hxxps://github[.]com/Cryakl/Ultimate-RAT-Collection/tree/main/BitRAT

Analysis

max time kernel
599s
max time network
606s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2025, 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/BitRAT

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
35	raw.githubusercontent.com
36	raw.githubusercontent.com
37	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133852439277626760"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-580533235-1933962784-2718464258-1000_Classes\Local Settings	chrome.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BitRAT 1.38.7z.001:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\BitRAT 1.38.7z.002:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\BitRAT 1.38.7z.004:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\BitRAT 1.38.7z.003:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 2404	4868	chrome.exe	81
PID 4868 wrote to memory of 2404	4868	chrome.exe	81
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 4480	4868	chrome.exe	82
PID 4868 wrote to memory of 2064	4868	chrome.exe	83
PID 4868 wrote to memory of 2064	4868	chrome.exe	83
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84
PID 4868 wrote to memory of 1512	4868	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/BitRAT
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80b30cc40,0x7ff80b30cc4c,0x7ff80b30cc58
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2132,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4768,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4452,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3704,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4900,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1428 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4936,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4404,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4368 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3348,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5132,i,14395810008996204909,16084749250417776797,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f568ab44d6ebe771526f581613fe21b0

SHA1
2938ed6ed7b846ec82b57adec84ec27307bc8486

SHA256
1f1f433eb49e16cd32c87b13598ed11821a6afd6f0ef68915c80c721f84e0ce5

SHA512
8092f6ec21643d2f197c6a4dc8b71eb4b7bc15a85cfa68cbf5d53a0d5e8c18bcb0836a1abcc5d72a681fa25acdd7024b3c1d917ef25f4ea3fe364cba39621d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
657ac8902180fee3aed40da14dfeb3f4

SHA1
14c6832aaf9055c33d1654c603429f83b3fd5d33

SHA256
4965ed4f2460e7c6863a6990d4154027e296c95766d75cb4f40fb7c015938f9d

SHA512
e714a11cb15151f989d6c6236958a0c0775bfb67b259231affc2f007016a009e273ac51cff8470e858e699dbf4d3f7e58f40f2e0f749d874f8ea47b43321a9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cf4aeb6eb65e272196c7af6dbfd7582f

SHA1
1fff65ed1ee75032140a8f18971fdc028e149d06

SHA256
21cbd2fa45ecbaf0f1af1526758aacdd1a0d3db08ce99188ca55067fc63af78b

SHA512
cf89dfc9ff32b95dbd24d0295f174a220c26c210e3f62091528c8c42df1b76c7aa93b72a8a4d5aa7f06203d46f23e7c5b08b4e0e1e1db3b2ed7746c2cf7f59d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
548125d6a43aa9e4e3b014a39e7f3dbd

SHA1
0e7a7938921b700065cd44b4a13d5a658230f394

SHA256
658454f5ab0b70f7803380b518a697dac24a33f4e1414f0a580eb3184a7ca1a5

SHA512
c5b5a25889ecd0909be179d41c3f2dd09369ffbd6c51b65b615edc537d67fbef060802459dd0fe32637dffe1f619f9ea967b3b44b33f91c918326b94655d6f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
60f3b69369fed9a4d6e20290a9176efd

SHA1
0d39c9cdb32d5c4e477a02848ef1313cdcf866ea

SHA256
820fba9af9ef95dc73cec79a932f774dc017571874082d98812e58a535670ad5

SHA512
c55c97b98d537b379bad9021639fe4b9254f9a043ed98ddf5ddcc14246972929d3ab55ec4045fa6cdbef069a479c155062f0d2e1207f5798aeb4e03ef16e0b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b10a73ed15fb7a4fc6b5b0c3fee46eec

SHA1
d66360097d17c36d71e6a2ece44733fc9b7f3053

SHA256
d7295861de520aab2c8295fe85b030ea6cf6119c395e583e4d15c977ffad108d

SHA512
89d82726634ca223fbe609bd81eb3f83acc26148f356d83552b48301673f7e49863e07a0df1ee2986f32c98bc2cba04f4633086e7ce87f811656c55fca02c305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99ace7cb9a1e6356c541108f0a9ae531

SHA1
230df2ace0dca940c65fb9bc73bdc3c48b1a455b

SHA256
e9ee3cc733fcd6fc8abe0f9c788ffddab3d5297971d95140eca50d8eed72f349

SHA512
5e0ab570520b877728ac3db88a6c702337f76fee89bc8733322a0bba826b96e8664b7ccdfe6fce66a97ceba9a63e7ff5bdb49613e8440f2148e470d310816476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08fd80fefa0b3fd06a4b2cd1f1cef4f0

SHA1
633523e88bc4b1f3754b5325edd4fab75665efa0

SHA256
f1b539cfbb777d3c2bb08b69d6eb4a306a155d65f9e8e9cf44d2f45fe3e6a3e2

SHA512
9ca7f3551d8c84bb66ea884ce4f23c052b57b022d1f07228ba048a40611f5f48efa1028c42d7e6c7fb795ae6a27df96acaded9fc5b50be159d9c79fad7086ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d7b37f2bd1d1cb51adbc33d5842e8cd

SHA1
15eb2e67ca95a8b7b0452e170e677c3361c1c576

SHA256
55f0237255f57a9936788863874da3fda631625cdb687b2fba6a8d1bd03a0b1d

SHA512
cbe6046f7743c272a1b7345f8a582c8b4b5ce80ce0e5a74d6efeaf6a321870b22c3542ea4280847266fab0fda1927fe6f35ac85b9a033d11d9924d7f70edcda4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6ea863d6e234511b29e992eb318ba9a9

SHA1
c334fd886387b1400388165f26a7731f1eb178d6

SHA256
523923e4fea243c6d06baa80fa75557c6b94310fbdb83722202a51d0365e6988

SHA512
c06d0132fe5678a1971fa8263c5c9224223cbe454a82a299223ccaef4aafc6fc88651a9ee6a90088ea1f70498b998992cc85b84b9f4d89ab2ad87a64e4fb20df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2dce003417e33fe3e4b0d1f50af91211

SHA1
b18ac8dd6db558baaa8db69276115e5af64c45cb

SHA256
4e988773237fadd7e00f4f47ee8939bfe10fea6e311fa8c625cd57965a628dbb

SHA512
ae4307a6df7488f3f09c9b64f885c721d9dfdda95ba5c84b29b93b8c5b788b19d5ece8a0792064d3cf90e35672682ac58c511854e3ae04c22ab1a61996a522a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f952525155681a69e508864ba5c45682

SHA1
beb7fd72ff5bba65cc27816206ec59c0ccda0576

SHA256
cd2e27b9ff91ef0ed28d1630ac22dfb3d69ff5eb05b1ecf077285269a5a72a05

SHA512
b49fe2ba926db656fba846f338007db12f1e8d72ac015a019a7b3bd7ab61a32d9653b675b8bbd7f02ece88a9696eadf52decd1a8f3fcc33fece5364c022f24a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab474cfc1f5e9e3225af85a872f9dcd9

SHA1
4bdff49d87d6ccf83d4bf35cbede33e18442a928

SHA256
883f760ca1d10a483fb8ba46302dc9649fe8386e77b25231331f5c8b80c263ad

SHA512
e30a5208041fb88d91cdf727c7121199b3dd6b09f3fa4fb9a0e82ba1b6ac504d66c77761d7999f08ed5c21631871f68f5d2a8fd1f271747e444e278ef73dded2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc3243e6d0a7f8f8a2696f387d42f467

SHA1
6cf56ab9a94fde3994440de4a99909a114c690a7

SHA256
6ebcd7e14fa1ccb5868917b93b738c1234637a3247015bcd4e19e66044eb6341

SHA512
c3b0b178b82c07135c3974ce4ee3a1f5cce934b52a12cdf444c4c40c82473cebcd42db10fe34516f85853b58e089fc99907b03439fbb9c86ce01e3ae8634f2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96c2fef7683f6c591d615ac05bd0af3e

SHA1
7a5235cf9f57d27d15a78d3ebcda20ae135bba59

SHA256
86b1bc97ac9e4dd83642b1e43ae2ccc071828d6e6e04393139949c3a9d143304

SHA512
f3383c554750cd7bab46b948775a81eed463f05c13deeaecb13c17fcc4a0fc51c6c6875bd68ed4c78cfba6c44bee0b5a3c9bf0cac45c88682e3b3e1bf2bf1a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
983770791ad2136965a7a6959ec365f8

SHA1
42423a761959cf688a56b9ba38f70ec512e596ce

SHA256
e91fcc40e3e3834330a6608f662114292de58742f1861266b1ca86ecf7624863

SHA512
c1b23280081d3d3f35c031ae2de78b3fc3228eb431c91f09256700a472ac34945f2dd09dc9334e6c02e080188ad19296db71214c2eba1c00686df3f59e1ad885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b459051d0fe36b74d5dbe32ad0121c5f

SHA1
b8ef339d9b112e6ccbe397a02940a09e384e4c00

SHA256
1ac2e3b5eb0c32e5023cb8f80b792b1fd991530e194b9d399041e8a173796f61

SHA512
4d20c5b9b9c85f50478f0ccae4ec2ac0ec5db63b9235749da48404a7ca1fcd2345ce7976a66c255c326196160f82c13ee471a48acd3f51add14050a47f18c596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
024e70c6631998afff1773b5e111fa1e

SHA1
b9d3ae623e2901d98347f05c2407226049535403

SHA256
948861a3576f7c531c281c9b50e2966baa1e51d81a826f9f107f1caefede759e

SHA512
b4339d3df0d9af110f8587f5ac153998a6aa8aab224425e7bd58ca0112d9ddcb5e530aeab6addcec32562eeb2a4fe31b3d572f18aee9312cff68bca3880a14f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df6f7a1dc14b503c663c15c80ab19be4

SHA1
922ad37c8001f732c55f8cb319ecf65668d8e2a8

SHA256
fef428890bfe4503cf4fffc60b2d65fa557e6c62731881bf49db83f8b9f38d46

SHA512
81ecb64b5db940d97210ea2a838a4cdc8623cba68e82b7c62e6ca35e38308712e5859b12361d80149cb3accf81a87fa3bb8718b0d9871567e9760ba809c87ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a903d5d4c768f61211bb62baecb55d2

SHA1
c3bac7acb2cc0c4880e3b003694ad3ccd20266ca

SHA256
e5aada5c0918134fec42f3c805a91561fcdaf154014e9e61d50829f36ce11338

SHA512
a353126ce0cf8d383f5ddec0340f484bb6c915bf186cb357f0cd46b3c682c8b2f54e76130ffe19afce50e3ff64c17496dbb4109ac4a9a4126833ee2293f88413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c29b7eec4671fb1221ec5c61c9c7521

SHA1
0769917db9b6b60d12a46d0145fd55b0274df47c

SHA256
28544d92844f6d5d982af0e839e53596acd173249b4956f06a1f542fc62fbd1b

SHA512
1e1507a1402b129b8d9df58e066eca1be1a2072acde1a776bbc22e6d3e1dfa70c61b10653782e86ce65d18b115e91999d610af3c21ae6ab4c6a6f080dcbccd14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4f25c5c5adf8752dfe15d7c244c58da

SHA1
1a7fd4bd14001aa0485e20bc0012e010b012dfe2

SHA256
6a5d2f95aba7ae339bf1d1740d6de44255b50841dc46b6fbf814db2361e15aa2

SHA512
1e73ae9f91084719c2afbe28da580e616bcf6e9ab0c43ebc530d1a936a8d94633f54438ed48a60537ec79e3e9538d5057f1def8194bafa41e47a5d4902e3cd9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87dc0aa9b238397f8340bea8f37f38ee

SHA1
8ec254b49a7114413f422b6303c59c568fc9f1b9

SHA256
e57beb915173ff67eacb98c06ff175334538cf4ef3ca8168cb90885370dfa4d9

SHA512
ca62b155b3d5488143474c153d597e4c8c12fbb4caf82c184b7a85a8683ec7f3c7c5c40ab5067129daab84a167c766e26a6a2c41c36fcba8ca50ecbd0721e069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
481996db938db542b7cdd223c11513c8

SHA1
413cfb2972e2eec28f9c4876a5457859171b09f3

SHA256
686d51020af983614a3a838a91bda51f40ebad9bfd331d53e3cc1f328f5a6919

SHA512
8c9fefba5f75e7aace584012b6eca65f6ffdb2302634e7a98f5a9fc3fb33ca575878b5dabb6e192d2aa30d300f8ce999ceeb626390d4e92d8e9a47e60c896655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
142671108593eef0b609c329dafde17f

SHA1
8404e4a932316c3c39fff3922a5fdb6bdfc7d4cf

SHA256
9d3532468baa009fe9b56d0a5f108cc027962e87ed7b8372f8232b5372891e25

SHA512
580b6c42c37972bd9d52fd0df094b8d329a52dd9407c328ea9cf22ef1a7064562fb4143fa6b47f801d92fc9a879b49ac85adf7f72ea67cbd5c3175036cc47888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e4257fe34b3eac0d56d1942822895ed

SHA1
a4f593d998d1e879e369115ecd02443322dec654

SHA256
e2081748777bae051ef4b9202a63478ed0d13c43d2ab7287a42db96a686965d3

SHA512
f62ae3e3afc61efcc3027fecb183c268101fbda2f8c48014d5b31f2e6611d45e38dca9f6bcb9c3d11cfb4cc6e1e3c53f948c511555ccf89b9ea2c88a586223b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18900ad003d2d4d9c2b9b0cccd736058

SHA1
4ca3357ca57cc0e3dd8ef340a99d969c0077b663

SHA256
4b6b1b98f7056184c2a4a737a2658570257f6fad74ed6fbbec29660a72d807b2

SHA512
a3c40cb6973b854c603ed00f432c673368fb48ce254a7165499f4d63bb079e870ee97684eb07c8df058e4b476da4370ff4be91624986ad24efb13b5d1c38250d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51e78a0f3829af2f88703da331ed1039

SHA1
b35148ed68f53958738c1afa5a982f16e53972a5

SHA256
00d5d014d0fe83dceb8eb3bd6214a120dcc1385322a1fe3a8ccdb515821affdd

SHA512
281463cfd1c4c3c11bf88c894ac06131aafc9b0a874dd7394b8391d7fb473392a5f38fe3040f0d704fe82317c1aa468694786e2da6466ccdd2045d3277baf4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd417d5ce073719a15ac5f21a35cb8b9

SHA1
a1328f8cbead0e1bf6c707a41a671dff496197ed

SHA256
58e336abc48d6947ae69f2a5c9e4b9003069f4c0284d94975e0483d9ceb8499e

SHA512
6975d36d008bcc64e4b15398273e5f3e74b7c8cf05276f92ad8d7d072b8bf4e6a6d1d97f94f99036c2a0454db7834a8508e409be3d56978e7136909a656cda34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7433f65d7c1cf147314870c132e220da

SHA1
4208b2c03ead2417d32e15bf6926aa0dc588db64

SHA256
42b5ebdb8c77d733cad79d17e6869e04aa618c84757799549739e19aadc4384a

SHA512
cacfcb72f4de5ce809a5eacad9bb3662bde28f90c3ed714bd91908ac9e5fce8072bb264996cc28da1e1d7b1f88ca9aa539df473204350389cc0cbffc0c476fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7ea94ba4753a22b116c740cda69a4d7

SHA1
dc5d1abcc7d8b1aba5880113e25515f301e3c8ba

SHA256
8d7af7bce885a8cb641aaf3141e953f8edc5c2786404c0253f2cf86bfe5983f3

SHA512
c59d29d130da027bb6ac271883fc5600a9f97bc9a1a1bda78c0f85dd32a907109b0c9b27979be8328bc953a54539d6891085f1ea4232407476d1c61d7ffddb28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f457b573ecd29241fe98d3342fc2771b

SHA1
f228dc3ef92fb000022dd7de11bc72dbae3673e4

SHA256
9c214fef97869fff09a27e1a0f438e5db2519a47340cdc2590912ccfa5936787

SHA512
1b5ea24d8c0b562579f395a7358d5f6013f633b286e26e50d551ee182a050cdd67c8ca15c2e7037addc15fbf0cb9d3cd8d19d6cbfb1f768a2c4b736aa01e3677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
369c18fc1588210685e4e7b206e3d008

SHA1
83db9cfcdb8356e7786ca3d7910fcdc0a29c793f

SHA256
41d1197c44e0fbf4a32a1b80339921d4ff428fd5d6b42bb4a03ca5feeba63a07

SHA512
db05acfaea5afab686d43ba369a45eae90b12d9ef60bc041e268099c206e2f8e908b35cda7e3d57c13a425d9deb4eadd432077d875171153ce5a699a8cbcccb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc400e08f37f5ffa873cf47ac1f53c1a

SHA1
5901519c90fbf602458ee5d4ac9c7b77ddf747c2

SHA256
08867a0f2bfa8381e61e6f9132db4dbc9e0ea265b6541dffdc25309eedfad14d

SHA512
a54b7de0f61261949a4c7d048a6a090e3e3d382c4dc01fd726ba378eb2fc291103edb75a61c111b2451d3f9218c2810205ffdc0acf6a168a609f593430b48eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4888b0cbb1919fa8d3b423a78b8ed1fd

SHA1
914f42a2033dbebb275acb167a1598db328fd1d1

SHA256
74ecf584cee6a283234abd01086d35cb58d064bf57799591d0f6049546e8261f

SHA512
1da5b36ba33f78941eb6268bb7e0ee2629be0b68f98dbb4ae47d418259c3cdf0c2a743b4a804d109346c67263af51402a240da0ecaf0aff506f63e075722156c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c61aed24af8a8d4eb087490483ce2122

SHA1
8784b343e7a083f0fb27e7ba3ad163b58b1fa9fd

SHA256
688c3ccccf83b25535b5af3b68c1dfcdd236066b225bfaa544b6d9eea415a785

SHA512
d69b2e26188bac0781c4e44c2264f107539213e4a5fc1b359f01b4c32af93182b3153472eff02c03274d74e2549bae0614541771ed0f5cf93bb46cc4b887bf79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ec5d212ac626398151d403533428db8

SHA1
217163a1f12bbaf63edab9d7a9e9a19df178d279

SHA256
823f9a07d7c8aaa01f53309e754e2baa51cf31721070acf1a66cd4ee825aee05

SHA512
64ec069105cc87ad3c6eea0dc5c8a02c254ededc8f8003b3a93d86c19ba90c0bfe0a99851a1e3ab79bdf565e2d36bf0517fa5472b8127b13763203834b96917e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2292d4c4d7d64f56d9c3f1e73e86e2e1

SHA1
b1039a69d8cae9502ae9a8257eaf57baebaacd8d

SHA256
41e1997cc4834ac59f7a41336a2a69624cf1f472f8e355d4beed7b3e8ac3a56b

SHA512
ae7df4f6eeb0fc5946086169366eafa89c0a5eaebe520c4c2d8ec179da5f8114779ff4d9f1283972b5dbb5bda3a719765e97377fb61661ff88378d2fb455014d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5034b444163ad6c2bdd3e627475044f

SHA1
fda72387cdb9e530062ac3656e775717fe6511ff

SHA256
01cc110fa25634ee2c5fbbc3487c6762ede2a50003648b6f6a0a5cf3f570b8c6

SHA512
8182bb70b6a44c268f4599370d29da8805017a47efda9ed2159a3a979a6849f5512996d824f3a71db27b7703213e67d4fa05275bfc82c2c0842fa068f3244e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
7add0df7d0bb896cd97cda9f85279e1a

SHA1
6c29a9d660b3921b792c8c932fbc63a2c5f38c7a

SHA256
6bb957e15be0dc746412f601efb717a0d94226b86857138d46739e5e91f2a11c

SHA512
68300b6fc593db3b8f14b705de0740919e8cc552e1239474f8c14837ae4efe6638627f3cd477a6e36960a8c330b4190138af07edf4f32a01773a53803ae6cbf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
645794e372528151917f1492814f493e

SHA1
21a29fa9cbcd9ca74c9460d502bdab5aa420f0a2

SHA256
66941645b267f1182e91e525e6f024f31a40506f60712fbae3545b6d30fac34a

SHA512
24df07b95988e2b58dfa526028ad5bdceebf0f2889dcd9c4374cdbd536943bfa3564512ebc6d253da6b6c108ebc4015c782d46f63935e5aa1849d2e1ed05b9c3

Download Submit
C:\Users\Admin\Downloads\BitRAT 1.38.7z.001:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit