Malware Analysis Report

2024-09-23 03:20

Sample ID 240627-vj6eastapj
Target SilverRat.exe
SHA256 39d7726467f9ecdf9eac4e61ca9db7c8e302f2fe9b1c953cac8cd2db7e4a94e4
Tags
stormkitty stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

39d7726467f9ecdf9eac4e61ca9db7c8e302f2fe9b1c953cac8cd2db7e4a94e4

Threat Level: Known bad

The file SilverRat.exe was found to be: Known bad.

Malicious Activity Summary

stormkitty stealer

StormKitty

StormKitty payload

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Checks processor information in registry

Uses Task Scheduler COM API

Enumerates system info in registry

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-27 17:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 17:02

Reported

2024-06-27 17:06

Platform

win11-20240611-en

Max time kernel

271s

Max time network

273s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"

Signatures

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\spongebob\spongebob.exe\Spongebob.exe.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\spongebob\spongebob.exe\Spongebob.exe.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\spongebob\spongebob.exe\Spongebob.exe.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\spongebob\spongebob.exe\Spongebob.exe.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639813705334536" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\spongebob.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\spongebob\spongebob.exe\Spongebob.exe.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4580 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4580 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4580 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4580 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4580 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4580 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4580 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\System32\schtasks.exe
PID 4580 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\SilverRat.exe C:\Windows\System32\schtasks.exe
PID 2056 wrote to memory of 4700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 1456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /query /TN SilverRat.exe

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /Create /SC ONCE /TN "SilverRat.exe" /TR "C:\Users\Admin\AppData\Local\Temp\SilverRat.exe \"\SilverRat.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST

C:\Windows\SYSTEM32\schtasks.exe

"schtasks.exe" /query /TN SilverRat.exe

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /sc weekly /d SUN /tn "_Task-WEEKLY-01" /tr "%MyFile%" /st 10:00

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe2891ab58,0x7ffe2891ab68,0x7ffe2891ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4812 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4976 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3472 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2628 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3304 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4684 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5160 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1832,i,8094383251297110564,6311226597203205448,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\spongebob\spongebob.exe\Spongebob.exe.exe

"C:\Users\Admin\Downloads\spongebob\spongebob.exe\Spongebob.exe.exe"

C:\Users\Admin\Downloads\spongebob\spongebob.exe\UnityCrashHandler64.exe

"C:\Users\Admin\Downloads\spongebob\spongebob.exe\UnityCrashHandler64.exe" --attach 4956 2585620385792

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E8

Network

Country Destination Domain Proto
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 y-blair.gl.at.ply.gg udp
US 147.185.221.20:37392 y-blair.gl.at.ply.gg tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 147.185.221.20:37392 y-blair.gl.at.ply.gg tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 45.79.115.66:443 fun-games-3d.itch.io tcp
US 45.79.115.66:443 fun-games-3d.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 8.8.8.8:53 66.115.79.45.in-addr.arpa udp
US 8.8.8.8:53 198.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 45.79.115.66:443 itch.io tcp
US 45.79.115.66:443 itch.io tcp
BE 23.14.90.74:443 img.itch.zone tcp
BE 23.14.90.74:443 img.itch.zone tcp
BE 23.14.90.74:443 img.itch.zone tcp
BE 23.14.90.74:443 img.itch.zone tcp
BE 23.14.90.74:443 img.itch.zone tcp
US 45.79.115.66:443 itch.io tcp
BE 23.14.90.74:443 img.itch.zone tcp
US 104.26.8.198:443 static.itch.io tcp
GB 172.217.16.246:443 i.ytimg.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.18.9.90:443 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com tcp
US 45.79.115.66:443 itch.io tcp
US 45.79.115.66:443 itch.io tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 142.250.178.14:443 google.com tcp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 147.185.221.20:37392 y-blair.gl.at.ply.gg tcp
US 8.8.8.8:53 168.172.107.34.in-addr.arpa udp
US 147.185.221.20:37392 y-blair.gl.at.ply.gg tcp

