revengerat | hxxps://google[.]com

Analysis

max time kernel
186s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

10^/10

revengerat guest discovery stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

0.tcp.ngrok.io:19521

Mutex

RV_MUTEX

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
behavioral1/files/0x000c0000000235f4-1121.dat	revengerat

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5564	RevengeRAT.exe
5764	RevengeRAT.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
189	raw.githubusercontent.com
190	raw.githubusercontent.com
191	0.tcp.ngrok.io

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 5564 set thread context of 6128	5564	RevengeRAT.exe	162
PID 6128 set thread context of 4928	6128	RegSvcs.exe	163
PID 5764 set thread context of 3912	5764	RevengeRAT.exe	166
PID 3912 set thread context of 220	3912	RegSvcs.exe	167

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{6C36249B-779C-4DB0-97D4-A33CA917F9EB}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 706555.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
3904	msedge.exe
3904	msedge.exe
2684	identity_helper.exe
2684	identity_helper.exe
4608	msedge.exe
4608	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5564	RevengeRAT.exe
Token: SeDebugPrivilege	6128	RegSvcs.exe
Token: SeDebugPrivilege	5764	RevengeRAT.exe
Token: SeDebugPrivilege	3912	RegSvcs.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 744	3904	msedge.exe	86
PID 3904 wrote to memory of 744	3904	msedge.exe	86
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 3800	3904	msedge.exe	87
PID 3904 wrote to memory of 1872	3904	msedge.exe	88
PID 3904 wrote to memory of 1872	3904	msedge.exe	88
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89
PID 3904 wrote to memory of 2240	3904	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffd9c0a46f8,0x7ffd9c0a4708,0x7ffd9c0a4718
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,2257136414332898401,2356287441540332750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5756

C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:5564
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:6128
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4928

C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:5764
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3912
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegSvcs.exe.log

Filesize
120B

MD5
50dec1858e13f033e6dca3cbfad5e8de

SHA1
79ae1e9131b0faf215b499d2f7b4c595aa120925

SHA256
14a557e226e3ba8620bb3a70035e1e316f1e9fb5c9e8f74c07110ee90b8d8ae4

SHA512
1bd73338df685a5b57b0546e102ecfdee65800410d6f77845e50456ac70de72929088af19b59647f01cba7a5acfb399c52d9ef2402a9451366586862ef88e7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
c79d8ef4fd2431bf9ce5fdee0b7a44bf

SHA1
ac642399b6b3bf30fe09c17e55ecbbb5774029ff

SHA256
535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

SHA512
6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
23.5MB

MD5
7ac57f615da92dbef93a949ba4f49d72

SHA1
edc8439f995510f8b21321b098fa5abfec88d6d5

SHA256
f3a26321d5b2f07081b0bee43b5c3a52a995b2d534024969e2aa546fa5225d38

SHA512
f738a2093132eed894cd40d08c20450b35de85d605f507face345f15c7baecf0ff3dfec6ac6babc8d0b68e825c4610f34e8140bcf9bb5bb1954d31b4466a6bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
26952970259017e46927bc210150b21d

SHA1
8335e0960627120dc380d5cde2aa804c5c5827ba

SHA256
0e5955c0c4f40aeb81855bf405a2b732dd5b811cdea13b0579be9c49516f9313

SHA512
3284d5811e1a37b2c1a0b42154a39cea93d228b3a511ecbd3cfcf30328891d2580c5c8eb1f8723e6cce542c16779db7a7da220e63b9797eb3a82f11ac4efe897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
dd35cc549522a3c071493cb4ff6535e7

SHA1
71b6649e6ab47e43384e44a63af181c74c53b8b5

SHA256
bebc7ef50c9e9a9b86eef7fe38b86d5f3b78468c91d331422b3f3b29c02138fb

SHA512
314bfe24a35d8bd317c72e8a664a022f826131f648d80e29a1b2f5d6601c95fc25e72acb103e6588fdb53722098605365c88391c512b8fc5a25f621b1dd9d0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
63bb529134204b30e9c01ab4f613619e

