asyncrat | hxxp://web[.]archive[.]org

Analysis

max time kernel
888s
max time network
890s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://web.archive.org

Score

10^/10

asyncrat default discovery ransomware rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

bjspjiugvtjxccffynj

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/LwwcrLg4

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	Client.exe

Executes dropped EXE 8 IoCs

pid	Process
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3480	Keylogger.exe
1052	DevExpress.WinRTPresenter.Launcher.exe
4976	Client.exe
6072	Client.exe
4032	Client.exe
7100	Venom RAT + HVNC + Stealer + Grabber.exe
10244	Client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	Venom RAT + HVNC + Stealer + Grabber.exe
File opened (read-only)	\??\D:	Client.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
299	pastebin.com
72	camo.githubusercontent.com
290	pastebin.com
298	pastebin.com
233	pastebin.com
286	pastebin.com
309	pastebin.com
70	camo.githubusercontent.com
71	camo.githubusercontent.com
232	pastebin.com

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpFFAC.tmp.PNG"	Client.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
5904	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\Desktop\WallpaperStyle = "2"	Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\Desktop\TileWallpaper = "0"	Client.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads"	SnippingTool.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\TV_TopViewID = "{BDBE736F-34F5-4829-ABE8-B550E65146C4}"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\6	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\6\0\0\0	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\5\MRUListEx = ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 9e00310000000000e958957011005341564544507e310000860009000400efbee9589570ed583c802e000000e9e701000000010000000000000000004c0000000000b24659005300610076006500640020005000690063007400750072006500730000004000770069006e0064006f00770073002e00730074006f0072006100670065002e0064006c006c002c002d0033003400350038003300000018000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "8"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000060000000200000005000000010000000400000003000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SnippingTool.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\TV_FolderType = "{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SnippingTool.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "14"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 06000000020000000500000001000000040000000300000000000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	SnippingTool.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	SnippingTool.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4 = 3a002e8096f2fd3decdbb44f81d16a3438bcf4de260001002600efbe11000000750c67c008d2da019993427710d2da019993427710d2da0114000000	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	SnippingTool.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\6\0\0\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\6\0\0\0\0\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	SnippingTool.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	SnippingTool.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	SnippingTool.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = a7021f002d02d5dfa3231f020400000000001b0200003153505305d5cdd59c2e1b10939708002b2cf9ae5b01000012000000004100750074006f004c006900730074000000420000001e000000700072006f00700034003200390034003900360037003200390035000000000012010000aea54e38e1ad8a4e8a9b7bea78fff1e9060000800000000001000000020000800100000001000000020000002000000000000000160014001f50e04fd020ea3a6910a2d808002b30309d0000000000000000000000000000000000000000000001000000010000800100000004006900740065006d00000000000000000000000000000000000000000000000000000000000000000000000000000000001e1ade7f318ba54993b86be14cfa4943ffffffffffffffffffffffff00000000010000001900530065006100720063006800200052006500730075006c0074007300200069006e00200054006800690073002000500043000000000000000000000000000000000000000000000000000000000000003900000024000000004100750074006f006c0069007300740043006100630068006500540069006d0065000000140000007bbd500e130000006b00000022000000004100750074006f006c00690073007400430061006300680065004b006500790000001f0000001b000000530065006100720063006800200052006500730075006c0074007300200069006e002000540068006900730020005000430030000000000000000000000000000000741a595e96dfd3488d671733bcee28ba671b730433d90a4590e64acd2e9408fe2a0000001300efbe000000200000000000000000000000000000000000000000000000000100000053022a0000001900efbe1e1ade7f318ba54993b86be14cfa49436f73bebdf5342948abe8b550e65146c453020000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\NodeSlot = "18"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 8000310000000000f656fa46100056454e4f4d527e312e33285f0000640009000400efbeed58567fed58567f2e000000bf350200000009000000000000000000000000000000805a0f00560065006e006f006d005200410054002000760036002e0030002e003300200028002b0053004f005500520043004500290000001c000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	SnippingTool.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 050000000100000004000000030000000200000000000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 06000000000000000200000005000000010000000400000003000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
1388	msedge.exe
1388	msedge.exe
4640	msedge.exe
4640	msedge.exe
6128	msedge.exe
6128	msedge.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3480	Keylogger.exe
3480	Keylogger.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe
3480	Keylogger.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
3936	Venom RAT + HVNC + Stealer + Grabber.exe
5228	SnippingTool.exe
3480	Keylogger.exe
4032	Client.exe
7100	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeRestorePrivilege	5868	7zG.exe
Token: 35	5868	7zG.exe
Token: SeSecurityPrivilege	5868	7zG.exe
Token: SeSecurityPrivilege	5868	7zG.exe
Token: SeDebugPrivilege	3480	Keylogger.exe
Token: SeDebugPrivilege	3936	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	4976	Client.exe
Token: SeDebugPrivilege	6072	Client.exe
Token: SeDebugPrivilege	4032	Client.exe
Token: 33	4092	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4092	AUDIODG.EXE
Token: SeDebugPrivilege	8996	taskmgr.exe
Token: SeSystemProfilePrivilege	8996	taskmgr.exe
Token: SeCreateGlobalPrivilege	8996	taskmgr.exe
Token: 33	8996	taskmgr.exe
Token: SeIncBasePriorityPrivilege	8996	taskmgr.exe
Token: SeDebugPrivilege	7100	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeDebugPrivilege	10244	Client.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe
8996	taskmgr.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3480	Keylogger.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
5228	SnippingTool.exe
5228	SnippingTool.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
4976	Client.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
4032	Client.exe
3936	Venom RAT + HVNC + Stealer + Grabber.exe
7100	Venom RAT + HVNC + Stealer + Grabber.exe
7100	Venom RAT + HVNC + Stealer + Grabber.exe
10244	Client.exe
7468	mspaint.exe
6684	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 4908	1388	msedge.exe	84
PID 1388 wrote to memory of 4908	1388	msedge.exe	84
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3904	1388	msedge.exe	85
PID 1388 wrote to memory of 3656	1388	msedge.exe	86
PID 1388 wrote to memory of 3656	1388	msedge.exe	86
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87
PID 1388 wrote to memory of 4016	1388	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.archive.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d1946f8,0x7ffa1d194708,0x7ffa1d194718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1089589142025977842,8020892955825877950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4140

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\" -ad -an -ai#7zMap13152:102:7zEvent30504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5896

C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3936

C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Keylogger.exe
"C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Keylogger.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3480

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5684

C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.WinRTPresenter.Launcher.exe
"C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.WinRTPresenter.Launcher.exe"
1⤵
- Executes dropped EXE
PID:1052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x404
1⤵
PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5228

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp6220.tmp.bat""
  2⤵
  PID:3600
- - C:\Windows\system32\timeout.exe
    timeout 3
    3⤵
    - Delays execution with timeout.exe
    PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa1d1946f8,0x7ffa1d194708,0x7ffa1d194718
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,5222894381480243806,13729359676069485838,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 /prefetch:8
  2⤵
  PID:5316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5688

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6072

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4032
- C:\Windows\SYSTEM32\cmd.exe
  "cmd"
  2⤵
  PID:368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4448
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1648
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2984
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4268
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4672
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1536
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4984
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4132
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2456
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4800
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1892
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4884
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5728
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3352
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2596
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5688
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5336
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:860
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2896
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1444
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5044
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5924
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2264
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2260
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3904
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2652
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5732
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1604
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2940
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5768
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5504
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3464
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2760
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5712
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4844
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1460
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:4316
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1344
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:680
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1320
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3888
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5772
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2740
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6176
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6224
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6272
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6324
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6484
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6540
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6628
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6868
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6956
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7016
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7068
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7160
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6588
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7264
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7296
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7328
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7448
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7564
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7612
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7664
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7712
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7768
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7948
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8008
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8060
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8144
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5092
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7780
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7996
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5140
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8256
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8296
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8344
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8392
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8476
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8528
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8584
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8624
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8672
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8736
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8888
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8984
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9020
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9072
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8316
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1760
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:5992
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:7932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8712
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:3300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9284
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9328
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9420
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9580
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9652
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9704
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9832
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9904
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10000
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10108
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10192
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9276
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9796
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10296
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10340
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10480
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10544
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10592
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10708
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10756
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10828
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10916
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10964
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11060
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11204
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:8664
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:9976
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10664
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10980
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:10324
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11332
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11420
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11468
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11524
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11568
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11648
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11680
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11780
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:11976
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:12016
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:12072
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:12160
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:12200
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4032 -s 3764
  2⤵
  PID:11560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4092

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:8996

C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:7100

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:11256

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:10244

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\SplitApprove.png" /ForceBootstrapPaint3D
1⤵
- Suspicious use of SetWindowsHookEx
PID:7468

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
190a28420f123e407c6cb8d67301a6ba

SHA1
d92b71c5e18e28769a0d4e29ce160afcfb479990

SHA256
c0578459b3abdf38b05bb0e50b162a860f8a64f38a99bbae4d39b6531cf2ed0a

SHA512
d7b95c034f47d157e4f5a7526ae81ac17541c998e127d49c72ffef227d6fc122a9e8995e11d8329ee056e2091cff01bd6ca26baf28921a0826a0e76d1a0ae8f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a2135b3630121c727402eacad7f9ea7

SHA1
855791693fa937ee3d0e725c0f3284b8a12b4aac

SHA256
27550f8d17b0004286cd22acf0aaef593b17758dbbd3af0d122448205d7b6d43

SHA512
4a6d85ec21196e5553c1c91a00c0692022e2f9de4fd47337450b4c93d27d09a8a4677b7518bf9b38eede2de47f963a73bf6af7fa9dc43fd1bd523dae6f1b2449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
de01a584e546502ef1f07ff3855a365f

SHA1
60007565a3e6c1161668779af9a93d84eac7bca8

SHA256
9ed00a33812a1705d33ccf2c3717120f536e3f4e07e405539e1b01c5a38a14ea

SHA512
1582b69b40e05bad47f789e1b021cdd5e3f75548a39a99e0db1b15138425e530e25ce6e56185b1dfa5f51758d2709e52d53f309da2e662ebc34c8d4974ab6469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
c71e53854f68266b9b7f2151cfcc5c32

SHA1
356fa2aa7d9a8c7585d846fadde297d33166ecd6

SHA256
ba4913f000f60e3762611198396ef0bf07204cb4381a74d83328e6369eaf39b5

SHA512
d261f7efb5490d0e9e11517d1e96d8d090bb0a64584565afe335ab9becb54f399e5eea088156c999004b771f4cabaa107256822bc1c4085194a35744d7915270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
74KB

MD5
db920ea5f2bd7f0a67ab82b732a1c544

SHA1
1d23857d950a3b16d78154f1b59d3900d338e705

SHA256
c3a6644a41941f92447340de5d6c8bd64137d8ca5e9ef1427d926056a0d1192b

SHA512
c4d4eeb2da80b036706b18fdb62d90ff4e7907ca4ad236174ed02e033d4a0aecd2e06b6f8ece1c52c0d7f33d0df6a97e8097bc5007e1e2c2c6b16e353e0d1383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
69KB

MD5
76c36bd1ed44a95060d82ad323bf12e0

SHA1
3d85f59ab9796a32a3f313960b1668af2d9530de

SHA256
5d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542

SHA512
9f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
42KB

MD5
acd79e05be57ae05a4e6de1262702e8e

SHA1
a553293061cecd3c3d871d646233f1f9110d0882

SHA256
de473dd1dadffe965c00ea4ac6d1d9dae15bf86b44713a10405a7939bf47acc8

SHA512
0be355026fbfd1f2acedf6858e7b50224f810cbb34d7b2a7186789a3d9ebbf1e608bbf79dd8b59e75e6603baa126539daf5f519c3b001ae2604ebbf36cf1a16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
1.2MB

MD5
b5e66c25716fe9fb7aaa162267ef3406

SHA1
fa6b392f745b6d821e7b5bd2937d8e97be467010

SHA256
6159506084c1d4c80f6fc97410af1e0535196071d5d514b793aa3b1de01c8a2e

SHA512
f6220169fa5ab1f02a66de5c26d60ae2c08d4da7bf788d8a18b6c5b8af208db882fdbf6dd0ae6e8ab98bf7048172d255581829a8f3aeca08562c1788cc8d3675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0cc3f1d33211aadd_0

Filesize
3KB

MD5
a239d2395558896db4e06c43f65dc9d4

SHA1
f09d25d2a2624774655c896d9ad223eb8a232508

SHA256
a0b49c7579270951a2ea915d7899dbd5e3ed6e92de2a8c8985093bab4546162d

SHA512
bac2ea5b7e4b79ff8afe2e37f8f53a6f619ed36f4e754ed0702a0c559e983e950245f3a3fdf44e80fec75856dfb79fa713738ffac80de90213dfa210e0c53702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26069886e990cc46_0

Filesize
3KB

MD5
d54eafbdfde46c9c6f5e6ee9f74ba64d

SHA1
19f3d07e667304a0d7f3df95663331d37f9ea82e

SHA256
d34b7495b73963b20c7f59f89b11106ad9da969af2482e164c3394b305d0c4eb

SHA512
bef17731f5d1f6b301c9628812d45bc1cdb598f47aee509e6ed3dbad1df4f81e6dc937bd632f12828b2f4363f8bd22a2bd902bb51d0c761dc2cbadffb61bac5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3552e3a94b35b185_0

Filesize
2KB

MD5
e26f5aa65d18f103448c3f5fc7c8200d

SHA1
6ce6a536c8e5b56c9f6dee3da8ac9bff24b722fe

SHA256
38b99a8f3d55146408839c56e53db8d95fbc9a3596a9b590b8b49a47d856148f

SHA512
96adbc07e48f3a9e0a7d86ea9083dbc3661a565fbaf927260f05c3a9e387cd399786f2bed68fa4700199feda487bbea2d81dc754eb4a5ed36838dfed90e1d971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35d85a0d27593274_0

Filesize
22KB

MD5
5fbbb91fd298345a892c635f771bb909

SHA1
76e4fbed92a24c233f55a3f26b24e451e280d4d7

SHA256
907360987f96aa7c78bffe7d1eef9efecf3cbd366e3af3297910f5b0a87fb96f

SHA512
36f9b4d2cf530be00f780f1c9fc0e1e14d66f911fd5d4d447578fbb433640192bab3edecbd9e03002d120bb414bb1b94e7543f26215ebf9ccac495cee80ec9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b3e0ce13da94924_0

Filesize
1KB

MD5
f0566a5d1757c3b31742ca053c84b228

SHA1
78bbb8bfdadb5b2766acebf93fdaa4366b565cdd

SHA256
581eec4baac857a2b6297e36fe6fa0b431a405ae7bb1e0247cf5a8c135f81e72

SHA512
f2c0e02b715391d6fdb128108e482537c8b5b0cb8c376b7a6acae566a8ce2be0e6eecf2ea5c6d57076cf622c86e8e3ff030fdaa3c134e8f1b89368a0b46fb9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\417a4e3ceca04f36_0

Filesize
5KB

MD5
b7aeaf164c8c69ae91ec54086025ae80

SHA1
ca2437f9aba413160065e24e8c6c2c013bbe536a

SHA256
bd383c2c47c03c08f487ff3eba7dadab5a55c96dd00121c82f3081a0db3e8c44

SHA512
484ae1925f196976b57c6827ef9a004ed768f33827d0bd08206985973f2e79327f332eb795a13f8bf1e444688b18afb0305b00d303a4950909e98baffe9a7eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\491bab6916334e81_0

Filesize
10KB

MD5
1d2bc7843860fa3c103508ca60e65632

SHA1
95957e01e2b271036841ef0f87087bf7a532fe95

SHA256
5d501f6831275e9fd4fc3e12487772a7408a62b07f1b1500a86dc82f5f406406

SHA512
3d7e61ff55bc3867adcc5cc1d2901c9b500743c8809c57f5fb4cb10d992e24d4c14361a32f6640983ad6740148f09eef4e0ebb2f4e43cc2d9f6f0bc6be330399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4acfbb79fee29cbd_0

Filesize
14KB

MD5
9c3edfdc117a3f54aaf2b1b0b1261324

SHA1
996e1e0669d088b8e404f135fa572d11911d1916

SHA256
8a65496ababb3962ed0549c24503af70dc68ad8e23f1f55cfbf8d1b5074c1496

SHA512
2775e94b40fb6a6136aa0e2e64e74d2c2b2eacacdf1b2634b97915b8a25d22e69119a5b8de8bb98df2ce59f84c121302baba8d1c0bb2ddfccfed0e7352ee6443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bea4ab3650bee52_0

Filesize
1KB

MD5
eecea24ec006caeec1146ecd3c465388

SHA1
07561e39daf035aacadf0b44618905c922d04f96

SHA256
78136574b5b10084c5166defd55839f282b5b2ac2637f852977bc0d257265389

SHA512
a84e048e33b1c0c10782223d28c77f8d0442570e06b320069ce462e3bb9c8faa5a7d4e35f7448eba7bdfbdb7cf4d959d847d68e0ad686b5eb69ab6cee3e7252c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d00ee6fdc5db6f6_0

Filesize
5KB

MD5
69559ba26ed07af749ad26be7b0a8714

SHA1
fada65bd9ea5e6fd3dc5ec866ad1dccc87121625

SHA256
3b4aef2d30a2eeffa05c7bf9dac1f7670a92090de6c36f7812ed6ae434886731

SHA512
978ed8fca6e2a1fe3f2e47a9215138f5df98268cf1f12bfbaf9098c4e6ad95ed9990cbf0fd36fd2ca5de327681745fc15226b08764a3f3b287e73eddd5c6cc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c44b2d1b8c99d0b5_0

Filesize
6KB

MD5
861d3d3f141940c195cc8f7bc185ef1d

SHA1
9d4c309c1f2197577fa9d85b0e36f6ab14907b54

SHA256
6e9bcf790806564f38cd13f94ad7b78d20de96ce8da3a3741a746bf742a2fc2f

SHA512
6651e8d805b7d90b7af8630f3df2dc3eb0306d455d530b9ea1f99ec95d8647f4545d5f82ba4920edf2f26f79ca6545b3fb69ad0ac745dc36267886df30d0ba52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce1059c478c2e6f2_0

Filesize
2KB

MD5
b9f1e5a92b193834cd79ec899a2f7dbe

SHA1
3ca6b189aef61edf7a16b1dfe6796b1147e07993

SHA256
7af6c4e85d67faaaad2f395610782b3099d40152c373e0e44387ca7bc4120f06

SHA512
dd8d9329758ce4b4f3349091294c46bcca479b743e8b619ee3da41c951aea998f262c7bec6de32a8ab01e6dfe62a6782f7f35990e56e51446d62696f1c576eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8cea48702440e81_0

Filesize
2KB

MD5
c73cda0bcc0c78ee4b00ca3dfa75cd3b

SHA1
a93ea6d67322159bc5736c9b7ccc705b2a789a2d

SHA256
df6f4ff413aa832bc11ae8538c597c04d121f33c4168f2734aa44bbcae46b9a0

SHA512
8ec80a3ae0235817d0daf089fedec875463a78fd4ec5371a00e37539092c120f7973a26a96723a1c9c778e0cb3a220dbec82a414401dcd005104f08cf456fd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f729ce49e78b4f27253c0c36e48d75cd

SHA1
195395aee42a56da7eb5f7cf2729bd3146fc33b5

SHA256
394ffe96a3edde37e2e8766a093b27988b871064e3333076e1305cd76c3f5b21

SHA512
220697922ee87894bf669ad5a60e30ba1241cfe547a702cee76140452b8ebee2844ec1e4c7d5cbad72def23f0b7e42ed646bef55c6008aa5b3e2285a163a41f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
80503b5367d5c27f383e8d039e3277f6

SHA1
c8a5a49bfc0fd4499e775d5ea4068563941bb451

SHA256
6a21f84f0b629f031fd4e975b37d4b3119d8e0ba348927404f867a9498ba1813

SHA512
05ac8cfe0c9d3483fc227b20a1af87c6997e8505287642f84bfdd3881bb92ff1cc9ac0a5929be8f6d59dd697df93a6241d0db30faa9311e51bd8791243b0ac2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7b3210cb1e34d595c69ed2f2cb6420d9

SHA1
10d444b29cfd664e0268de7ec36950322e6aa5fc

SHA256
9fac6d3738818bc8a2699a6c8166fe219c4cf02756589a14f21e2d00e13986a4

SHA512
4a34e3664bd91ae0125305aac3f1101193b809e306ec6cee29775f4c28df57d7eca9869d564995855f5b1e3617e893eb7d3cd4b521964153e52b14ddfe00070d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
cd83ddf9806116e7e654e1631badb710

SHA1
a87bb75a9e41dae56880344e8130560cfd285533

SHA256
e24cda398ab1353251c7773f565e2c97b70e749fbf557a46efc96ef2d43dbfba

SHA512
280cd321b0956d2f8d282d8f7b863bcc20c6e03ce1850383dc22a16cd42bb958984a2e59b9f3558edaa45f28a28c46f08cb1851f86ae611b26178bec50201edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
30176138b30ffb37d3548b3822592582

SHA1
4cf6f500bc3375af00bf929dad859c536f81ae2d

SHA256
e70d7062ff039077e5a14d5314876eea4fa1a950b5c32f784dc4c99247f97a6e

SHA512
49ea9f0827826b1d80b0d3470702c941c01cbf747315a2363f6ce95fb68cf315f038f3e1da59a60d426d347f9bbbf60b844e49d0211b6ad9be7d131746963d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7a5fc11b00debadbf123292ab7de65c5

SHA1
49754cba4bdff7bf7b76019770b67a04782aa092

SHA256
64795ca78a21f3e0a06eaf1125277aeecbb8d997feb1dd5d9d06ea7a0ad9eaf3

SHA512
079e199a931f4227fa41535a78aee960970a1cecb1954de697290f3ae5b346e4f37707a155ea8f4f0889838eeffbf7f4cefffdb45115f5e18168d1aded3cc2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
970a526e4926298329e31cfa342d97c0

SHA1
b9dec8a0f901a07b94738b3b392303b87e3730f3

SHA256
5eca67863e69e86dbf036c6a7842b633cb54e3c708bad0bd32b0f84ea81c239b

SHA512
b7b46611f50a0ad7f68b5f2a46603b005e1ef375dd7ca4ba0b66a882529e7a57af6309f1a3053343ac2a7917f5c10dc5ecd8604f80bfc18d7f732bcfb9c78b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
29ad250eb4777995e2c8e3a9e9967f8a

SHA1
1a5f974a2048a2c16696570fc129ebc55c665ded

SHA256
f191090124c150a0eaa6c6fdc3979969207278df27e2af91ff61b24324f158e8

SHA512
4bd02100c06fd9f020418ba6b1574da39e5d8fc2cffbb83344ae38799fe80e552138006750a26c9871ad509d49374f09d3025ca6410ae6618c5b53139aa1d9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3a77bcf441dff8b7920893e2886b67fb

SHA1
a9aca8addfbc420c9015b5eef5b41fadd53b3b3a

SHA256
2b2a7b75e60b8e5b119a9ca599aaaa89140c2a8b933b07eb3768cab3d1c87011

SHA512
9704ec58f41adf98f506fe0b9fa4c21b98942849a1586cd5f68c2c41cf1e4ba40ebfb7ee99db0634a5a2f0b7021f96b00d84a3e70f178f624d61dbf49e430f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
265817aec3c9b24456c171fde6fe1a89

SHA1
c6ff2c253eb3946967cb6b8c946eddf6dda35bc9

SHA256
8303b9188355147fb520a4415cc35466b274abd641465e9738a445501d2e0462

SHA512
a738097450c5c8056bb43216bcc6fc6d0b1d0c0c3f28690cdd32d74ea304c4a7c78794a215a15490a3fc648cbe35eef6feb7abfc42ddddf4bb84a22fe7f2c9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
29b5b375b34ede6c8716f2eb048821a0

SHA1
709c3b491ac65268e04df90665b4066ffd732092

SHA256
d42d20c02cdb7b2d80b3d67aa2e9cfdfb533e21267edb3330007cbaeb7602172

SHA512
02f57e464624a08b33e36cf853a3856993bc9a72096a227464c0606482e14355677522da0e0b7e8a015f6a50e115aeb2aa79e879fec8c08df431f1da968399bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5a6f04fecc4dacbfaf389144714f634b

SHA1
0d2660dd942be90323372166fbaa33ae987bf47c

SHA256
74c13cff1579a1614a96326c6b45167798b005c19c7a5604564d601d32032c97

SHA512
59f6fab87a1e57181e612da759d6450d80b6b9f1cbe8b053e07fc63eb09183a89b4343cfaee5071b0f1c21f0de813db7588c4eeeff4abab66c39cba75427dc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da985f41d4708f722f8513e3bd6e3283

SHA1
a4fb7c4d36aa95aef065865f334197c3fc3e2c60

SHA256
bdb9948b9bfee5b63dee5c16a832a7051a98a5d5f0282262a0be08c558386f87

SHA512
db441fb0993813432bf3e5aa2f72afefb412d42b02d3b0afcc2a772a77c514c617188c8a4e0bb1ef4636b8d08f897a1d3fb4ce32a621b08a347cdf291ef9314a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1a06757d745e8f8db97afe9bcb41f6d

SHA1
feafc9f9d24215ea4c5f5f03aea517b1eeaf29f3

SHA256
abcad5dae13783fdbd93d39d5044f538491dca154367703c951753b737fc6a1a

SHA512
15fc46639eb9d24c75bde12bba4969ded9c39e5b92cb9cf67ae8c8299ab0d108f71de24e102ac12f1936edda0f24df7174f1d583713bcfa4fac4968b414ccc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5055bb8ca1d9105c343afda714bcfa93

SHA1
1f1def015501584c5ce2bb7424befd95bf783498

SHA256
7ecc23546723ab2807da6130e0d2a3df802f23c5a2e7843523ade0387e0452dd

SHA512
41d5a9dfc6a681ee5aae573990c21f01c9ba782c7bca85c680d57c9f7b2e45021ca9f1f588e66d87dfc5945b0b8f4d70ea76a4210eff18317e477c3202ce2587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed4e6902008e18cc6b024f81ad336246

SHA1
239b31b3786f30829025633afca1c73551c56add

SHA256
49973e46638f3303685e3c37f1941285c21a90e2433aca3ed641b05904173f46

SHA512
b7022fbcdb8fe6f0226cecfa4f145d440cf095e129a7bcec2e56e1bb2b068881a16d8cc303c25e320f62f787343c5c3733f1b48dac400d7c9860d5f636fe59c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2062cba65e40dc9f4a5a5a1bc05126c0

SHA1
db3044bf5cc3fa4df937117b7f0d266ccb4ffb50

SHA256
78ae848230a6e2ee61370c3279aa37948eda0ced2d5ddcaab7ee2fc5297bad64

SHA512
77f927e2a5308700ff9a281f6e6a2e50674026fe6c6e7f8161842c6bc3c3004c9f45d3f585b1d592ffdfc4ca0c7835b4caf00488df4e1ec3c15ccca64030fda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b3b6ac42c1c854ed8a91327ac4451d1

SHA1
1d3d0c202ccacdb21c762a393b1ce3119d4a53cc

SHA256
191f78de049495f237bc47bfe02e8a9226c469adffef6b2fec3d29b6dbbfe357

SHA512
f26b7f1e0a959c8e4ed6e7f14b4470532e8cce16dbfd5474e202a85f7b734ff8ae09d7d983d3dc9d5d877305e29775ff9c9ee01ce6d748c73ee33d8c18756a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
075470628fc6a1b11b32e03d19788f28

SHA1
e1c3f5ce1740816490c196146bc00aa6d059fecb

SHA256
3842720bb54695092fd88a9cea404c60406f3ce301eb14957902ff8cf874d4ad

SHA512
fcd09f69676ef1862fbe00c34a73d1b13e424ad49558d195b2dd502354d8e0c498d2d71a51f74852b8beed31d09e4bbb6ad5c14a97b6a08d7d23d6e0be139b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8b18c7104e40d1e7a626aae74dc6ff8

SHA1
5668c8dd847189af82e01960f6c7a7ae1a8d3702

SHA256
cd3aaceefe5d7e6397086b138048efdef0f4ab7d6eab3b07d77d0445afa7abd5

SHA512
53238d2002cc08b3ea90902eb5286e33952dec56a3558625daa094d3bd3b86e7e822a9fd9b77b613dca9609fc74973779fa78be8e57a1d106e8e5e79341ebfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c4e1bf302cd926ddaf7b3e27202b3c6e

SHA1
de4f674aa45c0f4d76884ca457d9f0e2022e0c67

SHA256
6e58353cba5702bbecd120e6f2ee85e825ff72d4254ed1d562fb5bb67553410f

SHA512
088c91decc70d94fefecb2974b508fd5b78215288f933d9ae15d33d646afe59482ac051a3eb49e442d9b9c731e455f9983f3072cda4f461f85e7bc25686bc1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce3e6cf3e35efd6fb1b84b94c6c28e48

SHA1
c7d9b83bcd64c81f6ba60140bd2d8dc68bb776f7

SHA256
2b8f9e99522af64fe93db3ef1050bd6f3bf8cac04ab77a13e503d66033dd495d

SHA512
f3217d2c28bb424945472e68d9dabfee44b48c84eb7db91fea180e00401ad451b577f4ff3eb968ff7a1301f0fb28f1142c293db7e2052e6689e7e0a03885ccd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5262dabb7af2619341f9e9d50cb0e3fb

SHA1
c38bdad7bce42e636a4320ad94ab24bf292d264d

SHA256
3a14562646c9c48ae476697fa0168747976065580a3abb7d127ea127b521a10f

SHA512
2cd007e34808710a598b4c44e272cd233782966712a631ace44b9350b8972fe6bf6943f7f0545d551516264cb219ae186713874971477703567dfae40c00e9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1d68f427fea32428bb1c71ffc29a3719

SHA1
5f5f2c977f7ff4d825a155233ee20d4632c8b972

SHA256
9cd49b982624da6040a177a84afee641f5ea21a0eb6e8afc6e2b3166a760928d

SHA512
75cd2658ae2202344215b814a92f686650af4a8b13f58893cddc28a0e75295eb4680a65695bc754475ca1347254a613d95e6576248ecf30b1764e37dce972ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f7b5f2327175f0a8e89e604b9cd682d7

SHA1
eec008a1880c6689e72157823cf8d785ca48089e

SHA256
9f3ca331511dcfe6c59fdcc0df2794dee7a1c7374ade15526e50331c2140f830

SHA512
74fbb949d242cfbf8eebb2fd7191de1705f7812f4a1a06ee5d44fced29ac83f950995a948010912c3e65ce3e7d8f42dd8286e2dac48235f7927eb158cca56f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12c61b26625e5ad4069872e185232139

SHA1
ff1761c33dd87e2f99eb1bb77157fa4304e5cb82

SHA256
94b37c0bea9b18c1ec12cae86893ee4aa7342b24987dab7e4d7bd9d8c93fb38a

SHA512
4b88030d6d23caeb9e6de68749de4e6eb2caf021b312bf224aacf398c43ca2b34aaa6f435d0555a98f7e642cebea8eb561c61f9c0a682f7f4d2c9bb3242f29a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5466462631eefdb3ae49e56652dbe873

SHA1
f847e3bd72e198621b3d2667acd61bed0ed03afd

SHA256
eaff268cddac516c26bf046867560c476b30d02cfffb5933c96db35553df3bec

SHA512
871cd1f1fafa04e53e1b88de0a59dc2cbb51097ee7e8d29bb27bc08fb7357054c445dea8df5f0bb59aa716dd0bf5d739af2d63f8dde83f1788283384afa03e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68edfa21ba6f8ff33380f7fcbbd23ad0

SHA1
5d83f0b445974713c65173a1cdcf586e3b484c62

SHA256
61e5bb56bec64291de5c12e5696db5869489a18ee386056e752bf6bb3703ad3f

SHA512
749fe92e1e21798133eb2d03d32c48d708285a5ba91c65bb764527ffcab45bf1c52af78d4ae9066f5a4845eec74cf0588669432c40affef9a167f4c7b41886ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e71195a018250260b8d60794fdca5cb5

SHA1
899ffdf50d8e07b9a9056f2aa7a031a12a0db428

SHA256
12ec7927998f66ee356b07132e872692f82931b226068e4a2f12f7b282a3295d

SHA512
f39fd87d760f02ffe3d19470f9b726aecc2b00aafe950ad62ed6c188d890f31dfe2ce70023f3822b1f7f9f6097553f2e197bb7959dc6e3704f39c427bf74f2c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db06f826cd511a5c7c155551967e4076

SHA1
8abda63738fba0e1397b75d1e20dd50803754731

SHA256
5806250c1ce42ead09f84d21a0b64a08c761088a4012bfa1863d429c8cfcf87c

SHA512
f2c0e996a44496597103e772de7715273d0d6802a99d53d020b898555755536257bdcbad0ace7644dcec0cd208422e98063c372a4ed140d6ff6d658356d1335b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3188b611b16cc49816c28c60fba73b3e

SHA1
0b6f04d3bf08db13b53b5be7e73e76028ec450b3

SHA256
350fa57052b4b173835a8a8693b1c63553aa5f26591f78d060c576593cb27314

SHA512
71741cf24a0bb28d6a232cc756c99d37215efecf6e206f7961c2fde9e5a8a7fffb966971f452901c74f7bc4fb5a2ecbf0a38ca8f7734c51bdea9770dcf19d11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e38f0.TMP

Filesize
48B

MD5
2b23fc2aebc5ebf23f8875ecf8c747c3

SHA1
797f33ca99fc2432037537566921105f7cbe7ae3

SHA256
835edadeb1cf0cbb6c9a81bdbe317fac0abb397ecce4f4346657cdcc0b9231ba

SHA512
130369db121e090a542cd3e48736ed47fb00688a6657c2756e5d826b55a74e2567c7e9cb5b12a1ccc95bf236c7f9fd7e20123a22c814d2a3b77ccc43d9aee82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e28b144ff61cd064dc1219526ddf5622

SHA1
fd81e871a1162ccc28e752241f597ff479a67503

SHA256
c4a342ffd827c4b5ea51f68931197c8a801ef5353acd3080a9c0d187033ccec0

SHA512
e616608826baac370ff1d927c3075baee37265611e4811595d4363d00c4297746dbe360bbde661f403e1db289dbeb8654eaa362fa7f6163411ec16ebedaa39d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac5554d198044bf200de0b0b907cc884

SHA1
9bf24c143844fa33c40dac8f72d68fa0d857ba04

SHA256
5b340b1a7b3e2bb1f66a4b0fa1eb33e91510d1826aac1095d2c60620e5bc8de7

SHA512
c1091bd81f5672886daf96db832fb8308439c739ef7c67da89f505b9eaa24763217f5437880581f81dca577ce113fb6426bf0349afaa49370f1b66191ef23ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
936099321749349be8304dbde3c81fc0

SHA1
5a534579094eb30fe8fee7900f8a46b3dc72bece

SHA256
79e45d09344ca3b2b6eb101233b626a9f93e63ea69b693b9ce4af503cb0c820e

SHA512
5440cbd16243e20a7786f413edcbf63c9a6a5b3b930238c96332e33beccefb2c841c831d3aebc60694021e958dee1a557e4560860443be8d951cc833609ee257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2eff7df5fb46ed9b1b1f6c06c9c6a3f8

SHA1
61975f0dfc8e8a001bba0fd6528828aba51ce21c

SHA256
fb8c834eb34ebfcc9428abcde1f1663771ca208ef48c7893c0ecb72a23704d7d

SHA512
099f66ab4c778a0d913f461ce45a132dd4768807b52d21336e9821e12715747d043bf090caa40de59c24daefa2b1d05dfa6ef4e8b3aa22478352fdefcaab2a42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5cab14ac5036bba2b33a1e8d14a0fe96

SHA1
69fbad16b6e44ce476266b21c36f2166bf1b1291

SHA256
fd337b95cfc06ab39652e5a8955f16a07fca82e62090032d4b5dbf6151c98d5b

SHA512
0fd2e7d1008155df8b9a2b65921d63e74694c8e19543714cdb4124dc46557312510d9a9725dab01eb779bc17ceb5eb1339ede77217d7f3116f4779ac1043d3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c868624ae3cf32a7435c90406a48d86c

SHA1
a6d93ba6f21106e935a8c8ddcb0883be5717e7e8

SHA256
bfa601a10ac6ee0ecff5e1430cd2bdd06807a93edea44b904c42e34047c74442

SHA512
51fee8fab3bdd0071df08dbc8c70fc12224314a3c9d4371f7c309b2e21e600bf3b5f35698d6194cc2d7644a396abb43faa82cbe07f3ce9c6dad0788c704ed18e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
368b9d8652c82d2490fc96a45bed611f

SHA1
479d8b96cac806c82b5e09ebe6c0f5292527514e

SHA256
00b4e36a2667056ae6c622215111b5fad462de14771dc2d3102350839e3f2388

SHA512
6ff14109dba198b3420400b238c75189b7f21f753adfca4b24ce22ddc9cd10f0b34c1f0c10d2a611924233ffbafc8778917c239987f14d93eb8b7fcbf6a6cd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d058446fe34b0e48793b0349b2718f94

SHA1
c1d3381cf93c9e6b995907a771383e81fb571e59

SHA256
edeccf0f8813b16887c11353f7a24e6602d076a7e267635052c1613cc1c402de

SHA512
dd0e04ce36520f586a1ad964fa635cdb701eb1faadc3dece432b9c00d6c7b09f408007922a7ca5a87b8b01e96823b7c7143ac3f204d1ed1c869fcacb343f2254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d74.TMP

Filesize
1KB

MD5
8561c5b1e1b98f17a51842151d8f95dc

SHA1
0e61360ffefe1c6d98972e2787fe4bcd685b8470

SHA256
87b664b2352ed5acba924a248f5448177808df42c8767ce5d4869089d1698f60

SHA512
b4a3a64da83197d23799957252adb3a9133b81736466331cf0eba83f3f48667953bab848d4458befd6d7e106e4373ae86cba9f22b3a76cc40ee24e21395901fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a6b3ec67f7e053533af65715967915c7

SHA1
4df7c6c3f025451ddc2a88f3f73d6946680785e7

SHA256
ad6cd5a1add460b61140c074130bb62dba5ca485e455d0e58499800a6eccd3f2

SHA512
2291ca71ef0ebd152916a439e165f90d699b4657b61722b8e2888c5d4b4bfa67dd528da40a1c73cf9fbf3e8bfcf5b47f2a09da18827ccb12c9b76bd47dd6d2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c72f2c22d403842dacd4b624a6915c7a

SHA1
67ee89357df8651e50106f54db0f83caa6b7ba3f

SHA256
bea503e4357b068d52968cfd07d0c9efdeef0a13524049bd6b62e8cf870b155f

SHA512
23725b25ff538197a0cd151852632e7f2c5023fb27d8b68f0b45a5778694774a799165ce4e101a9e5b9a102fffe7076eea3af42c885c2742f8b3baf1de1e7d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b937b817f9e26cd6f2ca42605442c8d7

SHA1
aa961feb00b6b4f7969d24a1e378b53b2e16b6f4

SHA256
854bd0764d5d693e31378f15ae478336f7dd2a07e836304972f4f38108090af0

SHA512
818587394fa2907727ca554b26de3bf9b29264ee3950e8b3c45408c64ba782e5f71b166842cda5b20d6764b5931a496b09b7056af676f69a7540ed57b7fb2266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc084f7fdfd64686f24f72751fecdf06

SHA1
7c42971fde04f2cec9fddd2c0dc1d4978fb46685

SHA256
65668fd9725496ff6f5960dab07b052f6b73c1f856be9ad1ec72c4711bec6395

SHA512
bbd8a8dfb0b7adff9e6773840b0ca286a2e8d000afb8a5816dbadc440af4fef3d4016281fac54e009886bea3ca4b2809b17a40d4727a94bddb3fa14576842042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8eff8429cdc731073c3b00b8e00d9df

SHA1
58f3dadfa9c0162d36171e287acb987b5b9de7ac

SHA256
1c661ea23b6dc001f7986103703cd25e1d327d82b537970c76ffde94a7acff72

SHA512
05ec6db107dd40167375a3c3660a303c4a2582982f2daf84d62c5a635841cc2ec710be3847ac41f01d389d33d2bcd0ad91543941a1b2e4c780a8c9cdad460667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fba5947652d027b5fd11c46534d3dfb5

SHA1
6432b3cfb152a52830ab11ed6ee5de486cef7a85

SHA256
1fb5f610ef28e44cc2ee7570b7f1c3bfa626a34706b23d9cdeecd25b029bb619

SHA512
e294f4e7c8b67fad9ed78ee9e6d51908165dfc75223d028b4e11b9b9bb10dad6c58c4df931256161e5920ed666d9d7f5aa040878077964c12ce44e9e6e1d9b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
69c89f279b640ef458878bccd9d22337

SHA1
70f93d07c0fe702856338958903b3bf931764856

SHA256
fa7854ad165743c502c4cf146e7eac7f14911795affaa2bb78e059d1c6bc2b16

SHA512
0c0ee4fb190e3abf74cc28440eb092527c657684d9995fc5ab469f3402ce3f1160b5a071a9eb3d53ed991186a072829c830d3a0eb5aea9b907b30b845b633408

Download Submit
C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_0qujsdro5rqvnkpoahafcgl03lubexlr\6.0.3.1\user.config

Filesize
1KB

MD5
ec49b7f5618d420d4c61a527d52c2638

SHA1
4c627db09339ea9d8266671a866140c5c9377c89

SHA256
1e5fc255b1d6ff6b9fcb242f9aade5db7d5ce869a7bad4a216cf92c90f239def

SHA512
d33bbc0e55aa55a52b12a476d570bc2f2bb649313d416d94cd7bf73c0e76bdbf016b8cecf2eb3aaafb490e36238a8bec3e41e88201b65d032daaed757ddabd6c

Download Submit
C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_0qujsdro5rqvnkpoahafcgl03lubexlr\6.0.3.1\user.config

Filesize
1KB

MD5
3fb8d2a2cd510948957ef43af5de1a6a

SHA1
165c56b69c45db04546436b8cfcd21bf543fe1e3

SHA256
095a2b7ce003847ea27f3eb98eca1c5bf9098c194c137c550bed549fe8d46306

SHA512
ddf025953f0487612cab831866ce03285aa810a406d0a92d4491a2d26c7eaba2c4108c230309732a7ab6184c1578419164afe2fdc8e0179d8584bfbc7e75f1c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpFFAB.tmp.PNG

Filesize
49KB

MD5
4ac4d82bb41a8e36c78710bbb0a11b2e

SHA1
c0c70e72668d237c2c24a0f8520190746ce293bf

SHA256
e10a998dd187689830142659522364e7260e4c1a2351c853caaf6c5acb5dfd06

SHA512
37cf7a933aa8832ea48bb4ea0a7fc2c69beb4abce8507304d84256363f66d63c100dc5519b04219cee64444fa48a4fbb138046378a6eb6e6943b46e2ef1da4f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f63e738cdb638665903263cc976e6d4e

SHA1
64c1891efb4d5fe448fdae9e6e9ec07245dbb672

SHA256
f464ca890d7687e0506ca26902f5e2ea70681e76772621ad032739d5a63e2ced

SHA512
d007fc6b471e7aaa4de858beb09a089dea84c7a12ae83e8c0b8e6e0386fda3208b972c728628ee136cb64b8c23fe37db24e9d982533aab705aafa09fda023924

Download Submit
C:\Users\Admin\Desktop\AssertDisable.vsdm

Filesize
1.1MB

MD5
996d31073754b5ecb13d441851b31b5e

SHA1
557585cc2eabde8914383dc37232f9d675d478e6

SHA256
da511afd995e23f5f30bd72c442686fd69fa6bd113952343834de75cc6efbd41

SHA512
02c7ac7ef0b8abe58076ebc887a67ae22924134edb9d2c872b32f0c1a9a4a9a22591614f90a9da8c937f8874279a5a32d93bf525e5cdb450b65ca60e6ac23afa

Download Submit
C:\Users\Admin\Desktop\BlockShow.odt

Filesize
583KB

MD5
cf36d0e6f20c1c0d4a5cd0de60f093d2

SHA1
52ef765adee62afb0abb616cc5838c71681c5344

SHA256
5e88c333cd8f73e72b84855ededb7f8389ef9cbce81a26ec11b9bd03a178824e

SHA512
8902461cc7d9d0be36c06110c93f31d27e94cebda27ee0e87f8b4a7225a84713244415c1eaca70e4566de4113acb0326e6067607801c2076929444000921a43e

Download Submit
C:\Users\Admin\Desktop\CheckpointConvertTo.bmp

Filesize
1.2MB

MD5
0ed4b96f00b656bdc0ec7dc319d73a88

SHA1
debb2c79527ccf573f102e1c55a8e90cdb91cbca

SHA256
c12772d11a2c17462173a8f3f8cc9e12311b8d683e69a15baab768ad65f6cb70

SHA512
08c4b6708f71f68f911d47ab8205ba5986dcd16790f56543e1f7390e69a55aea6d6e1a9e6ba155c42ded394adce90afd597e16422ae99af57baf60d05cc97797

Download Submit
C:\Users\Admin\Desktop\DisableCopy.m4a

Filesize
1.3MB

MD5
dc4c2afccb2a990adff477d5ab3c1d2a

SHA1
9e0e2b56d52d920e321d6fa65fd95f4c945c2fa2

SHA256
0d2a392bd42294e8288521f173f8a99aea50e1b91560b61e05547ad9d1a6d1f8

SHA512
cac6597113794875c67b223d91b4ce7f6a2af99c339e919fe856abdd8a5313fa45da105b87d57766da39798ca75581740e955e588e905c5937667b4d4d80ad61

Download Submit
C:\Users\Admin\Desktop\DisconnectUninstall.ppsx

Filesize
1.2MB

MD5
f369ff28e39acde642279e0cdf49a83d

SHA1
aa09302365cbeeb1928676ba5d6952df44e31b24

SHA256
ab4c03d0691d90a098f790f81e04efedaaf207ae5277608afe4d85c8a4cf5f68

SHA512
f073df11b517786ca98c0f4345d06d43640686526c1517f4c3a44253890e94b88566b6fb93802381dee62df9b1f1e6c453cb78077056361a0674b8e6cf8e59dd

Download Submit
C:\Users\Admin\Desktop\ExpandRead.docx

Filesize
18KB

MD5
4db1a4a2c072a8a685d86e19ca64f60a

SHA1
b17e0822d9442f3c254ce7e9423d1ff18e02d7a9

SHA256
7eab88aa22ed7e1e9d5cec29cf996865fef8b4bc953339b4e71bff4dd04059cf

SHA512
d504f520764b8f4761d91e91aeb6267a2b79a0baa324219f346e7c377b6ac7eb1144014d741e637e6f59e28e1cf4374b8642ca1776fd41c8016da65f1c8e79d4

Download Submit
C:\Users\Admin\Desktop\GrantSkip.ini

Filesize
632KB

MD5
aa12b76857f40921040ae7e1cfb77301

SHA1
86e5abe805d06d1c773c029a1b48dff5439cc776

SHA256
1ad2fb9f968bb34fc5c09ff0a2552e0ad74589e53ac9d0a7af82990b99abca90

SHA512
6870c210af157ed78a32dcee5705afe6a52b946be8e03e51155879394294f451e132b297799513f544806be842e3799581575b0192fcda65359712ef69aea6e5

Download Submit
C:\Users\Admin\Desktop\GroupWatch.cab

Filesize
924KB

MD5
b504246bca63dfea009c5227a5ff1625

SHA1
8e56a88a940ad892083334eab665e100398338b5

SHA256
78f9eb3bd4d25278bf837eea24e5cbd03004051f6ad0ce078c35b86af515bda2

SHA512
75160fb4345da8980caf1e19e3c85fbaba30efdf804212c16415a4e200f01b5f10bb9e40d5622b0722b35f272bb2b5464294bb554b4b2abfbe29b9013e8a1879

Download Submit
C:\Users\Admin\Desktop\InvokeStart.xlsx

Filesize
12KB

MD5
57d73d8ebb891b5fccffc6b183263b83

SHA1
0910fb6bdc7947301c562fa2082f408fbd41c892

SHA256
bbdcfe915f5574aeacc5023dd2fecaf539e0081d5ba8372d2d33e98aa1b35980

SHA512
8e0724fc1cac5b53b878f18dbb99d66740433be275f328bb234a717f8cbe06ae14eed79eeb20243dbc975235e6b6136acbfa90fbcbf9072ea1dbd310ff23d4c3

Download Submit
C:\Users\Admin\Desktop\LimitConvertTo.mpe

Filesize
972KB

MD5
0f04833c2535cf94a0b28ca792d2c415

SHA1
3c2fab0876a4c851fdd6f148fe5a5d68f8252947

SHA256
5256170488096429150cf202389b4b72c215360320fb23f1c085fd939b61ccfe

SHA512
66af67f23ba7db51a2024c0f9ec3f952c0b17526a4dc0e10bbca320a0ab2e7bbe97094a1b70fca0ab9e92fa7533dddcbe73c8befa6f09f159c7810e57dd06e56

Download Submit
C:\Users\Admin\Desktop\LockClear.docx

Filesize
12KB

MD5
29a026bbd02dc70ca9f9f2f998488547

SHA1
5d6c82d9ab591eb2630a9a46b56b9ac75b61c7c6

SHA256
62414d0bd190b00ee95116cc3ee5c6cbeed43e2de7c3bed5fbc2cba2ad439063

SHA512
a1ba1fff7464994e81ad79408b2c83da5ef23f7d91c96b1c148c5a567b87026a655e5ad7d398948434d4b5b4bfe1894a8e6d13e34b09424e26d21f6dceca792e

Download Submit
C:\Users\Admin\Desktop\MergeRegister.docx

Filesize
19KB

MD5
d06856bc1043b67cc64db35a6bf84aa2

SHA1
7597d3c929e3a97d218396c4dbe39758e880b1dc

SHA256
2a1ae98cff1efef16d600c65e29de63899a4c4c133a6763167963ec5db65b928

SHA512
c5364a13be0b06e6d8ffd9bd25f2fe3fad6395f2f88556813f7fd78b9ea67f39cf81b96765d01bfbbba4f48fca5ae8507dda2234e416d023207f2b56365bde54

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
cb4d923ce58e727bb608c11262f625d9

SHA1
da103f26d0d413b8ba4a7f9220b86641d97bbb10

SHA256
14ff677fafca60f2f4062bc3f43f19e5e2eb1bd4e6035fc5a824087e4f014a19

SHA512
f51c61a0d6c0a068ef769794e722c0fd816ade34e228d9c56f625fa9a7c83aceeb4c641a21329bf4dd4cd30a190fefbe5480d6335019e19fb3ffc98f0856e350

Download Submit
C:\Users\Admin\Desktop\MountUpdate.wm

Filesize
875KB

MD5
6f845944f5c9c7d960ba08270cf22f0e

SHA1
5f5eb01b8dc11b6d37d8c4ad2bdd48f0c5e21ad6

SHA256
5574b52038fe1f006847bd28eb029878d4d04d3836c278702265ccfadf25ae8e

SHA512
2156422b76e170832af055de40983c0ce3fa8755af9352d0dc5ed5a446d6d62707131a1b11a5b04183c9f9e5b0cfcf54868e0bb7f58d4b3e1f1d7d4ef52d1323

Download Submit
C:\Users\Admin\Desktop\OutLock.xls

Filesize
486KB

MD5
171580bc6c393c230f0da13e8aeac84e

SHA1
938f63b22d057b1cd5d462fa06c4bb16e2c0d0c5

SHA256
f147a94ccb8da99c6e390478cb9d4612a0e7f35842e788a308451de9aa9b2064

SHA512
e75f89cf22af7d5c591690de24de31146b911f0ae66c9c2f15ab2aed27a0d4c1319461a91a8f5d5de3ad065c2f9ac8c066bd2ce27531221059dcb95944cfa8ce

Download Submit
C:\Users\Admin\Desktop\ProtectUse.tiff

Filesize
680KB

MD5
48c77079294d14d61257d42181fd226d

SHA1
cf2bcfdad6e9e8d5ab505f3f97e2c55f28e405fa

SHA256
57228dba8efcb14aa6511eea4aa8628e7c56d65763f6b0bad3938ca0495129f7

SHA512
17f74e8c0530009f3e4a66fa1b043e25c096168fe38e04eb429694c79fdb9cb3c058b0794f8c51c1453abf05f07c78df97be6060ea51c653a9ad8699f24f5927

Download Submit
C:\Users\Admin\Desktop\PublishInstall.tmp

Filesize
826KB

MD5
b774d96591ba9bc4ed118df7be674262

SHA1
464d92d72ac495af92b8bb9a45f06962797aaa96

SHA256
6a4437801dee5f08738303af242f6125af17bb18a016582f8d228c5bb9c007d0

SHA512
0f5e421e57fbf235a3ffc502270db4a4558b634e5fab1c7d858f149e1ec1ee1a6be5de172470b3198be9f7af197bd89b0e6408ac16e296d9d2dc61e035648a4e

Download Submit
C:\Users\Admin\Desktop\RestoreDisable.jpg

Filesize
1.0MB

MD5
6bef98c1367d9251977a0eecac75921b

SHA1
2988fd1a46f36a17bb8484d8905602d87a687d20

SHA256
cdd55bfa5e2d4a22a79fc36b8b30be3c299bb5a2e0f31083cf2fb0263d9aab67

SHA512
910b74ebe686dd14058524af9c650408604ac731b69c77dc26298951fd9bf62dd870090c8101a6830c95da292197ccc1e44507df4140494842aede6c4b97740a

Download Submit
C:\Users\Admin\Desktop\RestoreRequest.dll

Filesize
1.3MB

MD5
cd8ce7ef82af67e15158c874aa422fc6

SHA1
73ff43db0907ed6b6856074e59771c7771cbba1d

SHA256
8a0a213d11777f73034632d6f34b51ecdad853e151aff48c4d7f6cb8c9674c17

SHA512
6a5607ad4c3be5a6351975ac683f0f3f54d9c87613e56fa6ccab599299a5d3950ace61abd5c7fc553be1bd849aa46b64e4e588b35be87dcbbdfb4b42617d76b0

Download Submit
C:\Users\Admin\Desktop\SelectSuspend.m3u

Filesize
535KB

MD5
3d64587d3c7a454a6eabaf18f9bdf72e

SHA1
da3cb6738721d2f6bc3f8f19020f86db6e2c815b

SHA256
b1947c13b35bfe23d490d991c4dfcff835194be896f4831afa2aa5b21999352d

SHA512
ab60a24c3a73cb7e5f5fefd75a26205146ca6353486b7e46c058a596c9eb3d5859619f875682e46bbd846134d3ce6503d38499efd6f8de74cab71af740fbc655

Download Submit
C:\Users\Admin\Desktop\SplitInstall.xls

Filesize
778KB

MD5
b88d0f58e5ed7096a0c4db6b0cdfa8dd

SHA1
2b06e1543b632753fb24d3286e33972377aef07f

SHA256
769a4a8099f1fd51582d2565d547a471552c8bb500b00c8842ac87ac27efe8d0

SHA512
652f72ea210b2a4ba8052192e4d28c22106bde74e0475ecb94972e1944cc4e53c1de18c4c98695515efd2c358a64c2bdd4194233ad4e75fea1431919540e8b62

Download Submit
C:\Users\Admin\Desktop\StartEnable.jpeg

Filesize
1.1MB

MD5
ebcd606c65e824bff879e2cd74bc718f

SHA1
d095f07ad54b5842430dc6d7a82ae7ef3188907b

SHA256
5548eb5c826c67bc2dc7491506769383f02ffb22c97636a2fc5ef2c1b3e8788d

SHA512
e96f9025817ed3b6045f27c753944950bb225a82317f565cec32fdd58fb8bfaa34534d6a32cc260689be25802f7c31eb11e555268110b5c507a43e5595ecf781

Download Submit
C:\Users\Admin\Desktop\StepTest.contact

Filesize
1021KB

MD5
c88c1445bfd23e91c5f2f122d11b9252

SHA1
4a0ad6d6682eafcd34c7aff43e2fe7d34c4591f1

SHA256
54b3d5ba28ae616b5f5060c3a755c6c762bfa3e9ac2f956e07a58cd87e25cf26

SHA512
06a382ddd2f94cdd7f1fc03266670ab15aaa33660d4d46cfad0ace008be3ef40b2073f8bfdff92830304664531c56a9f1cc36f4360850e9fcb860d0e05a6a460

Download Submit
C:\Users\Admin\Desktop\UnregisterPop.wmx

Filesize
1.9MB

MD5
62c5b1eebf57b1f02a4d23a27c149e04

SHA1
5e6128983fff33302c2f28572a5f37314b3cbb76

SHA256
2d369c219b856a9c44d602e9da3655cf735548deb7d16de3a5f1b907401aacb0

SHA512
d0bfe2ebc69bd0d37b1a4b687f12de7a64f8f687e409837b793f63ec66acc1a183adee15aa6ce0a324b719136213c334ee24eb176f38f5ac1f3dde07d041990f

Download Submit
C:\Users\Admin\Desktop\UnregisterUnprotect.svg

Filesize
729KB

MD5
ebdbacc74991351ff68b27a00e33336a

SHA1
c560772c65c432002a8f7ffa1f1514323ac1321c

SHA256
e902cad7b8444d6f1ab4fbdc94e50d8880e33abd72032a4c3eb027edb7e5891c

SHA512
75231dd642c3765fe626af1d608b84d96419f71fb4d2041e026815c0adfae5f9d23381dbc2a0568d1bf8322b9fe13335a14e0dba3e114e4377116288953497cd

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll

Filesize
838KB

MD5
e59c802bbbc1ebc554f3f7b6a3259ee1

SHA1
fdb4fa99e15d6519f18f7afe972fb2b128c5caf4

SHA256
d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6

SHA512
34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll

Filesize
5.0MB

MD5
5c3017ec9073a7a4f3351440c3daaa8a

SHA1
ee1f73f8618439fc8a42f38b32760367bd5ce6b5

SHA256
e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33

SHA512
5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Drawing.v22.1.dll

Filesize
291KB

MD5
cb877cd3b77a37f8e279fe7dc6b4ba6a

SHA1
a03989c1144a57e9088daa40f829a49298135b03

SHA256
bc0d40dcdcc9f3e2e7b7071ffb033811bb094cc6a63907c994acd5415b577930

SHA512
8dbbbe8606bd36c2efd4f456840c9cb5dd4966097f3a6a0e81104fe4a50695adf558612d74fd31978728455f699f6623e73dfd5e3fcd405e0afceebe83ddd97b

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Printing.v22.1.Core.dll

Filesize
4.5MB

MD5
9ec835a4e269f978eeefd7fd8bd5abb0

SHA1
e36a07167bd83d713703a84f3c2c2b8f86cd38f5

SHA256
e4d60cac9cacde3cab841854b4c5348df89a4e4027b62de09184a3ddbb81a5a0

SHA512
2a72b3615215b94d1b7fce3c9ff28042c4c02ec655e3fdc42008217979b65f39fff9cb75a35ac1426a78aa2f8c0c00354369cdb5b5df155efcde8651878de4d9

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Utils.v22.1.dll

Filesize
20.0MB

MD5
07adc748684fd33a198f2dc6eea12666

SHA1
28f62a05673447a3a347aa6a01ae8cd518126956

SHA256
50cba5304bf0a620c119a610e73f545fee688462860706785db507110739a093

SHA512
893829cb3e1a27e5cbcab9a3b7ef290b1ec74cb21fc46358f2a08a3149d54bd34258046ac47387ad5777d794478230bf2605897e7259ac7a0241dc1272e121ab

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraBars.v22.1.dll

Filesize
6.5MB

MD5
8f335dc88eb706a7b50f45a3fd308dee

SHA1
1bcfb26b7e945fe29f40a1f2ad19c4be4d590edd

SHA256
3f31296a5be7c607874f4fd3e66df9d2c460edbc5c4b41ee5ce93534786310ac

SHA512
0d42472c287497878a08393b1b39608c0f466520b1ed9aac83fdbd25171941d40d0d0eb1012503894aaac5a5b64db7ea8d280df6d5f7afdd15490d4cee97ea00

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraEditors.v22.1.dll

Filesize
7.7MB

MD5
9a4fa4e33d64f44451fc4223a5616355

SHA1
124caceb4e82537403a4b5e9b21487c369b69559

SHA256
fc4e229d2237af90eb1b76205b543098ee958cbc7558d7a6dab41b5210fdaef5

SHA512
869b25aa356a957ba361b4fcc1b3aa8363e7bd23a577538f904995ebaebb8a249398e35cf381f5ba06baed95c8dd3e5d6e3aea8efe5ac8e48ca2482c9d549bf9

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraGrid.v22.1.dll

Filesize
3.6MB

MD5
8478f5aa3de612bd2cf5e9356688d0f3

SHA1
84103d2abee8976dcaac172bcb9e064dfd06a890

SHA256
ae22e7bebe5c4b59363c5980940c64608d1a35c6b5026e0e088605132187c8da

SHA512
d0f3cbf8144c733266e05b2513603f5b44bf6fa359bbff86c3d437e022ef1d6451ce7b3f335d116438346aeb3d93bc5a82a6a548a7b1795f72991112abe6750f

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

Filesize
14.2MB

MD5
3b3a304c6fc7a3a1d9390d7cbff56634

SHA1
e8bd5244e6362968f5017680da33f1e90ae63dd7

SHA256
7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

SHA512
7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe.config

Filesize
3KB

MD5
a1c2a2870001b66db41bcb020bff1c2d

SHA1
8c54c6a3564c8892aa9baa15573682e64f3659d9

SHA256
0aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5

SHA512
b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
64a288801cc5ca8ff0f60f5f0bfdcdc7

SHA1
fe6ee1c77b87fd560f39607ed8aae347c6f9ba14

SHA256
394dc63b6060f82549cbde651b3e1471a6327671b4b77e613906f90772d638a8

SHA512
e1fb91720c80d601287c49ac4638813a446cbeda06f84f9933e29abcec583d65f0217004ec06ed98aa64cf4aae2d7661810602f34343a059f9c99af38c014075

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
a4848583a2cfa72fe15f0e3f253d8942

SHA1
c8276f0a58058f172461a19ed1dfa8041e382830

SHA256
6a6752c79bed498ffdb349f2744fe21111f0ca35819da753d1153dacc089da9a

SHA512
b1dd1fe97494f9d72e9e6a4f3ffdf1cfe3bf28d47fae65e0878e956c790eaf3a381725e8d92d2c236609bb89561589e97a4a24422f4348f1749f920594188306

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
c5d683c3c937364b7e00022ac2e67d36

SHA1
625abb7a91566256789ddfb470a44d5b56a36772

SHA256
2406d24050a286c418c29794832993ac2fd2239de07cb0c9a12f1fef62e8bc19

SHA512
961cb3de6f586d0c25ade7e94055964169d38c2ebd90615569d120a217192091f23b3bc92bb7424113fdd0eb92357f2f7e7e955b07911969d014aa1da4a9c88d

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
363cd8ad60a7d0a5423bff8913a81d07

SHA1
3a93fd014d3a1bae2d60a201887a70b9536372be

SHA256
5201ffbb1cf3386d0d4711e1200caa1c7831088977924a903337785f8391fcc9

SHA512
aee637f1430dae7a703cd5ad4c6afa0db2760b4ee3ee51cc80e696d4374d7029ec428ee65235784d1ed6ab0a45d97b26c2e63561d03d48e78e7566c95fb0a78d

Download Submit
memory/684-3232-0x000002301F5A0000-0x000002301F5A1000-memory.dmp

Filesize
4KB

Download
memory/684-3234-0x000002301F5A0000-0x000002301F5A1000-memory.dmp

Filesize
4KB

Download
memory/684-3235-0x000002301F640000-0x000002301F641000-memory.dmp

Filesize
4KB

Download
memory/684-3238-0x000002301F640000-0x000002301F641000-memory.dmp

Filesize
4KB

Download
memory/684-3230-0x000002301F520000-0x000002301F521000-memory.dmp

Filesize
4KB

Download
memory/684-3223-0x0000023017260000-0x0000023017270000-memory.dmp

Filesize
64KB

Download
memory/684-3219-0x0000023016990000-0x00000230169A0000-memory.dmp

Filesize
64KB

Download
memory/684-3237-0x000002301F640000-0x000002301F641000-memory.dmp

Filesize
4KB

Download
memory/684-3236-0x000002301F640000-0x000002301F641000-memory.dmp

Filesize
4KB

Download
memory/1052-1299-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/3480-1294-0x0000000000DB0000-0x0000000000DB8000-memory.dmp

Filesize
32KB

Download
memory/3936-1289-0x0000015460610000-0x00000154609AC000-memory.dmp

Filesize
3.6MB

Download
memory/3936-1277-0x000001545BCF0000-0x000001545C202000-memory.dmp

Filesize
5.1MB

Download
memory/3936-1287-0x0000015460CB0000-0x0000015461342000-memory.dmp

Filesize
6.6MB

Download
memory/3936-1298-0x000001545CAD0000-0x000001545CADA000-memory.dmp

Filesize
40KB

Download
memory/3936-1285-0x000001545FE50000-0x000001546060E000-memory.dmp

Filesize
7.7MB

Download
memory/3936-2819-0x0000015466340000-0x00000154663F2000-memory.dmp

Filesize
712KB

Download
memory/3936-1293-0x000001545FBA0000-0x000001545FDB2000-memory.dmp

Filesize
2.1MB

Download
memory/3936-1281-0x000001545C430000-0x000001545C508000-memory.dmp

Filesize
864KB

Download
memory/3936-1283-0x000001545BC90000-0x000001545BCE0000-memory.dmp

Filesize
320KB

Download
memory/3936-1279-0x000001545BA30000-0x000001545BC82000-memory.dmp

Filesize
2.3MB

Download
memory/3936-1275-0x000001545CAE0000-0x000001545DEE4000-memory.dmp

Filesize
20.0MB

Download
memory/3936-1291-0x0000015461350000-0x00000154617D4000-memory.dmp

Filesize
4.5MB

Download
memory/3936-2796-0x0000015467C40000-0x0000015467D64000-memory.dmp

Filesize
1.1MB

Download
memory/3936-1295-0x000001545E4A0000-0x000001545E54A000-memory.dmp

Filesize
680KB

Download
memory/3936-1292-0x000001545BA10000-0x000001545BA30000-memory.dmp

Filesize
128KB

Download
memory/3936-2820-0x000001545E7A0000-0x000001545E7C2000-memory.dmp

Filesize
136KB

Download
memory/3936-1273-0x00000154404C0000-0x00000154412F4000-memory.dmp

Filesize
14.2MB

Download
memory/4032-3179-0x00000000021B0000-0x00000000021BE000-memory.dmp

Filesize
56KB

Download
memory/4032-3178-0x0000000002170000-0x000000000218C000-memory.dmp

Filesize
112KB

Download
memory/4032-3175-0x0000000000070000-0x0000000000088000-memory.dmp

Filesize
96KB

Download
memory/4976-3140-0x000000001B910000-0x000000001B92E000-memory.dmp

Filesize
120KB

Download
memory/4976-2816-0x00000000009C0000-0x00000000009D8000-memory.dmp

Filesize
96KB

Download
memory/4976-3139-0x000000001B5E0000-0x000000001B5EE000-memory.dmp

Filesize
56KB

Download
memory/4976-3138-0x000000001D410000-0x000000001D486000-memory.dmp

Filesize
472KB

Download
memory/4976-3147-0x000000001D490000-0x000000001D4F6000-memory.dmp

Filesize
408KB

Download
memory/8996-3191-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3195-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3196-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3197-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3198-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3199-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3200-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3201-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3189-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/8996-3190-0x000001C707C10000-0x000001C707C11000-memory.dmp

Filesize
4KB

Download
memory/10244-3211-0x00000000031E0000-0x00000000031EC000-memory.dmp

Filesize
48KB

Download
memory/11468-3202-0x00007FF69A9B0000-0x00007FF69AA17000-memory.dmp

Filesize
412KB

Download