Files

memory/4580-0-0x00007FFE17283000-0x00007FFE17285000-memory.dmp

memory/4580-1-0x0000000000070000-0x000000000007E000-memory.dmp

memory/4580-2-0x00007FFE17280000-0x00007FFE17D42000-memory.dmp

memory/4580-5-0x000000001C490000-0x000000001C4BA000-memory.dmp

memory/4580-6-0x00007FFE17283000-0x00007FFE17285000-memory.dmp

memory/4580-7-0x00007FFE17280000-0x00007FFE17D42000-memory.dmp

\??\pipe\crashpad_2056_BOQNKXGIVYWHALPO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d729a3a4f6ffefc6d5a224d01853e02b
SHA1 6af45f4841c13773a9130ec641597a60b03516ba
SHA256 d72fd8ac9ee98a63b5821372d916be8326d34a0b71923a28813a09dc832223d2
SHA512 97b4517a59f0b8ce635c42a3b54a9a185714e3701c0982bd496b92bb480136de56e5b869a635a406d08d4a830ca8b4b5d8d4f85a8de2b0195a8a49e34275a0a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 959b4c3c6280957135a3b8833bd6692e
SHA1 d0fcfea5b7c6465065cd82212f96cf0ea36eaf16
SHA256 054ec0830da34545b9c3b2fb7809add3b103ce6cc4ae02690ff2c2e1f56cbfba
SHA512 2eac8e6edfea1b1a63d602559f54449481979753a80dbeb07f6eadc19d65c53b9e2e7c9ad957a877660ea640b78ffd38a43d905d4eea19e2987128659aaca119

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\81389d92-9720-4586-bccc-26e93307b6bc.tmp

MD5 844ca106af45701b8333c379a2e8cecd
SHA1 559a0f81880bdd15423b34fd194b9ca610ab2f7b
SHA256 515127dedc2e384b3d07b37c2a30d20b6bbb23b544d59bf9d1edffd83bd6eedf
SHA512 bb22f8e0994cc9603e5242c2c2fa21924ead6ea865fce236ce6620c1cd64b8beae3e29a21f6a6c53906aa8b578c815f197212c73d9abc43e7a3a0f3f8aef197f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 eb756c536e13ac18ad2b36e7f8d7ec09
SHA1 1d859398ee2820eb66494747b278356b12cab7ed
SHA256 7357897e5c764a77c927ec9caec72c7a2a0b2fce3fd08bc387696385a2d550af
SHA512 143e92ff7726d1ca3c8384a9cd2337f27a6e6dcc3104769c067d4e410ba58e5374d03222f05559de116f6025c264c728b90299deeb31d65d6d62730ed0d9c4e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 62a65353aa1f478be0ab1c5ecb969177
SHA1 30ffb67256b748b71aaac350488fb4c26da20c47
SHA256 efa200f6e58a64530ca15402f2c7dd1a49989054683f916d9aca07ea8a538f94
SHA512 7d4dc3e1939a9f048d25cc71f9eac14c1cfd967980e18a69d69df1fe3de3bb11f2e80c0157088e92d8e0809183dc10e8c8fd81fdbe62d22031cf522a102cbc39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 282b30bfdb1a21559b9d489a8de19064
SHA1 8f171d76a7fcb89ace169e153e8171524d79be97
SHA256 4849e5ab8f4a6bd88fe31cf2ae8b59b1597c17f983edb3c1365791620f0f01fd
SHA512 4b1d73b6d90744d06e865d68ae13a82390421f47131cdcdf55a8999f66b17182a03268c18873dcedbc40ffef50b9cefe7d41ae7d82ffaed6b946fc2eeda561d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 85837ec17e180055395f91078460ad22
SHA1 7eeb20661614e52dde2af99c0020457f39237b88
SHA256 b8c88e2a8cb1f878423c10207d10f15b516667327dbec8912431760befcfa401
SHA512 a7a8d0c94c4cb34405f148977414027ac5fbccd79b5ff6ee5575be5ae8d53257aff7ff856b0f5d832a6446a25c003b22f90f6f0ed8ef1bd7da702b83fa638685

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ecb3b5bf147d09f3d00413e9101c0c89
SHA1 fa84aabca46f32b470484ad9180df5e79eb0275a
SHA256 a65a0f12b3e3fa42f25abb5eab353de8d5d544768d6ce5ffae25430f6b0096fa
SHA512 b5a2abae240131d58ff794c797a85bd0bf0778b8486f57168c654648bb7e5e3f77dff0e35fc7d23b0df80deef659a7a7de11499a38d1be7a3578acbec523fb7f

C:\Users\Admin\Downloads\spongebob.zip.crdownload

MD5 fbcc8f85c8e459b0b3bfbb924f79f912
SHA1 fc8438f11c37c61662b614fe0b09db5de4c5756d
SHA256 c49da70df32ebf5ec6dffcb8d3bd98d30e1f8daaa529674ce02b51428015b365
SHA512 1a2dce78a8443bf77881e2a48f4888f6e40d5da568ab5f81ffe8fef3db5ab1893a24c8c0c0b136bcaf467f2e22e64c2231d0bd5afbfdff4147ac2fa3cb27f796

C:\Users\Admin\Downloads\spongebob.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586e36.TMP

MD5 fb8b3373834abbdd5395e92b756ad9c0
SHA1 2e5eeb345dfe2f7435e99d51e0a863077d5b8154
SHA256 d6f78c1193914b304e23d101c36ee2fe3436fb29d8859d62973052ed59ef0aa0
SHA512 577774c754c51f54839025a630a69131726e6b0f9068c0b8a1fcfd80d68e6ddfe46762786034a99ea435918a937314a45aa4408f92beb111e254a4d46f77dec7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 359ecf8712effedbf1c73409aa705263
SHA1 a6923ee84b8410ff843cf2944118eb29d7116eb0
SHA256 e34b9f6eee53dc60a4b792a42206c377056671f39074651e37b8869790200e68
SHA512 444f27f0b654a480d31c22cfa7b426aed3c98ba8f17cb06163bee7a00d95dbf3e5455197743fdd2e564b63732b3abc0659ee75a157f90fd5ec1b9d35db9e0e3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3260f6c38605c41ad7df45a8f18e2a2
SHA1 4e5874016de375a389bf8d4cfedc12c63aabfed6
SHA256 315f0aabf20dc4c58d09cd6faf725e64f0ae5ae62b14a1c469942e116cba85b6
SHA512 ce9e80101a6203a116ed1bd75351747a49374fef8ea96a43efc2d4d576f509b15f1241eeaeadd66de131ddf935397867ccb33af73f6fb7a29ba5cf535ccb3e11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c8724a843dec53066e6cdb3845cd4a1f
SHA1 a22def8d619e470736d261fb0327c2fb4691a318
SHA256 91a1458cede6f5d3bfa77f86e64f1d0d0dc1274124764708c4a3dbddf1e59af0
SHA512 ef09f9f173ba4f388ec39c635142aac9eb4e1cda035b0adc4820e5365c235b93350c41e87ddf9facd4c94104607701d34ad4a1abf605c31b40e135e6e1ebe40a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 13f7f236fea2989724ff715df69341c1
SHA1 92758f10862fecbf671a2d0a0b9f531f4f06f7b6
SHA256 7771cc708a181473df227f0d37bf7220d8f502598e90457b75a9642db3116ff7
SHA512 302ea33e05de835b7e915dd6805e82f80d3d91e9f7d0340e3b039ccc14dbe1e7b2a4bde937bc49418dffda1905af4b04a37b1b8caf132c02bac25ecb868bcd7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 ce1093c800c0933d7c9674eda75790d8
SHA1 371c2dcde092f51b18852e2617bc6c0c176f5873
SHA256 57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89
SHA512 fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ccb7758b9ef26fc20c9bd9ffe47325a
SHA1 bb859285e883160d12a938878488cfaad8d05703
SHA256 30120780bb834a6dd4947e85ade531ac3df44aa93081171aca531a39301227ba
SHA512 897af537ab243650482f6535953da8bc86950577e5bacb1607d64f02f6f4314a8f461d248418f9d1c76e816e57d42148b488870025e7f2b5bf80f7ac39f28f7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2eb3ca704a956c49485d3d567f56ba2b
SHA1 bd69ff19903126f9f3ac3514d32c66487bcf2990
SHA256 c3825eff778b6ebbfa99f9f9a45e977f7c82050e221ac83acb45a7a3bc3b96db
SHA512 2d29aaac4f5af8d3ef3c5bc87d2e667cd65d61726cfcf93113390f7ece485321450db472b7f7f6b7a1adbf6ec86835e33752ad90311f6d5a6ab490002ee02ee9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c67a81d2a0ddf0b59ee61fe065ca65a4
SHA1 59d9ff409672affc9ade7973e8bfd5566913fa36
SHA256 f3f4e5c67629af95010bc60ad840bcdc56f3e8edce6c0bbc29785cb8a994a00f
SHA512 094f5f3f19f891523738902fbb71db07ceb850ddb87b013402d11e0a55531caffcdeec422789d25171d2459942b91f7356041fcb3996b0c599d377213280b4c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4216079d8c721d77a018df8b06a58160
SHA1 620e0d436fe023eb0c7ab7178c6c2d14c2d7a137
SHA256 971b1bdcd922464df53e60ea295d7b10b84772f65a688ec674a4a6a4fd0cf5de
SHA512 054c2aaa51e4b5de0fac15816f3e70e1b4e12468b5e53aec54c3ecfa3aaf18e796b23aa5f488b14b1fe47a8d37747f76cb418644ba201ed8b856e6de6f7cbb9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b5eeb377051f90f4706f1703e8d796e4
SHA1 8166219f4fd6ea42231e48d2089b31d3616f0a27
SHA256 dcc4b026cc81388727d768385747a2ba4494a5c2d8988bf95e04fd3dc17518fd
SHA512 10f8e88af09b5ea6200c47d3f0b3e5b336ee553bb6a4e26bd9cc7ad70439bf70517544790118630aac6a5e8ee733913d019ecbf50b066f0d3dcbc4809b14e994

C:\Users\Admin\AppData\LocalLow\DefaultCompany\Spongebob.exe\Unity\8ac196a0-222b-4d3b-9c32-a0b481b65ed4\Analytics\ArchivedEvents\171950792600002.d5666c3c\c

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

C:\Users\Admin\AppData\LocalLow\DefaultCompany\Spongebob.exe\Unity\8ac196a0-222b-4d3b-9c32-a0b481b65ed4\Analytics\ArchivedEvents\171950792600002.d5666c3c\s

MD5 5e6d25ee81596bba5539c873803e5c1c
SHA1 49875d429f3ad4cdd77f864e52f5073efb53ae08
SHA256 133e7db2858eaab66ddaf82032ed4ef8f6f0593c3cf99c504b4dfaa16ce3efbc
SHA512 8f14fa55df4203f055d2ee498fb0474d979891cbba00b29d7e3d22e94f37a77dffe16f8bf4b1c064b6eacdb6552295db69f2c83e8eb3cc3f4741aee6bd21fdba

memory/4580-447-0x0000000000B80000-0x0000000000B90000-memory.dmp

memory/4580-456-0x000000001C680000-0x000000001C690000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4317ed7e902f3d82451187a5d223f00b
SHA1 39f629c5ea85a88afa63204513b5d62a5e30ea29
SHA256 4ec2a869946943010e603e49f3d9eec4d707eef3401e3506b6ccd7b0d2c884d7
SHA512 8350b87db1c05bba728fed0d7571b3b71293e46bc6df6be68214b8695a0fdea5b41c33c928ddb1d7e0a44f13c62b9d316b3d09dd82d7fca5dfa6dec03445de29