Malware Analysis Report

2024-11-30 19:28

Sample ID 240927-cv42hazhjq
Target Silver rat.zip
SHA256 c444972837ee88f56982e0e32bd83b232241aca94e2b7a76c0c53d17441ae31c
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c444972837ee88f56982e0e32bd83b232241aca94e2b7a76c0c53d17441ae31c

Threat Level: Shows suspicious behavior

The file Silver rat.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-27 02:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-27 02:24

Reported

2024-09-27 02:53

Platform

win11-20240802-en

Max time kernel

1468s

Max time network

1470s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Silver rat\ndp48-web.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Silver rat\ndp48-web.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "34" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133718789779369290" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616193" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Videos" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 500031000000000002592180100041646d696e003c0009000400efbe0259107a3b59ae132e00000048570200000001000000000000000000000000000000b3228b00410064006d0069006e00000014000000 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1" C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616193" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 01000000000000000300000002000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000200000000000000ffffffff C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 70003100000000008257b960100053494c5645527e310000580009000400efbe3b5911143b5916142e000000354f0200000005000000000000000000000000000000c0f6f100530069006c00760065007200200052006100740020005b005200650020004c00610062005d00000018000000 C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0400000001000000030000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000004000000030000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\6a9a8e4dc2467e901cd673\Setup.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
N/A N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1048 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Silver rat\ndp48-web.exe C:\6a9a8e4dc2467e901cd673\Setup.exe
PID 1048 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Silver rat\ndp48-web.exe C:\6a9a8e4dc2467e901cd673\Setup.exe
PID 1048 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\Silver rat\ndp48-web.exe C:\6a9a8e4dc2467e901cd673\Setup.exe
PID 3764 wrote to memory of 1980 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 1980 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 1980 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 1980 wrote to memory of 4992 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1980 wrote to memory of 4992 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1980 wrote to memory of 4992 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3764 wrote to memory of 412 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 412 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 412 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 3548 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 3548 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 3548 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3548 wrote to memory of 3092 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3548 wrote to memory of 3092 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3548 wrote to memory of 3092 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3764 wrote to memory of 5084 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 5084 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 5084 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 1080 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 1080 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 1080 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 1080 wrote to memory of 3596 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1080 wrote to memory of 3596 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1080 wrote to memory of 3596 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3764 wrote to memory of 3996 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 3996 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 3996 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3996 wrote to memory of 4144 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3996 wrote to memory of 4144 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3996 wrote to memory of 4144 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3764 wrote to memory of 3548 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 3548 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3764 wrote to memory of 3548 N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3548 wrote to memory of 328 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3548 wrote to memory of 328 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3548 wrote to memory of 328 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1124 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1124 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Silver rat\ndp48-web.exe

"C:\Users\Admin\AppData\Local\Temp\Silver rat\ndp48-web.exe"

C:\6a9a8e4dc2467e901cd673\Setup.exe

C:\6a9a8e4dc2467e901cd673\\Setup.exe /x86 /x64 /web

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Videos\" -an -ai#7zMap20063:92:7zEvent14487

C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kwbauw5f\kwbauw5f.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA74A.tmp" "c:\Users\Admin\Videos\Silver Rat [Re Lab]\Resources\CSCCCC446E4BA1D4FA88282A6D5E639E899.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wcgznlfh\wcgznlfh.cmdline"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m2fp20cp\m2fp20cp.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A60.tmp" "c:\Users\Admin\Videos\Silver Rat [Re Lab]\Resources\vANhLQtIAbGQAhW\CSC47247AA6749E46C4B09358E74DEBA62A.TMP"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nuzf33xw\nuzf33xw.cmdline"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wpy11bjm\wpy11bjm.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES61B3.tmp" "c:\Users\Admin\Downloads\CSCD54F4D05E54E41789E288CA0E2E695EC.TMP"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Users\Admin\Downloads\SilverClient.exe

"C:\Users\Admin\Downloads\SilverClient.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\SilverClient.exe

"C:\Users\Admin\Downloads\SilverClient.exe"

C:\Users\Admin\Downloads\SilverClient.exe

"C:\Users\Admin\Downloads\SilverClient.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wdjs5qoq\wdjs5qoq.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES87DA.tmp" "c:\Users\Admin\Videos\Silver Rat [Re Lab]\CSC7661413EE6F477498F5B5A0E85B59D1.TMP"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\um0y5ee0\um0y5ee0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB64D.tmp" "c:\Users\Admin\Downloads\CSC4C129366E6B149D49A2F2F841D42C99.TMP"

C:\Users\Admin\Downloads\not a rat.exe

"C:\Users\Admin\Downloads\not a rat.exe"

C:\Users\Admin\Downloads\not a rat.exe

"C:\Users\Admin\Downloads\not a rat.exe"

C:\Users\Admin\Downloads\not a rat.exe

"C:\Users\Admin\Downloads\not a rat.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffcb77acc40,0x7ffcb77acc4c,0x7ffcb77acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1692,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3604,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4604 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3136,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4668 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6c44d4698,0x7ff6c44d46a4,0x7ff6c44d46b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4732,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4300,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5064,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3424,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3412,i,15872584873644948125,10067675019259973684,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3388 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39ec855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 52.111.229.19:443 tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
DE 144.76.136.153:443 transfer.sh tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com tcp
N/A 127.0.0.1:3232 tcp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
N/A 127.0.0.1:3232 tcp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:3232 tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.179.225:443 gofile-co-uk.webpkgcache.com tcp
GB 142.250.179.225:443 gofile-co-uk.webpkgcache.com udp
GB 142.250.179.225:443 gofile-co-uk.webpkgcache.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.179.225:443 gofile-co-uk.webpkgcache.com udp
N/A 127.0.0.1:3232 tcp
GB 172.217.16.238:443 play.google.com tcp
N/A 127.0.0.1:3232 tcp
GB 172.217.16.238:443 play.google.com udp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
N/A 127.0.0.1:3232 tcp
FR 45.112.123.126:443 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
N/A 127.0.0.1:3232 tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
US 8.8.8.8:53 store10.gofile.io udp
US 8.8.8.8:53 store1.gofile.io udp
US 8.8.8.8:53 store2.gofile.io udp
FR 45.112.123.239:443 store2.gofile.io tcp
FR 31.14.70.250:443 store7.gofile.io tcp
FR 45.112.123.227:443 store1.gofile.io tcp
FR 31.14.70.252:443 store10.gofile.io tcp
FR 31.14.70.244:443 store5.gofile.io tcp
FR 31.14.70.245:443 store4.gofile.io tcp
FR 31.14.70.245:443 store4.gofile.io udp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
GB 104.86.110.129:443 tcp
GB 104.86.110.129:443 tcp
US 20.42.73.26:443 browser.pipe.aria.microsoft.com tcp
N/A 127.0.0.1:3232 tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
GB 92.123.128.146:443 www.bing.com tcp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp

Files

C:\6a9a8e4dc2467e901cd673\Setup.exe

MD5 057ce4fb9c8e829af369afbc5c4dfd41
SHA1 094f9d5f107939250f03253cf6bb3a93ae5b2a10
SHA256 60dd7d10b3f88f1b17e39464bb2d7ca77c9267b846d90cf5728a518a117bd21b
SHA512 cae4df73a5b28863c14a5207fbbe4e0630e71215aa1271fe61117523cc32b8b82cd1ba63f698907fbfeb36d4007bb0f463828025957505cfcbb200f4ed5d3a52

C:\6a9a8e4dc2467e901cd673\SetupEngine.dll

MD5 f9618535477ddfef9fe8b531a44be1a3
SHA1 c137a4c7994032a6410ef0a7e6f0f3c5acb68e03
SHA256 236bf2b5cf6014b8ee22484afe172ace512cc99dba85080b082d47e9e189ea5c
SHA512 b85ae1a9cc334e9352c51aa94b2c74c6c067957e0e6021f7309a1c194fc64c0c50bb5efeaef7030e8689d75a22798f74cf719366a2fdcce26e23692510bfe064

C:\6a9a8e4dc2467e901cd673\sqmapi.dll

MD5 0c0e41efeec8e4e78b43d7812857269a
SHA1 846033946013f959e29cd27ff3f0eaa17cb9e33f
SHA256 048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c
SHA512 e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

C:\6a9a8e4dc2467e901cd673\DHTMLHeader.html

MD5 cd131d41791a543cc6f6ed1ea5bd257c
SHA1 f42a2708a0b42a13530d26515274d1fcdbfe8490
SHA256 e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
SHA512 a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

C:\Users\Admin\AppData\Local\Temp\HFI7FC0.tmp.html

MD5 81dd3ec60f1f74d7a98b12ff8d340d35
SHA1 f3b683a4cdb822335e79816ec378e3b984be5a91
SHA256 95daaf207fafc67ef5cca637c07aa75ed6a938c4e523fa67471d116d002e1bc2
SHA512 4a3970f7b56d34c48b5c8961eba067f5e7e0ebf250468016e128ec9a316ba64a9a90558cffc333107573f7d4e1de44220de0e9d404303bdc40b92cd18340dcd0

C:\6a9a8e4dc2467e901cd673\UiInfo.xml

MD5 c99059acb88a8b651d7ab25e4047a52d
SHA1 45114125699fa472d54bc4c45c881667c117e5d4
SHA256 b879f9bc5b79349fa7b0bdbe63167be399c5278454c96773885bd70fbfe7c81d
SHA512 b23a7051f94d72d5a1a0914107e5c2be46c0ddee7ca510167065b55e2d1cb25f81927467370700b1cc7449348d152e9562566de501f3ea5673a2072248572e3b

C:\6a9a8e4dc2467e901cd673\ParameterInfo.xml

MD5 8e8c25b11ffe1d7bc70e2a31600eda7a
SHA1 1452b55ef634e4e5b002ce302702d0c50487ff6c
SHA256 a2bec4e2afd573422045c8c2f461166508535e67abd32942d4d6fbed77b9faf8
SHA512 4a622a5d3748ce412bf529b11d305a5a06dd381a9b972fa08d0528dc738d50a979307ce6dfb14c9b481952672ca9c3a1be43669796e5e178b23436b84bd0542a

C:\6a9a8e4dc2467e901cd673\SplashScreen.bmp

MD5 bc32088bfaa1c76ba4b56639a2dec592
SHA1 84b47aa37bda0f4cd196bd5f4bd6926a594c5f82
SHA256 b05141dbc71669a7872a8e735e5e43a7f9713d4363b7a97543e1e05dcd7470a7
SHA512 4708015aa57f1225d928bfac08ed835d31fd7bdf2c0420979fd7d0311779d78c392412e8353a401c1aa1885568174f6b9a1e02b863095fa491b81780d99d0830

C:\6a9a8e4dc2467e901cd673\1033\LocalizedData.xml

MD5 47703bed025228689a1032edae56b4c4
SHA1 a2aba33c7e8915025251574c81fe2e5ac6bc0893
SHA256 05fc9352b918a710d51f68873fc522528265455b77014e8b0cd66c5e7aa71dc3
SHA512 9d6eda9fc3be6116371d1b86b54b8b65ccd58c182105e0954870f75e2a6f4d7e8fc84462bfd3584175c0f849066e47d82cd18ae3bf1671e60cc237347b7cc00d

C:\6a9a8e4dc2467e901cd673\1029\LocalizedData.xml

MD5 d6801174849373cde3f1d214d80fe834
SHA1 50caf47aa60b999ca7b43d3ceb75d0dbffd2278a
SHA256 cbb0da2d1efa7de6736e67c978848d53acf8b502bf3daf43ce40b05076145a7c
SHA512 a4cf812dc4fac888dad4ca986fcb07b93f45633fe5931f24afff4558d9a29734a0ac5d647f3bc631c377fba816c19bd44178398bb6166f6f84e5f05acb8e0a18

C:\6a9a8e4dc2467e901cd673\1028\LocalizedData.xml

MD5 f3a4fd6968658a18882cf300553f2f89
SHA1 b75ccaeff41bf9c8586bca612550cb9dca6b09ea
SHA256 53742293b25149b19d8677b15f6424fc71e308014b1bcf883e6949d1dab3961c
SHA512 9692c8577034c0e628a42d581f634ed174b4af684ee87c947556888027215bbf4c92286a3ad1cb1792fc6f7392190719ebef85b60fce48e20239abcb58d04d97

C:\6a9a8e4dc2467e901cd673\1025\LocalizedData.xml

MD5 d8165beb3b8433921d0d5611b85bfa35
SHA1 bef57e3511e18170ebbc9ae3aefd73ce3f50f8f4
SHA256 b092668e0825f7f498acdc1bf10e1d2cb6ca99497389142cf9af815f25a4b712
SHA512 9fa221f549b4e660c4f40c7ab0e483e3d9a9204248da51675058f32f4f56667c782667295decbb441a581f582a099fe34c6cc569d0c4ec13e85c680abf5870b0

C:\6a9a8e4dc2467e901cd673\1035\LocalizedData.xml

MD5 ad67691b3b5474154f65400e53ddfef2
SHA1 dc8dc683bf9fee12a5ab7297789a5c087e98facc
SHA256 1e828840ae8728ac809624845597406d4025d6da7797b38f02946a30a48bfe7c
SHA512 64ee113f0c3e173fee6047cc41ff3e84181aba2eb2b02ca5cc717caaf1392e5e2f0eed7e7c469d821d86878443bc8ec64c66e2afb1d850fb4c7e9823c3a5ea73

C:\6a9a8e4dc2467e901cd673\1032\LocalizedData.xml

MD5 71bdb323a746a4adab9ce42498e937bc
SHA1 8e58d4ba5623a50610bd99e82df135708a9f130e
SHA256 6c5a6e11a85c9e172e7748a9a9f19f8598870a63a103a7ac18cbbd0cdf026475
SHA512 b7d66fa4f1a1b7130cdd801447fe0c4965cba1618c01d4ff64b9707e3e132fb13858aa498ea26fb1e54b56daf83e5e7958c6a4fcc1a4ad6dd6c2ffa966e58b76

C:\6a9a8e4dc2467e901cd673\1031\LocalizedData.xml

MD5 afb4b1d7103ddca43ea723acbcdd31fd
SHA1 c4d95dfd4869df636091e979c8b3bd7684004a48
SHA256 961efe11e9e3e553269cb14dc1b942e9ac68b86740d59aa35e4ff6e5913532dd
SHA512 bde563d158e38f7a46abe564e365bbc9cfa235f4735f668a532919f0575bead27bdd6fa11ac50802c989f2f69371c2e9179c9affbc85954a9b4050f9122e26a5

C:\6a9a8e4dc2467e901cd673\1045\LocalizedData.xml

MD5 c3a238ffbf2dbb9f758e5c5b33948971
SHA1 56ceb241f3780dc4a9814332f44369188ded3e77
SHA256 2f0beba8a56cccaddfe6e0ecc3130d0efafb7f84cc0fa4e8db9d85c840e24241
SHA512 2def165951b958195a339f8b4a38aba310c428fbf89f0d7e708d44255f3cf59953550f8e4772626aa125e4a2cb3328601b5ca097f5e355423f4d5094cb8155ea

C:\6a9a8e4dc2467e901cd673\1046\LocalizedData.xml

MD5 4a892aa3fedbfe5991b6ff46c00af55c
SHA1 421fe8f80432c56d022ff2911c4a5708093184c3
SHA256 aadbd1df74fc82a43f86f1f40d5065a802b2db71652525a78d258fda3197a743
SHA512 9391096ad6c721b50a300f3c8285291086c0f302f77a7edee7283ec8eb7432171edde5998d5c76587c6431eb3c7e5cba176d0c31f6963acd8d954ea9c6a6e619

C:\6a9a8e4dc2467e901cd673\3082\LocalizedData.xml

MD5 e2fc9d2a4fc56b64e3981dd7e0b076d5
SHA1 1660468ac360a0a52f1a84887a9bb9c6ca3c9d8d
SHA256 9e224a5f7a5c83df1ab31743520a05252c3cdcc9e97526264da716166d2b29f9
SHA512 ca9098a09a7450d02bda76f1d64480f27679610441e3df0858b231de4599f53ddf245b69d181d3fdd37ee846eb085dda0ec85cf1825ec2c7f0eaeea8423fefd3

C:\6a9a8e4dc2467e901cd673\2070\LocalizedData.xml

MD5 5b73409a0f1cbb707cd62a7956bc2f92
SHA1 1ce52fd3746c5bee7a3c3ef5aa8958e44b8761e3
SHA256 193090f4472f1a1c5ed10ab97fa4bf77bd4ff3f172f380ef4a53fef39989159a
SHA512 ecc775f665b7f0a192d04bd372542e3fadf89b47e4cc5373d2597b9df321b386e89f6fa695c0871fd56691be126e16443af91a7da34de018ceb47f90aa30e3f7

