Analysis Overview
SHA256
d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
Threat Level: Known bad
The file test.txt was found to be: Known bad.
Malicious Activity Summary
SilverRat
Silverrat family
Sets file to hidden
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Delays execution with timeout.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Checks processor information in registry
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-22 12:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-22 12:11
Reported
2025-02-22 12:20
Platform
win11-20250217-en
Max time kernel
526s
Max time network
530s
Command Line
Signatures
SilverRat
Silverrat family
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SilverClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\ddddd\$77ddd.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SilverClient2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SilverClient2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846999568134591" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002db47f8e7b81db01a63fd7f08281db01a63fd7f08281db0114000000 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000100000002000000ffffffff | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Silver Rat [Re Lab].7z:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\System32\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffd36c6cc40,0x7ffd36c6cc4c,0x7ffd36c6cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1812 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1748 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4376,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4472 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4852 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4592 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5148,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4900,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4400,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5228,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4816,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5336,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5352 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004E0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5536,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4604 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\" -ad -an -ai#7zMap23492:98:7zEvent12031
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe
"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5560,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=580 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jwg2ksn0\jwg2ksn0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7E93.tmp" "c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\CSCE9A7DD4A20C847F7BDF69947E998C492.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ufa2f1e2\ufa2f1e2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\c3nhpl5s\c3nhpl5s.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1BBD.tmp" "c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\xloLGclaxcjpsAh\CSC75A9CA8737A3475399A9DA2ABAA1DB5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lcemr5tb\lcemr5tb.cmdline"
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe
"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\odkb1sax\odkb1sax.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB1AF.tmp" "c:\Users\Admin\Desktop\CSCDBB4B0ABF7ED46C887807530636E89F2.TMP"
C:\Users\Admin\Desktop\SilverClient.exe
"C:\Users\Admin\Desktop\SilverClient.exe"
C:\Windows\System32\attrib.exe
"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\ddddd"
C:\Windows\System32\attrib.exe
"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\ddddd\$77ddd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpCCF7.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
C:\Users\Admin\ddddd\$77ddd.exe
