revengerat | 21b2e07658c923960711b27ff56e88fb938baa7b8b798060ac4bf5ac33d8a36a

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2024 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3639576959eef4ff0fd9c6a8e2bb5d4_JaffaCakes118.exe
Size

600KB
MD5

f3639576959eef4ff0fd9c6a8e2bb5d4
SHA1

fe91072ac74a0863eba817ee4b85381fe5c068ef
SHA256

21b2e07658c923960711b27ff56e88fb938baa7b8b798060ac4bf5ac33d8a36a
SHA512

afe177b75ffe2debf3c9d3955b50a3d003c051d4d07981f646753f45d93186dc96fdb58fcabf1fe37361063942324ace966851e89543c1a0e9f1d36ba90c7f87
SSDEEP

6144:nKWlw1Dx+UASQFfCEv2YUMNJlaJuNlK17Y4c83fhysVufBn597NX2:n7lw1DxT5QFfXeYU43fiysgfBnnl2

Score

10^/10

revengerat discovery stealer trojan

Malware Config

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
behavioral2/files/0x000700000002361b-6.dat	revengerat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	ocs_v71a.exe

Executes dropped EXE 1 IoCs

pid	Process
3004	ocs_v71a.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f3639576959eef4ff0fd9c6a8e2bb5d4_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133716457560783607"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3004	ocs_v71a.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
752	f3639576959eef4ff0fd9c6a8e2bb5d4_JaffaCakes118.exe
3004	ocs_v71a.exe
3004	ocs_v71a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 3004	752	f3639576959eef4ff0fd9c6a8e2bb5d4_JaffaCakes118.exe	89
PID 752 wrote to memory of 3004	752	f3639576959eef4ff0fd9c6a8e2bb5d4_JaffaCakes118.exe	89
PID 3004 wrote to memory of 948	3004	ocs_v71a.exe	95
PID 3004 wrote to memory of 948	3004	ocs_v71a.exe	95
PID 948 wrote to memory of 3184	948	chrome.exe	96
PID 948 wrote to memory of 3184	948	chrome.exe	96
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 4576	948	chrome.exe	97
PID 948 wrote to memory of 3180	948	chrome.exe	98
PID 948 wrote to memory of 3180	948	chrome.exe	98
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99
PID 948 wrote to memory of 3260	948	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\f3639576959eef4ff0fd9c6a8e2bb5d4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f3639576959eef4ff0fd9c6a8e2bb5d4_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:752
- C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71a.exe
  C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71a.exe -install -8500707 -dcude -b525b7b68112466387111433121e6111 - -de -zxypfsedzklqzcnk -393938
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.download-sponsor.de/exitdownload/thankyou.php?pid=dcude&cid=8500707&appname=[APPNAME]&cbstate=&uid=bb58827f-b5bd-40ba-9595-26f258eadfb7&sid=b525b7b68112466387111433121e6111&scid=&source=de&language=en-us&cdata=utyp-31.ua-6368726f6d652e657865.userid-303637373964653431313331343639376135303232373730
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffad00cc40,0x7fffad00cc4c,0x7fffad00cc58
      4⤵
      PID:3184
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
      4⤵
      PID:4576
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      PID:3180
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2576 /prefetch:8
      4⤵
      PID:3260
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3076 /prefetch:1
      4⤵
      PID:3920
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3044,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
      4⤵
      PID:2960
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3664 /prefetch:1
      4⤵
      PID:184
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5152 /prefetch:8
      4⤵
      PID:3372
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4504,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:8
      4⤵
      PID:1792
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4888,i,9780981337077525560,3755158496191819129,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=208 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4228,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
1⤵
PID:3348

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8b83b648-694d-4d45-a36f-b56fe29d467c.tmp

Filesize
195KB

MD5
a3891c1fe7ebaba89d5e3bb07e226ceb

SHA1
800dc7c9dbe75f3a47c0e78957991870f7891b4d

SHA256
efd20a5c41c5156576ccfb3d99f84dab96e0462379bb5215f11c0267d4a969ab

SHA512
e1aa218cbdb75f18ab73b4ab2ac3fe50890a55679205ca1d064e8f7dedc3bdbd80da808e4a038c4dd9fa7fb84f1384f2db34995e5de12f963d4966194ecdb48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8f6b5325d2d7f08c73b0b8919f4646d9

SHA1
236314eef26c80f8b88ec09c5e644589a0b5673f

SHA256
07164a801ecf10267454e1bbe61037d89438d0af11d725c9e786a7320aafdd76

SHA512
903ef5832731fe331f032216dd4f2c960a869baadb99aac7a136ddf9a4e4f06a1c288ff78389e569b6b2a5b94de453799b8c0c99cc2cfbb58157bd6cda819364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
73929f515b9fe319a2f5f6d87bdebe4e

SHA1
88787f35a15c2d98bbf078fd61fdaea9982bcb9d

SHA256
75e7d48b111eea47e7219dd3b960f2e46495eda350b526975e732956d5173282

SHA512
c01352e0d8ab14742b08ff09ed223e97fa09ed4a92197238049b6446843901c6628464c8a987a5b9bf0c01a8f71a22290aaf1da728892beb7f32769607a4fbd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
75b657b77656a94fb5d47981e5276880

SHA1
33d4d6687e338a6748043f4764c09ee0073dc672

SHA256
f34b2d46963ff0fa10dc9c523a3b4a9b607a1d8ce5eebb111e4d259d4913e186

SHA512
0f54d3a9eaaaf9061ae7826b573419ef2ee31263cfcb4ff8d6d1ca0d84f2ade28c8b95e2229334175d18dac86b55613600aa5bc21c77ce819cd92097d2210a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d34802f9b5372f7eb9cf2b3f139ead03

SHA1
a8e4c55f097f2d1ae93072ecaf289b8de4abd957

SHA256
058bdb51461272ce2b907135c15057847a4280e63f862393a65eb571eb9114e5

SHA512
22d6cea9891c249e8b78b48ee195dc09e9b860087c222f0bededfae27c2af230c356cde222ea213eca0a10b9a645f02c71c6232ba2a434eceb2cd192258f8acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
656a4e51cd485957daa1713616faa1aa

SHA1
0f590aa7f9f2f0b040173fea8c54801cfb384624

SHA256
2b19c304c360fccf7e7b4a3dea86408b982d364ad11c28a24da7d256839506b2

SHA512
c3e32ab2700b62c2eb599b58424fc5e5f486551eacce62807c0fa87530b706d2b8c7ce614d6c4e75bd2857315a26ae63562633281708c892302c9cd781e5c228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d42c2ab79ec14d9fe4eb2bde8c61d78

SHA1
d845f47ef55a64b07a891450c9dd6a2e1961b0d1

SHA256
ed609979efe64a23aa5111ca681f35e21bc6c653b317161359cbc521ea6f459d

SHA512
b1cd66b877c400bc55c7dac5938b6d73d4dc9dfdc85119a75344fff69582515cdb37bafe9a9df9fed827a31bff429612b31237a0f9aaf509cf60e1cfb5da9c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e866e4c3775aeafd03cf40871479d7dd

SHA1
59bbdbb092474b324593779e0ab87453b43cb784

SHA256
17b366a2e1b629f17f9eabe36a731081a3bbe685fff3e5ba56fb4b82c85cf741

SHA512
eb0e7eaacb4bfee2417632883951078b0a5f22cd6676bfc9b101c8955f916ccf6bd6ddc4d7e48cda6141d722650c9797404990e3ed3158bb98cf635c88a5cd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcba22a859aafcc70b03f696a2495c57

SHA1
8b64e2e01c5052d4a2be3b37b1dd61ff2e080eb7

SHA256
4676bc5bb76f21bf7ad84c366561ec582dd0e7042d5b89034840d13d14321570

SHA512
4eef59df61d927ac984e31354ec59699c283c0e89102b7292be57c550f2782b733225235daad62dd954aec9f65b05544e98237c924a30993b3983dd5778043ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
68f7d073567108fc18adc5c9ab6db931

SHA1
65399eea75319b126549f0beca5a2e3bc04ea11f

SHA256
c3beb42644d8286121a83580b34bf85ce0fcb8a519f7a7ceb4cdd579599809f7

SHA512
3cd2cfea7be60900bd9b025530c5d0f9bf618d9fefc234c286aadf325030e74c42bbd84a4005e03a828b2ec96363b9c9914f027001d8de91d12a4b539cf61dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
5846a3c6640e51ecafcc2df82f68a158

SHA1
ea86bfd67c892bd88632dfa26c9b7c63d2c36c2c

SHA256
003b1270ec2e1cf16db5f6edc3a220ef0f5adf7c3e42dc0d4ab8daa439957c9d

SHA512
142060d41df004dd45a5505296df531d328cd9989a974e321d335d5d2a6084ac6e41b2120ebec68b7c2570a4421a9e57a43de19d49b9d6fe1e36c8aa9d6359e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71a.exe

Filesize
288KB

MD5
317ec5f92cfbf04a53e8125b66b3b4af

SHA1
16068b8977b4dc562ae782d91bc009472667e331

SHA256
7612ef3877c3e4e305a6c22941141601b489a73bc088622a40ebd93bee25bae5

SHA512
ed772da641a5c128677c4c285c648c1d8e539c34522b95c14f614797bb0d188571c7c257441d45598809aa3f8b4690bd53230282726e077c86c8d9fe71c1db65

Download Submit
C:\Users\Admin\AppData\Local\Temp\OCS\zxypfsedzklqzcnk.dat

Filesize
89B

MD5
be5c97237ad951d68d437b323ed06c40

SHA1
5d682411b9952c2604b016ad272ecc51ed9967e2

SHA256
f96a9422f5c7f7901267958e0c6396d724a2ec462f4e793bdfb655fef4a991f8

SHA512
ffc81f62841ce23aa7f9fabec15729d72a617959c8ab654a9b37f0a5f60a42a8abfbce5ec3cf15b57ed61e86b80ede0967bfa415e4329ee8a7013d450ffdfaea

Download Submit
memory/3004-17-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-18-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-27-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-22-0x00007FFFB0445000-0x00007FFFB0446000-memory.dmp

Filesize
4KB

Download
memory/3004-16-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-19-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-23-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-21-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-20-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-15-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-13-0x0000000000FC0000-0x0000000000FC8000-memory.dmp

Filesize
32KB

Download
memory/3004-12-0x000000001BFA0000-0x000000001C03C000-memory.dmp

Filesize
624KB

Download
memory/3004-11-0x000000001B460000-0x000000001B506000-memory.dmp

Filesize
664KB

Download
memory/3004-10-0x00007FFFB0190000-0x00007FFFB0B31000-memory.dmp

Filesize
9.6MB

Download
memory/3004-9-0x000000001BA30000-0x000000001BEFE000-memory.dmp

Filesize
4.8MB

Download
memory/3004-8-0x00007FFFB0445000-0x00007FFFB0446000-memory.dmp

Filesize
4KB

Download