hxxps://mega[.]nz/folder/Ew0HhIwQ#ey8csSy_Z7rWV1aAOICHhA

Analysis

max time kernel
91s
max time network
92s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
25-06-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/Ew0HhIwQ#ey8csSy_Z7rWV1aAOICHhA

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

C:\Users\Admin\Downloads\S500 RAT.zip.crdownload agile_net

resource	yara_rule
C:\Users\Admin\Downloads\S500 RAT.zip.crdownload	agile_net

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638232167105768"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\S500 RAT.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1796 chrome.exe
1796 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1796 chrome.exe
1796 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\S500 RAT.zip:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe
Token: SeShutdownPrivilege	1796	chrome.exe
Token: SeCreatePagefilePrivilege	1796	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid process

1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe
1796 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1796 wrote to memory of 1128	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 1128	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 4640	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 3304	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 3304	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe
PID 1796 wrote to memory of 5048	1796	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/Ew0HhIwQ#ey8csSy_Z7rWV1aAOICHhA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda075ab58,0x7ffda075ab68,0x7ffda075ab78
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:2
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:8
2⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:8
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:1
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:1
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:8
2⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:8
2⤵
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:8
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 --field-trial-handle=1800,i,12510985767522897755,9889247038878189696,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3532

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3188

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004AC
1⤵
PID:1596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
7c2a51b1fc6162d9ac1d9c08d10809c9

SHA1
594d8607607331f1f694393ad216ee0f73933a6f

SHA256
f4e21940f7cb8b4ef620cdc83214a927343df333aceb4a8c6dde25dae2f9e539

SHA512
48bd71448b9dd23edc09fa9559bb0c267219add58467becb808502bfc94e5a99060837e78c7dc450b89608535ed73d718b37f3654123a84b7680a64864b3d699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
2995088e00b407cab365f58c5364a774

SHA1
71b665aadf16a8ec3169e8d88a05936ed35e6de3

SHA256
d185c4f882f894e2c2990eea1752b85be44ffe66a2ecbb65ad69c9482164a494

SHA512
c5f06c139d9df298f74914a376b07cbed64bd3adbd17f28c4d741dadc5e8634a66d392fe6ca1768787a68fd75c94d2ddc343373c3c68be25ac5f4b52759d79f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
2161dfc6b48d825b60bd63c942229d2d

SHA1
024b1ad819e883fd276d8fca1d5d67f49d5f909c

SHA256
715460740fdcd5d36afe3a9fac420c75bb4acaf971560b3dfdc57741f7b1e196

SHA512
344ad7cbd36d83a3bfe1d0bf758521d580cb0a93d17190eec81128a6427a68576b88a306fad293a1da846f72c8a4fd8ed9bcfed3e9b738a158ba4e10f9a10e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ab3ec65fb5c397d34fb59fe08b63f8d7

SHA1
c941edfa5cc85c26a45fcd082d92162c60aaf15d

SHA256
6da05b48e5034c34c4659cbd5936fcba89ccb8fe5b57b52fb585aa385df6675b

SHA512
c16f8f6d48169a529ead45b1b5fe333bb8a78d272265f4d7ff0a1b3f3e11648e3b58e68b9a6b4c02000a8bb184ebb1e00cd3c9016602839c7f0a686fb14a9f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ab7660ebf53fb13e9ecf302c3c99f350

SHA1
e30fc1309d8908beadeb24493e896d3cc6b0a75c

SHA256
dfc2087e7864cd46f7407f2a248dddd5f3e3de7ff9c8fb7eb9ffa29f50a49636

SHA512
b4d573fb91a0044393e58cdce3cfa9faad7041490cfcbd281f3504fb3d89978b30a56cf242c0ea4918db1b9b1359c6364fba35494cc20fdc247f555757bca2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
46957f1990392cc0f5705bea9fc921a2

SHA1
428566ed6dbd18a9f3e16abefebe04ea4370a671

SHA256
9b4faa1ec449fb0694ab46bbe3ac9cb2ae9e42b0f4c94acedaac4aea2a13051f

SHA512
df5209ef59bd95617e35f2b94d04ea111884c1f13f615b3f253d9ca32adfc9b6cc55d46ca2bb72e490571f5461281c4f9ae341e418bbccc58b0ff094757c3549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
0e184c83cdbf6a927e889ed4e24139af

SHA1
fb84b0242bf3d2eb7cf657f8f4136938c84841b9

SHA256
a280ba61b7c6b25e365e8ce8b38ca4eafe02a2885f926202020ae06c6470ecd2

SHA512
74105f04254db25922157e81eae1a3f8693d7057e55d67b7ed5d93581bc24a7d76078e3c98d114dbbd26fa4b35b0dc98f1d5e7a0568747acceeb149871abe575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d38c.TMP
Filesize
48B

MD5
1d9c76ea1e565dcff0857a432179a564

SHA1
884d6b64e5a6f167a3e0bb9993f8e89792b4492d

SHA256
45d33e06fe161ec2684d37d2838848788df6bd912a6a5fae8b4cb07f672d88f0

SHA512
61b483882c8727fe27921a93b92457102cb73a4b72eb7cb2b34b9f83beddf84851cee2e4e846927f78cc0dba8d3ab8949b910565f15ef53762bd189333870b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
5d3cdc80ebc42b5fed3c362646bbbd19

SHA1
d09609a39e299994482d0526c3eb28676e0a776d

SHA256
1c8bd3c19b5e274c6eb874e553e7c94bd383c80527eb3579b03189a28188e2b6

SHA512
35af1f9710d5db2526dfd02af736ff5a7e0b5575945fb5d436b76bd21a993e3865523c361742ab118bfa723c8462831640bd2e3fb3086cb99b750db7e719c894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
f0ebd56e7a79bc99df7324a4d8a66868

SHA1
53ad3c7a17939cfec82bc2424485be72d9361975

SHA256
2650dba91150b1d6deb8d2983982724e4272c1827554e0e44600164fe7bff9fd

SHA512
998bdca7fcfcc816a9514aaba9c198df66f4b16b0d862070cdf2a759246f7fdca106f2f26a7fab5948048ff5fa4f3c8c77a9cf9dedfc871c7c762f54a7ff743d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5859f2.TMP
Filesize
82KB

MD5
b1bc4546051b15cfe7ad2271047784d3

SHA1
49ed2d19f13d8c319088af552adae8a56c3cd772

SHA256
3a4b0191604456cd71a94fb80b7ff22434cf7a5d5b3a7cc7efda1fea016f8a04

SHA512
6117a68c5bb4876cca68ce69c2cdc8adce9312be220115ee37ce8a22bf81f4af7efd61c26dc0c7d2f48f7753f59bfcb3774581f1efb27d23da2364b47e657d1a

Download Submit
C:\Users\Admin\Downloads\S500 RAT.zip.crdownload
Filesize
35.9MB

MD5
e1a0697a10301501ca77abc753ab3deb

SHA1
9546044ce10ffc33a29149ad551795a57a1f234a

SHA256
c2843d5781a76ec4d3de19738992e8c963eb9a7d89e2c5c3d3cf796a7b0d1e1e

SHA512
4a6fdad5987e9081db39097c1d018438402d3f9bc972ab2c8a75f3d7b88728d613ea6381ebe17f1ce599ae591c10d9bb8a28aba9673c079923b66977512e9d49

Download Submit
C:\Users\Admin\Downloads\S500 RAT.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_1796_PTUENVXSSLRSQYFA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit