed7e
SHA512 52a7762dbbe6c87e72dba30f13fc5ab4d71be0a5bdd5b37637dca50cdc2d494143ec2c0f84df9bf58f316775c26ac3c06bb1fb081a3491a14a9526c56207beef

C:\Users\Admin\AppData\Local\Temp\7zOCDCAECD7\Setup.exe:Zone.Identifier

MD5 601c6105b363c6c102b4b1de135220fb
SHA1 160e2536c311cf88c610d38a88376a0f261ea3ea
SHA256 fb30db3640425050b433c76111278fe4a9de2033bfddf180833a6e1e24a11987
SHA512 8f98f57c296b60343761c7d0dd5dc3068458588da513248afed8bc0f83f158b4feca0e8b7cbf8f4fa179dbdd014b5642625190a9242bdd1bc460fc1ab70bc044

C:\Users\Admin\AppData\Local\Temp\Setup.exe

MD5 793becaa5c12f7e53866099e3eb47c67
SHA1 3400571dd489e51b20a7ec94fd33b697582325c4
SHA256 cd7f39bc287566d487326c2d031f37795efcc15a51d9441a1c02464e99324ad0
SHA512 175b3ba6ada54b85b0505d64f034970a36941a6395bb9e15cf9555277a8aa0297182028fbbd31f5f0d545cb38231b6c8510c6fd1867f3cdedc6a8f9931b301ff

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

MD5 ec4bf11a6689c525a9c02342919b81d2
SHA1 3e762f4bcfe9325548b50349bdc270bdd8a111f3
SHA256 4480ba3f495510f75d218068c22164d98d275199ccdaf6e0f5b53cf355b8be80
SHA512 c23360725bb6dcbe23106f5206a8e1e97366e6ef4baea5c81fe7d0c50916ae7e19cc85a4b9545c7c723aef9fee5ff0e845700a7ee3626530da1a0739df5b716c

memory/2828-139-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpD8CC.tmp

MD5 57ef41cc35a47d5ff922ec5a0d06aaa7
SHA1 0ae2172ca0e2578109243328ee57a68190252578
SHA256 ba13669de506ecfb43f5dc2b2acb6f392ad3d7daf9c9ad1c56359c6405de3a07
SHA512 58bdff3f27838934400b3bc21e69d8c2dfdcb0d5afc9ef5f4b0b5da83df603952abd6e804c3abcd50657f1c91dabc647d999f3d24b0b73990e3bd3abffddfa47

C:\Users\Admin\AppData\Local\Temp\tmpD90B.tmp

MD5 a4f6fa4537e2dcf0d3e2802c0f070a4d
SHA1 03545095bfeddd7656b5b8547ab84a810324a94f
SHA256 192ac26e1895b267149bde35c55327f4a441693495239da5899062924d45bd11
SHA512 a4293123d718b0511a8301a7f536e403cecf8bc89f25f9dc4692b293eb8a554a8eb67993a26fe0e96792b6eb3573b34e9b270777cafe95c2383268da6d40fd2e

C:\Program Files (x86)\Parrot Security\Revenge-RAT\Icons\Microsoft.ico

MD5 d3d3531d4bf5be053c2e5a970003f34f
SHA1 8c589076c17c2fbe09e34e67a8af3adee93cc8f4
SHA256 d10f94716288e2a22e4dd61e6167f953dc096783da87ec2352b396229a54570b
SHA512 50c4b0850fc575fe974cbcec4d394fac351a6a1091ecd1bcc4f18e7220c08b42e6c191e6376f5cd518e86f599f691db795df0ea772d0f133191f1689af37d933

memory/1356-315-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zOCDCF0118\Read Me First.txt

MD5 c57dc84dd685fd4aeb3232e207fa5309
SHA1 e12167393b0ec3245a5089bccf172841fcf22964
SHA256 b8214c2073adf389495794253843b64d594d6b579f03ad7bfa824a50b2b35773
SHA512 cbb2ebe5e0b90ced99f879a14d94ff5a9805e0f0727f6d57633fddca4ec942cea56c90c6f5ffd8ae4b83bdda9e486b79eb61c952a20dcb8eb1a13059bee4c0a9

C:\Users\Admin\AppData\Local\Temp\7zOCDC58538\How To Setup a Rat.url

MD5 8d61646db59cc7460b40bc79001a40a1
SHA1 e43cdfb3d27a0cb4b4532053c27810abf06d415e
SHA256 c5d1bc7427609e082195ad8db57c9b35b274e3df63a92d78917334425730d1e7
SHA512 9eef7dcaa96a52d52caff6b9709f8377437ff201e976761eec8c35669f946ef111d7da9528c8f253f469969513e4ec5e6a5d0b861665254a6564f8c2d85d9f99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 310bac87624e8b73add36b6d1218831f
SHA1 2099e9e9439e6dfb5f366e07f35df2413b2f2131
SHA256 b87c4eb0c95fba0a6ca6b31fa9f7b1d1fe405f930fc5fb1a66f3286b7dd92e4d
SHA512 aa3e64a8514d187872fbf4bb4f7a23d266ada3c668ca02e7b684aa5248dd16ca2424da2f290b40eb01b275383d1b767e337a5e85a6c88f63797882941a11febc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 da8c19963909b2033155e31faa9dfc46
SHA1 4067cd4dba98ebd4cc061c3e3dab932605802fb7
SHA256 67fd0a27cd84845279b554c2f90eaa7989a55239cc3ca5ad547bb8f032df07b6
SHA512 95d6dbbe18dc44048c13b6721af48e3fa2b57d588ed30cd4a4d2eaffc4f42f30dc5cef7a80f3d6f62eb3c8e421cfeafddd8df5de3297c58073880c7acd076fe2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 90e3a0a92ff266c9b17663105d9ba533
SHA1 778d1c7aae5d2ca12a39f21b90d18525e6bb4458
SHA256 0bfa17eb88a2c8fc0b2109b1c136d48d4ce96bd20fb69e7b3b4666af56275c8c
SHA512 9c274efdddfc4d4f5fb2db9091f7a0b2c70cafb468b182ca66de079ff8fa74654597a43565ded1740bba1db59640e2509dc8c4b809b88c03be7bcb91a8d91b51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f85f68a740799bb478e63ccee14317fd
SHA1 b19299246815cc2e375d6e0030b6532b7d5f9345
SHA256 e6cc979eedc74ab15dde63635a239002868b53c1b03535b9bc955beb70b617ab
SHA512 6a17ea8d82c18f7c16c7455a805668dc9c8825f34a00e6f079f11643730172ee2496503290d5470da2283e50fc2384c7b25e5eae8f6e81fa9ac883ca63267c69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db27bd6028d7696ec420d33836dfdf58
SHA1 d31663dd8e50ef3053ba172eda42b834b12d906b
SHA256 16d80307b921ed21d8ee36c6f1f059e9d8a721b46dae3a6bd93cb4b0029f5cc6
SHA512 7e1f597b1a9cea798967432d9705d6947c0175b4f44210dae99c7f06ee4098be3ed7cb09525a3390df39ca0c318ed823dffd8dc10246d1d4c807eca7d32731fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85f82d84ca844465aa9cb0b461bc438f
SHA1 bd035d967ce36459e153b0a68b36469c8062c978
SHA256 954b56bb99f9963dc1a28bbc05a2c1c47cf0e3dc8886ac86c219bc4697ed952f
SHA512 3ef7c54c2e07eda7a34a17564dfbc22b22ea4f561984a9ddeca9f31976b38f55d7a3fe0eaa481f87227bb142fa9c10b946323affb1d6516679acd39e8e9509d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 38982ee789f62a40a5ec58e99176ae32
SHA1 60527d9b2cd26068adeac20060084a420735e1ce
SHA256 433469f0053d4baef9450324d623e72171c122259b888a2eedbc15210bbaf995
SHA512 5401b5caa84bd5cf3709a891ce8bfa083fd55bb4d0033dd6e3de5b8879903a35d0e678189ba2ac4dbf843efb695919c05668d8b1a7bf47be09feccbdefd100bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f27e061f4cc34e56b3215c97104542d
SHA1 7313b14acdf3e2e32590224a458b0ecbbe3fb2ee
SHA256 6ae6071979517752c4a64cb4bf981b0cc561dd3b636cc12f1d785a34ce645f9b
SHA512 21b80e62c160d6f968e6e0ccd36eea60b71e1d35c9c8f61472bce78e363abc0b10ed90d848d53a1110dfea5d0cfc628dbd78148d8dd0e72f77487782a88ae213

