Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://top4top.io/d...

windows10-2004-x64

10

Analysis

  • max time kernel
    900s
  • max time network
    1179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://top4top.io/downloadf-2050v89kk1-rar.html

Score
10/10
neshtapersistencespyware

Malware Config

Signatures

  • Detect Neshta payload 2 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 12 IoCs
  • Program crash 6 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 61 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://top4top.io/downloadf-2050v89kk1-rar.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef37346f8,0x7ffef3734708,0x7ffef3734718
      2⤵
        PID:2676
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:804
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:2588
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:5052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:2184
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                2⤵
                  PID:436
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                  2⤵
                    PID:2008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3328
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                    2⤵
                      PID:4372
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                      2⤵
                        PID:2680
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                        2⤵
                          PID:396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                          2⤵
                            PID:2060
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                            2⤵
                              PID:2892
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
                              2⤵
                                PID:1896
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
                                2⤵
                                  PID:2680
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                                  2⤵
                                    PID:3484
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
                                    2⤵
                                      PID:5504
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
                                      2⤵
                                        PID:5720
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6088 /prefetch:8
                                        2⤵
                                          PID:5728
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,3258928416662254472,15112973433980145826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:5912
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4448
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:1512
                                          • C:\Windows\System32\rundll32.exe
                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                            1⤵
                                              PID:6088
                                            • C:\Program Files\7-Zip\7zG.exe
                                              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap20971:148:7zEvent23218
                                              1⤵
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of FindShellTrayWindow
                                              PID:3576
                                            • C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Dangerous RAT 2020 Cracked by Unknown Venom.exe
                                              "C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Dangerous RAT 2020 Cracked by Unknown Venom.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:3228
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 1492
                                                2⤵
                                                • Program crash
                                                PID:1036
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 1528
                                                2⤵
                                                • Program crash
                                                PID:5396
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3228 -ip 3228
                                              1⤵
                                                PID:5368
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3228 -ip 3228
                                                1⤵
                                                  PID:3452
                                                • C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Dangerous RAT 2020 Cracked by Unknown Venom.exe
                                                  "C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Dangerous RAT 2020 Cracked by Unknown Venom.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:1460
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 1460
                                                    2⤵
                                                    • Program crash
                                                    PID:552
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 1480
                                                    2⤵
                                                    • Program crash
                                                    PID:5624
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1460 -ip 1460
                                                  1⤵
                                                    PID:4028
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1460 -ip 1460
                                                    1⤵
                                                      PID:1888
                                                    • C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Dangerous RAT 2020 Cracked by Unknown Venom.exe
                                                      "C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Dangerous RAT 2020 Cracked by Unknown Venom.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SendNotifyMessage
                                                      PID:5608
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 1464
                                                        2⤵
                                                        • Program crash
                                                        PID:1904
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 1464
                                                        2⤵
                                                        • Program crash
                                                        PID:6092
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5608 -ip 5608
                                                      1⤵
                                                        PID:5736
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5608 -ip 5608
                                                        1⤵
                                                          PID:5296

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          cff358b013d6f9f633bc1587f6f54ffa

                                                          SHA1

                                                          6cb7852e096be24695ff1bc213abde42d35bb376

                                                          SHA256

                                                          39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

                                                          SHA512

                                                          8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          dc629a750e345390344524fe0ea7dcd7

                                                          SHA1

                                                          5f9f00a358caaef0321707c4f6f38d52bd7e0399

                                                          SHA256

                                                          38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

                                                          SHA512

                                                          2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          888B

                                                          MD5

                                                          2a7fbe098dba964938f32b95dad9926a

                                                          SHA1

                                                          45c58d25c27b58d3d1f71a81d18fa53e070e0dd0

                                                          SHA256

                                                          61ac178293a1d4e54c25109a7a57074af70674cb19dd9f2ada80b77c70f9c213

                                                          SHA512

                                                          5b46eaecb218004820e436f59bcb503e0ce10841e7a5dbe70c9bcb5ed8f8e16749d2d772d76d0f30609bb26c8b1a9fb2b2875c36b5af92d26727afa6cecc5d2b

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          f7f6021abeee597b3d69036a4d74d17c

                                                          SHA1

                                                          9b903fa56614c8be988321543afdc99380ac8c1b

                                                          SHA256

                                                          2ba85e0d8df6150dd9bffa117a30a5cc666e9404e91b3c23c9588d4abbf498f2

                                                          SHA512

                                                          37705bc19eabe6a2f30bcc7c37ba0676167e3f5ec1e48cbb4fc321eadcc6d344af1355dd5784ed9034dfd33cf0c03c1c618307018744e8f0bf2de7cb45ad2b50

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          f6d01ebea4bb1464d9a12f6cc2cf04ae

                                                          SHA1

                                                          b2bfba4d619e26d219edda00c567ccdb1006f931

                                                          SHA256

                                                          bf61cbcae8fa26a822957ee0b242f531edf8207d4e9cff3eb1c3e6a0795e6ad8

                                                          SHA512

                                                          13ba42694216f3583193e90c81c79a00998f353ea0223cb7ca918a07c42c448f81c2b4561dd63b02bd59e8f57794bdfd2b70fd8da7f73a2c1e315d3fe4d54f93