SHA1
3fdf837b8e4b4769beba4c72fcee6d865ebdff25

SHA256
46f2819d0a07283c7b35eaece74fe62bf1d7542c344ee623221a412bc79f5712

SHA512
cb562c732660701ce6242bdb217a36c89df477363494b4ad9014dcb045364a36ab47d25f7985e5ae722316700dd02336ca19a0ad980d705de78901d4848c3636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d4f56f8ea5cd997f21b891f1cfedde10

SHA1
580e5b8b9ee25349e2c572a8c85cf75e791bbeb4

SHA256
1180f9591ca4f38f3dee126896147eb44e53700401c4a3e82d79b7d4f9e6fd0d

SHA512
a469d3e46e6dd0c4912580859089dd412fb095121bf266c26e086acc0262ebc3d98d577137090ada583c3a2fdb39ad52dff8d7581414d7d334a9114e72e6b76d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa170a3bdfb8dcfacfd2136feb76442b

SHA1
6ef8db5f8eec6b4a126208d7348e49ce068814fc

SHA256
b177f1df8188e813c3ab9866ad081b474548be5d8d0c3ffdd8b979d6aad64899

SHA512
196d04b473041b717468c0849bc691b0784ffb8a4ff4ea43436d9e859cac6881f594a62c3040a4af96f6058fcc647b4a5a5095eda4c0876beb5a80f4fbd5638a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
825a6d5aef6e8b824792ade75d7c7b45

SHA1
334cec0cc59eb5a4f9f48037539a7cc8bdc7d7d8

SHA256
ef23c7a326ede1579e8f3323faae6237b601af2be3e0686df5fa91b08d53bd87

SHA512
576f116391db519d428b8cd5f31f43bb2e3d84d40fbec26d423ea2f864664edabb36d571772e1f61ddafc5143ae8879410422d5e0cafa34d2760597ef44b4e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc0776624f742cbfaf57326a1069467e

SHA1
8b54e91b62d8fde76e952c3151acc3abadf199ef

SHA256
ea95443270a0a4e4f77555bd5309a5d83f1cd8b742dfa59dbce0d34d955238c9

SHA512
7ac846bf8902c61750af3e12702924d16948d7f6e9bbbb93b459dfe4b9eec7a9b97552ab95de2dae5b6f88271c0e567d91d5509a05b43f77ad05dee1ea4f7045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b5edbe24f45f53476c86f8b4f3aabce

SHA1
a512bc762483d54abcf1580b47fcfdcff71747c2

SHA256
1d4d7f279ec669352103ea851fda4f6f1851c9f56aec6754446394320a019772

SHA512
8d2b5c1f59c8f3debe7fcb47303fa23e6659f0b32c4c72d2bf56f5d4a81d292c3bae7af0dd40222eeccb187c2004eb8b096b283df292b617f91f5dccfc79447d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a12daed0843aec44b28fa4253317b17b

SHA1
e3ea608126d1fc45005db1c442a4fd630619d78b

SHA256
81d061308a6586698494cb56349b0798b76e72fcda35f3605fec7188541cde12

SHA512
ad8b89b4a1ef7d64f8459485e4e72622781fba9ef0f0b8361639753877ce778d57ec78300adfc56c19ae26b13403b349d5e2494e0f2d32a2e02c3b41a811e1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2c6aefc8b769fc79dab48810b7f32daf

SHA1
9f4db23746ac46803b340a10750bf514f94de4ee

SHA256
8332284ea4503bffd72caaf17d0c5a6ff0c105cc42037b409287b8a17143e529

SHA512
d90e2c4735f017f31df584f5373b0e43e456ba5857640254bd95787a7f2d58691516c2ebe85114befb1d56d34435dd10a336936d5a3dbf01d4d6346a4786ff4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f86ae52220f56ab1bcf528cf01c0786

SHA1
9ca5d193826a5c2a1fcff2630deb7a38db6aaad8

SHA256
6fc926a3aa81d3af90d2284037e700ba3d47f4e8f664352f6e0768e8cbaea31a

SHA512
6a46f519f338910b9c215d566e188429c102cc3ee5a601ad698b2bd6c598c81f4e30f30b82f35ece70cb959f733f869020ab0b8a76768c6529bc3fe253f3d9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f22b48bc2494bbefcb69346c3b24df87

SHA1
057b16eced39320e939326add7255e898d74ed5f

SHA256
244d1890d80c3912aaeb51ed43ab51715522569a2fbbdb17fb825ccf194bc6ab

SHA512
ecc5770afbaf7f27d12c43114ae8a1e46449c3371bc2e100842a379f6cfdda57ede8846b65ccc39bb3f706ee54147991690ffff1b3ca1ac421d1fe11f34f3e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8eed6e97144e90a514d458ffa158d06c

SHA1
71446df1879b189a248c6d02f051973b669c1a15

SHA256
0ff6f92b9695fdf0ddcc7cb536f674e7edaa3670e18015e0c60d24c3d59fc655

SHA512
4a6fd116fb66db41b352999d2610c7086f3d78c61349b78afbc3212b3b1d68d2d64b25ae0fb45e6a9294d78bc7d0274a2da110e9fbfde76eb70dbc6c71f1beb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3bb0517c9e6434481cf3d3002812f631

SHA1
e0d17acddef80b55dac81315548519579f984ef3

SHA256
c0a66ec11d58525fe303b8f4ebb4827d6f98d7e78e3b1507cca07b553dbd0984

SHA512
bd24a3b939d037a884e7051da01b7d66f3eb27e637de4fff86f8b0e5b5689ec5bb43bb0568d8b67034a0d0939bc707badb1b7debecf9037896adf4db046d9ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c40d1587e0ab99ae5d65c636658fbb81

SHA1
3b04189500f68b2e3fd977b48ee6516365751c19

SHA256
3a81f761d7cc7705e316b4166e97444081c669a47bbf0fce48e0df6067981a98

SHA512
bb803ac48d6277f9b8ef67b2aa2c861ada0fdc9fad1446109f3d655b274ba04c25206c9089f4320daa13f042e84b890fe1cf88b0202e3e571d53968bd4844e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
711900a33458b5036955655c329e35a1

SHA1
ba2d02d62ef575b3a4049852151a630174d1fbf9

SHA256
442ac9eb1e3dbb94c49d1d10761b064c18f4ac7f3f434a90923f9305f1a80974

SHA512
a2f8b29c348eaac61d621738448ea54116f8dc31e57961dd17aa42aa87fa316c8948859df5831e25c2e3efaeb8f68cb3858a3fb73ecef39b8ad731fd10e1c5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5dd19800e19d249e277f9229808360c1

SHA1
2c5aeca13ac7b81fc08fc0eeff6102e8a83d69fc

SHA256
8c6c7a4d3357d8012646ab3c2d4d4640399a4570eba66b9dbbc7f59b3b64abb2

SHA512
9540535f276396c940b7f8c82e8cb929734e03bf5bed528a9fc51e2ffd6a97c2164f2c3280533c961f4deeb3d860d5b5c259b64927095207205138220b0f22a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
380a242b233853ee16b6d6fe6a6e5c56

SHA1
214e10809a726f39bd4dd59c7a3661b80b5104ff

SHA256
d0612b1176cbf67b3d8fcadf57e3affe4e7aafefa100f30b64fa9c1a79fcc25c

SHA512
e3551d4d0cf89ee7af29933a8833f5e2e41cc9a58ba1b0cc6b255da6c23aff28be7fb61132e835adaa77b0418b496637ea1c1ae74a24f5fdba2538d9be651226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e08235e5a8762e293fdb3d85ca0440b

SHA1
f37e2621cbe3a7fbd8401c76f3923e1605d36731

SHA256
d47d4d32bf9d947f0d676ef3348a52ce16ffb439584d9517778666e3448d319d

SHA512
8afd4464165901e4f526f31f57fbb8ad9176d4ba9134f01598a4a4708b071223d310c915b5eb64dbcb8e1c0765d48d905597c1edb5b5d46329e479982e525ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58406f.TMP