C:\6a9a8e4dc2467e901cd673\2052\LocalizedData.xml

MD5 6cc370b95c9f3e3d28315759b496e977
SHA1 09e4aad0a389f0f876d21e132123dbbd83dc1314
SHA256 93e519e8cc173a3f1aa8dd8113ad4a1be0b5b8d40e1d0a1563dba2054b50433a
SHA512 3b2f19f97cb07f5c845d85cee1a0932c19ddd0efc0433e4b6f092e0e7782e9454c6ff43eb54a943e1e85764ca2ce8ff36a239ac319b09fd8042669d24af27f91

C:\6a9a8e4dc2467e901cd673\1055\LocalizedData.xml

MD5 f020b0e38f1295924f1833e77859fc9a
SHA1 17467f2ebb8cbca89119d30b3ba7ae30691921e1
SHA256 8ce790eca06bae1b01f40f732580adea86d4c22b28d1e701e033c6c9983500c2
SHA512 bf01aea04827a46cb60cacf97993b319643e90aca82e1abc2c6750f01de0d638fc1b73931fe80e5441128eba70f364c1000b4ccd053b2e241c0a3916b75d670a

C:\6a9a8e4dc2467e901cd673\1053\LocalizedData.xml

MD5 cb2e2edf7d7fefde9b3894923407f8c0
SHA1 541ec570f26bb30f4be35f1a87d4ccf6bc660f67
SHA256 874e5d7e45603ad70ca353e8dc6bf42944594f911d17c79be8966dc01d27eb73
SHA512 045fadda432280ec961da53b914adc9d9a31d02140282b3b37e89f01723d64b5659e3c1a61e9344f4440813efb8b932cf45f859b97cfbdc158c0802d70c5ecda

C:\6a9a8e4dc2467e901cd673\1049\LocalizedData.xml

MD5 d46f34e95e94fbfa4cb4a8dcc7ba3211
SHA1 3e2150c9dd44c4b3416051534ccf84968f2737cd
SHA256 a787b2f493c3248991877f61e210bb0231d357d06aa2671917d2ad4e528c9f67
SHA512 c740f7eba5187699b39265ba2238121a20d935d1320c0e344b767d537618cc2954bb7a6bacae12e7121cd1b4bca1ceb84e11bb80a347e7c2c79e87eb899adb7a

C:\6a9a8e4dc2467e901cd673\1044\LocalizedData.xml

MD5 b0d9e4dac3935bb596bb83b7d8474f8f
SHA1 29ce971b1a3ccf6f09eced6bff8e778df13f3d35
SHA256 3c309a5509d42e6485e9123bc6af5ec43cf2faa8afead5062676e85ab7f96add
SHA512 af4e4032a3b4a1696a3f252c03c8f5364089320e4181ebccd39d569d7577b11b70b4ae694d4a74e09bb61505664a01733dccb2d80aed64cb7142225dddd997e2

C:\6a9a8e4dc2467e901cd673\1036\LocalizedData.xml

MD5 2c77cbaaf9c3ed0c4410c4b8c3c29c30
SHA1 110775ca1c6e252b4e8c8bf39b593dfb4d66206c
SHA256 ab3d5571b57b7bb705bffe13f37bd73894b0d12d09cc1fb1b438493a863c324c
SHA512 c1438b9b95bd16503f5a14d743e9c6c40cb46cd24a4bb48adf6f9162c61e8979c370e7e1eff8989db05ff5a496415a68b58cc16912a7c8215fecb72d252c5285

C:\6a9a8e4dc2467e901cd673\1043\LocalizedData.xml

MD5 e939717e7eaf1b7f53c4b752e62a22e7
SHA1 ca5a66c452ec6ca8bc04de95eac1616cf3980992
SHA256 8afdf3d2c0fd2370889e3fd96bc2742831cdc6041af0a407123c27f8d76d68a6
SHA512 ebfa725b8efc4448d669beea6f56eab9a317793ff1e21cbc51e015a1a31dfb8b1408e9df15023b878aca220465dbede09254f9a524ef7f6060877844994e17aa

C:\6a9a8e4dc2467e901cd673\1042\LocalizedData.xml

MD5 47f8082069c52d2f7db1fc6aac2886df
SHA1 4b5c371e9006c10685f2c59ca9a7ebfb4a597a0a
SHA256 e86656ef2092c0e6caf5b8b0bca2d6ce5def273609c22187ae91236605d2e273
SHA512 7bdaf721e561c46609054f6786624149fd824abb1e3126b2a6b6385b56c6fe11414af216fca3ee2b1fe6a4b42ca8a19f46186ab1d4e70fb81b6f9af013c40018

C:\6a9a8e4dc2467e901cd673\1041\LocalizedData.xml

MD5 32e4d6f895a69bb2c373ff4c688d6b27
SHA1 57738235363c5f1a1c5651c65832396e3aef4414
SHA256 ae28910c1ef16ce70a5e97c5d02390ad8d64f80966e2be3c4a56db0c4038442d
SHA512 5052e8a218cf71b0e08de33665a58f9219282e00f2e4f6c19897a07863556a2408dc273ad3cc9257d98d6a57765321e0f1b051bed051f188947deda9d32dbdbe

C:\6a9a8e4dc2467e901cd673\1040\LocalizedData.xml

MD5 e74a35a00e0228de37ee911f93411ed2
SHA1 c1c0901eb552c21ce2817b7edb94af611b571a49
SHA256 2ec36fb871853f60085bc972e08156483384f8c1d6e000f5db1cc8cccad05f8c
SHA512 8876e39093448d1ae5a1f53499272323747789fbaefdf9bd852fee161fa9c18ce0721164473a5a2279643b34a2727d870e0b802635288f2e32b15c40660ad06f

C:\6a9a8e4dc2467e901cd673\1038\LocalizedData.xml

MD5 28e8a2833f3d5302a1f5c2a84fa8990a
SHA1 08977251eb62c6df447c6754b2ec27a73d9071f1
SHA256 e4261c9b8c779d58883820a531a19594d238f0ca9ecac399505c569b0cccdbc7
SHA512 4a62afe84d4eb03bf2c65826b5765f270b3c9a3403b972bb00db66cb40b70d1809334fc3a8edf012c1ea31e4e3b8c6fed6423e9da14dd62ad76a12d525e515b9

