crimsonrat | dafa62260b8f61cb5d22c73cdc74c43a8c427bc28de420fb33a08f0f312b0b6d

Analysis

max time kernel
48s
max time network
150s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17/03/2025, 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

juicewrld.jpg
Size

152KB
MD5

5252a0128845849d952cec74c84cbee7
SHA1

2c5fce854b92be89c8ac62ba8ae136cdd1029307
SHA256

dafa62260b8f61cb5d22c73cdc74c43a8c427bc28de420fb33a08f0f312b0b6d
SHA512

416e886bdf9072682c070a7ef8cfa400815807c8711242e55fc7dd27628156f84cd31fa8c6b66767de4e399cdf5b7c7a139add6180a64ac9f7ff944c79d4a02e
SSDEEP

3072:SMLL+MWEsIWEovj1GIliHyAHTZ5Vh2sVlv/+Ho8y+H:SM1WEiUI27Vwsrv/s3H

Score

10^/10

crimsonrat discovery rat

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000400000001d398-1029.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
101	2704	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
59	camo.githubusercontent.com
60	camo.githubusercontent.com
101	raw.githubusercontent.com
182	raw.githubusercontent.com
61	camo.githubusercontent.com
62	raw.githubusercontent.com
154	raw.githubusercontent.com
55	camo.githubusercontent.com
58	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	1484	WerFault.exe	92

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2308	rundll32.exe
2308	rundll32.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2840	2464	chrome.exe	31
PID 2464 wrote to memory of 2840	2464	chrome.exe	31
PID 2464 wrote to memory of 2840	2464	chrome.exe	31
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2944	2464	chrome.exe	33
PID 2464 wrote to memory of 2704	2464	chrome.exe	34
PID 2464 wrote to memory of 2704	2464	chrome.exe	34
PID 2464 wrote to memory of 2704	2464	chrome.exe	34
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35
PID 2464 wrote to memory of 2368	2464	chrome.exe	35

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\juicewrld.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7db9758,0x7fef7db9768,0x7fef7db9778
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:2
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  - Downloads MZ/PE file
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3908 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2564 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2352 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Artemis.md5
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4128 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4136 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4532 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2492 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1560 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4252 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4276 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1204 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1268 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4112 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3964 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3948 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3888 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3408 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2320 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1176 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4112 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4148 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Users\Admin\Downloads\WinNuke.98 (1).exe
  "C:\Users\Admin\Downloads\WinNuke.98 (1).exe"
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3592 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3988 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3812 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3992 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  PID:2904
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4300 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1132 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2556 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3868 --field-trial-handle=1256,i,3638558110549813102,14433120651097985507,131072 /prefetch:8
  2⤵
  PID:624
- C:\Users\Admin\Downloads\YouAreAnIdiot.exe
  "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
  2⤵
  PID:1484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 732
    3⤵
    - Program crash
    PID:1696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
37KB

MD5
9a0f2fed78beabcb1af818103e79eb49

SHA1
e36dcc0472152bec227a1f5a81b5024ff3624452

SHA256
bc3ea6c39f4b013cb279391c0adbbd540219cae079703926d37a82dab9046450

SHA512
c4a96707d57cb474f45d669a52e31cc4f34e783b3600781c683c88d470cc6f6c3a5c5a399af33b8a193c57df87e797087fab9f6817048baec5a75e44ff835c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
21KB

MD5
3e0234d27ae0a53a8c03368b0cbdd7cb

SHA1
659f3affaa2a1550b467e60fd671a49602b18441

SHA256
cfef1bc2c64dc87d5c0f043996db5ffdceee4aa91407b13db34ad17f8d271010

SHA512
7a31f322e0100d4acb74f42d6996a873cf5cabc05e0efbd86f15c2cfd841b61db06cddf68f627ebf7abb29753028a12cdecd5adf0b7981805b16f735c2fab1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
16KB

MD5
dc491f2e34e1eb5974c0781d49b8cbaf

SHA1
b73ca9b5f9c627d49da4ecbc3455192e4b305a3f

SHA256
f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8

SHA512
5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
69KB

MD5
46078fbb3bc974f2e21d4a014cbaaaa9

SHA1
869fb07a9eba4e0e469dc39ef3a4205c1c4e7baf

SHA256
77796db3476a11d39aabf99fb0e068b132a2dccb4a96e793a8a887da1680bef2

SHA512
41a76d6a25b6bc5a76467f55f809837844f2621b194317f3bec59876202cec3dbeb8a95dfb5682705b62eb87a4d9ebbb2405a425abf6884fa2a8093ff6b68ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\44d5079ad5841b25_0

Filesize
7KB

MD5
91f8f6da00fc00cd01a0dc66cad0c0e9

SHA1
232c314f41f704dbfc1526f31f591541c28ffd65

SHA256
afac7f0fc719010f13a28791c5e6aebb3dd36159cf06b29f799b5af8a3256b6a

SHA512
80d82d42aa47b0aa1055b99450911474a12610e7be017da25a28d77aeaa23fcfa7d6d08c0475150819cca9c1f835bd0ce23ec6eeb6d5ce471544e4831b9ce1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
16378677395ac3729807b16be2c3d998

SHA1
5d3b48d27bb4f0726211f9491c756603b192997d

SHA256
845f814db364ad1f0d30ebd4bb8f891e379032946ab30dfca112904c120fd716

SHA512
fe3217bf87159d400f78c911a9e9fece83e5d167284a1c08aa50fa0140bf7944ea7a1c6f490a7c0e289a47529160b7a81f2539dde5912be73af0815909afd868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a1123050e1d1bf926e7b3855ff18191d

SHA1
e483d6e17b8818a1cfa36757fba79f1d3ef4ab3c

SHA256
fb66d3f48b58122c19510f1dfb5124ec55c2009ed2a78d7b902f11f91f05b605

SHA512
9f6d9f0c9d86ca26e48a95a4cc80154d9aa543609f5851236eb46975de3f421a5c89574e70edc37afb867b2f5140d9663d6dd1edc726bc8e6a4912aebacee9bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7ce33e0b05166c06fc37c40df8979f38

SHA1
05c87c83998526a384700f3b4a94762000a09bcd

SHA256
8db3c1ba596ecace06a60ab3e7428c1af2a13b2999f4bf1532f5ecc56362a30c

SHA512
b69948d49f21545b54088732a3c97a65bbbaa0c90ee0c2ca8fd2c0be767b92d94c26006dd7580521decd474a1b17ad6158bfbe2d531c86b02b5c2c09d89cd3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b1e9bde94e44b9f202a138615097708

SHA1
5cffc768ec5c1aac962e3d67799b9c3b84570ec7

SHA256
3904fe455c42460e3d0b470c4b7ef925fc2ff5f5f7a73a63d92e21452ec06f42

SHA512
2df164973dd3f66bedb9ff722eac7acb43d4c0fb3ce5f78b38dd40714091e8a4df95f30fc1627db8f7eafc6133a0dceababa739a2064deed678f372c56e85e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cb30f213ab5c675afc3880daec0bd88a

SHA1
2eaf9aa94a79f213407bc2caa5108b1a82811719

SHA256
1fcae2eec14da765ffa87ccda03aa2e4dfb1d58f776148b39c010125b1702bcb

SHA512
23a1cb7e5ca0997a5e76ab2be724d67bae81dd88eed82228cca31d327c592836fec2a103c64fe5822686c8dde176287e0b3b2e49b7fe4c09dce5eabcd5f974a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8310cd2aec17f39b32b72d6f0e150bfe

SHA1
4183c1c057634858215463d723dff804b862d280

SHA256
60c6477cb9f9be7edbe74e9e2af16ae6042ad6ebdd8ff2947bdd260f764c37f8

SHA512
7751f592ff172f4f61ed1700f1621358d09a1052a2d57232a30c71afe633b65072255d413d2d2732a6d59bbc73f8d91074e077b37e96cb7f3a6116b983e7e365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17765fb66e332943415a8d099a9d68e0

SHA1
315a1c63ab3c61434853545158767c2691a6f843

SHA256
b9d67d06af863213cdc0d25d695202857c2e68f617b3532ceac82e7d633b1d50

SHA512
a359c2a16692f73826c6b5f349e064dcc0f02266de2cf981c161eb980c0782725118b6f6c0b0ded35072cdf1741f413de10287e722e5ad59f389138f0a0f5f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7286b53a9a635d2b4fc47af38e8eab47

SHA1
b830dc1047acc616a3bbdf57468028365363908d

SHA256
46ff6c1034cc4f176e00e9c2a57dcf94614c832a2ef77da0e45e949bb7fa106d

SHA512
c67a1dd73ca4cd5ced8f85a9bd44dae2463dae58eadd63f04213b88f5d75db73b6677ef68ed05578b3eecbdcfd5ef02b5c53c51e4730cf88dcd5c37bf6756473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a8a6394d40bf0152602ace9a0c45e194

SHA1
8dee346bd386d6ad4e92eadd5d4ceb449d1e9e9f

SHA256
fd08379ebf73fa85e8e252c787e46f1de02668646e068a99f064080ce69e2657

SHA512
76a1b6d41e7a55d287683661965ac0e8a4f68700bb15dc7d2f12a9e8612e22501e3b6c254a27bc024ed2edab27830deb707c9e09ee711765635836c664b438dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
94ef0417dc5f6550c4e81c00a0d40631

SHA1
9c826c0b1fd80b4cddb62852de2c13391a5625d1

SHA256
b316a2fd6aa9d0dbab9dcb4710264cab84890a281ed3a36e94694e91f4bdaee2

SHA512
229cd87ef2b864a704d42dbaebe6cc4820f7cbf99aed00847eee73a66716a36209900e381ee66b2dcca94c5d935010957ab158aaad9174538fbe7691399509a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b89bcfc0c2aa1820af51c8d2800df09

SHA1
27f0e34f4ca0ca6535fa47444c91eea86596e135

SHA256
e6cff2dc28c836929d493215285f57130bf50c1e9489e382b0bf2edf9ffaccd0

SHA512
78e5f4950dc505c304e6a12cf3a61c1362a8a82143ade9b9f0aea09ca90affac626eee4a85aaed20c20935e13b87ba22b943528e3665dc8a783c7194d55fae69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be166975198658f3837023f8e403661d

SHA1
4eea835bbe284d9c8a4022e41b0f56440c2f9b67

SHA256
8b60cc646897bfce8df7d6487a000f3f351ed7bfa8870524bc5e37afee11fdb3

SHA512
fdc8601a53047eb16d32fa527d4564d21c9fee9d49194d779c94e722cee113a3508894a16ebb362a32a46f2e8df6b41d972fac4bcfa6a56196ddd820c34d5734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d93697925b7d44b306264cdc18f9c5b

SHA1
1d91c91f10d291002ca15115155c82399bb95fce

SHA256
5c42859efeb8cc7a6f772b926d9cd0186a60c49bf41e9c05f44bc155fc997144

SHA512
25f04e20d1e4d6e02d60c895e07b499a5cfd9fe3ce2a0c669b2ef2ae9b3a12d2eaa7ddd4ecb25112a2bfb6388db4cd5451132a5046d527e729209f4c7485c1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0b8b53589088f2fd376b0fa0a1025dc0

SHA1
5050942db031bd39639fda46df976a1ccde44d36

SHA256
309c5bcded7f7916990f4244bb67ca9c4d4bec614a36ceb9165600c1f2bcab49

SHA512
294988124e2395b4f997e214e91ca723ebfe3626e968a27c7f3e556f82c1815ff5e6d68ad7670c46168eef689610c0167cd08a508bc1a26080112131c68d10e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f09259ebfbefb64b13884634d896a4c6

SHA1
5187d4cc558159a75e853fa028fd6771e5561adf

SHA256
c8c9926833b5a8f5963624413cde816ec7a2d7baa3c7dc2b2802a6f56a447e9c

SHA512
0d5f871e00073f327e23709ee3ae2a482ba8d972c46a254ea6e50c3f9c6cc3f40233d01bc12ee1b32bed47edab59246cd8e8d698099fcd8221721d7407de046b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a12790ad175bae60b4fcad80a35ed050

SHA1
7a16acc9d79bfdcbae912b749a7652f171efbf14

SHA256
7a74a617529a30fd4dc4fe9c65c260dafb6d4e7d82550dd850b44c67c4813ef2

SHA512
2c2abd324bd413cc4c3bba872041e70ed4d3f0bfd72638f70da665445d53f1d294f3bd95b54e0b1acd2d6b85036be38cea944a2fec95acef7a0406706e49b05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
144e8c9ace247246d3e7c4a77532eb38

SHA1
11721c54870efd1251811142f2f38ae783ef238e

SHA256
d68e2d4b0a2e11382196139ae5d44569314d630b2909435c1d84699e60d52581

SHA512
a1c38571190594c6598ef47f341313ee74e2f5a5269d0cc309d8a0f60ae0d56ff4ee415d2b71742a209eddb335cb3589c2742d12473790ee70617af2dee56075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44797abedb6fe4dd024e03dd7465fe51

SHA1
86ba4ceb2ca2e04e0445c90efe40be7c28f7edbb

SHA256
fb8eacff2d85ed201a36fa5dc062314a24a49d9d2414eaf5b330c91850eef202

SHA512
4d2f37adbc476630a21ab9801160a9f4b0ee7251719b183e274d14a3be87db16daabb86e3a75cd0862461468b33dfed076ef2c2ca495d05401926d690cfd5431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f8b3488b-63e7-46f8-a569-248d2c04fc0e.tmp

Filesize
7KB

MD5
7a6648711d1002688cab175678d7e947

SHA1
087a01f9c9a0a2aeab9417dd7d4f68fd9bb1b4b9

SHA256
cbbed0ae4d6062f96747c034e5dd929e021688830f9c81c64ed52aa474acce9d

SHA512
2392e069a27a4c1921338a93beb7dd14d5fc908cc0ad7226377f7789cc96c577a2c5adf34ac6b393486d1a97d54425feae62fa30c358d1ac4d89f0658d83174a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
45c1e8f195be5f1d8ae2d109ce13a2e0

SHA1
55de8e73600f7846982522e35b9e1e20d50577c8

SHA256
71a2cefb7752130d21a449ed313e1d94000aa027dc6154617ff94b3824aef9a8

SHA512
1bffb7a80f8582cf6b36cefafef84ad15e49e1c8ce4f7d84df31a5cf89acd44eaf5cb361ecb3c11048054304d945474c428bee3c1bc7e0a39c7013ea81586f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
81420d8c272deb9a7d5b1c51f6745b64

SHA1
beca27f2579b542dbdbda53b4907bc79494ce465

SHA256
2a5faa1ef0324de7c4f4355bebbbcd4ec2f282c0e5327fad8a6c359edaf994b1

SHA512
c84ec2a2e69a88c753685eccde400816a0aa61a146d97f31c1ede78f9c07e30b1e9a82ac7ab748dd43b09a4dc8f29816eaf81416bd1a19da21b4561562ec21fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
a65b50056168d7466c08d02289b672d7

SHA1
3915dd0f5f9da764c0a619b51bea1127096cc084

SHA256
03bb44fbac984544ce125c43aa88880bd55f8928ff0cdc74804d2a084a667730

SHA512
c3401793b95e35bba38b1e9ab4edf9966a690918b0ac432db4c2682fe3aa879027d682e3e68c77c8c5eb65446a066fb19a0008737510ade954d9ef3b9c30cdb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFEDF.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\Downloads\CrimsonRAT.exe

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
C:\Users\Admin\Downloads\MadMan.exe

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\WinNuke.98.exe

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.exe

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
memory/1484-1091-0x00000000013A0000-0x0000000001412000-memory.dmp

Filesize
456KB

Download
memory/2308-0-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download
memory/2484-1032-0x0000000000DD0000-0x00000000016E4000-memory.dmp

Filesize
9.1MB

Download
memory/2904-1007-0x0000000000110000-0x000000000012E000-memory.dmp

Filesize
120KB

Download