Filesize
534B

MD5
a10f5f4edefc3a1990662961ee8d83e0

SHA1
a4afebaa2b47db71c7f1d2bca34101100f6e1788

SHA256
56932d9cebaf05a99d65f5127be844be1fbeba4f267f8a51ee3befccc3c79d6c

SHA512
dce539821ed7aeaf0aa0982d9ed0e8f5baf9cba9f73377449e77ed008a0983387e7ba54071d6844e2e28e8712ac6639ebdf91be0c04bdf0af2f0a0e6a304e3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2e485d2-d219-48d2-92f5-06dfc84a8f4e.tmp

Filesize
1KB

MD5
34ae83af8bf3b31a8b398d54b2cc56fa

SHA1
a392b3860d13ed461154cc1a61b2c56620da90df

SHA256
b8fe36d50911b640462519f2b0cd29536023a2fb26c5e99e3f2d0c5a9534d241

SHA512
e3db2a65f47b484676f07de31c7a9e40f92147e0c4cbc963be45a9cd3d2c1eb52e1970ed6caabd0019d01f68395b415980641cdde229cbd995ce986b7e1f5113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a2d2a5a5e392e949747e198b172e7b5f

SHA1
994c1818404ee9e17b2ad93460584c8232958bb1

SHA256
4cc985cd44245beb62e6c3d6204b12547575b112b180288fde5545c84bda3db9

SHA512
6e7a9bbb873c1c5d0691b83a67488174dede869eb714649f21a81f83746c5a05b9a1ea840ea9c69b3239b1acf67e528f75e2ca6c8d6aab485f70c226e5c16d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fcbf7fa6b6eb20957fb46cd33c3dd244

SHA1
7fadd7f9e41e41761ec231b4195ec8368fff584a

SHA256
e736df5f289f57360dcec4a9084b4a6270cbbea3869af4f7d3805dc5c87e76cf

SHA512
7b7b5fcf2884092a6b30a09115237c2ac4ee6a941592155591b052148c65694a8a7de7c359d117c7942229744b3d712c136e8cc971fb84770c22cfb8f76322df

Download Submit
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt

Filesize
39B

MD5
502984a8e7a0925ac8f79ef407382140

SHA1
0e047aa443d2101eb33ac4742720cb528d9d9dba

SHA256
d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c

SHA512
6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
12bdc425fe8425cff3c4d79292c81f6a

SHA1
a6f05594fb06fd1e294d43c11a42334982673ec6

SHA256
76e19cd78e00b5469f9293b0740e14d22147bea1a317ac8d4261c093e5eaa0ec

SHA512
2ba7ca6f0f5381e368a8e4a2a5897e6bf615b354cf8921a59986f5a640aa08289a93164fce01e1047957b72702c0367de100f0b62d67026cd64d4c6e1a9a9a7f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
17a6b62e332326a60f982beeab2a1cda

SHA1
99dd7f2ccf3bc4caa631c93abce7da69052b2119

SHA256
95c57b5510039adcf395e013a74ae562f3817ac530ef6dce2b3c6bdeaded7c9c

SHA512
137cb0f95ac14aaf477d2ad626c01e255c761a3ff02b0b614434b4b6811a6a05f36939db3e4049b781436abb350712a224cf3a4f25dbe8ed64d483df19f35d26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
b7320e8e51612b5dbbb22d7f9444d2cd

SHA1
28213968a9afb4f845bd8ccc3a5775ffeecd86a1

SHA256
f921d00461eb34998f4fee9bc2c5b8b2a1904727de4e8b8644af0974c232062f

SHA512
2b460e42964686b727542043b92417befc803cb10ff1be63d2b795d6300daf1c44a2db28ff0a19e9781021968f119d8b81432072e46c4a3b59c99b90601db15b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 706555.crdownload

Filesize
4.0MB

MD5
1d9045870dbd31e2e399a4e8ecd9302f

SHA1
7857c1ebfd1b37756d106027ed03121d8e7887cf

SHA256
9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885

SHA512
9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

Download Submit
memory/4928-1176-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5564-1173-0x000000001C2F0000-0x000000001C352000-memory.dmp

Filesize
392KB

Download
memory/5564-1172-0x000000001B760000-0x000000001B806000-memory.dmp

Filesize
664KB

Download
memory/5564-1171-0x000000001BD60000-0x000000001C22E000-memory.dmp

Filesize
4.8MB

Download
memory/6128-1175-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download