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          0da95a024c54da531692a0030d663ed8

                                                          SHA1

                                                          6f664615293bd5b3765a3ac891ace81b824c6029

                                                          SHA256

                                                          9964c9c9e9dcf86bf695a98b9ae15996fdb253104e3c09070dad47babf596423

                                                          SHA512

                                                          d5ad6497dd31aeb79335eb6bcbd79a896b2e664a55f049a8d61f57ef413c6e45f4b9373b66c5c057f58733af649c6ae0fbdd9eb8dc340b8061ce1febc5afed6d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          ce2950c970e35fff6c1cab0d4b9c2063

                                                          SHA1

                                                          e47ce11640b4666df91df508f1ccd65a5fad4886

                                                          SHA256

                                                          950d8991848b98799f7ebb0d39ca3004f314445c32adb4da323316619cbe6ecd

                                                          SHA512

                                                          4b2d955e0d6a639fd1d859752af2f34040d27ea52218a3ab8d1e72ff4d4e97628667ca028ac643e8524e0e73235412b3fb0db6fb9c9547e0c601f9501e968302

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          69ef367a2cbd73bc5253a2d1208c90de

                                                          SHA1

                                                          4233a257143376152d62ddf066a7c66e67beff82

                                                          SHA256

                                                          498c8351a1f1cd737d573682099aee24beb79fa679e3d6285aa872ed967c94b4

                                                          SHA512

                                                          bd9e82178bd408b319cb599d361fdb81cbf4e6b136981ce7f217e3a1019e5bf559ddfc2ffd41a250941bf85d76ceb027305980c12aad522b045f9757b780dddd

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          1e8ada65133c0a01ce8712bc6c3390b9

                                                          SHA1

                                                          717854970fce9a918498904b7fcc1a1af770606a

                                                          SHA256

                                                          59210d4fdad73672ae8b59c806c269e824bb92b63cc053bb6842f7c3a835eef9

                                                          SHA512

                                                          d3e1e20cc0e8f42e6ce0fc7c87db3af0f78fe23c5a74ca76d3c95f662b83f94ed035093fc335bf79b7d77ac65acad2a6295206d56135287a9ae776f584518447

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          779b97fcb386c56b45acb7022ecd1622

                                                          SHA1

                                                          79b5f19f50cda4388c1fe362cfd062d127b6cd94

                                                          SHA256

                                                          c8cfd9ce2276c3c7362e2a01cfc3d8d8e98a37a96c257a2bbd15185283aa007c

                                                          SHA512

                                                          de1293f34d0dcd41d73354b3bfed6828af556ca3c95d6017955595bb68b878ef2bc94882a2ff273131b629d12f3259b157ca9b68c5b8ce4dd4409a7a2ac9fbd2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          703B

                                                          MD5

                                                          d589dc1815b7b0756de8efdd79c6bb0e

                                                          SHA1

                                                          38175abcf036c5e3c23e5e034830a1d707c57e5d

                                                          SHA256

                                                          0a186b68cfa848706d70a3eccf087b1ed3c438e95a592c2e15a7a54f5576490a

                                                          SHA512

                                                          71474f58da4d7c470c8f41ff4f33d8046444b91100944343617f0db8e5ba135cc6d1874f7a5d7ef9583edcd2e0eaad30b629d0b0152050ca07e186fc1bf6d20e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579395.TMP
                                                          Filesize

                                                          535B

                                                          MD5

                                                          744011167b7959679d8990e7ec7aa988

                                                          SHA1

                                                          ef97147e42e500f2ddddb9c479697165bb31672f

                                                          SHA256

                                                          0e760b3220cfd4456afadbedf5e47eca0b64cbddcea8a887227c0cb813702412

                                                          SHA512

                                                          ed6f10d2a72ede15a0be6f31db38fbfd0a2c957dd4bab09ca92901eea3e31e6ca1d64beb4fe110118393ee9ba07fb5b66ae8517813ea881d0d5d4ec7c6108a64

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          1659016285d63fa2416b4e9747c81ec2

                                                          SHA1

                                                          0a570384c3cf3432ed9b2370dace9573ee7271af

                                                          SHA256

                                                          e986a052f6bd4bd35227bd6cc7d68dc42b1542190fb619b02f774bede5f3493e

                                                          SHA512

                                                          bc70f3d544dccf997c866754184f32eccaf41635fc4c4553b7a99eea85d45f69e2b79744d6f7000b9f8912777810546ad524ba854da15aaeef1e96dcc3bbb177

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          12KB

                                                          MD5

                                                          3a6ec20e0cd1e032c95cb72586edf1e2

                                                          SHA1

                                                          c9366f6887c440a39f0ced10c1798203dffb9bbd

                                                          SHA256

                                                          cf591c23f74ec98d2c76f4a9d913266e97ed1ae90dd6d28725adedebfef6781f

                                                          SHA512

                                                          01b5f749b9140b73bf41c7c8697f4c64df60921fb25753239b7003a47b4ed2b55843ab9c5938e1f5c99327e337fdf8ca1c9b1f21b9ab2a7944f6ef7c3942efa3

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          12KB

                                                          MD5

                                                          82640e008cdd2038ec457696d28ebc77

                                                          SHA1

                                                          dc04540c738a3504dd445be234d1e72b6a2f0ff1

                                                          SHA256

                                                          9dc71b3b7ba726e3e3b3b1fc8ef67ae9d46596d78ee393882f618ddc3aa3b754

                                                          SHA512

                                                          620664917c86bd1aff2a7d37bbf47c2e051a80d861fb62d1c095fd491ba9c35b25fedb167fd23c5559d6d690537d090791812a0d22370ee833b959249bca2733

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom.rar
                                                          Filesize

                                                          32.6MB

                                                          MD5

                                                          97164136af09505de07cd757f4485881

                                                          SHA1

                                                          97c338ec2bb38212a7abcf3bafc314c2507e7dd3

                                                          SHA256

                                                          0f1f33f6543651bdf07b3ffca9ff4269160c99600fcb529bd7d0620d8b5a4d72

                                                          SHA512

                                                          749d2ed9ead61ea567d7217e7bc428db8b0c9a9a2901cd007681aab7797111e617d49b43878db3dfe6fe646aa77c016c54a5775b7a030ed58e4771c6820d5944

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Dangerous RAT 2020 Cracked by Unknown Venom.exe
                                                          Filesize

                                                          11.2MB

                                                          MD5

                                                          fb40ba1b494af4057ab259bba5f33fe6

                                                          SHA1

                                                          b872393a07d3949947a41871132b736c00c771bb

                                                          SHA256

                                                          40a82c50b9875698551a2f6dd4f71fc23b4a04eeec655a4746111279ef57d2ac

                                                          SHA512

                                                          f2feec8be6578aa273efd363ae1eba0862fc240a441fd8d1f14942fda241e34896e7b76179d7132af97f18acdf13afd4032f1874a9b20cc04120706beff9e804

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\Mono.Cecil.dll
                                                          Filesize

                                                          305KB

                                                          MD5

                                                          851ec9d84343fbd089520d420348a902

                                                          SHA1

                                                          f8e2a80130058e4db3cf569cf4297d07d05c93e0

                                                          SHA256

                                                          cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9

                                                          SHA512

                                                          5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Dangerous RAT 2020 Cracked by Unknown Venom\WinMM.Net.dll
                                                          Filesize

                                                          43KB

                                                          MD5

                                                          d4b80052c7b4093e10ce1f40ce74f707

                                                          SHA1

                                                          2494a38f1c0d3a0aa9b31cf0650337cacc655697

                                                          SHA256

                                                          59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

                                                          SHA512

                                                          3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

                                                          Download Submit

                                                        • memory/1460-607-0x00000000752D0000-0x0000000075A80000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download

                                                        • memory/1460-602-0x00000000058A0000-0x00000000058B0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/1460-601-0x00000000752D0000-0x0000000075A80000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download

                                                        • memory/3228-539-0x0000000006130000-0x0000000006140000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3228-598-0x0000000001FD0000-0x0000000001FE2000-memory.dmp

                                                          Filesize

                                                          72KB

                                                          Download

                                                        • memory/3228-590-0x0000000006140000-0x0000000006192000-memory.dmp

                                                          Filesize

                                                          328KB

                                                          Download

                                                        • memory/3228-463-0x0000000005EE0000-0x0000000005F72000-memory.dmp

                                                          Filesize

                                                          584KB

                                                          Download

                                                        • memory/3228-593-0x0000000008170000-0x000000000817A000-memory.dmp

                                                          Filesize

                                                          40KB

                                                          Download

                                                        • memory/3228-594-0x0000000008390000-0x00000000083E6000-memory.dmp

                                                          Filesize

                                                          344KB

                                                          Download

                                                        • memory/3228-461-0x0000000001000000-0x0000000001B3E000-memory.dmp

                                                          Filesize

                                                          11.2MB

                                                          Download

                                                        • memory/3228-460-0x0000000075230000-0x00000000759E0000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download

                                                        • memory/3228-599-0x0000000075230000-0x00000000759E0000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download

                                                        • memory/3228-462-0x00000000063F0000-0x0000000006994000-memory.dmp

                                                          Filesize

                                                          5.6MB

                                                          Download

                                                        • memory/3228-468-0x0000000006020000-0x00000000060BC000-memory.dmp

                                                          Filesize

                                                          624KB

                                                          Download

                                                        • memory/3228-466-0x00000000010C6000-0x00000000010C7000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/5608-609-0x00000000752D0000-0x0000000075A80000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download

                                                        • memory/5608-610-0x0000000005AA0000-0x0000000005AB0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/5608-615-0x00000000752D0000-0x0000000075A80000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download