C:\6a9a8e4dc2467e901cd673\1037\LocalizedData.xml

MD5 631011d665ad08220fe248d9f8a103ba
SHA1 652c56998d0e8bf0c43f136fd90c69728bb0e111
SHA256 e9877973bef23498b586a9cf03230fc45a9ea8a3f75decfa062b03bd31974b06
SHA512 cf479c0c5167e011721bd6b0f5829a62c0c269b1e1be13e5bb750516b8441a1d8ca20fafd0d539066f84d669f6f5e9401c223b82e200501716c719d268c3c1a0

C:\6a9a8e4dc2467e901cd673\1030\LocalizedData.xml

MD5 03b1e582ec5454b2fa3599e788569dfa
SHA1 75845acdd04fb17011218b06fd7c28830641f021
SHA256 59884541554376a26143b105fa924b9f9961254d22db8dedf7de7f3495d7a1dd
SHA512 23d1b1c2e2c78692a48b959bdb70c3c321a76792885b19805cafd543c0ef25856f8f115af766ea46f20eb2c440eaf31e656726710b12ae5f362779bea28035bc

C:\6a9a8e4dc2467e901cd673\SetupUi.dll

MD5 6f51e9b469f95edb9156c74b4b0f4e1b
SHA1 5224c3de0fa4895297898f76ed5647ef40d924f8
SHA256 9fd4639955338928731a8ab6e131175949a179931b8c9d4fcadd2367d749b826
SHA512 920f6525852a3a3636722fa8a36112d5402b22b7d93469443eba2b782ef27d25532a8b6a922dad2a60709c24e74527f639e2744bfd30635dda80ab364376a32e

C:\6a9a8e4dc2467e901cd673\SetupUi.xsd

MD5 a9f6a028e93f3f6822eb900ec3fda7ad
SHA1 8ff2e8f36d690a687233dbd2e72d98e16e7ef249
SHA256 aaf8cb1a9af89d250cbc0893a172e2c406043b1f81a211cb93604f165b051848
SHA512 1c51392c334aea17a25b20390cd4e7e99aa6373e2c2b97e7304cf7ec1a16679051a41e124c7bc890b02b890d4044b576b666ef50d06671f7636e4701970e8ddc

C:\6a9a8e4dc2467e901cd673\1033\SetupResources.dll

MD5 3f975e8bb4cd4adb9b5d21b2da436ab6
SHA1 e017dd66cbd964228b3b9b84b14c892709fe3915
SHA256 ab1d462944fdcb4ad2e6a4d37257f2fe2063744bb4e3de55b4126dfb65d383fc
SHA512 f99359f9118409fe7cbdc4390a48f2f661d7e1622b08af75080e036400e1a3dae118d92848e54a24168eb8b27e69d51a920bb26511c466868afb42257b3ea048

C:\6a9a8e4dc2467e901cd673\Strings.xml

MD5 8a28b474f4849bee7354ba4c74087cea
SHA1 c17514dfc33dd14f57ff8660eb7b75af9b2b37b0
SHA256 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b
SHA512 a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

C:\6a9a8e4dc2467e901cd673\graphics\setup.ico

MD5 6125f32aa97772afdff2649bd403419b
SHA1 d84da82373b599aed496e0d18901e3affb6cfaca
SHA256 a0c7b4b17a69775e1d94123dfceec824744901d55b463ba9dca9301088f12ea5
SHA512 c4bdcd72fa4f2571c505fdb0adc69f7911012b6bdeb422dca64f79f7cc1286142e51b8d03b410735cd2bd7bc7c044c231a3a31775c8e971270beb4763247850f

C:\6a9a8e4dc2467e901cd673\graphics\print.ico

MD5 d39bad9dda7b91613cb29b6bd55f0901
SHA1 6d079df41e31fbc836922c19c5be1a7fc38ac54e
SHA256 d80ffeb020927f047c11fc4d9f34f985e0c7e5dfea9fb23f2bc134874070e4e6
SHA512 fad8cb2b9007a7240421fbc5d621c3092d742417c60e8bb248e2baa698dcade7ca54b24452936c99232436d92876e9184eaf79d748c96aa1fe8b29b0e384eb82

C:\6a9a8e4dc2467e901cd673\graphics\save.ico

MD5 c66bbe8f84496ef85f7af6bed5212cec
SHA1 1e4eab9cc728916a8b1c508f5ac8ae38bb4e7bf1
SHA256 1372c7f132595ddad210c617e44fedff7a990a9e8974cc534ca80d897dd15abd
SHA512 5dabf65ec026d8884e1d80dcdacb848c1043ef62c9ebd919136794b23be0deb3f7f1acdff5a4b25a53424772b32bd6f91ba1bd8c5cf686c41477dd65cb478187

C:\6a9a8e4dc2467e901cd673\graphics\warn.ico

MD5 c8824ea3ce0a54ff1e89f8a296b4e64b
SHA1 333feb78e9bb088650ce90dea0f0ccc57d54a803
SHA256 4bb9ea033f4e93dbf42fc74e6faf94fe8b777a34836f7d537436cbe409fd743f
SHA512 c40e40e0cb2aaa7cf7cccbe29ca4530ff0e0a4de9a7328996305db6dfd6994cbe085fab7b8f666bbd3d1efd95406ea26b1376aa81908ace60dc131a4e9c32d40

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 06f54da138064bcb87a50ea5796be0bc
SHA1 149614dcc0cc8a15d12e042639d53d364b692f5a
SHA256 fd00cc98658581a6d166ce94e14f68079c4a2948db69e5ac60755ac8c50c1f50
SHA512 530073a003f19a93945cc2d663cd395744c98b3d8377ed6fbc237be0b42b7ec23544fe149435e3d5d47b8d385c2a9bd1e2605222bbe2df0d3233edf10550202d

C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe

MD5 d6527f7d5f5152c3f5fff6786e5c1606
SHA1 e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA256 79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA512 2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe.config

MD5 d6f1152d647b57f64494c3e1d32ede94
SHA1 a35bd77be82c79a034660df07270467ee109f5ac
SHA256 a47f3f83cdb9816f03632833dc361ac5e7a4c5c923af1fdebfa16303f9d68a72
SHA512 699b5ad93d3497348f8aad8e15d54ddd789bbac43f11a7fb629f19cda3749bee0ae06dc83f4e6246df631488169fda5d15c48585581d3a96d2523b8b45e639bd

memory/3764-342-0x0000000000540000-0x0000000001E6E000-memory.dmp

memory/3764-343-0x0000000006F60000-0x0000000007506000-memory.dmp

memory/3764-344-0x00000000069B0000-0x0000000006A42000-memory.dmp

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Guna.UI2.dll

MD5 acec68d05e0b9b6c34a24da530dc07b2
SHA1 015eb32aad6f5309296c3a88f0c5ab1ba451d41e
SHA256 bf72939922afa2cd17071f5170b4a82d05bceb1fc33ce29cdfbc68dbb97f0277
SHA512 d68d3ac62319178d3bc27a0f1e1762fc814a4da65156db90ae17284a99e5d9909e9e6348a4ff9ef0b92a46ba2033b838b75313307b46ab72dc0aab9641e4f700

memory/3764-348-0x0000000006D00000-0x0000000006E76000-memory.dmp

C:\Users\Admin\Videos\Silver Rat [Re Lab]\bunifu.ui.winforms.dll

MD5 686833fccd95b4f5c8d7695a2d45955d
SHA1 882f60ea47f536c1f01da0f5767dfe5d569fc011
SHA256 578cbcfb7a01234907fb6314918efd23a502882c79d0ee3c2e7d4ae0cf63ebc2
SHA512 8bb3a8741b73ad7c280de31905dbfc449c2d6f538b8feca232201c7079f917c4291936211632bcdf17c95d6cf5d9b97df2cdd21c57af6cbff486ea7691ff3bc1

memory/3764-352-0x0000000007860000-0x00000000079B0000-memory.dmp

memory/3764-356-0x0000000006EF0000-0x0000000006F3E000-memory.dmp

C:\Users\Admin\Videos\Silver Rat [Re Lab]\bunifu.ui.winforms.1.5.3.dll

MD5 c1d51a0e747c9d6156410cb3c5b97a60
SHA1 86312cba2eb3495cc6bec66d54d4ab88596275d8
SHA256 6937052b86bc251be510b110e08fc5089d3bd687ce2333a85ea6d5c2c09b437a
SHA512 a8d7b2e5555c01076e8dd744d21d8cd901aaffad052af0e8c22269e8c2f765019422ed245368a64d64157652a0e4fcab1a889086fde4e139b4ccf5f7bad08222

C:\Users\Admin\Videos\Silver Rat [Re Lab]\cgeoip.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

memory/3764-360-0x0000000007C50000-0x0000000007EA2000-memory.dmp

memory/3764-363-0x0000000008C60000-0x0000000008CFC000-memory.dmp

memory/3764-362-0x0000000008B00000-0x0000000008B32000-memory.dmp

memory/3764-361-0x0000000007B20000-0x0000000007B2A000-memory.dmp

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Bunifu.Licensing.dll

MD5 c18a9e44e200c7315a1868caab894293
SHA1 18f65508762d2492f41b22e4e6e5ad19a2226baa
SHA256 661a5be944dc9fb2e0eba01c3c0584feb3ecca44877d77f54d0f409ce801af22
SHA512 9a5e08bb6ed4535ac92ca446b630b29587cb5a4d7d695234a5d93267d2ac13d702b3738ba0e20606f10020e9642e8e315e7ddc92f1c321b68daf8524a3f5f2d1

memory/3764-367-0x0000000009170000-0x00000000092BE000-memory.dmp

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\SocketPort.xml

MD5 5f807862258a390b2e2f75abb6d2c865
SHA1 22abc144aa034c6490cbf143a8f1cdd42bd06d1b
SHA256 7b87c31f6d1163fc236651f5e1f3187cfa0c79d4a85d20c1c05f1dc3056c4823
SHA512 b831e4b2eeec23e39544961cef6619c8d57c50b53dc6bad8846682df6f5252041f50ce33cbe182488288d6d5e2e3e5194055ee4143ceb09f9601ed49d39dba39

C:\Users\Admin\AppData\Local\Temp\TmpBF5A.tmp

MD5 e1a48ec781542ab4f0d3a3368b2a1d05
SHA1 a35670f07e5320a1591a55d903b35dcdd1d224a1
SHA256 f41d8818774f3ec0bf936e564f50008b46f5e4060edaab3bd72ffa389fb9ef21
SHA512 d3e756d8b321d38962a7b36af617d152e9bfd499b31f1630a24ada435715ad81a29ab73e4ab4aa21bbc9029b4177a943303e7df922bf375c2583607cb6f6566a

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Notifcation.xml

MD5 a3d126cfd479858e6d8ed2bfe1a1b7e7
SHA1 82f7cbf961c612df4d4744d40fc8fb78a305d81c
SHA256 78594478820383cd2ea341f071ba0dd7c81b1f47aee4874c205bdaa15cf6fe62
SHA512 faaa83ab249c4eb7e858fbde4b96ca6fd8de4815bcfd1a85c0874842713b7314eb475317c98a0e082f8b5bd5b6ce9e51b815b629960c3d57d9f3a9290ef04eff

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Settings.xml

MD5 cb40b40736a93ebbaa5e43a93e3743ce
SHA1 82245f6ad49908c28a27c1e868bed72f2bdeeacf
SHA256 b04e9b52af83ce2e25d5605a3542bf5698043472c11752382d4f75e0f32d41b6
SHA512 d6e0bddd8e3716a46a963f5d5bba6d99e00d6d94f931265b67b27f86d64ea0f71ecd57f9587cfc3a75f45e7dda8bc0febde268dcabb1b3d37e1000c69bd0f28a

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 e2e6714785f790fd2f7a3b55d9ad5132
SHA1 52b8472058c1f7a33c822cb0cf979dfd7d1d5010
SHA256 d72843c5717c571c3b6f37b9b28c057f61703a9f756de0591c814308eb799aff
SHA512 bc994f8b83bee48610a0efeb0016c8a15a52abac7818eb4429341f34977193325947b6099d7e7b363523a0b86d54882361efa58a0c48b3ea53d58f9e18e700b7

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 252b599ea40366dfca3c6ef7fc15926e
SHA1 597eb2244cec2e59a835d70b9519ffc4d539eac4
SHA256 701be5267f317f418d1cdad28fc9b577f052713dde60a3cee10f502f5500151a
SHA512 28dccbd4f35d0239e810dae038f7d2cf74b5b25bf9df9031bd89d0dec31bee373bc4cec8b9111c1f1d37611719e89a53e59e0020a953b7f5e26aef935deb9fe5

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 a5f659eceea1fdb67af379b59fdd8258
SHA1 2433e30c7c0deeb07ea33345c2242ffbfcc91a2f
SHA256 634356e835069b2f6d26cc69a0621e893fb354ec573368f1d803c454bda004f9
SHA512 9852575d75d60e54c959ac0cd96cb4733aa73ccc30558c3de76c5c3f46e3298d043d7251708be0dc507f440895c585cc8c5542342ee99def27c3b35e4d60f2a7

memory/4376-632-0x00000000003A0000-0x00000000003AC000-memory.dmp

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 523028ed1e58a035b3a67f7564b1e60d
SHA1 2eedd536a318569c73fdf397a94cdf6ab5b64929
SHA256 b0e308fb78ef8adc058579d9848ddb2867d3e8482de69dbce6a6932799c42a7a
SHA512 fe24680bcbb91304d9febfb0514dc7bb2249f6791af392e3575c6330a8a6f4874f4a36ef4ab9ab58e928f4b0495895451204318aaf4de96498c359fb1bd6eea5

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 cca1111d7cb9bf149d0dc84097f7a653
SHA1 fc1d224aff908293650d0e583dd6b6b98cfd41fa
SHA256 d02e04916422f921254fac4509e8a3f22d62a502d301600f549b48ebe5743351
SHA512 ac69abb9de81eed4ae886c46e2e4afaac33bc46a5fe72d5a6007ed4cc3153400e5ce8ff0ec6eac0605b4e4496e2f8f36bb68f6ecd9c399e16138df4745365cce

memory/1324-888-0x0000000000D00000-0x0000000000D10000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 2f61351d7e50dfc4d487c652116dd301
SHA1 2d0a8dcf9bb9ab7c56ff7357ae435688e8648d7b
SHA256 c006b14dcc724ee2c70c135e49f10f9641e9af5bf272b455b43d4cb78583d3c8
SHA512 f7aeaf67b83aecd867a08f6b50fbfd0ed79d64da2929159669c6f36f3066f71c4c536a112f39cd34c0bba090bf8227f6b1dc412e94aafbeefbdf27a65c59b51c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28201e097967c175b4462e87928b28a0
SHA1 82bf420d90ba4d2715172aee9ac7a6025ca12122
SHA256 b4ca85bcc1f34ee9080d88b805f258fc9425e272e70fc2931a6cfa189b9d28f2
SHA512 daddf8d4974cf4abe21ba407e86e1b752ce7e115198f5e50cb241e7a39726a5bbe9917beef52da066b3200d018db40246f6b95054a3e6a8c5d1762f38bb3bf15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76f2d65bc2c4a40db59495156a4a4f2c
SHA1 80835e32bc41d4a02d1a0a94d2d57ea3177db50f
SHA256 e93ff4445b58e99f682b438726b182286d1e0d103ccdadfdf1dbbdb1230d0125
SHA512 5d4d274b30e87063b23a590304ea8321dd4f7a01d141560e2a78040104e113bef30ade55fa5e9665de4e8879b293cfa06b39a5287643b985a9828c0a92f5991b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 efcc0ac13a0a0e33dc290b6183fd3446
SHA1 e9383bb73ec207687f534d64d4ff55d3df87e04e
SHA256 4aa1168066d1ac7e916a9204382b16dc5a63f07a9644d5f6afafd092b14100c4
SHA512 6127120387f96af934003405da012d17b1c6533b88949f90d3f14a3c41550c64242cc1db11c31f39184c08a2336f7e341aeca68c9b11be6f5d453932d08d8b1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5cd09c2cd905710f9aee0d643e542bb1
SHA1 5888f4d6bc9cb1977bc4a877ce2a27f88fa2045e
SHA256 647fc5997058adc1880ba5e7b19c89c1980ed7f64ce574756291081d25674fd7
SHA512 d10c18b5bd3869edf9fe57990cccbc83ce0855e2c27965cefe3e092c30bd80770285469b10d79a869047d86769543e8ad9cae63ce65044ac49e665b2b7b8ccb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e7f8542cbf703df44b5a07cbc5e70ea
SHA1 f6adfb799a0a19ced3c159d67031aa282278f1e6
SHA256 ba02c5db325d97f9a194dd8fc5740a83c3affcb3d1bd3efddcafd73426778229
SHA512 851e2e0aebed231c15c84962dbaba37443759870de8a337762f62f568b6466a050d226169ce2618128c7923b06f9fee3da7cf485fd1e94c153bda2c119566776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb548d124c58b91847302c51d7b925fc
SHA1 a650db411305eeeec7cafb85e446e64450705d9c
SHA256 43e2bfa29085aceebfdc00cef3fb25f4d7394cf80a191742c6af5f2000598796
SHA512 089e311631981b8750ea7ff37418ac3f97e1cfd5d6f8447dd019bedd6b741d740787897d19cbbbd0975fb092d4f4248f38391a39c79743d7cefbc5ab5859463e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9d0745d9604db00213e7ce8aed4b50a6
SHA1 113ad45698be63c5b2989aa281cc6c1d7c0bec4a
SHA256 5a9814fb136b61beb03aae31ce84653329516a194b0aea8e0d1273b7c23a8200
SHA512 87c29fe8d1e27a8c68e109e6f92179c5b244ce7bb4e24a881c948f4fc4cd876764082e6a5705c4d8d5ad59a757a65973c274aaf7740f5647ca9ba4d9c10883cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe3c0885f1ce124e859ecfa18e825027
SHA1 9a54702470abe9c69f46f9aebd8a97473d8fd130
SHA256 0601eeceb2690d0f6c262d4fe6afb379420829e67dd02087b64c96dcc70ce2b1
SHA512 be1353b405d08188b73b93b7f4b59c449eb1ffa473da9572bbaebdc83b0fe42e8e2e7036ec54a5b98f4d06c50979707cb26d0261101630fa0206cf31575dfdbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 34295ce64084512cefc3542b60a874d7
SHA1 247e9e05e3e4d7dc627a83be3251c44d9c54bc3c
SHA256 4f2fbd2054a84a074065d6942eb02b3ae9583a129deb7d655edadcb9bad20c97
SHA512 af3b37d61a70022248a4517117bc6e3ca97899fcd0791dc9de534dd4a4cb354e53854b0bc35a9fccbff673fb040b9841d4d00bdcd748417e625063bbf0404799

