zgrat | hxxps://github[.]com/M6YR/VenomRat/releases/download/Download/VenomRAT_v6[.]0[.]3[.]rar

Analysis

max time kernel
1800s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/M6YR/VenomRat/releases/download/Download/VenomRAT_v6.0.3.rar

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/2404-800-0x000001F685AC0000-0x000001F68630C000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/2404-800-0x000001F685AC0000-0x000001F68630C000-memory.dmp	net_reactor

Executes dropped EXE 35 IoCs

pid	Process
2124	DevExpress.WinRTPresenter.Launcher.exe
4380	DevExpress.WinRTPresenter.Launcher.exe
2404	Venom RAT + HVNC + Stealer + Grabber.exe
5208	Venom RAT + HVNC + Stealer + Grabber.exe
2840	Venom RAT + HVNC + Stealer + Grabber.exe
2796	Venom RAT + HVNC + Stealer + Grabber.exe
5620	Venom RAT + HVNC + Stealer + Grabber.exe
1636	Venom RAT + HVNC + Stealer + Grabber.exe
4000	Venom RAT + HVNC + Stealer + Grabber.exe
2400	Venom RAT + HVNC + Stealer + Grabber.exe
1732	Venom RAT + HVNC + Stealer + Grabber.exe
1508	Venom RAT + HVNC + Stealer + Grabber.exe
5584	Venom RAT + HVNC + Stealer + Grabber.exe
5840	Venom RAT + HVNC + Stealer + Grabber.exe
2836	Venom RAT + HVNC + Stealer + Grabber.exe
2224	Venom RAT + HVNC + Stealer + Grabber.exe
3276	Venom RAT + HVNC + Stealer + Grabber.exe
548	Venom RAT + HVNC + Stealer + Grabber.exe
5008	Venom RAT + HVNC + Stealer + Grabber.exe
1488	Venom RAT + HVNC + Stealer + Grabber.exe
2652	Venom RAT + HVNC + Stealer + Grabber.exe
4444	Venom RAT + HVNC + Stealer + Grabber.exe
4456	Venom RAT + HVNC + Stealer + Grabber.exe
3832	Venom RAT + HVNC + Stealer + Grabber.exe
1752	Venom RAT + HVNC + Stealer + Grabber.exe
5680	Venom RAT + HVNC + Stealer + Grabber.exe
5596	Venom RAT + HVNC + Stealer + Grabber.exe
2800	Venom RAT + HVNC + Stealer + Grabber.exe
2420	Venom RAT + HVNC + Stealer + Grabber.exe
3132	Venom RAT + HVNC + Stealer + Grabber.exe
4108	Venom RAT + HVNC + Stealer + Grabber.exe
5076	Venom RAT + HVNC + Stealer + Grabber.exe
1880	Venom RAT + HVNC + Stealer + Grabber.exe
5384	Venom RAT + HVNC + Stealer + Grabber.exe
1840	Venom RAT + HVNC + Stealer + Grabber.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3508	msedge.exe
3508	msedge.exe
392	identity_helper.exe
392	identity_helper.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
2728	msedge.exe
2728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeRestorePrivilege	1912	7zG.exe
Token: 35	1912	7zG.exe
Token: SeSecurityPrivilege	1912	7zG.exe
Token: SeSecurityPrivilege	1912	7zG.exe
Token: SeRestorePrivilege	5452	7zG.exe
Token: 35	5452	7zG.exe
Token: SeSecurityPrivilege	5452	7zG.exe
Token: SeSecurityPrivilege	5452	7zG.exe
Token: SeDebugPrivilege	2404	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5208	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	2840	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	2796	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5620	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	1636	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	4000	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	2400	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	1732	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	1508	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5584	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5840	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeTcbPrivilege	1904	svchost.exe
Token: SeRestorePrivilege	1904	svchost.exe
Token: SeDebugPrivilege	2836	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	2224	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	3276	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	548	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5008	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	1488	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	2652	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	4444	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	4456	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	3832	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	1752	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5680	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5596	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	2800	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	3132	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	2420	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	4108	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	1880	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5076	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	5384	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	1840	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 5048	3508	msedge.exe	86
PID 3508 wrote to memory of 5048	3508	msedge.exe	86
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3964	3508	msedge.exe	87
PID 3508 wrote to memory of 3800	3508	msedge.exe	88
PID 3508 wrote to memory of 3800	3508	msedge.exe	88
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89
PID 3508 wrote to memory of 5084	3508	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/M6YR/VenomRat/releases/download/Download/VenomRAT_v6.0.3.rar
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb179846f8,0x7ffb17984708,0x7ffb17984718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3228 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16099087435580959814,7137871246343659365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2780

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\" -spe -an -ai#7zMap3251:92:7zEvent1806
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1912

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13029:92:7zEvent2383
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5452

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.WinRTPresenter.Launcher.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.WinRTPresenter.Launcher.exe"
1⤵
- Executes dropped EXE
PID:2124

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.WinRTPresenter.Launcher.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.WinRTPresenter.Launcher.exe"
1⤵
- Executes dropped EXE
PID:4380

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2404

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5208

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2840

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2796

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5620

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1636

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4000

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2400

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1732

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1508

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5584

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5840

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1904
- C:\Windows\system32\dashost.exe
  dashost.exe {3f3bed3a-8905-47d5-b810348065f22049}
  2⤵
  PID:4760

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2836

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2224

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3276

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:548

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5008

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1488

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2652

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4444

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4456

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3832

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1752

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5680

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5596

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2800

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2420

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3132

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4108

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5076

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1880

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5384

C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT_v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2644a21cba10017d48cf7dca8d5a6ebd

SHA1
90c90e740a6c5bd691e07933dadbadc5fa18c41d

SHA256
79b5b53363998616369bdde4171693ee9ee5678b22ef69724927f1abbd2179e7

SHA512
4bc1ed487f55ec3e6947100b9514c5b36aaf8b35b910ab95841786e664eba778c01ced6d401f1e75c0225707bbf6662d87916c65462e298749c20ff4730fef1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
262f9131f6fa6170c6b8dc679cd43b84

SHA1
7f175c5be166ff9e7f9d5b93eb72af45af01ad06

SHA256
119d3ed527ac42ab07aaff5ed99ab883a907a1316110a039a6c13786d9be8555

SHA512
cee74e87bd116f282f67f21f73af2abfefc10abf65c69ed77bc7f1a44246eb0f46ad1afa7cc4638d09b0193d8f186670f4316f8e886807676b045ab5763eb430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f72bc269d454d47420e158805cb93a4

SHA1
c33e950efae5c3ed0e64a1b0f41e489247fd3692

SHA256
05298cb3099293372ab81bc3cc46cb95427d3942d3d2930d876f31855dfdb17c

SHA512
6275df201075efbea8aecf75aaaf7d906e5eda710dccbaf3a75eae0fb16d8e6c43b786f855d797b8c1e68aa1012929634e405546c55ce118ba80bd06d605cd9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70cbe9fa0aee3587543da263df021da8

SHA1
74e25e9e9cb137b43f8407e907319ffdbfdb08d6

SHA256
c295f57908f176ad2992449a4afe65ad276e4adbaf3fae1d84f23dabd1c80a4d

SHA512
fa4a555433fe1be223b2a89a92ab5c7910dc219ce9d9475639c612d5d43610ef29b8da9bb6a3136080461344a1531d571fa6308e8188b221df24bbe3dc1e7c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9efdaae7d22a61d87f352cace24a3d08

SHA1
5bfc1d732bf584a077e39abd3a0e361b0e263107

SHA256
eb27b7e64970283fee5095290fd29ca969443ded1eeb7e1d30cfb49247e9c3bd

SHA512
c47e660a4e1f5dac474e961379493749dc34cb1bc754c8b81977eabad1c0f9010b4d0ef0885286ed8edd222e05e106f105c2f2d36e598e8c40cca874797c3ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
591bf83f47273e44f178b03287fdb2d9

SHA1
43ffa2314c6c389fabc06a096603fe9c1c6f4354

SHA256
7c72bfaf943f4e6783097a7f07a3d98e9929cf1b0dcb514e1bacb504e4cc1dd7

SHA512
2cf236ab2bae7eab155c6af21b9a72e08ba8ef1ecfc79ceb03abe5909dd492a9db0a8bfe2ed7b86c38123be1752731dfe265b1edfb0d31a3aa345929be75d0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
15d4e91857e3688e262edb4e3c2107bb

SHA1
18fed2e3149281f58438e765df149bd4026a5a08

SHA256
2664b3cc77c6c87722cd6f8857108941e58b2447fe7abb566da0f4e0f19c32dc

SHA512
60847c557a96f0bfff06828957862b3efacc2461b62b67c5763ee8e3dc95c2923dc321a1ddf4168fd381682aeb9b81aa70ca5c9536cf08321f8a9bbdc9d3311d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
997ce0859ea2b0062c13c53f9e97d38e

SHA1
77e930125b869eaf9697d3a778875a17f28b6842

SHA256
afc8e8237faf581542226caa9ee536565640ad8a5b5a0aa609945016d32b3e02

SHA512
31228d93bc9f3e98c97212576dc739847140fc8a76588d38f6b4beef271fef491d447689faf53b33199a9c86d01d2a5cc81c34420c9de91998ca1fcac0d18bd1

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3.rar

Filesize
92.3MB

MD5
7cbabf71dd915f44b67f1765e805e5ab

SHA1
bc44d2fd089fc818824a5eb8f3c4310636dc2b81

SHA256
668bf9ed54120899b86b21a8aa1df1075937b8c05cfca52817746b6e418e2006

SHA512
9a3171a9c0f813b2c228348d2d4a3b94457578a6d1d5f80d7780fffcc3d67731b49b2cfe38f6ba4498203f1551e7c1cbc7b60d2ccc4dd8412943bc634a870509

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\BouncyCastle.Crypto.dll

Filesize
2.5MB

MD5
f0b3e112ce4807a28e2b5d66a840ed7f

SHA1
54a6743781fd4ceb720331fce92f16186931192d

SHA256
333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c

SHA512
dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Charts.v22.2.Core.dll

Filesize
1023KB

MD5
bcfa59a0896b924b2d8f1a50d4a1d970

SHA1
5f0ad9f59f852023d5a1d3377bdf45ec2b45b52a

SHA256
de682a0d612ec7d45a0accd8fbbb90db374d652ec68b52317170082a2afe7f31

SHA512
604f26842788e851822915bb9e80ca2af392b8e82ae4cffa0160cc761303098795615e00356665117b4ee1be421d74d46b8ca13bca220bd97f04f7b575a5f4d3

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.CodeParser.v22.2.dll

Filesize
1.7MB

MD5
ec3a80bc6de2d32444c582f31c14000f

SHA1
e4d880a4845095b18cc13b98d2d8f46d2c894a36

SHA256
aa74c8d4b98543a9f277860c7d11a64d762b4dd20d93acdbe0e4193fb69d5245

SHA512
7b469292db8fdb315a0647a060e28f6d2a5ff9fce81e4a5d8db9438b28fec7144b9ab02177fe8cb4bf7a54c407c8dca9dbfed437e8f0b71ead1bab2043b90eef

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Data.Desktop.v22.1.dll

Filesize
838KB

MD5
e59c802bbbc1ebc554f3f7b6a3259ee1

SHA1
fdb4fa99e15d6519f18f7afe972fb2b128c5caf4

SHA256
d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6

SHA512
34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Data.Desktop.v22.2.dll

Filesize
912KB

MD5
03c9a3454f296dba13b5d4a70c3f1504

SHA1
0b19ead85b4775f44b488cd99623b7ae6515d0ca

SHA256
d405116805f243c6852b06b70e9cfca68837a2eb918d53247c6ae69c21b093a2

SHA512
a5c90806a68b6e1051a2d444a57ae216683ce42b419723fc1b9e29bf98149c7c9b2d7345e45cb3c76f57c7b8fd1cee7404c7c3ee7a39c4966db301c649ce30e2

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Data.v22.1.dll

Filesize
5.0MB

MD5
5c3017ec9073a7a4f3351440c3daaa8a

SHA1
ee1f73f8618439fc8a42f38b32760367bd5ce6b5

SHA256
e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33

SHA512
5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Data.v22.2.dll

Filesize
5.1MB

MD5
972235bfefa9a46cf8c4f3461546822d

SHA1
1207b99cf9c961d756607567b321a2e3da0fa4bf

SHA256
02653d88be212ba3753ee8e87c13159a2ce48250c6c7a05f21091924eb6953d2

SHA512
ad22e1a84ae11e132463b20453c0d482591cbfc923251c802a7ae4693f0475a043d1f03f411ecdcab015dd99914e63a1f9736680d91e6825bb4b53c0d30bcd03

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.DataAccess.v22.2.UI.dll

Filesize
1.1MB

MD5
58d916af93509dd6242bb1a8480f1411

SHA1
6c9be26a8b77c90df8b056828e2f0748e83fdb12

SHA256
f8a4f0ce3e38e1e750ce84231423600dbda276ba561f1a3bfc0ca142c7bc502a

SHA512
8be93d1131efed14fc3d1e788aeb639d2077cd8d664c269e4dd56836cda765bb663c67d6c17bbfb2262d9cd0041c5d2dddb6f27380b1f52e040db30bc8739a6d

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.DataAccess.v22.2.dll

Filesize
2.3MB

MD5
0f8e092a39ea088e3d6290f49d45d882

SHA1
c3da5608855a9059f9239a610ea5a126510bf026

SHA256
2eac960681b6b3193945215060cb3b4e2b7483304566dbbe74a683e893c7e022

SHA512
8df310efb3faed7e51d51a4ee52e96724a2a9f2903192fb6dd98910cfbc1b37dd23fe0afe6a2a6c449cc28d1552431addc63879bf26ea9cb3a95d2dfcfeb92e3

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.DataVisualization.v22.2.Core.dll

Filesize
70KB

MD5
22331e85e4541142c45e763572f53d34

SHA1
f304bbfd451b2194d13fc537f398ce7c606f89b8

SHA256
ec3b83363fc251a586c5520f3d617b3f1702ee92995dcd6e4c68e2f44e0896f7

SHA512
773ad77b36f247b4d323f0fb831eb71f0177381a983cdd2882491d07210c2421244a9cdd43f942105a364cb07dd358a119e43deb17297ae0a440c7c288e8abd2

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Diagram.v22.2.Core.dll

Filesize
3.0MB

MD5
e3d5b8cfe35aa677e887255b39689b36

SHA1
5bfe506461c19e296d22c10e864390d4db117092

SHA256
e971be0ba001e66a202c4486c1cfda6141fa9b62571ef00f9929f945e76229fd

SHA512
92e011e92576d45e6e3a46634fbf55d4a0ef8e7c3656671fd135a7ef5c391977e812d86e6a4160626acf4f4592d6b0430af9a61cc54faba37f0774956c3bea0e

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Dialogs.v22.2.Core.dll

Filesize
927KB

MD5
b08df7e98f044fa024e8f2f21a8eaee1

SHA1
46101821b2b4e41c08890c78f9f158478248b614

SHA256
ee75eeabe9f077371a321077e0a6dd0a7b00d33794ff3b3b7210ac56a6b326eb

SHA512
f12dedb1a36a964a5a57ce45c899eb50877d4ede21f2f48ace488e3ef57db51ea594461715034a58e3f4332b61c0c6b34f3c821e576f2917a411957d156c4db8

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Drawing.v22.1.dll

Filesize
291KB

MD5
cb877cd3b77a37f8e279fe7dc6b4ba6a

SHA1
a03989c1144a57e9088daa40f829a49298135b03

SHA256
bc0d40dcdcc9f3e2e7b7071ffb033811bb094cc6a63907c994acd5415b577930

SHA512
8dbbbe8606bd36c2efd4f456840c9cb5dd4966097f3a6a0e81104fe4a50695adf558612d74fd31978728455f699f6623e73dfd5e3fcd405e0afceebe83ddd97b

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Drawing.v22.2.dll

Filesize
598KB

MD5
5ad5e45bded230824ea84eb8a941a11d

SHA1
092db1158f73529a650faacf82e7b08f812d97cd

SHA256
41b3baffaec9eed640cf10d917d3d912685001a7e3a963e2872c85a74d55100c

SHA512
dc443cba6d278a2a3d913fbd0d66ce3ccb0e08eb0cb6f947097f57b860a714a13fc0c21c315b70ad58c97f95e19a331d065998cd873f7e0b5bbaf495e19f6e04

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Images.v22.1.dll

Filesize
8.4MB

MD5
5246e412b204882fed4300efede7119b

SHA1
f688ca2ff1ee91f6dbe0b52502ff0e1154210787

SHA256
67a7db033d6047d8345182233f6d314c3ff1547dccaf5b8c04d71e1c8d8faa57

SHA512
d35d52e848915f25a502115791bd947ad2a6374e602348d173a74dddc7fce5d42bed62576a819454d5fafc2a120a69d6fc254ab940c4263c65b53804cb48d866

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Images.v22.2.dll

Filesize
8.2MB

MD5
58ab573a10017df4cd0aabc790711a64

SHA1
a45f84e5b69768c9e0335f780e56a8e0f9003cdf

SHA256
90d34d161ebadd1ebf75e4e10855635f8d5c83bac2829abdeebb6d082d9ce3ad

SHA512
f954aa39d3ad8f68ec688cc9bac8e0b481f15e601af8dee8e6e18c0cd60cc6a0fc500f6cc1cb629e87e141982c12f1086011d383a025a22fa2ff416be639d0ae

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Mvvm.v22.2.dll

Filesize
1.5MB

MD5
1117ef703715898519a95ff4b3370fcb

SHA1
117ebc2630c71270e0c3f1f96e98e53633e60bda

SHA256
efdae289d4215896dca0b74a4084d17926693e7555807a1373d015f6dd1a3e65

SHA512
d960cabf2f15a18975c7cfd4af74cfb1147950b8a76e0dce8a3105af302fd9c1ea560607f0287c574663f8eb3ce73e9b7bdc22ecd22046621040b162986b9f92

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Office.v22.1.Core.dll

Filesize
3.7MB

MD5
04481d41b4edffc33d43dc7b3c21879b

SHA1
9bdfc1ae5bc61699e2705aa58e693ce745c35f88

SHA256
10c2ef3e11a2a2cdac160d4299cd541d6b1f75613ae7adec7689e71d365f7e21

SHA512
76e6a7326e06c3a57d056fb139cb655382017336b422b606a3237d472e7a443d59c71e08a060b3c84a9129d507e458a8f990fef872e5f6e7600f62bd5b02a59a

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Office.v22.2.Core.dll

Filesize
3.7MB

MD5
f570b5c55a11bcacf973eeed57e0844e

SHA1
f9fa8dbc1c8f7dc239d0b5c83aafdc54277c71c0

SHA256
ff553a31694d7043aacbbcda3ec41377ddc036c506520db7331fe3ba8e3a39b6

SHA512
e91969f0a723347d788897f6d5d13a979d61d9fb51c21387d1eb746fbc38cf88119dfb3b1ca565eed1676cc8428cc48eb9ed4fd9d834bfe0ddfd89b2d0faa28b

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Pdf.v22.1.Core.dll

Filesize
5.1MB

MD5
3da62d7c737ee74cd7c039ec47780794

SHA1
d3403fc931204f1a6fcd731ca3d65be571bc29b0

SHA256
0704e6abdd582e23b37a7bdfd298b914038e43477f2e0bc271b012185a5e71c4

SHA512
f39d3145d45b2221c1da05eccf8ca97e5aadc476526f0639b87b4289053b196f8bd282d8373e96f0b09aabbeb120d85cfc1247d7503fd10a74824c22a93adcf0

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Pdf.v22.1.Drawing.dll

Filesize
502KB

MD5
ba8bacdc0334943e942fcebb93c13378

SHA1
7fdc8a6e619e21ec2c37aaa5e0caad031ba9392f

SHA256
f98ad5274cc55f675c60a61d74a4d213a30c00e466537ee852d75c5f390ce7c3

SHA512
e8b6f6801735a672959ac5d5067735bdcb447b0f4fcaf222fdafbf1623b733dbe30684a7f65c259d63e5ea77c04d5625c85770b1442f201d68ec8fd9711ebc79

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Pdf.v22.2.Core.dll

Filesize
4.9MB

MD5
babb2a7abc59c29d026cea7a4546e367

SHA1
be6105d8a0fe90483725a70cab951895c8ea7121

SHA256
084983a6412c967de89f28ab605197d42f682485ac73ac31e2ed1b28533cc63f

SHA512
3d2cfad8c21eed7a64b7059fa2527da642f8067ae7678f977cb11edee21d725548bc9614897cee549ce0d56a3acf4977585c716dde650609d3500b102d68ee63

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Pdf.v22.2.Drawing.dll

Filesize
501KB

MD5
0bcab7de0682bd86dce65e5f8b1c9800

SHA1
a4696ebf4d72274b333ebd6c591f299cf8d6bfa4

SHA256
a694db9952459b0d2de2a390a0def2607a56ffeefda17578cd944bdb312475c9

SHA512
5f2b4bbb6d72a01ef4c0a2206b48b8ea2c2ce38a8efc717856a97d84d2243dacede14d5c92f88b7ec52955183d0600fe3fe238ee68d0ab4a9f609ed82cee60b7

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.PivotGrid.v22.2.Core.dll

Filesize
3.6MB

MD5
436c0f4c5641573963083c22b538347f

SHA1
b43803120b4f0be04a63ec34a64523e1c4e4269f

SHA256
0a5a09245a3c18574de1797547b8685f596ceccf627cf7e530b9b8cb1e43011d

SHA512
47cc11081cc176fce26aba5d91a2b0466f5764b548beb9f1c625541816600756c427c2d030c47135ee4a890397570a7649b04d917ce55dcb1842e414b29f4b17

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Printing.v22.1.Core.dll

Filesize
4.5MB

MD5
9ec835a4e269f978eeefd7fd8bd5abb0

SHA1
e36a07167bd83d713703a84f3c2c2b8f86cd38f5

SHA256
e4d60cac9cacde3cab841854b4c5348df89a4e4027b62de09184a3ddbb81a5a0

SHA512
2a72b3615215b94d1b7fce3c9ff28042c4c02ec655e3fdc42008217979b65f39fff9cb75a35ac1426a78aa2f8c0c00354369cdb5b5df155efcde8651878de4d9

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Printing.v22.2.Core.dll

Filesize
4.5MB

MD5
5bcae5b478c6a337ef075fb96faa0a73

SHA1
a12eaae10af305ec8bc72e7ed4c6394363a0fa31

SHA256
dde47834faa880478fc40fe9e2c021886ecc532ee064b163f93136bb85495452

SHA512
986611ef4f9ffec376921b1931cb00d459e026dd0ce98a36ac42a0cd776c5e9c7625ecad372d2f9bb9df1a87e9cb447f89fee892ea22a75aa87e8ed7f79a5e6a

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.RichEdit.v22.1.Core.dll

Filesize
8.4MB

MD5
7ddf6749688dab11c14e464684346a51

SHA1
dc3578c283b0728052125313f59e71deabe538ab

SHA256
078551cc3b00963dcfae8bcf69f8e926cf67234fc3c688fffccc195b4a611976

SHA512
0087f1e7d85ea050fb860125ed65ca425c6509c23544a776a65a6cdb614d9732f0c99ec2fcbe5c33317053f2df7f839ad420bc2581b898a08c48d183d07d44c6

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.RichEdit.v22.2.Core.dll

Filesize
8.4MB

MD5
6d473c395d6e89b936421a6df8a10095

SHA1
20f982e5be5f2d42f09713a28b5bff1e2a78dab6

SHA256
aab6a1b65130888dbd2f64be8cf4b43049f4feb28d81e66b9ea62ae379f736b0

SHA512
4c7dde968de3f2fd0e0f811d0917be2a4f96707963306c58a5be583da176726db599c86dbe215b66374659061d96937a0b42c3fec4a8830bf654004dc1672915

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.RichEdit.v22.2.Export.dll

Filesize
252KB

MD5
c5dee63a484b6097af15bc6c9408d732

SHA1
c39eb387075db45afba15fbeabfd54a297132e77

SHA256
40ec3f329794a78585674306f6645af386d0e0cef7accf6f3ac4b9c4f8511291

SHA512
88c80af1943a7004717907bbfccc3972d486304443dec8566abdafafa044fe074239cb819bf728c755bf28dadd05ca93c9f9d12aeeaf7e265c22d6a1864d1418

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Sparkline.v22.1.Core.dll

Filesize
87KB

MD5
ba1a701a6312c167ac6f2bf407faa237

SHA1
6d98e694e34daef743e15270b635c3dd19fc3b0f

SHA256
bf03f577ecb257067abee5e7b6e49803a309231701cd07a39caa210d5c886c4c

SHA512
d9b543a7f7c52938965878c9eaf507d0a885f9646fb709a465140f7a9f6cfe8eeaf0618fb3ca716ddf2e98199c3b35551e40d0d963e51b67c3fbe1bea04a05d2

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Sparkline.v22.2.Core.dll

Filesize
88KB

MD5
c44b08fc1e03055ade50d0e0cd5d4b8f

SHA1
438c65f3f3eb957c38734a449b6c92b8db0360c1

SHA256
449953a7fb470b18a37c36d321dc61a1c6bed8e039ee8415cc37315ae44f60b0

SHA512
51106b4bdbaa5643aadfdadfb81b4fbd8abde43de8e713b210bc640c838b19946a59a1278dd65b2c809aa77d699dbe85ef276896db8677c469d2a8bcb49e5363

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Utils.v22.1.dll

Filesize
20.0MB

MD5
07adc748684fd33a198f2dc6eea12666

SHA1
28f62a05673447a3a347aa6a01ae8cd518126956

SHA256
50cba5304bf0a620c119a610e73f545fee688462860706785db507110739a093

SHA512
893829cb3e1a27e5cbcab9a3b7ef290b1ec74cb21fc46358f2a08a3149d54bd34258046ac47387ad5777d794478230bf2605897e7259ac7a0241dc1272e121ab

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Utils.v22.2.UI.dll

Filesize
383KB

MD5
7f3b7c8fb94ff22372586f53e1a4a043

SHA1
d7a701541016470ad057e766eb43112c4dfd87b3

SHA256
0eb585844ece8f0a3ce37d008723019d90f2f7e0830a2e702415f70e31e7db68

SHA512
15f4ff575d4bb624a484ed32b335bece6e0205a33bad22c80e6fab4ae514e67cb7a9638513a6fbec811e0089c3a8f3575bd656e450a945b66ddaad6f8e155bb6

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Utils.v22.2.dll

Filesize
19.4MB

MD5
b7e6bcd420e084e55a03a92a0e1d4730

SHA1
f64988f40fa0354edf6d64fe2370632a91327e2d

SHA256
41d5ffec69488e985e7e73865693109155f09d72c7c830d2bdad21c2815ada7f

SHA512
de6b4a45602cd95fea349a80027ea8fd1c62e939d8e1d0bf2af2de40452a8e5c0c054e9ca787d1cb640e812c4de8cdb8fef14aff978e73071e7d4f6e9ef3778f

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.WinRTPresenter.Launcher.exe

Filesize
13KB

MD5
de4449ac523ac31f66efe7f090360f71

SHA1
de7fcb8c16c7cab8255b8e31781efb0ffc45acce

SHA256
76a868948e5b4df73f5dab5606135f6bf10b598bdaa991737224edcb8fdd58db

SHA512
d43021c5878f08c38264e1882313959aa51b8dabf6649a64f476f3e7c0ba7fdaaac0f3edaa6fb3ea2e56889a5e78791236c1dfe8dbcd9218d7eab30a9ee4a56c

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.Xpo.v22.2.dll

Filesize
2.2MB

MD5
cc89a40f8868000c23e399cef26847e7

SHA1
828e9151a3153e73df61d608fe588fb4fcd19d58

SHA256
0d127901647a1726edd42d7ab8c58efcf853531dd5c1d1a3732c97ff4ba6fc7c

SHA512
63815739d3e745777534bd503d60565f8f038163f7121c65b2d6d7f9e4619337809bc4dc59a10982839f3f4a31c6dfc668986093283c68e5cb4f212252d47fc4

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraBars.v22.1.dll

Filesize
6.5MB

MD5
8f335dc88eb706a7b50f45a3fd308dee

SHA1
1bcfb26b7e945fe29f40a1f2ad19c4be4d590edd

SHA256
3f31296a5be7c607874f4fd3e66df9d2c460edbc5c4b41ee5ce93534786310ac

SHA512
0d42472c287497878a08393b1b39608c0f466520b1ed9aac83fdbd25171941d40d0d0eb1012503894aaac5a5b64db7ea8d280df6d5f7afdd15490d4cee97ea00

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraBars.v22.2.dll

Filesize
6.6MB

MD5
41a81b477f5e16d9ea781519b54911c8

SHA1
1e01e454ea8485e13728e8498f48f54a03f60604

SHA256
c1891a835d86e770d93f5ff1f92a404848d54fe3d54eb2055186c95a9c7bb814

SHA512
3da2181851371bfc85cd5eb182e56a64877318c21b94d490a4a2a64168ae3a0375569916c3bd809a462fe68f09969c1786a4936a0d3fd2ed7319479194849c4e

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraCharts.v22.2.Extensions.dll

Filesize
38KB

MD5
bd02da3ec83ac2e175d49aa8edb212a7

SHA1
c1b030d585d4bd6b7a4e4defaba1627c9bf5ff9e

SHA256
778b8b9990fb9c1b6eb2b500b7ef23960b96840440fa970a3f9d4a234aea4079

SHA512
f04a54dac7a56ccf9cc971a8d620a1a963fd6835dd04ad56e26a31914a00522c400c9cbc5d30a19a226a270876ae00436133bf213d4abe2ab8e23cbcd963ed8e

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraCharts.v22.2.UI.dll

Filesize
537KB

MD5
3bdd2c5ded90280761d88cbc0d4e267e

SHA1
30203f8e7df42a78b684ee9746efce83984520ce

SHA256
d6a8e88e385e396df4f3ac3e3a8f7e403d6033b341059ab9387fea00ed279c13

SHA512
11501ac408504adf489ab9bcd1ebfbe11dfc471189519ea8bc85222539c8cf10d64421063830fcf3117e609910bec9e9274312250b2756705bf588ce9c14a393

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraCharts.v22.2.Wizard.dll

Filesize
6.9MB

MD5
3ac87db1fdc6ac83eedc9dec3a2ebc7a

SHA1
b7658a792492c8db64efa8e2a2029797f7cd9726

SHA256
a9b9fecbe6962a4ceca36642004272bad28ca07bd74b186197510d68a760b633

SHA512
0411fa960262f3734ebb8457776f1f8111c72523cac6ae268992c733da492855d2dce8a6d76c9a762e8d09e857938ededc56c7c759516d3840aae12c45d0ade7

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraCharts.v22.2.dll

Filesize
5.0MB

MD5
01458f2c74ec100abc65141f566ed6f1

SHA1
2ec429231c515751b7a9ba5773bdb9455886f10a

SHA256
009e918376f7e8fd3c12f2e08d54b4103604b8964f908b57e6958e964334aa8c

SHA512
feb97231934a069aa574e8c26a15d164e4615e691eff5b89465911f4db9ea34b1974d82c689d17e393abbb4047278facf73b6d1982a10f964577ecb04c722a0f

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraDiagram.v22.2.dll

Filesize
1.3MB

MD5
1543e261d09538b5dd5f36fd514f588f

SHA1
f59c52d03b38c473361b356e21779b1a7f0297fd

SHA256
9b26bb8085e61617df650b90a85ef7f35afd379a52c50864b739184db100397d

SHA512
349ac0a9c298685c3e56dc987b6bc91c29c4c9119a0e7710e1a72240a8fea6a7a1dcc5c48500a1be4dfb9123345011f7b63410ee1c4a00cdf44033a2d43c2dce

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraDialogs.v22.2.dll

Filesize
901KB

MD5
4516359eaaff4511e7fb8a8f8a60de3f

SHA1
af7f7f51cc582e693d50a1142a66f1a3a95e0c32

SHA256
e4251a0e6c50c79009cb369586625d708602a8e432fe153a410e4cb2c804c60f

SHA512
3d2e8c37d916f40c8ca3a1947544274309e469f9d46e94b37e0e885bc9ede8b879c1c32c27e56540f9ec8124bb3649ff5c830d4591c86efcefe1794d1d5aaed3

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\DevExpress.XtraEditors.v22.1.dll

Filesize
7.7MB

MD5
9a4fa4e33d64f44451fc4223a5616355

SHA1
124caceb4e82537403a4b5e9b21487c369b69559

SHA256
fc4e229d2237af90eb1b76205b543098ee958cbc7558d7a6dab41b5210fdaef5

SHA512
869b25aa356a957ba361b4fcc1b3aa8363e7bd23a577538f904995ebaebb8a249398e35cf381f5ba06baed95c8dd3e5d6e3aea8efe5ac8e48ca2482c9d549bf9

Download Submit
C:\Users\Admin\Downloads\VenomRAT_v6.0.3\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
memory/1508-933-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/1508-935-0x000002860C080000-0x000002860C081000-memory.dmp

Filesize
4KB

Download
memory/1508-945-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/1508-946-0x00000286249C0000-0x00000286249D0000-memory.dmp

Filesize
64KB

Download
memory/1508-934-0x00000286249C0000-0x00000286249D0000-memory.dmp

Filesize
64KB

Download
memory/1636-919-0x000001FAF4B70000-0x000001FAF4B71000-memory.dmp

Filesize
4KB

Download
memory/1636-922-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/1636-918-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/1732-943-0x000001F579630000-0x000001F579640000-memory.dmp

Filesize
64KB

Download
memory/1732-942-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/1732-931-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/1732-932-0x000001F55F3E0000-0x000001F55F3E1000-memory.dmp

Filesize
4KB

Download
memory/2124-805-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2124-795-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/2124-797-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2224-953-0x000001870BB20000-0x000001870BB21000-memory.dmp

Filesize
4KB

Download
memory/2224-952-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2400-937-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2400-929-0x0000023501E10000-0x0000023501E11000-memory.dmp

Filesize
4KB

Download
memory/2400-928-0x000002351C0D0000-0x000002351C0E0000-memory.dmp

Filesize
64KB

Download
memory/2400-926-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2400-940-0x000002351C0D0000-0x000002351C0E0000-memory.dmp

Filesize
64KB

Download
memory/2404-801-0x000001F6A0800000-0x000001F6A0810000-memory.dmp

Filesize
64KB

Download
memory/2404-799-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2404-902-0x000001F6A0800000-0x000001F6A0810000-memory.dmp

Filesize
64KB

Download
memory/2404-800-0x000001F685AC0000-0x000001F68630C000-memory.dmp

Filesize
8.3MB

Download
memory/2404-901-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2404-804-0x000001F6A0EC0000-0x000001F6A13D2000-memory.dmp

Filesize
5.1MB

Download
memory/2404-803-0x000001F6A1DB0000-0x000001F6A31B4000-memory.dmp

Filesize
20.0MB

Download
memory/2404-802-0x000001F687E60000-0x000001F687E61000-memory.dmp

Filesize
4KB

Download
memory/2796-917-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2796-913-0x000002127FE30000-0x000002127FE40000-memory.dmp

Filesize
64KB

Download
memory/2796-912-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2796-914-0x00000212006C0000-0x00000212006C1000-memory.dmp

Filesize
4KB

Download
memory/2836-949-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2836-950-0x00000128DB0A0000-0x00000128DB0B0000-memory.dmp

Filesize
64KB

Download
memory/2836-951-0x00000128C0D90000-0x00000128C0D91000-memory.dmp

Filesize
4KB

Download
memory/2840-910-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2840-911-0x000001C8F4CF0000-0x000001C8F4D00000-memory.dmp

Filesize
64KB

Download
memory/2840-906-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/2840-907-0x000001C8DA8A0000-0x000001C8DA8A1000-memory.dmp

Filesize
4KB

Download
memory/4000-923-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/4000-924-0x000002A6C86B0000-0x000002A6C86C0000-memory.dmp

Filesize
64KB

Download
memory/4000-930-0x000002A6C86B0000-0x000002A6C86C0000-memory.dmp

Filesize
64KB

Download
memory/4000-925-0x000002A6AFE20000-0x000002A6AFE21000-memory.dmp

Filesize
4KB

Download
memory/4000-927-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/4380-806-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/4380-798-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5208-908-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5208-909-0x000001A177790000-0x000001A1777A0000-memory.dmp

Filesize
64KB

Download
memory/5208-904-0x000001A177790000-0x000001A1777A0000-memory.dmp

Filesize
64KB

Download
memory/5208-903-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5208-905-0x000001A175F40000-0x000001A175F41000-memory.dmp

Filesize
4KB

Download
memory/5584-936-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5584-939-0x0000024DB16C0000-0x0000024DB16C1000-memory.dmp

Filesize
4KB

Download
memory/5584-947-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5584-938-0x0000024DCB7F0000-0x0000024DCB800000-memory.dmp

Filesize
64KB

Download
memory/5620-921-0x0000023FEAD80000-0x0000023FEAD90000-memory.dmp

Filesize
64KB

Download
memory/5620-920-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5620-916-0x0000023FD25D0000-0x0000023FD25D1000-memory.dmp

Filesize
4KB

Download
memory/5620-915-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5840-944-0x000001F599410000-0x000001F599411000-memory.dmp

Filesize
4KB

Download
memory/5840-941-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download
memory/5840-948-0x00007FFB04880000-0x00007FFB05341000-memory.dmp

Filesize
10.8MB

Download