asyncrat | f77b4d1f44e950f4a7622a80344f5c7362bcb8f98c4c5f2b76373891b7f529cc

Analysis

max time kernel
773s
max time network
768s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RAT 2022 PACK.zip
Size

86.1MB
MD5

6056181585b05ddaa8fe820d7c39188c
SHA1

27e6f0d65d2d1ff87c54acdc07627d53977196fb
SHA256

f77b4d1f44e950f4a7622a80344f5c7362bcb8f98c4c5f2b76373891b7f529cc
SHA512

a5c03466bf26cb909d5fe3eeb73055bd0106a711580706b9dfcdd8c927d3eabc7ec98011fc9b5807b4e03740ffdfde0ce209b2431582f100daff765266282a67
SSDEEP

1572864:vOuiC/3b3eku8bhxeLo1EF5xUu0cPDjbp4z3eXfeOsNtiwOgWRA8M:vOu2P8reGEikjbp4SXrGtxOgWRA3

Score

10^/10

asyncrat babylonrat remotehackingtoolspack discovery rat trojan

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

RemoteHackingToolsPACK

23.88.104.194:4982

Mutex

ergergerg5454RemoteHackingTo

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
23996	icacls.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
2140	arc.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
2140	arc.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
2140	arc.exe
2140	arc.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
2140	arc.exe
19368	sw.exe
19368	sw.exe
19368	sw.exe
19368	sw.exe
19368	sw.exe
19368	sw.exe
19368	sw.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\AlternateCLSID = "{7DC6F291-BF55-4E50-B619-EF672D9DCC58}"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\AlternateCLSID = "{996BF5E0-8044-4650-ADEB-0B013914E99C}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{A0E7BF67-8D30-4620-8825-7111714C7CAB}"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\AlternateCLSID = "{F91CAF91-225B-43A7-BB9E-472F991FC402}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\AlternateCLSID = "{0B314611-2C19-4AB4-8513-A6EEA569D3C4}"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\AlternateCLSID = "{87DACC48-F1C5-4AF3-84BA-A2A72C2AB959}"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}\AlternateCLSID = "{24B224E0-9545-4A2F-ABD5-86AA8A849385}"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\AlternateCLSID = "{627C8B79-918A-4C5C-9E19-20F66BF30B86}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}	sw.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObject"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\CLSID	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ = "IListView"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CLSID	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\TypeLib	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ = "Microsoft ProgressBar Control 6.0 (SP6)"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\TypeLib	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	sw.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\TypeLib	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Implemented Categories	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\TypeLib	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Version	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}\Version	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}\ToolboxBitmap32\ = "C:\\Users\\Admin\\Desktop\\RAT 2022 PACK\\Remote Hacking Tools PACK\\SkyWyder\\msvcr\\MsComCtl.ocx, 17"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CurVer	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Users\\Admin\\Desktop\\RAT 2022 PACK\\Remote Hacking Tools PACK\\SkyWyder\\msvcr\\MsComCtl.ocx"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ = "IColumnHeaders"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{996BF5E0-8044-4650-ADEB-0B013914E99C}\InprocServer32	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F91CAF91-225B-43A7-BB9E-472F991FC402}\Implemented Categories	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}\ = "IStatusBar"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\TypeLib	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1\ = "131473"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\VersionIndependentProgID\ = "MSComctlLib.TreeCtrl"	sw.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ = "ITabStrip"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}	sw.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B314611-2C19-4AB4-8513-A6EEA569D3C4}\Version\ = "2.0"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\0\win32	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F91CAF91-225B-43A7-BB9E-472F991FC402}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\ToolboxBitmap32\ = "C:\\Users\\Admin\\Desktop\\RAT 2022 PACK\\Remote Hacking Tools PACK\\SkyWyder\\msvcr\\MsComCtl.ocx, 1"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\ = "IButton"	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Version\ = "2.0"	sw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	sw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\0\win32\ = "C:\\Users\\Admin\\Desktop\\RAT 2022 PACK\\Remote Hacking Tools PACK\\SkyWyder\\msvcr\\MsComCtl.ocx"	sw.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
3608	msedge.exe
3608	msedge.exe
3572	msedge.exe
3572	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
11336	msedge.exe
11336	msedge.exe
7104	msedge.exe
7104	msedge.exe
6944	identity_helper.exe
6944	identity_helper.exe
24756	msedge.exe
24756	msedge.exe
24756	msedge.exe
24756	msedge.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe
26904	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
1516	7zG.exe
5096	bbr.exe
4460	cm.exe
3392	oz.exe
23812	sn.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
3572	msedge.exe
3572	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1516	7zG.exe
Token: 35	1516	7zG.exe
Token: SeSecurityPrivilege	1516	7zG.exe
Token: SeSecurityPrivilege	1516	7zG.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeIncreaseQuotaPrivilege	4004	Launcher.exe
Token: SeSecurityPrivilege	4004	Launcher.exe
Token: SeTakeOwnershipPrivilege	4004	Launcher.exe
Token: SeLoadDriverPrivilege	4004	Launcher.exe
Token: SeSystemProfilePrivilege	4004	Launcher.exe
Token: SeSystemtimePrivilege	4004	Launcher.exe
Token: SeProfSingleProcessPrivilege	4004	Launcher.exe
Token: SeIncBasePriorityPrivilege	4004	Launcher.exe
Token: SeCreatePagefilePrivilege	4004	Launcher.exe
Token: SeBackupPrivilege	4004	Launcher.exe
Token: SeRestorePrivilege	4004	Launcher.exe
Token: SeShutdownPrivilege	4004	Launcher.exe
Token: SeDebugPrivilege	4004	Launcher.exe
Token: SeSystemEnvironmentPrivilege	4004	Launcher.exe
Token: SeRemoteShutdownPrivilege	4004	Launcher.exe
Token: SeUndockPrivilege	4004	Launcher.exe
Token: SeManageVolumePrivilege	4004	Launcher.exe
Token: 33	4004	Launcher.exe
Token: 34	4004	Launcher.exe
Token: 35	4004	Launcher.exe
Token: 36	4004	Launcher.exe
Token: 33	4344	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4344	AUDIODG.EXE
Token: SeIncreaseQuotaPrivilege	5028	Launcher.exe
Token: SeSecurityPrivilege	5028	Launcher.exe
Token: SeTakeOwnershipPrivilege	5028	Launcher.exe
Token: SeLoadDriverPrivilege	5028	Launcher.exe
Token: SeSystemProfilePrivilege	5028	Launcher.exe
Token: SeSystemtimePrivilege	5028	Launcher.exe
Token: SeProfSingleProcessPrivilege	5028	Launcher.exe
Token: SeIncBasePriorityPrivilege	5028	Launcher.exe
Token: SeCreatePagefilePrivilege	5028	Launcher.exe
Token: SeBackupPrivilege	5028	Launcher.exe
Token: SeRestorePrivilege	5028	Launcher.exe
Token: SeShutdownPrivilege	5028	Launcher.exe
Token: SeDebugPrivilege	5028	Launcher.exe
Token: SeSystemEnvironmentPrivilege	5028	Launcher.exe
Token: SeRemoteShutdownPrivilege	5028	Launcher.exe
Token: SeUndockPrivilege	5028	Launcher.exe
Token: SeManageVolumePrivilege	5028	Launcher.exe
Token: 33	5028	Launcher.exe
Token: 34	5028	Launcher.exe
Token: 35	5028	Launcher.exe
Token: 36	5028	Launcher.exe
Token: SeIncreaseQuotaPrivilege	208	Launcher.exe
Token: SeSecurityPrivilege	208	Launcher.exe
Token: SeTakeOwnershipPrivilege	208	Launcher.exe
Token: SeLoadDriverPrivilege	208	Launcher.exe
Token: SeSystemProfilePrivilege	208	Launcher.exe
Token: SeSystemtimePrivilege	208	Launcher.exe
Token: SeProfSingleProcessPrivilege	208	Launcher.exe
Token: SeIncBasePriorityPrivilege	208	Launcher.exe
Token: SeCreatePagefilePrivilege	208	Launcher.exe
Token: SeBackupPrivilege	208	Launcher.exe
Token: SeRestorePrivilege	208	Launcher.exe
Token: SeShutdownPrivilege	208	Launcher.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1516	7zG.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
5096	bbr.exe
4460	cm.exe
5052	njr.exe
3392	oz.exe
3392	oz.exe
3392	oz.exe
3392	oz.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
5096	bbr.exe
4460	cm.exe
5052	njr.exe
3392	oz.exe
3392	oz.exe
3392	oz.exe
3392	oz.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe
7104	msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
2140	arc.exe
2140	arc.exe
2140	arc.exe
2140	arc.exe
4552	nc.exe
4552	nc.exe
3508	sw.exe
3508	sw.exe
3508	sw.exe
24856	sw.exe
24856	sw.exe
24856	sw.exe
26088	sw.exe
26088	sw.exe
26088	sw.exe
19368	sw.exe
19368	sw.exe
19368	sw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 2132	4568	chrome.exe	118
PID 4568 wrote to memory of 2132	4568	chrome.exe	118
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 2084	4568	chrome.exe	119
PID 4568 wrote to memory of 4860	4568	chrome.exe	120
PID 4568 wrote to memory of 4860	4568	chrome.exe	120
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121
PID 4568 wrote to memory of 3524	4568	chrome.exe	121

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\RAT 2022 PACK.zip"
1⤵
PID:4544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1408

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\RAT 2022 PACK\" -spe -an -ai#7zMap17746:106:7zEvent8627
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe801aab58,0x7ffe801aab68,0x7ffe801aab78
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1896,i,13999527315961156068,332987529202600459,131072 /prefetch:8
  2⤵
  PID:3908

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\Guide.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe70fb46f8,0x7ffe70fb4708,0x7ffe70fb4718
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13846939432259615739,1898076908961317666,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,13846939432259615739,1898076908961317666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,13846939432259615739,1898076908961317666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13846939432259615739,1898076908961317666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13846939432259615739,1898076908961317666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13846939432259615739,1898076908961317666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13846939432259615739,1898076908961317666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Acrom\Arcom v1.5.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Acrom\Arcom v1.5.exe"
1⤵
PID:4080
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Acrom\lib\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Acrom\lib\Launcher.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4004
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Acrom\lib\arc.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Acrom\lib\arc.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Babylon\Babylon.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Babylon\Babylon.exe"
1⤵
PID:1460
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Babylon\filters\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Babylon\filters\Launcher.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5028
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Babylon\filters\bbr.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Babylon\filters\bbr.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5096

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Comet Sys\Comet.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Comet Sys\Comet.exe"
1⤵
PID:4576
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Comet Sys\LiteDB\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Comet Sys\LiteDB\Launcher.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:208
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Comet Sys\LiteDB\cm.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Comet Sys\LiteDB\cm.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4460

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\NanoCore 1.2.2.0\NanoCore.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\NanoCore 1.2.2.0\NanoCore.exe"
1⤵
PID:3032
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\NanoCore 1.2.2.0\wpnclient\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\NanoCore 1.2.2.0\wpnclient\Launcher.exe"
  2⤵
  PID:4936
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\NanoCore 1.2.2.0\wpnclient\nc.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\NanoCore 1.2.2.0\wpnclient\nc.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4552

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\njRAT 0.7d - Fixed Stealer\njRAT v0.7d.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\njRAT 0.7d - Fixed Stealer\njRAT v0.7d.exe"
1⤵
PID:2512
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\njRAT 0.7d - Fixed Stealer\ssleay32\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\njRAT 0.7d - Fixed Stealer\ssleay32\Launcher.exe"
  2⤵
  PID:3180
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\njRAT 0.7d - Fixed Stealer\ssleay32\njr.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\njRAT 0.7d - Fixed Stealer\ssleay32\njr.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5052

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Ozone C++\OZONE.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Ozone C++\OZONE.exe"
1⤵
PID:4256
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Ozone C++\data\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Ozone C++\data\Launcher.exe"
  2⤵
  PID:1064
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Ozone C++\data\oz.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\Ozone C++\data\oz.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3392

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\SkyWyder.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\SkyWyder.exe"
1⤵
PID:4076
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe"
  2⤵
  PID:4748
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3508

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\SpyNote.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\SpyNote.exe"
1⤵
PID:27720
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\Launcher.exe"
  2⤵
  PID:23204
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\sn.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\sn.exe"
  2⤵
  PID:23180

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\SpyNote.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\SpyNote.exe"
1⤵
PID:23420
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\Launcher.exe"
  2⤵
  PID:23500
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\sn.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\sn.exe"
  2⤵
  PID:23444

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\SpyNote.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\SpyNote.exe"
1⤵
PID:23588
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\Launcher.exe"
  2⤵
  PID:23836
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\sn.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\sysdll\sn.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:23812
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\Clint.jar"
    3⤵
    PID:23868
  - - C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      4⤵
      Modifies file permissions
      PID:23996

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\SkyWyder.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\SkyWyder.exe"
1⤵
PID:24364
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe"
  2⤵
  PID:24384
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetWindowsHookEx
  PID:24856

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe"
1⤵
PID:22000

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:26088

C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\SkyWyder.exe
"C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\SkyWyder.exe"
1⤵
PID:19712
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\Launcher.exe"
  2⤵
  PID:19632
- C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe
  "C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\msvcr\sw.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetWindowsHookEx
  PID:19368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\Guide.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:7104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe70fb46f8,0x7ffe70fb4708,0x7ffe70fb4718
  2⤵
  PID:13216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:9888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:11336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:11972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:29584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:29412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:12368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:15828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:12740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:29752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:30068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:31268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17301225652369327365,12892435833776595292,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:24756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SkyWyder\Guide.html
1⤵
PID:11908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe70fb46f8,0x7ffe70fb4708,0x7ffe70fb4718
  2⤵
  PID:29476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:23004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:13772

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:26904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
ed4cdaf0ca0e202f7592b103f1a4b6fc

SHA1
580c10e7381aa6fe613c1ff5b7203864823c002b

SHA256
9aab01a342530379e439486f290d28c0c21bba35620da0ecfc6b6eeb660288d5

SHA512
1d8061e09cf4cdcf62164e8731fab16f237d3e4419da26202af40090a07e1838506df9814f56a84d4b374d631ff96838d791f196bc4fc2fcba1ccf663420d029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fc3a444e5b9ba166a347ad4571cf02de

SHA1
d86631e5c3b2e10f7af3e99524bc010d1796be0d

SHA256
42091313f19cbc4453bed6be70ea0e1007dfd44a2ab3bf177d729fce031b80e9

SHA512
173848dc6c408707c00ec8a2d90224dfc53d12cd33024ccc1199e493cce0ca0e884378e9fe6144fa1113877fb47643fdfc058427cce189c35b193d181aecfdbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3d4b2fd3552f706744e51afeb4a5c880

SHA1
c019063bd222a1c4a0f71e72c4da966b45468fb8

SHA256
f0e2bcb096fbab9668a4f3e7c00ece275b2fe3b1013754d39c7ff8f9dff326a4

SHA512
8894309abbfed2c85d4b639c9add9b20bd952c2708245c5f0c8c0acca228cbd6a5d8706f6c42db29e795ddd1f199bf98e311e7a7ae5a84d89310580b94d7ac1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1341150cd6543a291a277e975234e7c0

SHA1
e0f04f8ae1043af2369276be62c6561ebf0884e7

SHA256
fe41d229e1b35ece7cf6e63a85b7f9604eae413ddd807fbc8804a9e5018ada8d

SHA512
f2b24f4213d26a9bb519c99e79cee15839fb60574eccf0331330ff5bf0aeff78e0c141b1520a245a96bce363bda1261c08874dfc1739a294735221fd1ba80526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
8f7a6f349126ea29a1c614dddc80066c

SHA1
4c9eb5d20e9017f6b6beb8e777f71b256588d205

SHA256
d5e9ce8a9cf8f2b6584aa63bc86b51c4ca52db7bf27a8d581dd03e046f7be718

SHA512
5ce4eabf8765e42bee8ce4dd17cb73d4954a6a6a20413ca4150d9c98af70e5128e39bd7c0d15326a600b8c6b0e2c30d0b4c294a7bfa1f75276aabe6b86633d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sn.exe.log

Filesize
1KB

MD5
2d2a235f1b0f4b608c5910673735494b

SHA1
23a63f6529bfdf917886ab8347092238db0423a0

SHA256
c897436c82fda9abf08b29fe05c42f4e59900116bbaf8bfd5b85ef3c97ab7884

SHA512
10684245497f1a115142d49b85000075eb36f360b59a0501e2f352c9f1d767c447c6c44c53a3fb3699402a15a8017bdbd2edd72d8599fdd4772e9e7cb67f3086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\njRAT v0.7d.exe.log

Filesize
1KB

MD5
17573558c4e714f606f997e5157afaac

SHA1
13e16e9415ceef429aaf124139671ebeca09ed23

SHA256
c18db6aecad2436da4a63ff26af4e3a337cca48f01c21b8db494fe5ccc60e553

SHA512
f4edf13f05a0d142e4dd42802098c8c44988ee8869621a62c2b565a77c9a95857f636583ff8d6d9baa366603d98b9bfbf1fc75bc6f9f8f83c80cb1215b2941cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef98dfa2c6f9088978cbe294d016ebde

SHA1
5632908d303cb707641974161ede58fed8855301

SHA256
e88a94e60d82b6ca93b1a3d0422ff34cd99c9e08fdafda25a56bce2eb6885098

SHA512
21fd8c1cdd98cd3e1af61ae7ab0486860badbacb68c3295df1433f2d751debeac2a0b37dbb9f35323e124da131981d36a11361264dfaa42da07c739401548353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c06e962a17ea9781ac079a042f72b95

SHA1
36cd8ca236566e98078c39001f5ceacc67bd0f40

SHA256
002bf011d831a52cd886997432a22ffee873a6931c5e342bb66d79169fce1548

SHA512
5f9f0e58dde849615402af78150e754ad1f0641685ba8ac8f3cef473882f20ae5101e3d8a584fbd4ca91c4caa91d9a856fbedb9a912b358218c0292fe44df0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b0be2dcd317f5cb76172c495146cc415

SHA1
a06483deddb489c13f234bea772899898995bc51

SHA256
2c3ae486e0cf7fe4803954a5fdebdd1f44cad43bd367a85e5c7c956892dec63a

SHA512
2f651f5459a40899d0c89c65339f19adc41312db0ebe169e20f20b688bfc79be0b7d5a12c7272343c6a77963f1226c38a4295644e65214f79ddb8d7ad22c2acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
96cd6ac2f5df06cb4b817ddefd2b2fee

SHA1
27ab80c0a54a96e34a56bfb72c2c425ee2ca2b39

SHA256
a16652a42d8186ecab36c1ed017cffa847fcd5dc153e64e7c1479f6c15de8262

SHA512
486f55e18e3c3bbc2b353d9e2091aafe21b99e5b0482e4f8b826b78d500119d665efb89e41c75c648753d9a38b9174bd04b17b57431d5f6944f502f5aa7d54a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
0237093b1622951c4531bec2fdfd18fe

SHA1
356f0f0a3e5ca88be37f3cddc7cdf12187cd1567

SHA256
cd83b991f23058f7a78f3b523023f512db78c68874dae6618880b8f0443a7545

SHA512
b3a6307309a4421e16d430063c31ffeca4e7bf644420d9538c01f85aaddb8f01299d57801ed165985b4454f1634c732e139700fa84d3ac923a1c541e2451b91c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
963B

MD5
1deb2505a0733fcf32f5e5e1dd4cb185

SHA1
6349f0cfe201be4be18414c74bd6b888ec2b4ff7

SHA256
db421ddfbb8996901610685cc47ae19aaf9a48650bad51c40c3598f872cd79fc

SHA512
f960e97b24c3a80882440f606aaa971141c9887b82241a1018794942b28e0dd882e98ea9e3c02bf83a80bc7aa8a1149a40e6dacafc9dd94daccc60fcded82c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
cd8a799f64883611a96ab80d8573a7da

SHA1
61014b0e643e3605a27c16f402c4826e0329b44f

SHA256
ee5a025e3467d2beb282a2ce2a19d7c01b202b752eddf27b430d6c087e37769f

SHA512
759473283980cf38029c84308f7628ff513ad5c735e1761415d8fa7a5e4e8c07dcf5f9074f59a39654d25a27dcb692472bbf8e9835d72d3983ab86e5451e0679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
da9ec89190b112efcc9e6bc1b5a68961

SHA1
bf120029a1ffc89b872f49943e9f9c22ee181eca

SHA256
192bd54a5aae07c0ee15123984c373214d42fd8253007240d75499f64df97ccb

SHA512
4795445f0336c6f4839ca7158f599fa99c5a01dda8e114ea5a4ae1b223f3c1cc2acc6c3dee4cc876ecfcb298e7d0f2fd5b59411ed792da05dc8208b79225a2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
604B

MD5
70afbbeb55ca1c71f64c3c0f9dfc35ef

SHA1
59517f07c485ae830f4aa0918bb4449c26c0e46b

SHA256
d2770bb0fe6a47b26faa04d3e7ac442d17e4ae56007c82fd46795113374985c1

SHA512
eed9685de294e6770d123eb690dd1c257a169f8efca47639d8e1429df471ab32158bff2761e1c4211c2e36d1f013065988d13f75c9be12d2d6ba9d1391479e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d346d21f90a5d8f0494dbfba1bbaca02

SHA1
e5fb42154956fc43eb392694cd4b45a11d0523d1

SHA256
acc94b7fb3ea63f41ef4469694f621f8f79503d4403d4c344854d6bb64e351e9

SHA512
ae103d50c0cbfa1fa621cdf95ae197f379888b4bb58017454c6a3d934fd259bba952c79dbccb14426ddc0e2ff9688daca43baa09507016564764f18f5cb80d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28996f9f80d971a6068742f7cb3538db

SHA1
a3d20cc0b8058c18f052f0ce85d86e6702fae5cb

SHA256
9e53fc1dd1bf4126724c0a7f48be4260bc3268b798216d2c6648aea69251b83d

SHA512
d113053d7c3bb0c0971346c4dc1ffc99e51de556d410f04a31303f1e25c9bfca28c56a4e4d0f7f32e4bc1faa62546b1510be80b7675561acc05119cd8260629d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c1c2f3f2574e2278737cd4bcafcc0bbb

SHA1
a18b87120067588180b4f7997fed05987844bf21

SHA256
e804fc447339d268ef2960b5961adb14931daef659757b947afb632686f2b030

SHA512
9906a3783dfb42386428fa8ed96b10c6a3871f48f78c1c4051ce85ddfd8bc31f7a31b360db39b42030a966233d4cf61f2aef3a40554dd1edc39479365a95ab18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e265df0cfb99a3af51f6fc900230ddfc

SHA1
1b8ef773bf9b2bb3bd11fa0c312e383b0fcae4c9

SHA256
86bd717b1ba3d57b4b7b96c1dd58be3f9563603beb7d2abc81ffbcf35a8fa93f

SHA512
fc59d32112fe410ecace401f7958c86d890fd9ef9cfde17e317fed40a873db79e8221d8e6905b796e635df9fbe87bf2be84bb7d3bfedef1906f9cba48632ed5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8960e19cbe7692e3532cfc7058423a1c

SHA1
6c4e10f2fada7cbd42725d3310e24cad4811a620

SHA256
26393de608d8b5272ad221807dc2bb52c37bdaadf7d3d91506d626809d577d35

SHA512
8f1a6fb7b4479a6f8b4f63980f72b9ef4f0332e7e31db48cadebeb98952d68b7063b758dea7224499cab61a8be320ee9114ce6f0d3c219019558593bd835b652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6492ecfaf1218efb94a53013568f370

SHA1
67c36d43f24f75b2abda4b06e1f53ebc253d94e6

SHA256
bcbafc9296c4d158927a1d1da5c2ddf8b364e41b71d7ef0b11f57faa8ca4546a

SHA512
ed81d9aaa56701505da9da60974c005debd3dab8358d2c7b4e0fd8f77d76c396100c380c565ea523a3262262b1b2f0361f2c39e4a6ee34b1c15377912f48c346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
ce5c5a067bd1daf6b84aaab50594106d

SHA1
d552664ba1e0df77e4906bc55b3d2c197054c306

SHA256
baaa893eba9fbf4c44c46e55924a26ca3b7f7bf22a66d8cd01e70ccc336f727e

SHA512
625e0478f38b70451e90fb35773c481cebda02349d292c3e552390819ec96ddbcec7342af96761ea33ef85ddad886f7cfe284ebec013755a204ae2b159334321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364502392789229

Filesize
2KB

MD5
5080eaf510c6750ae98f4012593b8f06

SHA1
4300cd8e65a84e30e71e08918190f07b5a281582

SHA256
ef01cf694fdb9b58ee97c0b51aea8d6a31794ca6bf6364cd0269d2bfa3961175

SHA512
589db13338434d41a2eaa4e6a0174c71bd309e6c100409f9faddf29edf89200e42091479c8f366e2ba8e057baf72624f433ab2ea0b0671fdf72ca87610c40c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364502392993229

Filesize
2KB

MD5
2d9f2ac9c765585b3891610997b45b4e

SHA1
7d863eab766e40fc3433798342d2c8db67bbff16

SHA256
ecc6fdca06475233c9b8fee3a397c97b7bf899619a6a604e092f643023b8580a

SHA512
20041e3781648a1d03a4a2f97c281ca7826f280499b7a9aa96010812c7741391aab4cd4810cf5d61cf0a6bf73a2d3860119bb703f989867f0f7de0d20c93cb27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
9106bad233f2de350a336cb42d30618d

SHA1
60c49bc372b40dd578f64dd1c3dd1c8b1684d0ed

SHA256
4882d92168ffd441052cfa62772e9db6d949524e1ace855f2d38f91c851cd443

SHA512
70075ebfaad72728a3016c49b6450a0fd264587cf8ba583348d9b923efa6e48ed575b7a64680b6e745b41b861a15c062ff89e9466071c034cd0bb7bab412038a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
59d2b89358724bc06cda373257f89729

SHA1
821367142d0809459af58a30e835c7e1fd341f85

SHA256
75dc2864c8a048c8592e577135826c8478a3e849f7c5d58d44da27df541db21a

SHA512
0d9cd9d50b065f8e0cf11eb0d1056f098cc1ddc687eb6a632e8d0fb60b598bcf266fd857db4c3f8cd670811a626c035b80b26f4df864d548aba2261e159d2bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c936f979b77646343c3faa02f59fa7c2

SHA1
583117172532cd4bbf1cfeadf02a2bf65c63f534

SHA256
53b933cd9285fa605630c825d036e7ebf9cfd6871a8028ca2a9560ea405b64e9

SHA512
948fa2857eb8847adfd340d7ef4720ea89df441a329bc2f078f42713c297cb9d1c459c3da3bc9ccde9187e2655a840fe04de12f0d9ebc9f8edec53268decaac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e974c.TMP

Filesize
203B

MD5
c8cfed5d64c5fcb131edf878b1ca6e46

SHA1
e63bd5120ae599c04328c05d763ee1fbdad2c41b

SHA256
a99faad4a709c8c2c005b0ff996952fd20f1edcf9e9daf2df1258fb057c94dd1

SHA512
9701f018d7c2b4238e8552dcfa59362a1ecd901714a31c15d8fda33c2a002aee5d06320955174d1b240ec1df0f8b46e398f8e54680511ec24d2a230438281d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c06bb044d697b1ed7163d28cd2a2edb9

SHA1
7efde43ca6684dc5e73bc66424f0ed761c485711

SHA256
e06cc19f97dfb7d443333da4c7ceca631bbd3de21a562ca563716eeab0cd4885

SHA512
01be52e2d6857f28d36b24c6e9a186be0f872496e1e342198c35aa65d7e1735b6e7427aa7c934344140bcd2672d2a129cdf0dc5289c117b5b22ea25bff380809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
5ddafb759c510b63e96c83935eac6faf

SHA1
ee1c923ceb44a36df3aa0c3c0313699d66967529

SHA256
08f8ec5092d855eb398cb43f8cd98a5ead4f843bc4278cba812379a8e3b3cee0

SHA512
d45ed0714f343d4c6f916b05c95f79e50c41e9f0f3202731f0d6748be712b36bfa61c05acbcebfbbf4f0cc209f4c84bbb32e5ed360403340dcf37b46002bcbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e03ff730-45b8-465b-8dab-6c32654b8a19.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
0a0b5c2ed890d62d5b88d0482904de3c

SHA1
9d9ecc3deb14a7dd937789f9d59d8278c5638c74

SHA256
fe52370def597116b913da5cf23776026a44074b16229ca645003ea2158fd43f

SHA512
c9cbd8ad3c41df0513e57d2e0d3cc7203b9f8f5f0bcdd7657e9003c6662e5ace39c70ad16bb4525d153fa57c843341b34f1eb4173700b28d6451409aeab61503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
226a2688f244ba706e0555056cb407ac

SHA1
fdfdb505cfa823954c2b6851f2a07c14f1dcd5e7

SHA256
e48a3f325686e8ec44fb1397237bd6f352bdb35be359a5275d88570a4ff51065

SHA512
9bc174cb243c54a2e18cd367f7bbcc0b7143e396005bf01264b6303638006d71c5e5fccde23baf8d78f8d70aeaa183dab2d0c06db3392ada17a4b8f7ec3f1d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
375dc28c0eb39b2fe75c6b17d3c30f30

SHA1
a5179e432e9d612b2e5f28fefd7ad78454c14703

SHA256
a5268fcfffe6b7c5514e2047183ce9c407a8c9b5f2ae441ec80d01a1d96227e5

SHA512
e110d2cf8ad7615cdb58f723d8bac9902d64b7403a8d6230cace5458413bfd0b9d1c63d84c56c6046236c11633c1c2b910fdcee9aa64383aebf00176e3623aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
c2ce1f096331374459315068a56073c0

SHA1
ec08e227e5f3a924937deac0db3947d263997a3d

SHA256
0991cde82a8271e3b61e1101073ced06f29c626703663317260a6dad6f8821c1

SHA512
ec40468ea934acbaa9e803a5d0c6791e543226d5e9415ac91cb2782128e410adbc893958dbdede681e8e6118fe2ad9c5297908618e9ecba22b518281f7be3d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c00c8c3dc05310f2c2aee9631aae4a47

SHA1
3ae0f34c3cd5819b60448a3e29abe8c06792f953

SHA256
40e1fb216d32e7a6b4ac0228dc817272dbf8e2c890344b10878648164b5dfbd4

SHA512
97cb8f09f3fe7d99a188feeed611e6b853f2fdbeba1a5417d06507337fdbfa774f9046e6c46c830435bc9f7516640da6f30a430a59dd13e908e1ac781d5f6911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7e79a8d6ad4cf5295de5409cf92543e6

SHA1
54f0aa9f7a8ef1dfb401793978cbef76d8c5b70c

SHA256
5051612f89a137735391e6fb6d53ae6eb6f86a3d6d465819f67abef2c8204eef

SHA512
4718cb5fbb0fc582584a21066e002efc6f43700421b8ebf4002c2fd31feac13781dec9be5a81730945cd5f987454180fa250de8eb8f1e1dadf96c1a107f2979b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
13f04ea9e4af58bb8bbf870924f7c998

SHA1
0652ce7a9ee63af8c4d15d39db4554a3c8ee03c2

SHA256
5d629cf7f0e6b2bf0f8b055b6909f4777093823c704edbceb07c60c87271f261

SHA512
3faedc713368c9032d9c2e9afdad9b54933b71c24e2953e137f30d4b607d706e5a72ca4b69fa505c1feba3edae1e8156234d347d5b479cfaf0089f05f0ba9786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef1f83ee84a7b65e88c250dbe3db2bcf

SHA1
2fbf3d9dcfbfd0f860851cdc90fb6de5e45acc3a

SHA256
b2be7a290ba092b528177d58532817e1d305cf4575f1aaa98b6778f81f34eda4

SHA512
2db5b9e24b7ce853b7c8d4d4488634999d83b5e65c859d0cab037a2e80a74f52ba51492a40e561746911cd94e4848bfc2067b1d10f0358eca39c936ead27d51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
89382ff6e739879e4b7a89a24fdd51c5

SHA1
3527e8cc42080851b0c058c4ceb4cbfb6c164a46

SHA256
2f3c808463e5b71f5baf2fd98bbbbc43ce46e7bc9247a2fa92c94e8473f42a42

SHA512
9e1c957d6418ece56b5f500fa9157e79f610d9006220a03f7d07c8ff42192ed898c661ba9231eb36fb5512dc89275f9c274a6853048054c11a59e88040e245ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08031f90c50a334498fbde852fb4b956

SHA1
03cb6dfcfff2e1b2b69e9ff8e572adef3e9896c5

SHA256
3e5e1ebfa4936ab7e5a6b9127cd433657ab77b7a0c8aa1e591f40aed94866e0a

SHA512
ff8031189e67894fd7b0c556683a8b7993a5bac8d7cea3077591daf5ad401ca80eb722966485bb948b60e1cdb582b24c4ee79beb35fb96550833f665f78a96be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
6dbaa0c3f46296acbf0caa72ba791f28

SHA1
b28d157abb4811621c7cbf8459af9c892fca4abc

SHA256
3929c7583e7038908e39e26983cfb09addaecd78622ca886479b67e33355e0df

SHA512
55709c389610af8927cbceaf89a9a2a6431f68d5005093e4cf2f177d9b7e79f18e68c64a02088b0d4ae056417e8722d6a1f87f2db439c6141af5307977800e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
8fd4585ced23c459bf2ef4cd637b6844

SHA1
8a62769657c9664d570efb4c526c0af01bd028d4

SHA256
32867727e4799a147c1d95d5d5a32f6de7e125ef6cf12de1e627ebc4430ddce1

SHA512
913dba164aea85b1b8df01b0b7de956321f3e8857f75aaf2c344c1391c2a024fe060d0a6b7afa131fde23e65600d89176fb7c1c5ef28e0cba88294206dd929b7

Download Submit
C:\Users\Admin\AppData\Local\SP\sn.exe_Url_nsz5larclfzizzvuq4eqnrsln1luk3yi\2.3.0.0\3teyxaxm.newcfg

Filesize
875B

MD5
a0cfc13493963a2dd390f98fa31e1594

SHA1
99aceadbe6f21964e5cbf82614171263efd501ac

SHA256
d1bcaeb241f33d051f5e12870c842abe37ed577d1e41ae8d7ee1353eaaa24e5e

SHA512
15063bd8e885b9ae07ab0432f2689e0071305b3bd0b2cfafb3da8543d9dfad3a83f3d8085a94acf50c5df49f92d112ebe4e7a90d29aa243de003e90e29de4883

Download Submit
C:\Users\Admin\AppData\Local\SP\sn.exe_Url_nsz5larclfzizzvuq4eqnrsln1luk3yi\2.3.0.0\user.config

Filesize
761B

MD5
45e0163e3f3e3d4b873a1eae88a1c653

SHA1
aba7b3dca81557ab715d8f0047e1c2bdf6a15028

SHA256
3a7b274e02f60526fd6a24099a47427a04211512154c462b2d170fe05c0d877e

SHA512
a76213c09e4f06c49b5479159ce37247ac3846e073dc530667e2550fc023e5515e5fac527d43949265be13a9e1183e40f2aa332541d4d15019980da063f1b124

Download Submit
C:\Users\Admin\Desktop\RAT 2022 PACK\Remote Hacking Tools PACK\SpyNoteV2 Android\Java\port.id

Filesize
4B

MD5
934b535800b1cba8f96a5d72f72f1611

SHA1
fea7f657f56a2a448da7d4b535ee5e279caf3d9a

SHA256
edee29f882543b956620b26d0ee0e7e950399b1c4222f5de05e06425b4c995e9

SHA512
a8cebf1698dc14282c507b1e1cfb7f2c9d5216aa7bd0854b50561e02c2b99d9a38945ec0f81e55f9699062b1eac6d0083411c839ba2b27c6a15b494463bc5c73

Download Submit
memory/1460-263-0x0000000000710000-0x0000000000744000-memory.dmp

Filesize
208KB

Download
memory/2140-261-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-262-0x0000000060900000-0x0000000060978000-memory.dmp

Filesize
480KB

Download
memory/2140-13425-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-52776-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-258-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-13390-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-26499-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-260-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-13423-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-13383-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-52778-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-26506-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-52793-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-53026-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-52822-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-39579-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-52723-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-275-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-277-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-306-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-288-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2140-295-0x0000000000400000-0x000000000161F000-memory.dmp

Filesize
18.1MB

Download
memory/2512-290-0x0000000000440000-0x000000000047A000-memory.dmp

Filesize
232KB

Download
memory/3032-279-0x00000000007F0000-0x0000000000830000-memory.dmp

Filesize
256KB

Download
memory/3392-299-0x0000000000400000-0x0000000002314000-memory.dmp

Filesize
31.1MB

Download
memory/3392-13392-0x0000000000400000-0x0000000002314000-memory.dmp

Filesize
31.1MB

Download
memory/3508-6192-0x0000000076830000-0x00000000768AA000-memory.dmp

Filesize
488KB

Download
memory/3508-309-0x0000000076FB0000-0x00000000771C5000-memory.dmp

Filesize
2.1MB

Download
memory/3508-4183-0x0000000076690000-0x0000000076830000-memory.dmp

Filesize
1.6MB

Download
memory/3508-308-0x0000000000400000-0x0000000000E4A000-memory.dmp

Filesize
10.3MB

Download
memory/3508-13386-0x0000000000400000-0x0000000000E4A000-memory.dmp

Filesize
10.3MB

Download
memory/3508-13387-0x0000000003C80000-0x0000000003D5B000-memory.dmp

Filesize
876KB

Download
memory/4004-257-0x0000000000E50000-0x0000000000E66000-memory.dmp

Filesize
88KB

Download
memory/4076-304-0x0000000000010000-0x000000000004C000-memory.dmp

Filesize
240KB

Download
memory/4080-255-0x0000000004C50000-0x0000000004C5A000-memory.dmp

Filesize
40KB

Download
memory/4080-256-0x0000000004E80000-0x0000000004ED6000-memory.dmp

Filesize
344KB

Download
memory/4080-254-0x0000000004CF0000-0x0000000004D82000-memory.dmp

Filesize
584KB

Download
memory/4080-253-0x0000000005200000-0x00000000057A4000-memory.dmp

Filesize
5.6MB

Download
memory/4080-252-0x0000000004BB0000-0x0000000004C4C000-memory.dmp

Filesize
624KB

Download
memory/4080-251-0x0000000000180000-0x00000000001BE000-memory.dmp

Filesize
248KB

Download
memory/4256-297-0x0000000000DA0000-0x0000000000DE0000-memory.dmp

Filesize
256KB

Download
memory/4460-273-0x0000000001D10000-0x0000000001D18000-memory.dmp

Filesize
32KB

Download
memory/4460-270-0x000000001C3C0000-0x000000001C466000-memory.dmp

Filesize
664KB

Download
memory/4460-271-0x000000001C940000-0x000000001CE0E000-memory.dmp

Filesize
4.8MB

Download
memory/4460-272-0x000000001CEB0000-0x000000001CF4C000-memory.dmp

Filesize
624KB

Download
memory/4460-274-0x000000001D0E0000-0x000000001D12C000-memory.dmp

Filesize
304KB

Download
memory/4576-268-0x0000000000C50000-0x0000000000C82000-memory.dmp

Filesize
200KB

Download
memory/5052-294-0x000000001D4A0000-0x000000001D4B2000-memory.dmp

Filesize
72KB

Download
memory/5096-265-0x0000000000860000-0x0000000000F22000-memory.dmp

Filesize
6.8MB

Download
memory/5096-266-0x0000000007E60000-0x0000000007E7E000-memory.dmp

Filesize
120KB

Download
memory/5096-267-0x0000000008870000-0x00000000088DC000-memory.dmp

Filesize
432KB

Download
memory/19368-52727-0x0000000000400000-0x0000000000E4A000-memory.dmp

Filesize
10.3MB

Download
memory/19368-45465-0x0000000076830000-0x00000000768AA000-memory.dmp

Filesize
488KB

Download
memory/19368-43456-0x0000000076690000-0x0000000076830000-memory.dmp

Filesize
1.6MB

Download
memory/19368-39582-0x0000000076FB0000-0x00000000771C5000-memory.dmp

Filesize
2.1MB

Download
memory/19368-39581-0x0000000000400000-0x0000000000E4A000-memory.dmp

Filesize
10.3MB

Download
memory/19368-52726-0x0000000003D30000-0x0000000003E0B000-memory.dmp

Filesize
876KB

Download
memory/23180-13382-0x00000153B6340000-0x00000153B6406000-memory.dmp

Filesize
792KB

Download
memory/23868-13421-0x000002976D330000-0x000002976D331000-memory.dmp

Filesize
4KB

Download
memory/24856-17302-0x0000000076690000-0x0000000076830000-memory.dmp

Filesize
1.6MB

Download
memory/24856-13428-0x0000000076FB0000-0x00000000771C5000-memory.dmp

Filesize
2.1MB

Download
memory/24856-19311-0x0000000076830000-0x00000000768AA000-memory.dmp

Filesize
488KB

Download
memory/24856-26502-0x0000000003D40000-0x0000000003E1B000-memory.dmp

Filesize
876KB

Download
memory/24856-26501-0x0000000000400000-0x0000000000E4A000-memory.dmp

Filesize
10.3MB

Download
memory/24856-26504-0x0000000003D40000-0x0000000003E1B000-memory.dmp

Filesize
876KB

Download
memory/24856-26505-0x0000000000400000-0x0000000000E4A000-memory.dmp

Filesize
10.3MB

Download
memory/26088-32391-0x0000000076830000-0x00000000768AA000-memory.dmp

Filesize
488KB

Download
memory/26088-30382-0x0000000076690000-0x0000000076830000-memory.dmp

Filesize
1.6MB

Download
memory/26088-48632-0x00000000036D0000-0x00000000037AB000-memory.dmp

Filesize
876KB

Download
memory/26088-26508-0x0000000076FB0000-0x00000000771C5000-memory.dmp

Filesize
2.1MB

Download
memory/26088-48882-0x0000000000400000-0x0000000000E4A000-memory.dmp

Filesize
10.3MB

Download
memory/27720-13377-0x0000000000830000-0x000000000084C000-memory.dmp

Filesize
112KB

Download