Malware Analysis Report

2025-03-15 01:12

Sample ID 250222-pcs8hawnbq
Target test.txt
SHA256 d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
Tags
silverrat agilenet defense_evasion discovery trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

Threat Level: Known bad

The file test.txt was found to be: Known bad.

Malicious Activity Summary

silverrat agilenet defense_evasion discovery trojan

SilverRat

Silverrat family

Sets file to hidden

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Delays execution with timeout.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Views/modifies file attributes

Checks processor information in registry

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-22 12:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-22 12:11

Reported

2025-02-22 12:20

Platform

win11-20250217-en

Max time kernel

526s

Max time network

530s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt

Signatures

SilverRat

trojan silverrat

Silverrat family

silverrat

Sets file to hidden

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A
N/A N/A C:\Windows\System32\attrib.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846999568134591" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002db47f8e7b81db01a63fd7f08281db01a63fd7f08281db0114000000 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000100000002000000ffffffff C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Silver Rat [Re Lab].7z:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A
N/A N/A C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1420 wrote to memory of 904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 1420 wrote to memory of 904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3236 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 2756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 3500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 3500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3236 wrote to memory of 1084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\attrib.exe N/A
N/A N/A C:\Windows\System32\attrib.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffd36c6cc40,0x7ffd36c6cc4c,0x7ffd36c6cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1812 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4376,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4592 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5148,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4900,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4400,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5228,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4816,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5336,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5352 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004E0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5536,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4604 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\" -ad -an -ai#7zMap23492:98:7zEvent12031

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5560,i,9905388308493300732,658501991460690992,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=580 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jwg2ksn0\jwg2ksn0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7E93.tmp" "c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\CSCE9A7DD4A20C847F7BDF69947E998C492.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ufa2f1e2\ufa2f1e2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\c3nhpl5s\c3nhpl5s.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1BBD.tmp" "c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\xloLGclaxcjpsAh\CSC75A9CA8737A3475399A9DA2ABAA1DB5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lcemr5tb\lcemr5tb.cmdline"

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\odkb1sax\odkb1sax.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB1AF.tmp" "c:\Users\Admin\Desktop\CSCDBB4B0ABF7ED46C887807530636E89F2.TMP"

C:\Users\Admin\Desktop\SilverClient.exe

"C:\Users\Admin\Desktop\SilverClient.exe"

C:\Windows\System32\attrib.exe

"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\ddddd"

C:\Windows\System32\attrib.exe

"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\ddddd\$77ddd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpCCF7.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

C:\Users\Admin\ddddd\$77ddd.exe

"C:\Users\Admin\ddddd\$77ddd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n1jb1w0d\n1jb1w0d.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1991.tmp" "c:\Users\Admin\Desktop\CSC9CCF4F909925477D877712A934295472.TMP"

C:\Users\Admin\Desktop\SilverClient2.exe

"C:\Users\Admin\Desktop\SilverClient2.exe"

C:\Users\Admin\Desktop\SilverClient2.exe

"C:\Users\Admin\Desktop\SilverClient2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kooz1zmn\kooz1zmn.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7BE0.tmp" "c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\CSCA4BED9FE15564B74A2D76242476FCAC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\thocbnyv\thocbnyv.cmdline"

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe"

Network

Country Destination Domain Proto
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.179.238:443 clients2.google.com udp
GB 142.250.179.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 104.20.3.235:443 pastebin.com tcp
US 104.20.3.235:443 pastebin.com tcp
GB 142.250.200.4:443 www.google.com udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
LU 31.216.145.5:443 mega.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
LU 89.44.169.132:443 g.megaad.nz tcp
N/A 127.0.0.1:6341 tcp
LU 89.44.168.198:443 gfs270n148.userstorage.mega.co.nz tcp
LU 89.44.168.198:443 gfs270n148.userstorage.mega.co.nz tcp
LU 89.44.168.198:443 gfs270n148.userstorage.mega.co.nz tcp
LU 89.44.168.198:443 gfs270n148.userstorage.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 89.44.168.198:443 gfs270n148.userstorage.mega.co.nz tcp
LU 89.44.168.198:443 gfs270n148.userstorage.mega.co.nz tcp
FR 185.206.26.37:443 gfs208n127.userstorage.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
DE 144.76.136.153:443 transfer.sh tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:9999 tcp
DE 144.76.136.153:443 transfer.sh tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp
N/A 127.0.0.1:9999 tcp

Files

\??\pipe\crashpad_3236_XZFCOANLCPGWJMDP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 099775f19a1788b5d5a8899d92d9db7b
SHA1 b3a073da8eeccc9690d35f6b87015ed7180b3286
SHA256 e937cf085ad17253f50e69576cef2c7d8df0a668eebbac083da29f5e34ae9bd3
SHA512 b035faec4d1fa8252cec24b459f8df6e1d73c9102c5619f1e51fec0c63ae6d39989b52c5a62a64fb84dd48abd50275d62d401e89a8fb6eb6fd422b82ea7ac0c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdc6c8c3e18b05fdbc483d1a6eb16bd4
SHA1 b8a1b28f0e56cfd0dd64b4b451b5f150a7390434
SHA256 eeb8518035d975e91bee281d20ce33eedb0ce63c8e8ae3b50fff750c171fa6c8
SHA512 df9910b78aa4a8107e092cfaaae831ea626b60a78c93455ef2246721bbb804ffd181e723090817bfa97da9e07e9c6025af672d6f63dc006ece4bb7abd78e760e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a06c207e64439889dd06082a0674d90
SHA1 cd4fbd5daad5330d3db93186ab390e6172f5c7d5
SHA256 35eaa9f1a292c37bf55c442fe3939fa681bc3509b7df0c757b446172993d8f4d
SHA512 0a4db355963cb5dc85fe5891b3c22efa777e8060fec36cffc0ced50253393844c8549765095e21f91f520df8672a1f74ad106b2b92bf0abc3bc64bf00f2e55e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4cbfcd0d-d9b8-4a64-aa4b-7ce6c436b937.tmp

MD5 78c62f2d6dd56532bb88589ed204681a
SHA1 ac7c51f1fc1167be6ca2e8c7656cc1c7e640bc7c
SHA256 583663417a18a6cfd635f63cf2b684ae02184fc0c3e36647722a8c26b00b0256
SHA512 cb8fc491d626e58435f4b1e5513b1a73912dc9c6efd2dc66eaa77f668db92aee5f49b72d6c9db7ee5987f5a02f076bb0c08a151777b7294711c3b15bbe385881

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdbb1082a0e9f60bf05f04226c7c08df
SHA1 643cf77cd42580b67f4ab373f4fa6c3ec969cf35
SHA256 5fb720d202e0fdd790eab5498948f40c45bcc91e2072d6f7219c47294248e51e
SHA512 efc06f7452c5b71996861a29fb33d7c7019dd1cb7a3876dc8a4e8f046f5650c0ba6eed591b313f73b36241cb8f1d141744c5b5cae0fb6d6a9d30ee2698216d65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb78458855b82bf4c8c459599802e31c
SHA1 109def1318c0ff2a973dba38d4d15f5765c72b4b
SHA256 51f6645b84834abff18f6639b2a2011a48fe1175635b127cc62e5eb59d821d3d
SHA512 151035710405b408552c7cbddc4e243bfbc2114155e4b833ab803d5768b4dcb100d16a12bcdbc15781d01dd986f0ddbba67a5ff20b44e3b6a921c39092f1b800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4e89e32c8427bd68607b782b798da3d4
SHA1 25c1997dd1d27dd94c16d6be1e79aa1ec4913025
SHA256 7b45a597657c38a15a6287575934026c20407644bbc532826b81aec6d8392ec7
SHA512 17d4482351ec80b500f5042cfaa84ccb3fdf3ebd84bc550cc415d8e5ee68a06454ffc411930d6b8d276b5577ca777bd0b12e041cafc8f9b5ba4653de1b0d5475

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5711f8895a7c5959ee2445882d926d83
SHA1 02ab511354d0cb11953454fc8062798a7b627ea6
SHA256 e62a6ea618903f8a1e12e7362cb9ab48912fc4091f57c0d0cdb6ed89732546f1
SHA512 7a15f7593624437184ff0f2a99f84fd513f18a45da74431989f87c0209c509e46510f870a05784366793848f507bbcff993df138f49e5dff5e6e7ef31e6822b5

C:\Users\Admin\Downloads\Silver Rat [Re Lab].7z:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 522e87d616cf434d84263036845e3d7a
SHA1 39d5de3653e0a361b8e044863704c50b3c108b8b
SHA256 5c5b75d4026ecefdcfd310e14a71e76d39216bb259daf7ea46f2cb7f3f2e9025
SHA512 196be999722c790f779d26f2fe0db55ac8545709235e3d4e2414f64a36f262a31c137c560ea35138bfb6e0a827104d78d9a47b184c884877ad656ebf89c1c847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 33923119fe9f9ab50db861e94940d985
SHA1 0c8c030110a7153e7ef9f2d4f7cccae608518a8d
SHA256 1d7b94c9f2380399d034a512c660bf8ffcde978346b99ff68a5a47805f528162
SHA512 e5b645c39b73b384d2ba9b57ff39f590ff83cd1670d5daccdaea964c60e9fd5e47c739da28fd8e0c5a55e4f52569ce404e3f17d573aeecf8f2f251fa24bf5747

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d845ef7c8f8824bfa7819df53847fb50
SHA1 8f15c5c30a417d47ff7891caa6cb7c8681dc402e
SHA256 8c69ca9c166e6209126550d575e1b3ff847b5ea5eccdc0871f19f4bc3a3f0abf
SHA512 f2c831e1eb9383f1f7fc5e685a1b9362f46402318a218223d3e1a6cc3cb49cf6736530687364744bdb38e584f3c9a01d9f77fc115a5efbad40b9927023c65bf8

C:\Users\Admin\Downloads\Silver Rat [Re Lab].7z

MD5 f06813aa321c43a69a04904cfa735a44
SHA1 820a0f9f4c00af6ce2583218019ad14a5c5592e2
SHA256 a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d
SHA512 72551e22ba2db4759ad905f92f407f7e8266e363aa8627a56d8bcaea83a69a96466269358a034e626581f24c2417fa98bb0bb57472f96c2ea39b2708edaa5bb8

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe

MD5 d6527f7d5f5152c3f5fff6786e5c1606
SHA1 e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA256 79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA512 2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\SilverRat.exe.config

MD5 d6f1152d647b57f64494c3e1d32ede94
SHA1 a35bd77be82c79a034660df07270467ee109f5ac
SHA256 a47f3f83cdb9816f03632833dc361ac5e7a4c5c923af1fdebfa16303f9d68a72
SHA512 699b5ad93d3497348f8aad8e15d54ddd789bbac43f11a7fb629f19cda3749bee0ae06dc83f4e6246df631488169fda5d15c48585581d3a96d2523b8b45e639bd

memory/4960-343-0x0000000000E70000-0x000000000279E000-memory.dmp

memory/4960-344-0x00000000078B0000-0x0000000007E56000-memory.dmp

memory/4960-345-0x0000000007300000-0x0000000007392000-memory.dmp

memory/4960-349-0x0000000007E60000-0x0000000007FD6000-memory.dmp

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\guna.ui2.dll

MD5 acec68d05e0b9b6c34a24da530dc07b2
SHA1 015eb32aad6f5309296c3a88f0c5ab1ba451d41e
SHA256 bf72939922afa2cd17071f5170b4a82d05bceb1fc33ce29cdfbc68dbb97f0277
SHA512 d68d3ac62319178d3bc27a0f1e1762fc814a4da65156db90ae17284a99e5d9909e9e6348a4ff9ef0b92a46ba2033b838b75313307b46ab72dc0aab9641e4f700

memory/4960-353-0x0000000008130000-0x0000000008280000-memory.dmp

memory/4960-357-0x0000000007FE0000-0x000000000802E000-memory.dmp

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\bunifu.ui.winforms.1.5.3.dll

MD5 c1d51a0e747c9d6156410cb3c5b97a60
SHA1 86312cba2eb3495cc6bec66d54d4ab88596275d8
SHA256 6937052b86bc251be510b110e08fc5089d3bd687ce2333a85ea6d5c2c09b437a
SHA512 a8d7b2e5555c01076e8dd744d21d8cd901aaffad052af0e8c22269e8c2f765019422ed245368a64d64157652a0e4fcab1a889086fde4e139b4ccf5f7bad08222

memory/4960-361-0x0000000008580000-0x00000000087D2000-memory.dmp

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\cgeoip.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\bunifu.ui.winforms.dll

MD5 686833fccd95b4f5c8d7695a2d45955d
SHA1 882f60ea47f536c1f01da0f5767dfe5d569fc011
SHA256 578cbcfb7a01234907fb6314918efd23a502882c79d0ee3c2e7d4ae0cf63ebc2
SHA512 8bb3a8741b73ad7c280de31905dbfc449c2d6f538b8feca232201c7079f917c4291936211632bcdf17c95d6cf5d9b97df2cdd21c57af6cbff486ea7691ff3bc1

memory/4960-362-0x0000000008560000-0x000000000856A000-memory.dmp

memory/4960-363-0x0000000008C90000-0x0000000008CC2000-memory.dmp

memory/4960-364-0x0000000009590000-0x000000000962C000-memory.dmp

memory/4960-368-0x0000000009AA0000-0x0000000009BEE000-memory.dmp

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Bunifu.Licensing.dll

MD5 c18a9e44e200c7315a1868caab894293
SHA1 18f65508762d2492f41b22e4e6e5ad19a2226baa
SHA256 661a5be944dc9fb2e0eba01c3c0584feb3ecca44877d77f54d0f409ce801af22
SHA512 9a5e08bb6ed4535ac92ca446b630b29587cb5a4d7d695234a5d93267d2ac13d702b3738ba0e20606f10020e9642e8e315e7ddc92f1c321b68daf8524a3f5f2d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a32598eee67a45080da91dcc30096018
SHA1 ce6694844c4b4c9f4189da3ee5dfc79daa754bf5
SHA256 753cae7c38ddeaf579b561519ed601bb1d5ccead150cc6c0df9d52cd510ecbf5
SHA512 5c3070170c6fc5379d15483cbc6bec20d6ff1ed0aeb36b88e51a13a31bd9436642412705dad30d38df0477ab4249d0b27016c335c7c33671fa05b56c6cec1d75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3b3a6cf6b79662f2419c7eb978abb5dd
SHA1 f6c3f4b8eb92516e8f468395eade41f297a47ada
SHA256 99190abd3923f749c2b4d0faab52b4ee64b159f52371555f04a89c64d5b82597
SHA512 574f9fbb5ccb339a30b7933ee017b1fd84600d202c0d11e1ee3028a2613d682a66ec0daacd7c6867a55955ca61b13ee317d6877d50aa02966012a960aeeaee9f

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\SocketPort.xml

MD5 5f807862258a390b2e2f75abb6d2c865
SHA1 22abc144aa034c6490cbf143a8f1cdd42bd06d1b
SHA256 7b87c31f6d1163fc236651f5e1f3187cfa0c79d4a85d20c1c05f1dc3056c4823
SHA512 b831e4b2eeec23e39544961cef6619c8d57c50b53dc6bad8846682df6f5252041f50ce33cbe182488288d6d5e2e3e5194055ee4143ceb09f9601ed49d39dba39

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 3fcd4ac4720febae7ed0b81913daaf1c
SHA1 7d2ec4090023cc93a453c65782c78fe9bcf5afbd
SHA256 b4b7d0f7878a60e5d641443a7d4720e178568e6febbb38a243d3b9fb8a30842b
SHA512 c6a5c5c5d17d2e56fd2fde8705062a8916673ec5557ef9f30c9f62c67877c72f5b8e4528a3a8a8ec24f74e5c52ed385442483606b13972bcc645257a5826f2ca

C:\Users\Admin\AppData\Local\Temp\TmpAF41.tmp

MD5 e1a48ec781542ab4f0d3a3368b2a1d05
SHA1 a35670f07e5320a1591a55d903b35dcdd1d224a1
SHA256 f41d8818774f3ec0bf936e564f50008b46f5e4060edaab3bd72ffa389fb9ef21
SHA512 d3e756d8b321d38962a7b36af617d152e9bfd499b31f1630a24ada435715ad81a29ab73e4ab4aa21bbc9029b4177a943303e7df922bf375c2583607cb6f6566a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b8dbdb48a2b79fd22464a002d6af30e
SHA1 bb6759549b7d5d5c389253bb8bd0343a7acbf1e5
SHA256 8dc67f6a5a8cf939e27e4f302e2b5d64b5104989a75b880e92c47c6bcec47049
SHA512 38b2fbba0e080da0a23caf0225f12b0f3278e9a4fe4dffb99e66c1b1020361f851b5094ea307313ba8736942289acd1bc5ee64a45bca2bac13471ff310b817d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6412597e08c5ccb1981a3ce1eed220e
SHA1 dd01208cdd28cd1c907d1670d6a1a450360264ad
SHA256 27c85fa57d32aa3843f5ee7b823696cb3fed2d0d9b4f00e147882017367fd007
SHA512 a89df287280fcbcd96f72e9072dde10d0a8e58b6600afe828e11e57cf8ccc71a068cbd595a120731f477e055e6287f518bf44e9e8d498d97948502c9dc314a8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 955b5442d43579a804aa52d56aa69da7
SHA1 5d73c8d4ff4a96210e9b8b610b8e79aaae0110ba
SHA256 c7d5e54fc4dd3496ac5a9e7d56757f60f38117b7e1285c8e9ea23dba9eb8b55e
SHA512 da419c6af51b0182cf761a7f60e2f8021be0edb906a96b6087144abd2923b40a0c52079e467e14f4a22718579d306dfdc15e5190723ad3309fa9554587d3198d

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e00deb745dbef93492ede3a7e3232125
SHA1 c0538950281da3a1130e1d91f4dff6d04bf4b90e
SHA256 b4d72e8b63094d6ad24d7f14c20c6c89062d6fed909d98d78ec88c78f02e350e
SHA512 674c59b9b2e6c7382db5b3294ebe3ff971837f85190c14e72ac05470e4f3c776844390d841781d14e817a88c36a0f9ee874d68d59bce2310e016819a5e0bbea3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f6b95ba7b3675487ef769b709cf36736
SHA1 08a1a7f66df9d9a92ea86efc2b60a356dc8c5ef3
SHA256 0e33ef00fff08a18fdb14b0406f88cfb9a64812c920696870b71dcb62029ebf2
SHA512 8b546d9ed418fc9c40d0a68c455224eebdc89fc36b96be4f114880bd44d3e0d845588aa14aff9e003b05d6bd349402619b65dd2f8fdd14f7cef4bbd21c1fe9e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0668141731c9df0ea3c44ddee53a5821
SHA1 676bd548b1eed2cf374099999228aa082f061264
SHA256 df5357296e1d510abb183ba3134ee540458521ece76bbce444f46a8ffa7a22de
SHA512 315da830016881c2b05837c4c1e0301ffc8559746176423b16afb44684730088f9ccabf4ebae34f81ae0545ebb292c625b75551e96144623157e52f9b064b642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec36a63b4f50994d72afdb97c03f841b
SHA1 1a57c0703827602ce2a915f933d2c4ef7c697abb
SHA256 35e13730cccb6e9651cb4ce6eda36d33762004600a21f416394ab396a43f61e4
SHA512 ca44bd196cbc2fb5cbac49eeeb9cabe6b72a07fdc2bdf581258ca83ac24e0d229764960a7c631b42d1aea4508e99cea4ac121167d09c6b930869800a5be48c97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e03168a03de7cd04abe1c0281e3fc5c
SHA1 3dd4d961835024068c7b09f8cfcb40c6e2fd4072
SHA256 3ce3d59050a3a50e1db1a1526ab11a070bee73525b44598e719df9cd549754d0
SHA512 f5987803e9e79c292a71161c4efa18d3692c4289b107c0dc6627119d20145f73cfbc2906bb8a3b705f22151e43e25a737cce8642f0cc8a31c5f0c1e3dc35da20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\749c3719-3bf8-4475-b829-3256018657a8.tmp

MD5 d6fe1197b6caf4f333865e305ef237f2
SHA1 bd92a8e4604585715b7dc314daa340d0045e1a7c
SHA256 14ea0883a6a94a367578c84186fc0bdfdea3ec2eb665ffb8a9ca75bf53fad859
SHA512 7d5863f371fa3f8b4ccdf7797ad6992368b67ad93a053ccd00fe892a78c71e4043e7b4ecebd497a93bbf64606403dcef949b90d91bd602912a66e61b4607a3a0

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\stub.cs

MD5 255787b7316051d866d8a8a384102c9a
SHA1 5a9fe0570579b7fe3916ec51abaa6606cf44dd18
SHA256 1ffef5d31a2d6dbc01177fcf7835c9d9eeb4334bd39b20ec76eb2be1ba429f3f
SHA512 3016709d0ca83b58abadf1db647ff313105fa03e738f016cbb6364fa258c1824bfb692117ce325b1189a73242208fbcb58825c0abc022df06b771ed0937594db

\??\c:\Users\Admin\AppData\Local\Temp\jwg2ksn0\jwg2ksn0.cmdline

MD5 565b3ab1f0b63e1f52c632845c3fc327
SHA1 b33b8bf64ff32995b22bf21df5b1928a618a048f
SHA256 bca2bb2a8d6046648696cba4505e127cbe752b14400732e311fc65df19da2c64
SHA512 16129fb148ca9b29735efb8b758aacf3aaba4052b1f168c73c1ad1ba4831f3c9a67b5e8d1167326d8ae6085dddf76ad79ce41f47f545d840552fb9e518034c2c

\??\c:\Users\Admin\AppData\Local\Temp\jwg2ksn0\jwg2ksn0.0.cs

MD5 072820c6078217914e9884242158a7f9
SHA1 8e4cdc7073e0703a503996d9d349269b49f84384
SHA256 0d32afaa254531881d92a121b5ca48a28815b06e15e4a0121a4242cd4183b8f3
SHA512 ad9baa2c26fdcde57fe2bde60980488bc86e9e41d0c0d407d9cb83c754608bced943e1a342cb4985e7e5a56cbd843338b585ef16a074755a485fe40da42a78bd

\??\c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\CSCE9A7DD4A20C847F7BDF69947E998C492.TMP

MD5 0684775325dfed2aca9598bf604c8480
SHA1 7d18e538fbc60e2adb0377a8e617bf7e15e3cfa9
SHA256 fdc0efc8a60acb54000c7eebf6fc9b877fe7c5f778d1ad973bca583a1ac2baa1
SHA512 8d9cf40b6dafea86b6431543269a25bc811103b3c353c2036e060a89879e9f42b9d2a746c7457dc438200803611441d90b741ce3022b5d4d840fc16b10322cf2

C:\Users\Admin\AppData\Local\Temp\RES7E93.tmp

MD5 f7ec925981ed383212a1920ee55eebcf
SHA1 d682018601907106b0c5ddd9a87885b416639220
SHA256 e41ea7a73eb7963e0c5f9c6d07fbc8581efda9af3a47bed62090c03132d39da1
SHA512 cb83f6edf45d2eb2f7bc2d08a8271f79e5ac8cf2d2b76fb862532bcc444516307fb3a887ccdff7df06ab2e4f50b4fbfb3c7f5452b37fd43d65dd355add27a418

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\xloLGclaxcjpsAh

MD5 b0c41149628d43c69eebb6ac4e03abe5
SHA1 0aa95f72c1cec4ef9993aee07c6c2ab6c3b003c9
SHA256 622e5369bc5c205cbe564b8d094d4760b2f39856587145737b4adabe640cfad4
SHA512 ddfcfbbaba1539fabe2a94694fb1962707fa578b641dd00a96cabe92693f35f3d6a65be9bd846b087aa3d01594a717a3cf875359e923c968938f89dbe942eb89

\??\c:\Users\Admin\AppData\Local\Temp\ufa2f1e2\ufa2f1e2.cmdline

MD5 5f2b48d0d9dc892df9a2ab410e8147bd
SHA1 68d28635ba33628634f6d9ce56c86dff90b455ab
SHA256 53bb70ed1ca20342a101fe3781200ce85a9e7df3633f3d5e33b48382a83e6c68
SHA512 9d2e675987df6555bc3073ef3c5f88b1cbadf4079b8b8bd1e418e2b6e3e5166da9d984c6b31b855559a25a3726421f8eea4851b559564373ae52dc45e9b7a37c

\??\c:\Users\Admin\AppData\Local\Temp\ufa2f1e2\ufa2f1e2.0.cs

MD5 0afe6c992b64cbec12518e1793eb51ce
SHA1 2c439f166e7c21810d1d8c9eb47ad521d9bfbf3b
SHA256 4bb926afd3b5ac0d6aba92ae37ed80c8a13b0b3305cb7b34125ca23f4e723f6f
SHA512 97048180c8a923b84e9b1fb64f9167a0fd8aae31cedd06a1aa4dfbedef4bbc67b91e6dd2fb163237285c93b7b923f0de9ef773163085cc33329e887998498b2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a61815136714486f1c8ceefc6b12613
SHA1 aee1636f40c44eaf979572d852ee5f7d6dd5b132
SHA256 d57d103f6d479028b283bc9449dad26de66566276cb193b3046f4f00321b43b5
SHA512 ef064bc875fab33207e2fcebe60b23137915ab0f5de32e84b2c5094bd64a7b09e1399df7377b92b1d4e143abe1e2a947d55320cd4b9fb808c19db1eb20612322

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be108e5d0a0ff9d873e5913ee981b5a3
SHA1 f53193c82068887386fd57c8517c0544dae6a90d
SHA256 287c5db6835b4fb4a3e0c657cdf0461f8fefea4caaf6942061117c56850160cf
SHA512 52beb3f7975aa2b78b98e638fdad5d1956ea895ebb27e680aa0ec314fb99ed414808a74a4519cece10ad7bba3acc61b350591c3db493d5b06c1f8e093acdf6bc

\??\c:\Users\Admin\AppData\Local\Temp\c3nhpl5s\c3nhpl5s.cmdline

MD5 da446fbd0e8024e6eb6cf7a6c8e18ab6
SHA1 65fdff083bf9314c6fd3afed58878b681b79dd15
SHA256 ac4f7be33404975838dab728fbb534532410c5ee4054316d47f218b4a9b46689
SHA512 459554131bad8fc5b12144704a37ca3cbdc6dd0289fad2ee0b168cac769a91108e895592e557a0e80f4a4a1ef4f7274dac9bacdc136ce714f6f60fab13d2595d

\??\c:\Users\Admin\AppData\Local\Temp\c3nhpl5s\c3nhpl5s.0.cs

MD5 51fe91627d879a23f72341fac34b78fa
SHA1 d51de3525fd5bbbb8759b25e8c565757b9940e0c
SHA256 c039741d7bca184c50cefca0655351e194c13cf45ec4b799d37e02eac72ed223
SHA512 96235882600573fd199c2f4bc0eeec57bb175018665b1a577f45d705b773fe24c38a0684accbc31d5c979be93da968cfbbd1f1d741e7b217f05b132ed46bc802

\??\c:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Resources\xloLGclaxcjpsAh\CSC75A9CA8737A3475399A9DA2ABAA1DB5.TMP

MD5 80b4bbe854dd7bce19235ab117023743
SHA1 26b3ad2003046a0c076f12eff468aa204f3132fd
SHA256 9923b2eca5f90919c12ec6009f51017c3d7025bd1a48ee80a9c2f7e784c20a6c
SHA512 2818bd5f573b0cdcdbe497753c943d72f9ccd3a7ae19e8a3f434499e83bad020283af9e49b098d017ea61b800a23a776519bce0fd5eec890217c2d6a4941c800

C:\Users\Admin\AppData\Local\Temp\RES1BBD.tmp

MD5 3cc8080ba00a00c81eaaeed9f03b30f6
SHA1 7bfd94c206f62452a9654f67e8d1a0aaed9f5ff3
SHA256 8ab0676a7583361c8f753dc66eb65450943cb80a0e03aeeb48fca721abf5e183
SHA512 7afa313b2e4bb73a51f77ae80e24f7749dc305928cbaf62308a92c0acc18cbadb82de501a80d8d2ddef55a90222431fe76905eb75e8b6636edf41ca667529f46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 775b949a25d025c221c93d250cf324e3
SHA1 5ce050a579e21cdce31740b923b3cf051eab64ad
SHA256 ccaf2c5208158e6259be5fa99addc5434f66b9cc642dc4f3448959b4cd4b9f00
SHA512 71f0baea2b570aad03d67bb82fc892e56f1566b739c89c3d2a9acab00276691ca0531a788aedde9f31be3bbcf3bb3b138dc1bce8fcaaee06a30e4ff8d12fdba4

\??\c:\Users\Admin\AppData\Local\Temp\lcemr5tb\lcemr5tb.0.cs

MD5 d4c24031188c4827ab3bdb5ce2d080a7
SHA1 8c9439ebdf64e93c6f44e21df3494431758a7ae2
SHA256 b86272b01225f78856cd4d3fa3b00d0b7c58106e3599c00722afb517bdd203b5
SHA512 6c7ebc0cc0cd0de100277e1f975c0ec427fc842f3ea5b9a474bd1941ae429be5f14c5a16db7e8b1ccb205b97b3b7bdacf73a8e342d4b7e7802f086ff92436079

\??\c:\Users\Admin\AppData\Local\Temp\lcemr5tb\lcemr5tb.cmdline

MD5 154df38a47e2db005b8a0f09acbf082d
SHA1 d880124e586f01f50037b4477a0e1d4699d90af2
SHA256 fa39c3f36f932b2f2602ac59bf6aa289ad34bc0cead26ec98234da800bc8e17f
SHA512 8fffe7860ab8ca7f6edeb3596376d0076c3be51cf9c1e68cae208344d03d1eb82e003af333047d287309cb5f98b6b998f98107156603fd2b05d1cca3df25b204

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbe38475fe53f492ed35bfcce9b54029
SHA1 6c42cd54abea8f2941fdea2d3e277329fedea47e
SHA256 ff3d343ede25e9aea22e7aca12c04a4d062eae8da411c150a195ae887988d340
SHA512 c90e65a3a4a4c150574012d8b0b5701eb237890e68b14160622ed2a40ead85d5b12b496f539b7f6380dbcf56e3b32bf80d3b6530845460daa3bf3e37251b17cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bddb82a4168451b358f54ba24ea5c3a
SHA1 d55dc6ec9eb9e7819a01ea46ee1e28c4c5d64a29
SHA256 08bb3a5f4d7adadc70e11d16ae44ed617834153e01e1ec417ada72619db848b3
SHA512 21c14c3383630349211ee75c91662c1fbb2f22c3cc87d1b8de2027423fec989bc0b139397baaaf16b6a122c0e5082e50187f8f866af1e4097eb252770e4087ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44e0a5d22c33c85c98c7c8ced09789c8
SHA1 9a3384346acbdbe5e5ba04eac644e0e486c5fc98
SHA256 9e79560f12c6e54b3871d5a3556c8cbf3ad2e8b9132befdd8c794d388490935a
SHA512 d1e8e749e0fc88ef6ffb67609e0541915d9e84351b0016ee63b9b2d341550fa60b5136af436538243b187f8552b7fe70448f677e54844a3eab597c4a55229cf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1fe0abbc78558aaae17bef990f6d64e
SHA1 8e38513c47e39b78c4b4ff6bffa57c695f4aa92d
SHA256 de10f7cbe88b2c93d6f1e4138c431db9ef78973d33a64d366a354caa79a21c0f
SHA512 da12dc28666712c5311451735e72d664c2118426bfdcb96d29b42ce1e89bb23f9db3b932cb4cf783980659e226bdf18972ece52db59c3c6de8531f69a8d5ce16

memory/4116-660-0x0000000009440000-0x0000000009472000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90575d81aa94627357f063f488765917
SHA1 31217324359212079b05b76e0461de50778f6b79
SHA256 ab6e89c5f34312f3e06ce0c2a3c9244d1abb045a50e46443d65c15fe630320a3
SHA512 b0921451b0279c7a969ecd5331b4d77146cd35f0184e442460d4ca1981be924c2c9f7c89332f1efbcf0539f05e9dd927b38f49fb0ecae09cc5988d45ae1fe3ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34ea2190759ffcb0b110c6b05933f02f
SHA1 e5666ec1550c6a5b165988d8d0964231c3011e2d
SHA256 c4aaf206f43000f496573109cd0bd6a8daefdc8d1fe826474758cbcf85800dcc
SHA512 b20be833ba8dd6bb87dc815a0366472c0e007b7866f4f9079d2a83624e1e78274e834e737a28b4aeb6f04e66b81c661e0781a28e1be256d6c5e268b53fdad552

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 55a0932d454d5cfbfc511696672cadf4
SHA1 cfc9e86d86c5cc3f724729dad5a57f4c01092cda
SHA256 5a6f38ba84a348b2f362f17166c7a7b317456916a0825ccc6daf8fb16dd2be99
SHA512 842bf3a0ba87213cda43e0705a95140bad701f7456f03423392099fb0201db817d4b0265769126945b804ac703a3f03a42de28eb68905cef0ac46fb26df7277d

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 f37f77e1a8313064341af08d95fa7ded
SHA1 bb48540df5cafa3262f8b528371c166cced14c68
SHA256 b290c6d463ef65920d6fd5e186bf85fef62378f53482d36c6cc39cd79c896f0c
SHA512 8af4dd56cbc689993faf19d200c3538214b78ce946753fccabb4a121ec4d06acd98167555724affb7ae8a443ac5d69788e4638afca6996679268bd47e318f958

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 994a61cb2bb33d2758f3c23d17f28de2
SHA1 91f3347cd61bd2327c0320a3188863062b7f8ab9
SHA256 8a0a473da6fee5f95608ee025c37d01fa9380d67d967d329b22aac0bd661f10e
SHA512 33b3faf06a7bec406a259bfe4484777f3a28a471aec56d750b183a6292395e04fdd47f02b182a66b245ad475c79ecf9863224564e5b200d38de8b69e7a7daa57