"C:\Users\Admin\ddddd\$77ddd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n1jb1w0d\n1jb1w0d.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1991.tmp" "c:\Users\Admin\Desktop\CSC9CCF4F909925477D877712A934295472.TMP"
C:\Users\Admin\Desktop\SilverClient2.exe
"C:\Users\Admin\Desktop\SilverClient2.exe"
C:\Users\Admin\Desktop\SilverClient2.exe
"C:\Users\Admin\Desktop\SilverClient2.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kooz1zmn\kooz1zmn.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7BE0.tmp" "c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\CSCA4BED9FE15564B74A2D76242476FCAC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\thocbnyv\thocbnyv.cmdline"
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe
"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | clients2.google.com | udp |
| GB | 142.250.179.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| LU | 89.44.169.132:443 | g.megaad.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| LU | 89.44.168.198:443 | gfs270n148.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.198:443 | gfs270n148.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.198:443 | gfs270n148.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.198:443 | gfs270n148.userstorage.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.168.198:443 | gfs270n148.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.198:443 | gfs270n148.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.37:443 | gfs208n127.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp | |
| N/A | 127.0.0.1:9999 | tcp |
Files
\??\pipe\crashpad_3236_XZFCOANLCPGWJMDP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 099775f19a1788b5d5a8899d92d9db7b |
| SHA1 | b3a073da8eeccc9690d35f6b87015ed7180b3286 |
| SHA256 | e937cf085ad17253f50e69576cef2c7d8df0a668eebbac083da29f5e34ae9bd3 |
| SHA512 | b035faec4d1fa8252cec24b459f8df6e1d73c9102c5619f1e51fec0c63ae6d39989b52c5a62a64fb84dd48abd50275d62d401e89a8fb6eb6fd422b82ea7ac0c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdc6c8c3e18b05fdbc483d1a6eb16bd4 |
| SHA1 | b8a1b28f0e56cfd0dd64b4b451b5f150a7390434 |
| SHA256 | eeb8518035d975e91bee281d20ce33eedb0ce63c8e8ae3b50fff750c171fa6c8 |
| SHA512 | df9910b78aa4a8107e092cfaaae831ea626b60a78c93455ef2246721bbb804ffd181e723090817bfa97da9e07e9c6025af672d6f63dc006ece4bb7abd78e760e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a06c207e64439889dd06082a0674d90 |
| SHA1 | cd4fbd5daad5330d3db93186ab390e6172f5c7d5 |
| SHA256 | 35eaa9f1a292c37bf55c442fe3939fa681bc3509b7df0c757b446172993d8f4d |
| SHA512 | 0a4db355963cb5dc85fe5891b3c22efa777e8060fec36cffc0ced50253393844c8549765095e21f91f520df8672a1f74ad106b2b92bf0abc3bc64bf00f2e55e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4cbfcd0d-d9b8-4a64-aa4b-7ce6c436b937.tmp
| MD5 | 78c62f2d6dd56532bb88589ed204681a |
| SHA1 | ac7c51f1fc1167be6ca2e8c7656cc1c7e640bc7c |
| SHA256 | 583663417a18a6cfd635f63cf2b684ae02184fc0c3e36647722a8c26b00b0256 |
| SHA512 | cb8fc491d626e58435f4b1e5513b1a73912dc9c6efd2dc66eaa77f668db92aee5f49b72d6c9db7ee5987f5a02f076bb0c08a151777b7294711c3b15bbe385881 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdbb1082a0e9f60bf05f04226c7c08df |
| SHA1 | 643cf77cd42580b67f4ab373f4fa6c3ec969cf35 |
| SHA256 | 5fb720d202e0fdd790eab5498948f40c45bcc91e2072d6f7219c47294248e51e |
| SHA512 | efc06f7452c5b71996861a29fb33d7c7019dd1cb7a3876dc8a4e8f046f5650c0ba6eed591b313f73b36241cb8f1d141744c5b5cae0fb6d6a9d30ee2698216d65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb78458855b82bf4c8c459599802e31c |
| SHA1 | 109def1318c0ff2a973dba38d4d15f5765c72b4b |
| SHA256 | 51f6645b84834abff18f6639b2a2011a48fe1175635b127cc62e5eb59d821d3d |
| SHA512 | 151035710405b408552c7cbddc4e243bfbc2114155e4b833ab803d5768b4dcb100d16a12bcdbc15781d01dd986f0ddbba67a5ff20b44e3b6a921c39092f1b800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4e89e32c8427bd68607b782b798da3d4 |
| SHA1 | 25c1997dd1d27dd94c16d6be1e79aa1ec4913025 |
| SHA256 | 7b45a597657c38a15a6287575934026c20407644bbc532826b81aec6d8392ec7 |
| SHA512 | 17d4482351ec80b500f5042cfaa84ccb3fdf3ebd84bc550cc415d8e5ee68a06454ffc411930d6b8d276b5577ca777bd0b12e041cafc8f9b5ba4653de1b0d5475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5711f8895a7c5959ee2445882d926d83 |
| SHA1 | 02ab511354d0cb11953454fc8062798a7b627ea6 |
| SHA256 | e62a6ea618903f8a1e12e7362cb9ab48912fc4091f57c0d0cdb6ed89732546f1 |
| SHA512 | 7a15f7593624437184ff0f2a99f84fd513f18a45da74431989f87c0209c509e46510f870a05784366793848f507bbcff993df138f49e5dff5e6e7ef31e6822b5 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab].7z:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 522e87d616cf434d84263036845e3d7a |
| SHA1 | 39d5de3653e0a361b8e044863704c50b3c108b8b |
| SHA256 | 5c5b75d4026ecefdcfd310e14a71e76d39216bb259daf7ea46f2cb7f3f2e9025 |
| SHA512 | 196be999722c790f779d26f2fe0db55ac8545709235e3d4e2414f64a36f262a31c137c560ea35138bfb6e0a827104d78d9a47b184c884877ad656ebf89c1c847 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 33923119fe9f9ab50db861e94940d985 |
| SHA1 | 0c8c030110a7153e7ef9f2d4f7cccae608518a8d |
| SHA256 | 1d7b94c9f2380399d034a512c660bf8ffcde978346b99ff68a5a47805f528162 |
| SHA512 | e5b645c39b73b384d2ba9b57ff39f590ff83cd1670d5daccdaea964c60e9fd5e47c739da28fd8e0c5a55e4f52569ce404e3f17d573aeecf8f2f251fa24bf5747 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d845ef7c8f8824bfa7819df53847fb50 |
| SHA1 | 8f15c5c30a417d47ff7891caa6cb7c8681dc402e |
| SHA256 | 8c69ca9c166e6209126550d575e1b3ff847b5ea5eccdc0871f19f4bc3a3f0abf |
| SHA512 | f2c831e1eb9383f1f7fc5e685a1b9362f46402318a218223d3e1a6cc3cb49cf6736530687364744bdb38e584f3c9a01d9f77fc115a5efbad40b9927023c65bf8 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab].7z
| MD5 | f06813aa321c43a69a04904cfa735a44 |
| SHA1 | 820a0f9f4c00af6ce2583218019ad14a5c5592e2 |
| SHA256 | a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d |
| SHA512 | 72551e22ba2db4759ad905f92f407f7e8266e363aa8627a56d8bcaea83a69a96466269358a034e626581f24c2417fa98bb0bb57472f96c2ea39b2708edaa5bb8 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe
| MD5 | d6527f7d5f5152c3f5fff6786e5c1606 |
| SHA1 | e8da82b4a3d2b6bee04236162e5e46e636310ec6 |
| SHA256 | 79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9 |
| SHA512 | 2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe.config
| MD5 | d6f1152d647b57f64494c3e1d32ede94 |
| SHA1 | a35bd77be82c79a034660df07270467ee109f5ac |
| SHA256 | a47f3f83cdb9816f03632833dc361ac5e7a4c5c923af1fdebfa16303f9d68a72 |
| SHA512 | 699b5ad93d3497348f8aad8e15d54ddd789bbac43f11a7fb629f19cda3749bee0ae06dc83f4e6246df631488169fda5d15c48585581d3a96d2523b8b45e639bd |
memory/4960-343-0x0000000000E70000-0x000000000279E000-memory.dmp
memory/4960-344-0x00000000078B0000-0x0000000007E56000-memory.dmp
memory/4960-345-0x0000000007300000-0x0000000007392000-memory.dmp
memory/4960-349-0x0000000007E60000-0x0000000007FD6000-memory.dmp
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\guna.ui2.dll
| MD5 | acec68d05e0b9b6c34a24da530dc07b2 |
| SHA1 | 015eb32aad6f5309296c3a88f0c5ab1ba451d41e |
| SHA256 | bf72939922afa2cd17071f5170b4a82d05bceb1fc33ce29cdfbc68dbb97f0277 |
| SHA512 | d68d3ac62319178d3bc27a0f1e1762fc814a4da65156db90ae17284a99e5d9909e9e6348a4ff9ef0b92a46ba2033b838b75313307b46ab72dc0aab9641e4f700 |
memory/4960-353-0x0000000008130000-0x0000000008280000-memory.dmp
memory/4960-357-0x0000000007FE0000-0x000000000802E000-memory.dmp
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\bunifu.ui.winforms.1.5.3.dll
| MD5 | c1d51a0e747c9d6156410cb3c5b97a60 |
| SHA1 | 86312cba2eb3495cc6bec66d54d4ab88596275d8 |
| SHA256 | 6937052b86bc251be510b110e08fc5089d3bd687ce2333a85ea6d5c2c09b437a |
| SHA512 | a8d7b2e5555c01076e8dd744d21d8cd901aaffad052af0e8c22269e8c2f765019422ed245368a64d64157652a0e4fcab1a889086fde4e139b4ccf5f7bad08222 |
memory/4960-361-0x0000000008580000-0x00000000087D2000-memory.dmp
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\cgeoip.dll
| MD5 | 6d6e172e7965d1250a4a6f8a0513aa9f |
| SHA1 | b0fd4f64e837f48682874251c93258ee2cbcad2b |
| SHA256 | d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0 |
| SHA512 | 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\bunifu.ui.winforms.dll
| MD5 | 686833fccd95b4f5c8d7695a2d45955d |
| SHA1 | 882f60ea47f536c1f01da0f5767dfe5d569fc011 |
| SHA256 | 578cbcfb7a01234907fb6314918efd23a502882c79d0ee3c2e7d4ae0cf63ebc2 |
| SHA512 | 8bb3a8741b73ad7c280de31905dbfc449c2d6f538b8feca232201c7079f917c4291936211632bcdf17c95d6cf5d9b97df2cdd21c57af6cbff486ea7691ff3bc1 |
memory/4960-362-0x0000000008560000-0x000000000856A000-memory.dmp
memory/4960-363-0x0000000008C90000-0x0000000008CC2000-memory.dmp
memory/4960-364-0x0000000009590000-0x000000000962C000-memory.dmp
memory/4960-368-0x0000000009AA0000-0x0000000009BEE000-memory.dmp
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Bunifu.Licensing.dll
| MD5 | c18a9e44e200c7315a1868caab894293 |
| SHA1 | 18f65508762d2492f41b22e4e6e5ad19a2226baa |
| SHA256 | 661a5be944dc9fb2e0eba01c3c0584feb3ecca44877d77f54d0f409ce801af22 |
| SHA512 | 9a5e08bb6ed4535ac92ca446b630b29587cb5a4d7d695234a5d93267d2ac13d702b3738ba0e20606f10020e9642e8e315e7ddc92f1c321b68daf8524a3f5f2d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a32598eee67a45080da91dcc30096018 |
| SHA1 | ce6694844c4b4c9f4189da3ee5dfc79daa754bf5 |
| SHA256 | 753cae7c38ddeaf579b561519ed601bb1d5ccead150cc6c0df9d52cd510ecbf5 |
| SHA512 | 5c3070170c6fc5379d15483cbc6bec20d6ff1ed0aeb36b88e51a13a31bd9436642412705dad30d38df0477ab4249d0b27016c335c7c33671fa05b56c6cec1d75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3b3a6cf6b79662f2419c7eb978abb5dd |
| SHA1 | f6c3f4b8eb92516e8f468395eade41f297a47ada |
| SHA256 | 99190abd3923f749c2b4d0faab52b4ee64b159f52371555f04a89c64d5b82597 |
| SHA512 | 574f9fbb5ccb339a30b7933ee017b1fd84600d202c0d11e1ee3028a2613d682a66ec0daacd7c6867a55955ca61b13ee317d6877d50aa02966012a960aeeaee9f |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\SocketPort.xml
| MD5 | 5f807862258a390b2e2f75abb6d2c865 |
| SHA1 | 22abc144aa034c6490cbf143a8f1cdd42bd06d1b |
| SHA256 | 7b87c31f6d1163fc236651f5e1f3187cfa0c79d4a85d20c1c05f1dc3056c4823 |
| SHA512 | b831e4b2eeec23e39544961cef6619c8d57c50b53dc6bad8846682df6f5252041f50ce33cbe182488288d6d5e2e3e5194055ee4143ceb09f9601ed49d39dba39 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml
| MD5 | 3fcd4ac4720febae7ed0b81913daaf1c |
| SHA1 | 7d2ec4090023cc93a453c65782c78fe9bcf5afbd |
| SHA256 | b4b7d0f7878a60e5d641443a7d4720e178568e6febbb38a243d3b9fb8a30842b |
| SHA512 | c6a5c5c5d17d2e56fd2fde8705062a8916673ec5557ef9f30c9f62c67877c72f5b8e4528a3a8a8ec24f74e5c52ed385442483606b13972bcc645257a5826f2ca |
C:\Users\Admin\AppData\Local\Temp\TmpAF41.tmp
| MD5 | e1a48ec781542ab4f0d3a3368b2a1d05 |
| SHA1 | a35670f07e5320a1591a55d903b35dcdd1d224a1 |
| SHA256 | f41d8818774f3ec0bf936e564f50008b46f5e4060edaab3bd72ffa389fb9ef21 |
| SHA512 | d3e756d8b321d38962a7b36af617d152e9bfd499b31f1630a24ada435715ad81a29ab73e4ab4aa21bbc9029b4177a943303e7df922bf375c2583607cb6f6566a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0b8dbdb48a2b79fd22464a002d6af30e |
| SHA1 | bb6759549b7d5d5c389253bb8bd0343a7acbf1e5 |
| SHA256 | 8dc67f6a5a8cf939e27e4f302e2b5d64b5104989a75b880e92c47c6bcec47049 |
| SHA512 | 38b2fbba0e080da0a23caf0225f12b0f3278e9a4fe4dffb99e66c1b1020361f851b5094ea307313ba8736942289acd1bc5ee64a45bca2bac13471ff310b817d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6412597e08c5ccb1981a3ce1eed220e |
| SHA1 | dd01208cdd28cd1c907d1670d6a1a450360264ad |
| SHA256 | 27c85fa57d32aa3843f5ee7b823696cb3fed2d0d9b4f00e147882017367fd007 |
| SHA512 | a89df287280fcbcd96f72e9072dde10d0a8e58b6600afe828e11e57cf8ccc71a068cbd595a120731f477e055e6287f518bf44e9e8d498d97948502c9dc314a8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 955b5442d43579a804aa52d56aa69da7 |
| SHA1 | 5d73c8d4ff4a96210e9b8b610b8e79aaae0110ba |
| SHA256 | c7d5e54fc4dd3496ac5a9e7d56757f60f38117b7e1285c8e9ea23dba9eb8b55e |
| SHA512 | da419c6af51b0182cf761a7f60e2f8021be0edb906a96b6087144abd2923b40a0c52079e467e14f4a22718579d306dfdc15e5190723ad3309fa9554587d3198d |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e00deb745dbef93492ede3a7e3232125 |
| SHA1 | c0538950281da3a1130e1d91f4dff6d04bf4b90e |
| SHA256 | b4d72e8b63094d6ad24d7f14c20c6c89062d6fed909d98d78ec88c78f02e350e |
| SHA512 | 674c59b9b2e6c7382db5b3294ebe3ff971837f85190c14e72ac05470e4f3c776844390d841781d14e817a88c36a0f9ee874d68d59bce2310e016819a5e0bbea3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f6b95ba7b3675487ef769b709cf36736 |
| SHA1 | 08a1a7f66df9d9a92ea86efc2b60a356dc8c5ef3 |
| SHA256 | 0e33ef00fff08a18fdb14b0406f88cfb9a64812c920696870b71dcb62029ebf2 |
| SHA512 | 8b546d9ed418fc9c40d0a68c455224eebdc89fc36b96be4f114880bd44d3e0d845588aa14aff9e003b05d6bd349402619b65dd2f8fdd14f7cef4bbd21c1fe9e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0668141731c9df0ea3c44ddee53a5821 |
| SHA1 | 676bd548b1eed2cf374099999228aa082f061264 |
| SHA256 | df5357296e1d510abb183ba3134ee540458521ece76bbce444f46a8ffa7a22de |
| SHA512 | 315da830016881c2b05837c4c1e0301ffc8559746176423b16afb44684730088f9ccabf4ebae34f81ae0545ebb292c625b75551e96144623157e52f9b064b642 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec36a63b4f50994d72afdb97c03f841b |
| SHA1 | 1a57c0703827602ce2a915f933d2c4ef7c697abb |
| SHA256 | 35e13730cccb6e9651cb4ce6eda36d33762004600a21f416394ab396a43f61e4 |
| SHA512 | ca44bd196cbc2fb5cbac49eeeb9cabe6b72a07fdc2bdf581258ca83ac24e0d229764960a7c631b42d1aea4508e99cea4ac121167d09c6b930869800a5be48c97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e03168a03de7cd04abe1c0281e3fc5c |
| SHA1 | 3dd4d961835024068c7b09f8cfcb40c6e2fd4072 |
| SHA256 | 3ce3d59050a3a50e1db1a1526ab11a070bee73525b44598e719df9cd549754d0 |
| SHA512 | f5987803e9e79c292a71161c4efa18d3692c4289b107c0dc6627119d20145f73cfbc2906bb8a3b705f22151e43e25a737cce8642f0cc8a31c5f0c1e3dc35da20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\749c3719-3bf8-4475-b829-3256018657a8.tmp
| MD5 | d6fe1197b6caf4f333865e305ef237f2 |
| SHA1 | bd92a8e4604585715b7dc314daa340d0045e1a7c |
| SHA256 | 14ea0883a6a94a367578c84186fc0bdfdea3ec2eb665ffb8a9ca75bf53fad859 |
| SHA512 | 7d5863f371fa3f8b4ccdf7797ad6992368b67ad93a053ccd00fe892a78c71e4043e7b4ecebd497a93bbf64606403dcef949b90d91bd602912a66e61b4607a3a0 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\stub.cs
| MD5 | 255787b7316051d866d8a8a384102c9a |
| SHA1 | 5a9fe0570579b7fe3916ec51abaa6606cf44dd18 |
| SHA256 | 1ffef5d31a2d6dbc01177fcf7835c9d9eeb4334bd39b20ec76eb2be1ba429f3f |
| SHA512 | 3016709d0ca83b58abadf1db647ff313105fa03e738f016cbb6364fa258c1824bfb692117ce325b1189a73242208fbcb58825c0abc022df06b771ed0937594db |
\??\c:\Users\Admin\AppData\Local\Temp\jwg2ksn0\jwg2ksn0.cmdline
| MD5 | 565b3ab1f0b63e1f52c632845c3fc327 |
| SHA1 | b33b8bf64ff32995b22bf21df5b1928a618a048f |
| SHA256 | bca2bb2a8d6046648696cba4505e127cbe752b14400732e311fc65df19da2c64 |
| SHA512 | 16129fb148ca9b29735efb8b758aacf3aaba4052b1f168c73c1ad1ba4831f3c9a67b5e8d1167326d8ae6085dddf76ad79ce41f47f545d840552fb9e518034c2c |
\??\c:\Users\Admin\AppData\Local\Temp\jwg2ksn0\jwg2ksn0.0.cs
| MD5 | 072820c6078217914e9884242158a7f9 |
| SHA1 | 8e4cdc7073e0703a503996d9d349269b49f84384 |
| SHA256 | 0d32afaa254531881d92a121b5ca48a28815b06e15e4a0121a4242cd4183b8f3 |
| SHA512 | ad9baa2c26fdcde57fe2bde60980488bc86e9e41d0c0d407d9cb83c754608bced943e1a342cb4985e7e5a56cbd843338b585ef16a074755a485fe40da42a78bd |
\??\c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\CSCE9A7DD4A20C847F7BDF69947E998C492.TMP
| MD5 | 0684775325dfed2aca9598bf604c8480 |
| SHA1 | 7d18e538fbc60e2adb0377a8e617bf7e15e3cfa9 |
| SHA256 | fdc0efc8a60acb54000c7eebf6fc9b877fe7c5f778d1ad973bca583a1ac2baa1 |
| SHA512 | 8d9cf40b6dafea86b6431543269a25bc811103b3c353c2036e060a89879e9f42b9d2a746c7457dc438200803611441d90b741ce3022b5d4d840fc16b10322cf2 |
C:\Users\Admin\AppData\Local\Temp\RES7E93.tmp
| MD5 | f7ec925981ed383212a1920ee55eebcf |
| SHA1 | d682018601907106b0c5ddd9a87885b416639220 |
| SHA256 | e41ea7a73eb7963e0c5f9c6d07fbc8581efda9af3a47bed62090c03132d39da1 |
| SHA512 | cb83f6edf45d2eb2f7bc2d08a8271f79e5ac8cf2d2b76fb862532bcc444516307fb3a887ccdff7df06ab2e4f50b4fbfb3c7f5452b37fd43d65dd355add27a418 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\xloLGclaxcjpsAh
| MD5 | b0c41149628d43c69eebb6ac4e03abe5 |
| SHA1 | 0aa95f72c1cec4ef9993aee07c6c2ab6c3b003c9 |
| SHA256 | 622e5369bc5c205cbe564b8d094d4760b2f39856587145737b4adabe640cfad4 |
| SHA512 | ddfcfbbaba1539fabe2a94694fb1962707fa578b641dd00a96cabe92693f35f3d6a65be9bd846b087aa3d01594a717a3cf875359e923c968938f89dbe942eb89 |
\??\c:\Users\Admin\AppData\Local\Temp\ufa2f1e2\ufa2f1e2.cmdline
| MD5 | 5f2b48d0d9dc892df9a2ab410e8147bd |
| SHA1 | 68d28635ba33628634f6d9ce56c86dff90b455ab |
| SHA256 | 53bb70ed1ca20342a101fe3781200ce85a9e7df3633f3d5e33b48382a83e6c68 |
| SHA512 | 9d2e675987df6555bc3073ef3c5f88b1cbadf4079b8b8bd1e418e2b6e3e5166da9d984c6b31b855559a25a3726421f8eea4851b559564373ae52dc45e9b7a37c |
\??\c:\Users\Admin\AppData\Local\Temp\ufa2f1e2\ufa2f1e2.0.cs
| MD5 | 0afe6c992b64cbec12518e1793eb51ce |
| SHA1 | 2c439f166e7c21810d1d8c9eb47ad521d9bfbf3b |
| SHA256 | 4bb926afd3b5ac0d6aba92ae37ed80c8a13b0b3305cb7b34125ca23f4e723f6f |
| SHA512 | 97048180c8a923b84e9b1fb64f9167a0fd8aae31cedd06a1aa4dfbedef4bbc67b91e6dd2fb163237285c93b7b923f0de9ef773163085cc33329e887998498b2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a61815136714486f1c8ceefc6b12613 |
| SHA1 | aee1636f40c44eaf979572d852ee5f7d6dd5b132 |
| SHA256 | d57d103f6d479028b283bc9449dad26de66566276cb193b3046f4f00321b43b5 |
| SHA512 | ef064bc875fab33207e2fcebe60b23137915ab0f5de32e84b2c5094bd64a7b09e1399df7377b92b1d4e143abe1e2a947d55320cd4b9fb808c19db1eb20612322 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | be108e5d0a0ff9d873e5913ee981b5a3 |
| SHA1 | f53193c82068887386fd57c8517c0544dae6a90d |
| SHA256 | 287c5db6835b4fb4a3e0c657cdf0461f8fefea4caaf6942061117c56850160cf |
| SHA512 | 52beb3f7975aa2b78b98e638fdad5d1956ea895ebb27e680aa0ec314fb99ed414808a74a4519cece10ad7bba3acc61b350591c3db493d5b06c1f8e093acdf6bc |
\??\c:\Users\Admin\AppData\Local\Temp\c3nhpl5s\c3nhpl5s.cmdline
| MD5 | da446fbd0e8024e6eb6cf7a6c8e18ab6 |
| SHA1 | 65fdff083bf9314c6fd3afed58878b681b79dd15 |
| SHA256 | ac4f7be33404975838dab728fbb534532410c5ee4054316d47f218b4a9b46689 |
| SHA512 | 459554131bad8fc5b12144704a37ca3cbdc6dd0289fad2ee0b168cac769a91108e895592e557a0e80f4a4a1ef4f7274dac9bacdc136ce714f6f60fab13d2595d |
\??\c:\Users\Admin\AppData\Local\Temp\c3nhpl5s\c3nhpl5s.0.cs
| MD5 | 51fe91627d879a23f72341fac34b78fa |
| SHA1 | d51de3525fd5bbbb8759b25e8c565757b9940e0c |
| SHA256 | c039741d7bca184c50cefca0655351e194c13cf45ec4b799d37e02eac72ed223 |
| SHA512 | 96235882600573fd199c2f4bc0eeec57bb175018665b1a577f45d705b773fe24c38a0684accbc31d5c979be93da968cfbbd1f1d741e7b217f05b132ed46bc802 |
\??\c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\xloLGclaxcjpsAh\CSC75A9CA8737A3475399A9DA2ABAA1DB5.TMP
| MD5 | 80b4bbe854dd7bce19235ab117023743 |
| SHA1 | 26b3ad2003046a0c076f12eff468aa204f3132fd |
| SHA256 | 9923b2eca5f90919c12ec6009f51017c3d7025bd1a48ee80a9c2f7e784c20a6c |
| SHA512 | 2818bd5f573b0cdcdbe497753c943d72f9ccd3a7ae19e8a3f434499e83bad020283af9e49b098d017ea61b800a23a776519bce0fd5eec890217c2d6a4941c800 |
C:\Users\Admin\AppData\Local\Temp\RES1BBD.tmp
| MD5 | 3cc8080ba00a00c81eaaeed9f03b30f6 |
| SHA1 | 7bfd94c206f62452a9654f67e8d1a0aaed9f5ff3 |
| SHA256 | 8ab0676a7583361c8f753dc66eb65450943cb80a0e03aeeb48fca721abf5e183 |
| SHA512 | 7afa313b2e4bb73a51f77ae80e24f7749dc305928cbaf62308a92c0acc18cbadb82de501a80d8d2ddef55a90222431fe76905eb75e8b6636edf41ca667529f46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 775b949a25d025c221c93d250cf324e3 |
| SHA1 | 5ce050a579e21cdce31740b923b3cf051eab64ad |
| SHA256 | ccaf2c5208158e6259be5fa99addc5434f66b9cc642dc4f3448959b4cd4b9f00 |
| SHA512 | 71f0baea2b570aad03d67bb82fc892e56f1566b739c89c3d2a9acab00276691ca0531a788aedde9f31be3bbcf3bb3b138dc1bce8fcaaee06a30e4ff8d12fdba4 |
\??\c:\Users\Admin\AppData\Local\Temp\lcemr5tb\lcemr5tb.0.cs
| MD5 | d4c24031188c4827ab3bdb5ce2d080a7 |
| SHA1 | 8c9439ebdf64e93c6f44e21df3494431758a7ae2 |
| SHA256 | b86272b01225f78856cd4d3fa3b00d0b7c58106e3599c00722afb517bdd203b5 |
| SHA512 | 6c7ebc0cc0cd0de100277e1f975c0ec427fc842f3ea5b9a474bd1941ae429be5f14c5a16db7e8b1ccb205b97b3b7bdacf73a8e342d4b7e7802f086ff92436079 |
\??\c:\Users\Admin\AppData\Local\Temp\lcemr5tb\lcemr5tb.cmdline
| MD5 | 154df38a47e2db005b8a0f09acbf082d |
| SHA1 | d880124e586f01f50037b4477a0e1d4699d90af2 |
| SHA256 | fa39c3f36f932b2f2602ac59bf6aa289ad34bc0cead26ec98234da800bc8e17f |
| SHA512 | 8fffe7860ab8ca7f6edeb3596376d0076c3be51cf9c1e68cae208344d03d1eb82e003af333047d287309cb5f98b6b998f98107156603fd2b05d1cca3df25b204 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bbe38475fe53f492ed35bfcce9b54029 |
| SHA1 | 6c42cd54abea8f2941fdea2d3e277329fedea47e |
| SHA256 | ff3d343ede25e9aea22e7aca12c04a4d062eae8da411c150a195ae887988d340 |
| SHA512 | c90e65a3a4a4c150574012d8b0b5701eb237890e68b14160622ed2a40ead85d5b12b496f539b7f6380dbcf56e3b32bf80d3b6530845460daa3bf3e37251b17cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8bddb82a4168451b358f54ba24ea5c3a |
| SHA1 | d55dc6ec9eb9e7819a01ea46ee1e28c4c5d64a29 |
| SHA256 | 08bb3a5f4d7adadc70e11d16ae44ed617834153e01e1ec417ada72619db848b3 |
| SHA512 | 21c14c3383630349211ee75c91662c1fbb2f22c3cc87d1b8de2027423fec989bc0b139397baaaf16b6a122c0e5082e50187f8f866af1e4097eb252770e4087ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 44e0a5d22c33c85c98c7c8ced09789c8 |
| SHA1 | 9a3384346acbdbe5e5ba04eac644e0e486c5fc98 |
| SHA256 | 9e79560f12c6e54b3871d5a3556c8cbf3ad2e8b9132befdd8c794d388490935a |
| SHA512 | d1e8e749e0fc88ef6ffb67609e0541915d9e84351b0016ee63b9b2d341550fa60b5136af436538243b187f8552b7fe70448f677e54844a3eab597c4a55229cf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c1fe0abbc78558aaae17bef990f6d64e |
| SHA1 | 8e38513c47e39b78c4b4ff6bffa57c695f4aa92d |
| SHA256 | de10f7cbe88b2c93d6f1e4138c431db9ef78973d33a64d366a354caa79a21c0f |
| SHA512 | da12dc28666712c5311451735e72d664c2118426bfdcb96d29b42ce1e89bb23f9db3b932cb4cf783980659e226bdf18972ece52db59c3c6de8531f69a8d5ce16 |
memory/4116-660-0x0000000009440000-0x0000000009472000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90575d81aa94627357f063f488765917 |
| SHA1 | 31217324359212079b05b76e0461de50778f6b79 |
| SHA256 | ab6e89c5f34312f3e06ce0c2a3c9244d1abb045a50e46443d65c15fe630320a3 |
| SHA512 | b0921451b0279c7a969ecd5331b4d77146cd35f0184e442460d4ca1981be924c2c9f7c89332f1efbcf0539f05e9dd927b38f49fb0ecae09cc5988d45ae1fe3ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 34ea2190759ffcb0b110c6b05933f02f |
| SHA1 | e5666ec1550c6a5b165988d8d0964231c3011e2d |
| SHA256 | c4aaf206f43000f496573109cd0bd6a8daefdc8d1fe826474758cbcf85800dcc |
| SHA512 | b20be833ba8dd6bb87dc815a0366472c0e007b7866f4f9079d2a83624e1e78274e834e737a28b4aeb6f04e66b81c661e0781a28e1be256d6c5e268b53fdad552 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml
| MD5 | 55a0932d454d5cfbfc511696672cadf4 |
| SHA1 | cfc9e86d86c5cc3f724729dad5a57f4c01092cda |
| SHA256 | 5a6f38ba84a348b2f362f17166c7a7b317456916a0825ccc6daf8fb16dd2be99 |
| SHA512 | 842bf3a0ba87213cda43e0705a95140bad701f7456f03423392099fb0201db817d4b0265769126945b804ac703a3f03a42de28eb68905cef0ac46fb26df7277d |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml
| MD5 | f37f77e1a8313064341af08d95fa7ded |
| SHA1 | bb48540df5cafa3262f8b528371c166cced14c68 |
| SHA256 | b290c6d463ef65920d6fd5e186bf85fef62378f53482d36c6cc39cd79c896f0c |
| SHA512 | 8af4dd56cbc689993faf19d200c3538214b78ce946753fccabb4a121ec4d06acd98167555724affb7ae8a443ac5d69788e4638afca6996679268bd47e318f958 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml
| MD5 | 994a61cb2bb33d2758f3c23d17f28de2 |
| SHA1 | 91f3347cd61bd2327c0320a3188863062b7f8ab9 |
| SHA256 | 8a0a473da6fee5f95608ee025c37d01fa9380d67d967d329b22aac0bd661f10e |
| SHA512 | 33b3faf06a7bec406a259bfe4484777f3a28a471aec56d750b183a6292395e04fdd47f02b182a66b245ad475c79ecf9863224564e5b200d38de8b69e7a7daa57 |
C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml
| MD5 | 8566ca1a5285fd00552aeb7d872e55cb |
| SHA1 | 415879c87dcda8d0838ae54324f3b288005cca31 |
| SHA256 | da7ce476c87313070b8186b6ccac17cb348c691a6e624158153930f10580b352 |
| SHA512 | 3c62d5221edb5c7a26efb9f397e4cc804afd793b637b2e76443ca9475798d831c9cc269fc233e8ffbba7201a954920318a6e66289160531d1dfa7f9b821e2962 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0c65cbc671c03d662b0a1adf0cbc73d |
| SHA1 | 8de6f98ed6893a67cf22b07e3da676ddf3255611 |
| SHA256 | 8ba9e475cac52755af23b59b7d05d90be30952ce4dfef5a5dc374b1eeb75a576 |
| SHA512 | 1f5e1066b15c1acff456e083a80c9c8e14b6c0bef65d1ace3c0879382ba9a3f593bf7076e2c28de5673195b2d5e33572ca8f94ff87ae013c24212e828f3bc0a1 |
memory/3668-827-0x00000000005E0000-0x00000000005EE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80505042939518bba43e6da97d2d6613 |
| SHA1 | 5f02cf421a823cf37d2443dbcc320609ff0e9cca |
| SHA256 | e92b395a6b1126ccb292b2a0421e831c4f58d0954766eb8a1e1994aea4dac64e |
| SHA512 | 841fe428b8627ca434bb8610a7c0e1725cf24b4678d9d91f8799c85717e5b5d8de40806ca55a34a56ef3745cec040837ad0548a5d9d27191890b1364cf196ea9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f9c2ee85a0b26def0584c2eedc6925c |
| SHA1 | e6421cd0250d7e0fdd023ae68613f35bcaf241dd |
| SHA256 | 2dfe2fede9c54f5663b3c772e9eb88b072490d1ae3e4151dfbfef3257fbcf515 |
| SHA512 | 37b10e510ebf68111eb18fbf79b45a896e4b6114a7d5e764e0fa0f74e7588c381b06d9240899ea578b832d36912ef779804050b22bc9b11c8bb37f6bf1a471cb |
memory/3084-977-0x0000000000380000-0x000000000038E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e93d99e351109cc1a50ce3205b2cc6f9 |
| SHA1 | aa33c5877898e8a4b19db1063754a8a536f51141 |
| SHA256 | 8bff333d850f98023ffae01808b52f2e99463eaac92456127597405e01b7f090 |
| SHA512 | 50c38613afaa1c74a2f51b557fe698a75ff16accc627a8182ee01b52065321c0453aa8be61f0a4362c05708586c1b456298ab0053b8f53a20f59ecdd3714624e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 364dbec012585989ce62b87191c2abbb |
| SHA1 | a10cbd5613fb52cd00141c6f3032f264e79951d8 |
| SHA256 | d9d21dcb14475a55f06b253827ba572866dbf898484fa0cab3f567f91dec2485 |
| SHA512 | 43a62f847d228e479d902dda53a40f81051198bacabb0ad26c08459da030c4d05341020349ca9afa110a4e1186becf11bdcef14adb53e6a7d45d8c60dc389c1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc42197eb9fbf0bc45bb68ac0223ed66 |
| SHA1 | 818d12ba9aa5ae03fd5bba295f90d6409fd4115c |
| SHA256 | e30fbc6bb3fa6fbad6e8438df1a5e09ee6d76a740214f3d31999c6d9a2306a4f |
| SHA512 | 944a0c04efed216eb333d68ebfe0ab7648a79cc109f321e2027ae7bd1052bc99f395693d758a063e1c34c8dd850ee5d05a6697e331847b519424c9305bc0406d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f6fa4f23c8541402d0dbd514e43f10cc |
| SHA1 | 30e8fcbf1f635b08af9edf81058f432f24496bac |
| SHA256 | 1a8302a7ae2f73927ea85f0559943ebca3e519f7d3b52a24a6372eca80d0fba7 |
| SHA512 | 3d438c61afd2d348f22501cd29cfd87d18cc6a59fecb5beec7e87ff4a7faf71d9a2a58b17d4624fc29cde654d0650756473438ea6af235ec91a98600cdf713bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 366d5e300dfd5b17f8179320ca59994b |
| SHA1 | 3c6bbe6ef499f676169009e691ae5a9b83e3a60f |
| SHA256 | 03d135b0c295f248d99555db78f5f421ba0a00d50b82a04fb3044c4270d7a9ab |
| SHA512 | 4e2d0c1ad0325901c0482b97f3909461e1384f37ca2e26102eb3e3c5097cb8de300329c857a60a7b4aea78d94a0057b3a5601367532ef08a11a6f0ee86d36e5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d619dc4191767ae521556dd786008ba |
| SHA1 | 8f9eca955cdfb7e675f61391cc41fd518d06a082 |
| SHA256 | 02de07e603f532958ac7f667c66b49f0f5f391192dd22abef97b0645b0ca69b3 |
| SHA512 | 36394a7b6249eaa54d3cc91b96eb206e2ee7d85638b4df6a9cd0ec643f959829b3fc140587c34935e3ed8864b088b5996ee35cbf0ba5aa9a1cb8d9d7416c7885 |