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6528742364080de0e3a8b763406c8bbc
SHA1 8e907546f768b691104ca4ecb466586ebbcc2329
SHA256 23d6becd76fdc32adcd336baa8479af879d215b8af71d807f3b6e91157e285a9
SHA512 0440d83ed7ee9a865a583c1971d667cc036b9b354c9adfee6f6e6cc1c81b691d1a51bf821695dbef0850a77f8b6a7ab0a2279bf2854448877a69043dffb0c52c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f48487a360f597adbb68576ee3b57347
SHA1 7b4f12c4e270169ca37834e2d39d61cd866cbd73
SHA256 6269e3f4266e8242aa21a82b58d5f6624318c3103a6b29877e91293f5e37a8a9
SHA512 74f62c92a8d8503c46bb527ce0b60da6b2e30aefa6a090e7b3cc98db611b09366542af0f5770496392f657d67d1f54500e7bbb372ebcfe1d8ca41e52a4e11c4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9aa12f71b1f1caf97a1882e88ae63108
SHA1 fe5e234418145970e4d9ef0baa4b9d52492a0f8c
SHA256 b73e5aa7b981754968c4afe558f7449a90cd3c2d722e907e74e80112bc4363ec
SHA512 9b71c38a10d910d0f44b9d5f8bde79760f7973c3c3504aaaaaa59667a0bbcae55cc0ceaa8d211f77cdc9543a4c533572c14e93d3f63385f39bec2ad6b87d6d4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 370b4c7be1076812d45f91ad730b7112
SHA1 d7a237d9b331fb534e631441caf4dd7312143c27
SHA256 c1ad4d957c287fcc3c2df7bc76b498ffb043a8793bf420a13736205b9a672569
SHA512 592598718cca43b6c5fc53fff6c4caaf8a2248768565101b58d698f3332115b291899a24707f4f2bbd30e122eb357948f2c7bf122ba688a013a930d34922fe90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb00647e6a949007fdb649b50523a549
SHA1 2ae63fe4078ce56d65348ee969864ab3cef4ad1b
SHA256 283f08e7bf2b2c16a32674f7fd6a234cd65d6642fccd5938696128668f98a435
SHA512 841deb0b55224172819e894df2f9f08edbeac0b86ab1b74127cfa313eb02384208bebb3c4454e20a84c0dd53f9e04eeae9843dc3135d4ab822cd2df18ef0fde9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3454100dcc8f458b5df7de40e1e15352
SHA1 3b17d5136ca1ae594e968e3680f5275d5e110ccc
SHA256 0bd72593cb2983c8cdc03810743e43ef996bf0cfbe102c291e6a5bb1bada77c6
SHA512 41cefe2596f508a98166ba6baf86d6014e3de241397b7a616f03a8294583d5f992aa7fda5184df78a61aab82b725678bd60436c829afe30e86422f738aa4bb6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 08efa89847fa4729492d146da5aed5b6
SHA1 bd9784ad0bc9906c2c6069e802593d1026e0adb0
SHA256 d0b15c090f84959ea385f89364ab8d12bd499c29f91747979d1e658261df45e7
SHA512 72b078cc4cb09ff357902fbf86f18422e30bd2ac2958b28dd5ccf067b556e2138a323c5e30b8bcfac606894fe0fa7a42923683439132239a1d8bac28930136a7

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 2464a58269a134f2979060e336390b5c
SHA1 31d3185eb35ec0ccc4ad52f5cf0e278183315dbd
SHA256 554d683b35a8120871871ef5733e307f50400a424889bc1caf8b4375fd3bfc00
SHA512 9d93b63d2e7d55fe88bf6023db7f2c4581ebd9b03e2a17abe39b381eee19ca71e5f2bf85f19b022afe06936d2089ef1c5eeee0607ac3f8d1e1657560afb8666d