C:\Users\Admin\Downloads\Silver Rat [Re Lab]\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 8566ca1a5285fd00552aeb7d872e55cb
SHA1 415879c87dcda8d0838ae54324f3b288005cca31
SHA256 da7ce476c87313070b8186b6ccac17cb348c691a6e624158153930f10580b352
SHA512 3c62d5221edb5c7a26efb9f397e4cc804afd793b637b2e76443ca9475798d831c9cc269fc233e8ffbba7201a954920318a6e66289160531d1dfa7f9b821e2962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0c65cbc671c03d662b0a1adf0cbc73d
SHA1 8de6f98ed6893a67cf22b07e3da676ddf3255611
SHA256 8ba9e475cac52755af23b59b7d05d90be30952ce4dfef5a5dc374b1eeb75a576
SHA512 1f5e1066b15c1acff456e083a80c9c8e14b6c0bef65d1ace3c0879382ba9a3f593bf7076e2c28de5673195b2d5e33572ca8f94ff87ae013c24212e828f3bc0a1

memory/3668-827-0x00000000005E0000-0x00000000005EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80505042939518bba43e6da97d2d6613
SHA1 5f02cf421a823cf37d2443dbcc320609ff0e9cca
SHA256 e92b395a6b1126ccb292b2a0421e831c4f58d0954766eb8a1e1994aea4dac64e
SHA512 841fe428b8627ca434bb8610a7c0e1725cf24b4678d9d91f8799c85717e5b5d8de40806ca55a34a56ef3745cec040837ad0548a5d9d27191890b1364cf196ea9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f9c2ee85a0b26def0584c2eedc6925c
SHA1 e6421cd0250d7e0fdd023ae68613f35bcaf241dd
SHA256 2dfe2fede9c54f5663b3c772e9eb88b072490d1ae3e4151dfbfef3257fbcf515
SHA512 37b10e510ebf68111eb18fbf79b45a896e4b6114a7d5e764e0fa0f74e7588c381b06d9240899ea578b832d36912ef779804050b22bc9b11c8bb37f6bf1a471cb

memory/3084-977-0x0000000000380000-0x000000000038E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e93d99e351109cc1a50ce3205b2cc6f9
SHA1 aa33c5877898e8a4b19db1063754a8a536f51141
SHA256 8bff333d850f98023ffae01808b52f2e99463eaac92456127597405e01b7f090
SHA512 50c38613afaa1c74a2f51b557fe698a75ff16accc627a8182ee01b52065321c0453aa8be61f0a4362c05708586c1b456298ab0053b8f53a20f59ecdd3714624e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 364dbec012585989ce62b87191c2abbb
SHA1 a10cbd5613fb52cd00141c6f3032f264e79951d8
SHA256 d9d21dcb14475a55f06b253827ba572866dbf898484fa0cab3f567f91dec2485
SHA512 43a62f847d228e479d902dda53a40f81051198bacabb0ad26c08459da030c4d05341020349ca9afa110a4e1186becf11bdcef14adb53e6a7d45d8c60dc389c1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc42197eb9fbf0bc45bb68ac0223ed66
SHA1 818d12ba9aa5ae03fd5bba295f90d6409fd4115c
SHA256 e30fbc6bb3fa6fbad6e8438df1a5e09ee6d76a740214f3d31999c6d9a2306a4f
SHA512 944a0c04efed216eb333d68ebfe0ab7648a79cc109f321e2027ae7bd1052bc99f395693d758a063e1c34c8dd850ee5d05a6697e331847b519424c9305bc0406d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6fa4f23c8541402d0dbd514e43f10cc
SHA1 30e8fcbf1f635b08af9edf81058f432f24496bac
SHA256 1a8302a7ae2f73927ea85f0559943ebca3e519f7d3b52a24a6372eca80d0fba7
SHA512 3d438c61afd2d348f22501cd29cfd87d18cc6a59fecb5beec7e87ff4a7faf71d9a2a58b17d4624fc29cde654d0650756473438ea6af235ec91a98600cdf713bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 366d5e300dfd5b17f8179320ca59994b
SHA1 3c6bbe6ef499f676169009e691ae5a9b83e3a60f
SHA256 03d135b0c295f248d99555db78f5f421ba0a00d50b82a04fb3044c4270d7a9ab
SHA512 4e2d0c1ad0325901c0482b97f3909461e1384f37ca2e26102eb3e3c5097cb8de300329c857a60a7b4aea78d94a0057b3a5601367532ef08a11a6f0ee86d36e5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d619dc4191767ae521556dd786008ba
SHA1 8f9eca955cdfb7e675f61391cc41fd518d06a082
SHA256 02de07e603f532958ac7f667c66b49f0f5f391192dd22abef97b0645b0ca69b3
SHA512 36394a7b6249eaa54d3cc91b96eb206e2ee7d85638b4df6a9cd0ec643f959829b3fc140587c34935e3ed8864b088b5996ee35cbf0ba5aa9a1cb8d9d7416c7885