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588bd0.TMP

MD5 c0b6b248918a80ea036a9a1e16cb1b8b
SHA1 066fbc4e385ab0ba6b3850e611102f31c65ec3bb
SHA256 fa0e1f89f8c8da9a471518bb0add02d65966f7e4ed74676e00ee4410171a2336
SHA512 842e540c5d622a5ed35dd6623e91aab7494dcf7af7e0263d115da8207685051ab3fac5aedd7c09ae6f4c8fcbba6a62df0055c66af6df0911afafd0921a1ad486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c3c7ef0c192d8ec7433e54bf3245c981
SHA1 c1340b48e95b28edd1374ab887fd892443424e20
SHA256 808685b53969e5a476098afdd91643e050125a3e6c4d66dce72d2648b3f48f77
SHA512 485f13fde8553b26347be5b223f37a688d71e640c29879c8c448843baac393dc406072f8671ea3dccaeee6470b7d00d75f167c695fe1fbae8542a695674da802

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0f35ed56-4f15-478b-8cb8-bfc3d4462998\index-dir\the-real-index~RFe589054.TMP

MD5 ec1c289fd38ffbe8835cc9ed910d9c3d
SHA1 0db7d01a881d3d0e758aabbea93086b2e268da3a
SHA256 b662e286bdbba5d32e402eadaab3655ae49045699054d2feba3ced6e3494e101
SHA512 2c8fc81661eb7cf83da3c6a48d79517adfd7d72b8f8646d15ac5f6c64634b3ed7d1d078472f644ad6f74711dd80d5ad54c1b24037a07074275ee0752f822d790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0f35ed56-4f15-478b-8cb8-bfc3d4462998\index-dir\the-real-index

MD5 030f23317c9d1e243d7d573c2c3d21de
SHA1 01b87dd6b8765f8d9048be569023a50c52ce782b
SHA256 f831ca4ed20985102ce08ab70f4a1bb712cc6457f5aeab84c1e5af699e66904d
SHA512 fc3be46cfe086bf8dd1a4c46fe69cd68726c045f55deb194a85c48113f15ad3d9d65c207684b76172027887cc5792d58f9e2948fc9df6aaaf84047596f12f9dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9411b250f223d16c182dc4a376e33bf0
SHA1 a77942ce56fcbc9163b920957810ac2a33f1d955
SHA256 939886c730f0f504c45523df3229017d56e19e03214335bc53df20d8dbba1fc5
SHA512 aa98bdd4cf31da97d41ae7a679aa3483602526de9532da191e42d612a924ed90701b548fe4b3daaec210bc76c92bb29a2c52d22a8352b5cdb5507a911218a4a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7b19a31-e1d3-4091-b020-4bbd466b01b1\index-dir\the-real-index

MD5 56f15920acbff1e8b2b7706fbd85f78f
SHA1 7b348057fcc634a4d724d59c3c6b8ecf5ad238d4
SHA256 62417120170c2ff40aa93de3201d3d4e37691b6d8631056fd15f355f9cd7c072
SHA512 8ad3ecf1102a0e77fbacc647a0390d939692a05257e1feac798c1c390e164ac39e25e2db33d2623bbb567f15177de62a41324db84b9a796f89f7b2b13db386ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f7b19a31-e1d3-4091-b020-4bbd466b01b1\index-dir\the-real-index~RFe58946b.TMP

MD5 9460ca4446be8c11985ea636eb1dfd85
SHA1 3d343d0564033e1f22df863f67256ca5b7058657
SHA256 f233c07f02782773f831e0b5d83ae90fb36c21053b943f002b8676919fdaf503
SHA512 afc84204a5b5f30baa2a506d8b2f41e8588181461eb72f3239d536ca5779a9b91225ff966e9ff61878b18efff7737a4f36e5ec6ea72564febac1c1343be2b423

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2d83869a833ce5493bc8937632476d82
SHA1 636959975af3a887196cc6437a7cc293dc78aa53
SHA256 61c661f3616e3cd51cf2932e6ce5a640c24b210b34fe2fbd79a092e4a5a4bd45
SHA512 a4a6395cbcabdc2af3a16a15470ebc80ce2cf9dac5e98cea8fc19b4ac93f8e73cb4e5cdc64165bd64d180aace37c896c06cfc7d59733de2f1a14a014a709c90b

memory/5124-750-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-751-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-752-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-762-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-761-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-760-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-759-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-758-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-757-0x0000029B26050000-0x0000029B26051000-memory.dmp

memory/5124-756-0x0000029B26050000-0x0000029B26051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zOCDCEE339\How To Open Port All Tutorial.url

MD5 e6e103fb45cbe55836826bc3410efcc0
SHA1 ff589e9f655d3368571562711b954f301615d457
SHA256 99e7a2772fa7b583be865188c49e15d8294569d820bb29be95cee538a6a5f494
SHA512 d41fa5eb682f9c2a1eddcac0a79cdda9f7228b9080c843ce5e7aa1ef027f8c773733faa471e44ca76a37e405d5488c29f34e1785f149115bd65f01fb3b52acb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f03bb0a4d38530c7cbdecac3f2ee3881
SHA1 06d8028f83d2e4cf94c502c096d112edb107d005
SHA256 7b55e4e75149570fedcbefa25ce076ae2bca78be01bf3b9b9fc372960c32f26c
SHA512 56832d628ed5fcf8fd43d7446d265e8005b25c2fcce98ea291e1ce7986baaafda18cbd1109a9038c3ad0c188c6b565360f97459c1f04654324de5af9609541ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6cce51a5-7736-47df-9203-d4c97ada9f68\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 f218c31d967d7d050e360b26b39df4c3
SHA1 3a03e2ae75080ef0755bf1a1131640e3ed773d1d
SHA256 791410a89899725c497f590cb9138f238713dcf1b318340c18cf0682d52b63aa
SHA512 f97d6fa798fbfa27b3578777d938c327a0b1ea1379c4e0d50d640e4682fdd88dc210d30432320140d5ebdfb6ef721f0b844801a81305c877cba1d3e05d0097c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 514c0fd8cf694507977123a809649d8f
SHA1 e5bcdb70fe63ff4c14654e4a7bfef60f6a99bc0b
SHA256 4a0660f987cf95577cba967e44a9fff7452f6695edcfaafbf2cfa9a307ce8aba
SHA512 50e0c17e3d4f7b2d0d04d9e63557eda28a7fa3582303297f770f9ee212ad02d4d9eb9d3298636a6d7bab20db0e8896c080b35f565f4a9951a1a24d18dc2322dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a158f1e69b1f13d5e0fe18d8d04193e4
SHA1 b26f2ea215ce014f1be7d0d66f3b1c0643776355
SHA256 312afc87f0232191b93feac3a870f4050bdc66dd91bf2e86d920f46cfb9e215c
SHA512 b6c4d87f3ab1fc0ef37282899e8d93d9594dc2683ea93bd61b418b69c8f436d91065fd4ab5d41c676f29a7b60b9616ecfc6dca05cf17fc1fecc7322846761db9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7df76d2bb828b9ea31945228432516ef
SHA1 af8ca0eaee0d0d31f7096449e21de9520cef514f
SHA256 3b930fce1cf167625df921f126fd8d20bc6536ede79040edc4e655be1f9e94ec
SHA512 02640013f5df5ebd066eb1b8ba1bbe25607d3373468c319dcb5d473e81621fcd1b09eca9ec78a8b00d71312dfb7b42e2d65eb73f9b146bb9b9d89e367544494a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ec579bf5b3b56dcfed54f29641f9389
SHA1 dec139957298f88c8f36b3ebb79b2804e6afb026
SHA256 cc813b94ed37225f6797bf16d92c370d653299cf7579f928b144dba116ec1655
SHA512 6eb551d05dc2143b4e814e23aad0f50903e9a86cffbbfb61d7ef1bf598add597c9514ad907b0309b0cb35a3199a59c1595f3c892ebc5bcb534a441af1ab48dd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce644380d0d05350787f27a42f0e2405
SHA1 3784bc67d8f1e75902e4c368c2c70f7ec2bc2ce9
SHA256 f8ef899e9518c730d79d9a13e918c79a964662d1015c04030ea1e27aee01be88
SHA512 d51b9273dfc90783ffe0aa569817df6372cfaca51377a8dab464ff83681b26a220315f100c6711d303ec9daef494a2559a72658cefb351e8ea34c566a59ae489

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593c73.TMP

MD5 4ab303f86f583ab5e784d0f50b6d06a3
SHA1 c283132c0bcdb38ea91461821758e969e24bd1fb
SHA256 218d68d4f4bfb673339e3c61444e95a4b7a99b9d88620575717c8af25a457ebc
SHA512 83b97a09ee6902018396d83a2896c579d99a17bbbcc4e72774acd60f930be12e78636f165c1858be9c56eb66bc08167052025ae86d8ac7d87b3eb60a3ed99378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0badbdf390984f72784a5c5f677b32d1
SHA1 c928241b9937cd42aadd4e8a2858612c28daff14
SHA256 7f5e15ec740c3152128d849a837fce24a4366858e2f621e19546d0ca5aaa3e6f
SHA512 46d11c5c9338f5a90c919f2fe9d927997bc54186f080c27bec052213566e38614e4646186e624f28022e256d5702e32704bf7264541e552aea3cb1eae85acda1