revengerat | f2e1f9ba48a8304bf36725aba51e6b3f461e5899e06ba626fdc8a73652fe9d5e

Analysis

max time kernel
425s
max time network
426s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CC Generator.zip
Size

4.9MB
MD5

68ed86581a318c9e7278b3822b7fbeff
SHA1

df8d5d2f399e276a4c1c19aece2f7a7af3cb0d99
SHA256

f2e1f9ba48a8304bf36725aba51e6b3f461e5899e06ba626fdc8a73652fe9d5e
SHA512

a96d697280cf1b4f74734add0da6b250d147da9692dae991e531e7d3bd96ea2ca75a4f29c8098aa728bc32a1255cd81943c9307ced744cb53dc15633df5c95b4
SSDEEP

98304:nwByXeiHcyxoMNkU4Zg0F2XdintFiyvf8YmIf5z7wJuKriVDrNUMxv:wBDocko8N0F2tMFiyvf8Ym85z7wvriBF

Score

10^/10

revengerat nyancatrevenge discovery persistence pyinstaller trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

amazon.capeturk.com:100

Mutex

eea5a83186824927836

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Revengerat family
revengerat

Executes dropped EXE 7 IoCs

pid	Process
2900	CC_Generator.exe
5596	Setup.exe
5304	Setup.exe
2132	CC_Generator .exe
4744	svchost.exe
4852	CC_Generator .exe
4940	explorer.exe

Loads dropped DLL 5 IoCs

pid	Process
4852	CC_Generator .exe
4852	CC_Generator .exe
4852	CC_Generator .exe
4852	CC_Generator .exe
4852	CC_Generator .exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Intel Security Corporation = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Explorer = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\explorer.exe"	svchost.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x001a00000002abd0-2.dat	pyinstaller
behavioral1/files/0x001000000002abd3-31.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CC_Generator .exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CC_Generator .exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mode.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808359556764389"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1620	chrome.exe
1620	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2796	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2796	7zFM.exe
Token: 35	2796	7zFM.exe
Token: SeSecurityPrivilege	2796	7zFM.exe
Token: 35	4852	CC_Generator .exe
Token: SeDebugPrivilege	4744	svchost.exe
Token: SeDebugPrivilege	4940	explorer.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2796	7zFM.exe
2796	7zFM.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 5596	2900	CC_Generator.exe	84
PID 2900 wrote to memory of 5596	2900	CC_Generator.exe	84
PID 2900 wrote to memory of 5304	2900	CC_Generator.exe	85
PID 2900 wrote to memory of 5304	2900	CC_Generator.exe	85
PID 2900 wrote to memory of 2132	2900	CC_Generator.exe	86
PID 2900 wrote to memory of 2132	2900	CC_Generator.exe	86
PID 2900 wrote to memory of 2132	2900	CC_Generator.exe	86
PID 5596 wrote to memory of 4744	5596	Setup.exe	89
PID 5596 wrote to memory of 4744	5596	Setup.exe	89
PID 2132 wrote to memory of 4852	2132	CC_Generator .exe	88
PID 2132 wrote to memory of 4852	2132	CC_Generator .exe	88
PID 2132 wrote to memory of 4852	2132	CC_Generator .exe	88
PID 4852 wrote to memory of 4960	4852	CC_Generator .exe	90
PID 4852 wrote to memory of 4960	4852	CC_Generator .exe	90
PID 4852 wrote to memory of 4960	4852	CC_Generator .exe	90
PID 4960 wrote to memory of 4568	4960	cmd.exe	91
PID 4960 wrote to memory of 4568	4960	cmd.exe	91
PID 4960 wrote to memory of 4568	4960	cmd.exe	91
PID 4744 wrote to memory of 4940	4744	svchost.exe	93
PID 4744 wrote to memory of 4940	4744	svchost.exe	93
PID 4852 wrote to memory of 4416	4852	CC_Generator .exe	94
PID 4852 wrote to memory of 4416	4852	CC_Generator .exe	94
PID 4852 wrote to memory of 4416	4852	CC_Generator .exe	94
PID 4852 wrote to memory of 4072	4852	CC_Generator .exe	95
PID 4852 wrote to memory of 4072	4852	CC_Generator .exe	95
PID 4852 wrote to memory of 4072	4852	CC_Generator .exe	95
PID 1620 wrote to memory of 3552	1620	chrome.exe	97
PID 1620 wrote to memory of 3552	1620	chrome.exe	97
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 3944	1620	chrome.exe	98
PID 1620 wrote to memory of 6120	1620	chrome.exe	99
PID 1620 wrote to memory of 6120	1620	chrome.exe	99
PID 1620 wrote to memory of 5844	1620	chrome.exe	100
PID 1620 wrote to memory of 5844	1620	chrome.exe	100
PID 1620 wrote to memory of 5844	1620	chrome.exe	100
PID 1620 wrote to memory of 5844	1620	chrome.exe	100

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\CC Generator.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1048

C:\Users\Admin\Desktop\CC Generator\CC_Generator.exe
"C:\Users\Admin\Desktop\CC Generator\CC_Generator.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:5596
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4744
  - - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4940
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Users\Admin\Desktop\CC Generator\CC_Generator .exe
  "C:\Users\Admin\Desktop\CC Generator\CC_Generator .exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Users\Admin\Desktop\CC Generator\CC_Generator .exe
    "C:\Users\Admin\Desktop\CC Generator\CC_Generator .exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4852
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c mode 87,35
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4960
    - - C:\Windows\SysWOW64\mode.com
        
        mode 87,35
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      System Location Discovery: System Language Discovery
      PID:4416
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8f92cc40,0x7ffc8f92cc4c,0x7ffc8f92cc58
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4844,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4188
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6cc814698,0x7ff6cc8146a4,0x7ff6cc8146b0
    3⤵
    - Drops file in Windows directory
    PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5404,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5276,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5000,i,9571250605721834908,12052798751484464925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
34c6db8de82f15e05897a5574836a10d

SHA1
e6a0d931157a0c8689fdd59faa6bc5e306f11a3d

SHA256
d7eafa0112eb5bf2ed58bbc2fc864892e3136e8d95c5808d4464f07a10359aea

SHA512
107a7542568a24bed381563419f34e4a8aff299554d1fbec7e2735f4e263c6841fbc19564aa0e6b7ad3a2772a18897c96e6935aa68b4d8b573a72bda08b1697e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
82KB

MD5
86db55c56e1538ef4f425d4b1fa2b66f

SHA1
98c5e0798558cbbcae463c4d72889f53914b681d

SHA256
62c8d9c1f8e399e4af3cbdf57f93c4c36744ca13fbc889f4c7af533aeb393a60

SHA512
ebceadb28e2e57c6f189cad29a710da5799732559473fba7d87a6fb52b88e05926dd6692633d4f616717bad819a18d57f86cc4f7189e3d6d8176a9de916a9c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
21KB

MD5
843b65a835375d13293f6081effa823c

SHA1
d2f99f736a9c14b17fcdcff6a1b3b86f4a60d24b

SHA256
aa358d4c8a70f3e1ae60aebf1f5964d3b5ae8f92852763d9c501814d6100bc29

SHA512
5c4a3fc39d2c3dd92884952f7aefd6c6d3d2b3a21388ed2ffac80a7ed877ae77924edb3ae5bace258c4c443cf159256a7381a75e8007983df96aba41c3d817f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
18KB

MD5
79f8dc923f8545355393d4d176c372a3

SHA1
7d16bf8c333a09324ab84db6a53bf30d7e139340

SHA256
a9a072c1ec6c02e578baf19ae18a96628b04a40b799ea37b2040386750d0ad7a

SHA512
3e76eb77f7582f0a3823ad0c2353f62860a97eb57b7ce487705a3ec912997415c6fe948fbbc16bd083d8e25fc0157ebc23547abffadd7af1a8d51cdf8e012f3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
16KB

MD5
79f38faa197e07eb992d90127ccf95a9

SHA1
1c1739bef8038658648bd13f1991af5ddba67568

SHA256
b225c1f4bef7fe9205a0e9f7a3def3cf16f59d9cf3f0494bc9c0239f2d74fbd7

SHA512
2b371760569f4bdc3f658bcf6ce603807775722c68c5b0c00e0ceafc502c37409020c39202e80f0c1dcfee8ed9e031a31bb93dc9baa76ed0c507c210e8cc9c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
23KB

MD5
827b20170b4abe4685fbed88f6f7f28c

SHA1
bfefb29846ca8eb042b93a4ab3ba48c73d860c1f

SHA256
68e84f653dc07cfd6ddebed5fd1ddae35b5cd2c432499fc03b7ca22e3e251f2e

SHA512
bcaaa0c1247475fc26afefd6921e8900e0de541af21896b8a8a93d224c788b453563bea55c3070b257efa69e9505ba0a70527c85bdc567d48b76b8582cce038b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
fd7871372b2edd582c7d9804981e38fd

SHA1
6f35e3e43b4945f5968003e61a20c517a84dacd8

SHA256
33c784847f5aa074db5c317d6c79d373da8a0357c0963e9de320df8d42b85340

SHA512
a86b718a46f83abc4343fc37c95505bfe7e5cd6986531119639771e5b6ece335bebc6cc71af21ffcdc8d7de2fbf3a58e69a5606d5a9d018e20f9a549ee449fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_moviebox.ng_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fa41b6ef05f0f0475b1b64449dc5e808

SHA1
29426aa619f6e56e5d4b8ba6fc2de180e0ae349a

SHA256
15d576da4bf18ec5a946afdf0b53b5143b7ceab0f8776272818367e9acd7b358

SHA512
a3c70212452e241a4113ce79aedebc1e5e57ad0344b44a991e51ee58586eda250be703298e6c93c25e69f84b3613ead7e47c0165d17b5ab5214104204941b20b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
343022facf971c374c699e06fc8fc95d

SHA1
ab0bc09185a704e6845a0097c28b4c3b72d82a68

SHA256
031ccda832a85eb7cbe35d453f9c3cd69f72881e95c963d0c0307d2647a52bdd

SHA512
6e48180a3aefda39d8ae3b46d2821f7538d3e1a76dc15dd1534dc60691ff1a6c4c3a3d2a24aaadb5573b1092b48b76dfde54a2d4799b31685bd42a8b16cb5c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
377cc31d19f1610843ded5412bc6adcc

SHA1
ea3bd29217a78166381ddd994b603272995d7b16

SHA256
14b3a097978b5e937332be58f3b7276de693312188f1fccf0564eac2392d0e5c

SHA512
7bc8732647fff2c2e1df321e10b7d8a4e3f9626e85c79d8144c62abb5971677615ffb4a06613772dae0ffd5dc14976dec1729978940626f02fe8f458dcca1625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
63af67e177ef872695934e220b1bcb3f

SHA1
f6402dcce208eed946f09089031b3ba0cd3ad071

SHA256
0ae1aec10136d9f62d4ae053715c24a96aaa4225f13cdefdf1205cec53522e52

SHA512
36dfd2704fd6f4aed1d5e24ec50507870f2676232e89aab8e206e0e26538a3860722f9ac3a9cb1067b0675c62f83809c67dcb262a519c6f30e93b9dad121125e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
246767f13babd2e4d355c792c16a7fdd

SHA1
a51e5eb40ef3618bc699cad1eb94731ac584fb0c

SHA256
0424db07b52f3a275906f48f57db88d5a838bde245249388c3241810d119de11

SHA512
1140ef654f3370562fe09d157d2541e08ecb5f356aca8743e95c2b17f2086c450f032e88ccb5036a25c2b10e9e30778aa2e3662f4216cf916af04002674a1902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16cc38abbcd72a9e8cb8c42a00fbf5af

SHA1
18eb183644523027e203681779977825f94b95dc

SHA256
ee9769ea64a6be49907d45108499c7d431623144b74e5439d5f5cac0ae392e48

SHA512
5053b4eb6b9d009170fe144f026aeb1ca2001f05d0044129b182b9beb4c9c541652181dc70f870b8ecf132faa7ec6c48d80b5c2cf68f1b0deb6d71478c30c5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e745e6f1f9a85a1d26261c74b4aa1363

SHA1
07f7cbd130bfcca9b5b1365ee61eb5ec51f1cbc9

SHA256
be66e37dc3bb5ed0c0c2af3081c07a60ac8d0220aa07086fe2101a4e117c98b2

SHA512
f5582950113504ad10f44c92f95e1419e012161c5b15110a49a364711429627da439b92516dcc9b2728ab55e0004253ba66395cdf1a6ade5983f704337b875bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f14d8f055959e3e9e45e4c4c6cd1e9fa

SHA1
981a4a7e1ce08d9023aa609d2f60992f32eb4844

SHA256
e4b5ff214cac3b0d7818e3d394685f59e148388e94a805d5e8fd1d49cb1938e8

SHA512
7a836777a19a18b839813ac6fca10a9341a4f124edcfa005b240f2eaa7a04ad930b8a67b7204221a0c97ca8a78c4589a4fa090809248cf7fd3cef4b3639f8c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc4f1272dbb7548565770621345d51c4

SHA1
c0da03980191c0353d1cad605f3599745cb8aa39

SHA256
28ca1c522d381f89882dc4da4b2aa6d8c46d0aec7a1550ef4b4b4b8005d15be0

SHA512
3a4a1d1ce789c095172f68b23cfb47c3774d43498185c1e63f6ebd3d962d7da7524074040f23f58ffb7de66e64125979c2c94bfe358d8b2d96802cf6da6f3f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98f333a46f4f2c7b547e82345859c6f9

SHA1
cfbc43118585e4e2fe0ed7d438bf27379da3bb2e

SHA256
74302444280b1305d36dad14cdc1a2d1ac90c0d73210911025d980eee7aa4293

SHA512
3f643d6c2edbf511c2cd2dcbe16a8d63d14e1b6e2aa63513167c48c2bb504958a4b9987bff04921deb32686fba4a401824b58b5060d7a6918911486c0f928d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f02a665672936a3d99a09f1a8614ce29

SHA1
a112c018a0e43b3d94d5a6db0977144007edc261

SHA256
3275521b98fc98634bd1e5486df3dc27b2d50d0c6c6645e9e94d54340c3dd3fe

SHA512
ed22bba9ea6e6e78fdf6c37350386a17ecb23cef64f2f638219289835bf9c6a88912107193eddef456224ef579ee4041a814f92c89ee7c6080b1245c98261d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca23acae7e8704638c96e271664ef43f

SHA1
2fbc6794b14fe14d59d3b469d76d8db45e2ba26a

SHA256
5a4aa49f3fe298c89150f88de66c0be58e618611c6ab79fe2653623538b64697

SHA512
d9ecfb94dab559a86a143d1133f362eb9380c8d609776e79a79ff2eb166bdb4fbf62ee5ff9a0dc5031a69f3e1b1b1278157a69e49a5efd352437f43b7043989c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ba09960b2ea920ac558dcd3af4c34d5

SHA1
1e5b653a8b1c2f5b65fca20c753083be190eb9b1

SHA256
fb6191de0efb5e58a886fb5f0f137e1203e0c185dd3d58f02f1a2dccb7a2b1d4

SHA512
eade97ab13648c5ff75a8ad601efde0ee1f0d5ac8d59f90b2a9ebc9083b2a563728604bfc65073d5e353bd688654bf9d26f972b8256cd7d9764c1b3c5b6ffe1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6ef0f7407bbbc8ded78e608b061f26c

SHA1
b26f336b5bf368334f9a5096782b4756c4ad575e

SHA256
6f1e2414bb7f6acf2e588b9a3e44ee0147038add4095b2b87a7ec1991a497fef

SHA512
994e9416ad3c01ff5543b1c3512d51acc17333316f08ef017778808a9c6b8c12ed02f99f351e2450588919e308404c70e3b534e2bd3fe1e93d70fbce92380e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f200deda9993fa5f2b20d146b0ba35b

SHA1
280ddc1f782f770fb3d133ab11845ca9defa151e

SHA256
6bcab291f73c17654175537a96fbce85d963aa6debbc9ede4e2425e20f693607

SHA512
9a590c8e0fea1137045a131838c90195ab72516df5f1d01a24ee29050bcb7e09990274322036e10ed11db89dd14f1b269d529169e9509fe919e48ce93500b8eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9dd3097d713f662771e3e1bcbf88fb3d

SHA1
8e83dc72fba13320ac8cf8ec4ceec86c39e6eb4d

SHA256
6b0d39fc185292efae049019ddc64aadad0e26c47a5f2149d549ce3a3ad8abb6

SHA512
d83422a819a6b7b31bf610b22fb65aaa0b4f18d4aae31c39cc761ce8e9733a6c1228b1168430d5a877b68b5cb6bd8ce6e563ec705740ecd632637be019941545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2d6992cc51e86e990ed4bf8faeb9bbc

SHA1
29b04e0835160cf3cbfed88b4147a01110b5d791

SHA256
cde74847c5b520cd4afc363ef58e9c9315530bf45746861662daa7dff3d0bc1f

SHA512
fad258f569ebc739c214a6f9e609a83a7baff03450152a8e4ef0d0f76fdf3eafc389a7b83853ee6789718f4797c43e5a34262e758c38bb6557ceb86926c4f68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e00e78bd1cf3048055806fc1e464ba1

SHA1
670b2049362c600865b7a28aff8918c51d53fb57

SHA256
7f0cb76d966ea57044bbabedb41e29b49de54c66c17650289623ff4ec42f650e

SHA512
6912496127309dbde8ffedb0aeaa13b2477284caa49947daee11cecfae3ecacb606aa89d25646f47fd644d9def7a8aebce6881d68c0d212b7a8a2fc05e7c051d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64cad1aec3bb2aab2f32e809e48444c2

SHA1
abbd0d99b2885b8a304166cb0301b2126424d1c2

SHA256
65080d03920a2a524cbba854001316923afb91d8c060a1d42722491f30ad03b6

SHA512
dd1cee63d963bfdbd64de797ed5ebadd7a09b65b6e3a2205b6bea35a26ce88af35be4a76b1d44c3868f4dccda4987fd6b1b9d53ef6487ca892226f8d871975b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14531bd7cc4ad98d28b44396e1fed3ef

SHA1
f5f2f38eefdec287c6b7eb4a5388a3e734c13325

SHA256
6ae6ee850ed25f70c8b32c0101299d891eb4acda6b4a5d0377e91a8b7395acce

SHA512
5344437e3df0558d7bedfcd0301893e99482c4079a5f51e44cfa97e5f6676914e51ef8411e1b43b6d4f073cddf150e4249258d4479823a609d810ec51f984ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc05b7ab8ad03486b7d6577549a0d447

SHA1
d6151b20ff5459f288a1e495b6c21f4c97ed5009

SHA256
57fca04d81e02d5e6f7a1533fab64abb5eb9b6e57de5fa66ff673e50a6c8303e

SHA512
0109a9c1b6d739ce22157b2f4b05775efb4c326f4e921c9a1c01357880e77f1a22782183448ad3a8216344dc0383dab985f353433959f49db03440a7f1355781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d3fff40c1959e4f4c0fdf32396d221a

SHA1
f0b2bf473200d80287cc13716a9860bd487f44f2

SHA256
82bb5c575cd8fd4203fe9485705b86b43f0bdfa886b03bac69bf243b3906e67d

SHA512
408699355f5bd6f7ba5ec1d6eb203fcc089de3e729f606dd032d14c3c64cf6a5d4850a2e2e27e702d151f28876613bfbbb91a8c780b66fb7263939c14bf61511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e224e2a0a9b9561b24344df9e810dd0

SHA1
00133815b6c0e6516248af1b648cd51916024e20

SHA256
93e758f31dbebe33b271034a9472c5f3e97a55194e6e01841085516cc14e78d4

SHA512
fa365334c744fbcfd6a6a728565d613f8fc1828243d4ba164c1bbd8188e07331ccad41c3f5cc0c346028cfd3723527f4b356683153f5011f7678fc3368d3af11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcaa585dc70637735ae8d29a23c90036

SHA1
e202c377a11db18da7e208628e34f092e7721680

SHA256
8ff93528191c1874776c312d8d0c43f6335ecda05ed24b6a3f652bfa6bfdaaee

SHA512
693172402a58f3eb6101f4d63ea56c7c3e038ab80b5bd608960197fb1b272ff4084433afb4200230222fce9ef4baea48631ff4c54ae2c1afab79c1a2c6c73c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d72c999bbdc61e13a6d793198d60e2e

SHA1
b813173ca7a3a6138c2caf62daa78fea296fcb5f

SHA256
d62b15cf4c928823a1003f084b4b365c8a1be4536414e0bbc993ecad774019e6

SHA512
f4e7a436000faeae8afe7da5e765aa19760d2baa6612d8ddbe71c11841f295ca7881654f1116b26e374e157465c001c1de162a01c9517b4c9fad4017d56dfc86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
384de006354c6b6b20a100285313b200

SHA1
e4232f55c977974d92b0dc347916a286e13cdd55

SHA256
5b6c7a15e5ddb8c4fadbe50e968f3a68e9aa667132ed77ddb884d303b58bf85f

SHA512
b39d0fd9a4e2d2102b00e783884aa446faac8e026f39ab6adf18691cb4ce3449b225e72acb9c9a63ba8e9a3f8eb84fac855c3a4648423427ceb1c2e4668c33d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ff169d8ef48053516d0ba24a8ddf2c04

SHA1
5ceeaf36fded62587933e187f83118cef5ef67e4

SHA256
4d81bb0e81824c1408c63083b487d7ae3fab78b6abc2f7ca1995753a8cef4778

SHA512
c8d2a2691b04c77a532fbe44d1f222d304d7b6b45c3e5b42e36378f3e9467fc59d2d3ad7df0ae3bb764df8b71acf60270d2ca12dff2f300ce9d003403cac6197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
49ec197b79f1f05b7c45d8623216531f

SHA1
b0656a84d1a2a7fe051e550f7bad4feea6778833

SHA256
4102a5f8e46661af145829c17c0c39de50446e483acc7788c85ee5aed77008fb

SHA512
1bc4569f0b47c4ce2121cd834cbc5ab653d220d6e9937f5fd5b5300d1426c8c90983be2f28377c8b2742614572a2b8ffbfde71cd8d4d9072f3d74e3c6cddbcc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
c17461662ba684a42e78f3c2dc04b30d

SHA1
09f5a47f76f78bc30b8c69fc9d5d17abfe4dc201

SHA256
30f1ea1fe7413571fb457db7cded46e608f678b4cfc96add99caa454f9735fe4

SHA512
3b8a9c424adaef64b45033bafcabee13936e2ee3f3ea9f24d78291fd4b7315bcb030a8aa2c2ba27524fff7dc045a119a225c44db34a9922908bd60a5ed811770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Setup.exe.log

Filesize
408B

MD5
b086782ac488892b614985f9355a4979

SHA1
85f1537da0120829dcabae7c4d6334e614c738eb

SHA256
196110ae45d16c909675bf3106c8794312b7b5520c2555842481dc0c9bd5a88d

SHA512
15401e81b4aaca10b999b68858d05f1e410ea7417b5bbabb22e4f3a487e714bdedf430eec92a154444ea4f0844b70052a8e4dd0be80b9cc35d1fc189a41b55a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup.exe

Filesize
356KB

MD5
fa0b327abd82686bb9d676a30fa89b46

SHA1
a5521f5e8e500f67b183542ffad65b83ebcb186f

SHA256
d01728070486e1abbf024db0eeeacf232e02fe326c4c0b762af73f728fc9392d

SHA512
ead84a6cbe44be5cb213154cf11f8cbe7cc992563549201500f11cf770e3b57b02da027fc982b436f8eebbfa60088f4dad8e10de1086dbb5781b2b3da004790d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\_ctypes.pyd

Filesize
105KB

MD5
9db2d9962cbd754e91b40f91cbc49542

SHA1
945ae09f678a4ca5f917339c304e5922e61dd588

SHA256
6a6df7d77b7a5552d8443bd1b98f681ad2e6b5a8acf7ade542dd369beab7e439

SHA512
a9d522f5768d265e2dca80faea239cc0ba7bec715d23058571651f8b61402650c01f3bca7f4d10e6806c8a553e79569dc852381d44169f535d63e85148d24e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\_hashlib.pyd

Filesize
31KB

MD5
e84e1ba269371e439c2d52024aca6535

SHA1
2abac4b3eb0ab5cbb86efd964089833cd3bd164f

SHA256
2fcb297733e6080480ac24cf073ff5e239fb02a1ce9694313c5047f9c58d781b

SHA512
22eaa0f42895eba9ab24fe1e33ef6767b2efa18529794d070858f15e116228d087fe7d3db655a564e52eb2ea01bf4a651f0f82417e0fccca8f770057b165d78c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\base_library.zip

Filesize
768KB

MD5
40f343be5c2152e0d27a6cc9b604f2d8

SHA1
96529d7d9c76a57bc9b430c4d921c670575e4d17

SHA256
6175e5f7feae7928c20f595209c9f1e95ad203e749dc1af8c3cf37b80d2b4276

SHA512
d87bd9ea527d507b60745073b93e3f58b36cd723d31192f9de3aa2700dfbaff4607aed35b8a700a0cf9c53494d702e0cce622d37962c486ff20e374af6a0c563

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\libcrypto-1_1.dll

Filesize
2.1MB

MD5
c0e55a25dd5c5447f15eed0ca6552ab7

SHA1
467bc011e0224df3e6b73ac3b88a97b911cc73b8

SHA256
9fefba93fa3300732b7e68fb3b4dbb57bf2726889772a1d0d6694a71820d71f3

SHA512
090b03626df2f26e485fea34f9e60a35c9d60957fbcc2db9c8396a75a2b246669451cc361eb48f070bbc051b12e40cacf2749488ebb8012ba9072d9f0b603fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\python37.dll

Filesize
3.4MB

MD5
d49eac0faa510f2b2a8934a0f4e4a46f

SHA1
bbe4ab5dae01817157e2d187eb2999149a436a12

SHA256
625ca7bb2d34a3986f77c0c5ce572a08febfcacf5050a986507e822ff694dcaa

SHA512
b17f3370ecd3fe90b928f4a76cbad934b80b96775297acc1181b18ede8f2c8a8301d3298bafa4402bce4138df69d4b57e00e224a4ddbb0d78bb11b217a41a312

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1620_1966051110\9cee7f99-c043-456e-b621-13d610019d99.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1620_1966051110\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe

Filesize
63KB

MD5
d298454882caac154fc9217fc7e90499

SHA1
11970a2f8b9d1153fbc7fe925a846bd95e07e96f

SHA256
badaa2312457f3d08ca1f72287989456f9e62d6b417af6fb9b5e39ca1e8c8100

SHA512
e28a4d7c827b5c816503ddba4fee0bc82b16a0acb2eed9c81b20bb1b043d69b89cd3a1cf2beafb27a2471b6172f707d53e3c90568636b0c65e484e051dfde86f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe

Filesize
256KB

MD5
c4e4407b5fcf49586ddd5d5573ae4b95

SHA1
0f60aaaaac09d4f9273207114fcc78c0bfb250eb

SHA256
8f1e6eb0269fbe449678ce4863d494fda78bc648f27ad1c129270575efce4f7a

SHA512
95a89aae7f135b3355f2f0f751607742d8dfa5dfb04bf86cad0fff99d6c687a18a2f0be30d92a79d004cba49823c73f0208f40bb5e9cff3b26f72d1fe5f3d47b

Download Submit
C:\Users\Admin\Desktop\CC Generator\CC_Generator .exe

Filesize
4.9MB

MD5
a12aebc4a455dd226047ceae5590b73f

SHA1
23994217e28120ea87c8bc713610d273b69c5a9a

SHA256
765f8c0f0d1802297cf12294da89232c789506ff8c2ab06478eeddbffaf10a78

SHA512
5e9e2e290377b7e6877fc3cf6c94a428150fefee943b6e01ad5ffaaa5e531db642312b1aebe1164964c6e2ee1b37953392ee751f6028ddddd7cea444ac43c415

Download Submit
C:\Users\Admin\Desktop\CC Generator\CC_Generator.exe

Filesize
5.3MB

MD5
35058d8cfb8232610118db5d237be4bb

SHA1
801290f68cf19c66b362bf5ecdc67c9e36b21a4b

SHA256
eefce9820bd7d8e0c47dafa9332a979ae6b4dfc41cc0603e8a846f07368be3f8

SHA512
cbf7666396d88a121d7768c209d6ae06d212ae311f59edc2f85d86bc6ec3f5aa592e6ab05a7f0dbfb5807a05e40ed000ca79dfec8f4f48a4b6114e18e28a1921

Download Submit
memory/2900-11-0x00007FFC91690000-0x00007FFC92031000-memory.dmp

Filesize
9.6MB

Download
memory/2900-8-0x000000001CC90000-0x000000001CD2C000-memory.dmp

Filesize
624KB

Download
memory/2900-6-0x00007FFC91690000-0x00007FFC92031000-memory.dmp

Filesize
9.6MB

Download
memory/2900-7-0x000000001C720000-0x000000001CBEE000-memory.dmp

Filesize
4.8MB

Download
memory/2900-5-0x000000001C1A0000-0x000000001C246000-memory.dmp

Filesize
664KB

Download
memory/2900-4-0x00007FFC91945000-0x00007FFC91946000-memory.dmp

Filesize
4KB

Download
memory/2900-33-0x00007FFC91690000-0x00007FFC92031000-memory.dmp

Filesize
9.6MB

Download
memory/4940-97-0x0000000001170000-0x000000000117A000-memory.dmp

Filesize
40KB

Download