asyncrat | hxxp://web[.]archive[.]org

Analysis

max time kernel
275s
max time network
224s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://web.archive.org

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

Mutex

ghpnvoosyjyfugjve

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Executes dropped EXE 2 IoCs

pid	Process
5972	Venom RAT + HVNC + Stealer + Grabber.exe
2580	Client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
130	camo.githubusercontent.com
131	camo.githubusercontent.com
132	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 7800310000000000e95867701100557365727300640009000400efbe874f7748ee58224a2e000000c70500000000010000000000000000003a0000000000e6abcc0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "6"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\0\MRUListEx = ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 7e00310000000000ee58514a11004465736b746f7000680009000400efbee9586770ee58524a2e0000008ce101000000010000000000000000003e00000000008aaa88004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0 = 8000310000000000f656fa46100056454e4f4d527e312e33285f0000640009000400efbeee58514aee58514a2e0000002836020000000a000000000000000000000000000000805a0f00560065006e006f006d005200410054002000760036002e0030002e003300200028002b0053004f005500520043004500290000001c000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000003201000030f125b7ef471a10a5f102608c9eebac0e000000a200000030f125b7ef471a10a5f102608c9eebac040000008700000030f125b7ef471a10a5f102608c9eebac0c0000005a000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\0\NodeSlot = "4"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\0 = 7e00310000000000ba563294100056454e4f4d527e312e3328530000620009000400efbeee58514aee58534a2e000000293602000000070000000000000000000000000000007b4b0701560065006e006f006d005200410054002000760036002e0030002e0033002000280053004f005500520043004500290000001c000000	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Venom RAT + HVNC + Stealer + Grabber.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000001a5199bc08d2da014d5a12c9ced5da014d5a12c9ced5da0114000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 5000310000000000e958e77a100041646d696e003c0009000400efbee9586770ee58224a2e00000082e1010000000100000000000000000000000000000078126400410064006d0069006e00000014000000	Venom RAT + HVNC + Stealer + Grabber.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 7c00310000000000ee58514a100056454e4f4d527e312e5f534f0000600009000400efbeee58514aee58514a2e000000223602000000090000000000000000000000000000008aaa8800560065006e006f006d005200410054002e00760036002e0030002e0033002e002b0053004f00550052004300450000001c000000	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1932	msedge.exe
1932	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
6044	msedge.exe
6044	msedge.exe
380	msedge.exe
380	msedge.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe
2580	Client.exe
2580	Client.exe
2580	Client.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5972	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	5536	7zG.exe
Token: 35	5536	7zG.exe
Token: SeSecurityPrivilege	5536	7zG.exe
Token: SeSecurityPrivilege	5536	7zG.exe
Token: SeDebugPrivilege	5972	Venom RAT + HVNC + Stealer + Grabber.exe
Token: SeBackupPrivilege	2792	svchost.exe
Token: SeRestorePrivilege	2792	svchost.exe
Token: SeSecurityPrivilege	2792	svchost.exe
Token: SeTakeOwnershipPrivilege	2792	svchost.exe
Token: 35	2792	svchost.exe
Token: SeDebugPrivilege	2580	Client.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
5972	Venom RAT + HVNC + Stealer + Grabber.exe
2580	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 4484	1932	msedge.exe	83
PID 1932 wrote to memory of 4484	1932	msedge.exe	83
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 3232	1932	msedge.exe	84
PID 1932 wrote to memory of 1736	1932	msedge.exe	85
PID 1932 wrote to memory of 1736	1932	msedge.exe	85
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86
PID 1932 wrote to memory of 2616	1932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.archive.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaf9446f8,0x7ffaaf944708,0x7ffaaf944718
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10578154755708404664,5976745162686537859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1260

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\" -ad -an -ai#7zMap21020:102:7zEvent26674
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2772

C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5972

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2792

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x46c
1⤵
PID:6120

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\97f6e4c6-41a9-484d-bd79-669af96b7c69.tmp

Filesize
11KB

MD5
6e7fb00560ecc9ee9dee72476baaa9a3

SHA1
0d4e171dc7f0e4d8e18aa562f03009a29701f66c

SHA256
0ebef699b98ee03d04185f683992f31c90dc32a2c48502998ba6bb16c13a3804

SHA512
a6a22f883beed2732a92f4ba9369cb40a9da3516e7b833fffa564ddf17f9b9afccc8ea4ce9e4f98d9c473bc397a2d39ed3fefc61438b9370a0eef52d7c4f2c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
112KB

MD5
f91354dee893e5b5f7eedf08fb503e05

SHA1
a291685de177c087466c10c920907d99b3472bf4

SHA256
50d56951f0baa312d62451574206a628c60e3a195361e373a36543eba12ae8e8

SHA512
f31b12d4735a4be4a4934cb816d210be9b461afd36b69d931cddb74cdd3b2ca1b04e955c801b7d8978db40b6b4d496b667cc73d54c61a3f5fd249204433ce42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
43KB

MD5
18d0961161947cc8ff53cb476e005e5b

SHA1
f8ee3ff87725fe24c0565c63e6634c60aa6a45ba

SHA256
3d6fb629f65a9bb2ec596215a38109f04a408c479aa96585044aa19b5b390b58

SHA512
e68f50692d5fc3353f23fd48e2bbe7021015f944c60abb52dae9707034cf5c5c798659530e15c760df06afeec5432baa1c0b995e6b541ae0392b4913cce56ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
1.2MB

MD5
11db7fb3182a548620cd81d9834e9f61

SHA1
5d63717ac35666c5f31d483f54a21518b0b5766d

SHA256
af9a7f542fcfdfd061209de29b5ce5ed540d6e702fca08af262541a92c82d3ed

SHA512
06e000fb72af7acf73d11424ab54a1299e7611c4e8535abd7cc67de695d3a016825d123f3a2352e9bd92a92fffb5edb50a3fcb39553f4b332313dd13d3836116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
73KB

MD5
7322a4b055089c74d35641df8ed19efa

SHA1
b9130bf21364c84ac5ed20d58577f5213ec957a1

SHA256
c27e6cbe88590ba6a04271b99d56aa22212ccf811a5d17a544ee816530d5fd44

SHA512
bad26b076fa0888bf7680f416b39417abe0c76c6366b87e5a420f7bc5a881cc81f65b3ef4af4ba792aa6030bcf08bdc56b462775f38c4dbf48ff4d842c971bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
17KB

MD5
ec6a726e2a9d7a4f40ffaa33b9bd6d7e

SHA1
388b903c7fd97bc67b5d0a8e05e4f468bbe5d496

SHA256
87d1525ab4322827bcae47b61d6938e5103b1cc105756dc7671fa059871e2848

SHA512
a99b1b3be44b8d5300aa35ec72d2a233d145ac828931facf36b12ced7a8fdc01c03039c657305cbdb9530003707929fcafb1ab478f4a69268c543ca864a0265d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f662676b809a0eb122873850a810a8de

SHA1
c28c97b682ed57178fbe98773c56ba2dfadf9df0

SHA256
54879e7ce699017b8f7b5a30197eb52766f7f3fa4e0a231e685af20270b28f4c

SHA512
e3fedba575ae87f4a50d686b251c776056daca7eec857e6a299d5f8d82077d0ce92861eb8beddee474b3203622a7c0b156545b4e1f6a620ca78a0bc5a3fecfef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
eae05aab56916c161d1de59b2ba1e1b5

SHA1
01ef1861af314f255a548dda4e31bbb7ebc58956

SHA256
418fb6558e0d4d3724c92916864d87751da5f933897d70936a05a17e4a23b150

SHA512
89d63b78eff3312d844807cfc06d76efcc2ef5423a345251a5fbf059889c7fdeeacd524aa2e031c433f3fb19c11bf902e9146783a50904175a2077a8b2d128f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0ae97b7a56cef9556d8af23126423a16

SHA1
dfc71bee1818cd5bc46894c20530973c92ea404f

SHA256
aec02ea8aebcaf167947272e3b21bc4b0d9193519e83ca4eadb0f16e876e2484

SHA512
423195be35609984c22496a418255af298fd016c621150af94a7435f0459cb606574274f0f7bc6120303485ff391b3f82c4b198bd81e91b785d355744680a872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
90885999e1e183f14ee156a91cb1e77a

SHA1
f60726f24521beee4994a4c3d96c664c75d42420

SHA256
d2e09e538d2b669f62b336bd7421a9aad34920c98e51effba2e4dcf59262cdb7

SHA512
de183b77ffb904c375b97c7e415d77c7151f1b4486a08a7a033591e2a6f5418bc2c80a6199e0dee2939cbf7486e5781c7cae015cc1b61a5ccf728df550727272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7d1003b456e6258495dc9f617972970e

SHA1
d7e57e338af166457048ff81e3a1d061f51c62c9

SHA256
42b08f1f3b46a9ea285837d3c3d401fda7a97f9cce384b8e1514e43aa957ccd2

SHA512
d1cd1f0217c99c8dc7144886993dc224f24a7c72cd6d63e367ea61368cb78046b0be72af1508f5e5d0fcbec76022520eb59ca870d4d502feb480d7a6adfa1b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
50182918e1bc375f005006563b65f4cd

SHA1
22b74ad18595100dac073428bc07447acef02f07

SHA256
9b8a2ad4a432ba5b77bb7a2d2bf6b1de6495b9cebd5b93592c6e7dd3034110f3

SHA512
023164738c2ec3d0aa2b3227fa93be8b7c52b6e19e5a731bba835cb79f53f3f98d19c461fd450209f240c0ac7241838a07deebecc899fd13a784c4900ae28a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
55e0cfe44d9573b49c4a3da96a15ccc6

SHA1
4ad4d2db7cff0da5e412930ef7ed6255ae6d0444

SHA256
ea7da5d60bb9ddb1d223b278c460a4868ad10d30aebd20e9ea64b1a15e16a890

SHA512
cc4d9213dee5828aa466d9f2262c0482fd357f19d1f6c64cd8f0f92f044d25230671212ec4329eb414854dc4f26f042577e3a0c57914f6c162c44d5af59b687e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
081d56402e8993d00eacef18990b0cc0

SHA1
7b22ecaa259180f66915b91036d8c0a207f2b483

SHA256
9f1b48385c2a1c5f52d08443eee06255430545957a84175359abceca010fa867

SHA512
4d2ee277289cc1768c433285138ef5ff159de08ef0cf5bd40155e6b0a11bd0ef4928033c7a4a1c5c6c2a96ec529424598c067432b0a634c7e4d8fa6f5afb0950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
47c2eff11bfec0da59bee78eac431328

SHA1
ee37ced5b0a5f8f1ad7ed871d9cfa53c5bd84127

SHA256
9d5366b17d42ac70d1cc0d7f61c95d31bfbaa1d705e1b89642f761cae082587d

SHA512
80a4473b2b31f2dd50765449ff15faec7fc0b3aa1f54bc994b72ae462b56da7b49f1181b7c9742ec46ec63d22f76e72abbf1e4a1616dc5a3a3ee31d3c536f73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b17ef42721bc38fb476879d3afe6e5d

SHA1
5a36d1cc3ae51d4d737e4359cbbac5c939add8f2

SHA256
e56d3534304c075c8db6189e183ff4468269fac66de295fe93925621b6d96fe4

SHA512
9c358655e10cfa7240f62829a676a971f68c1fc143f96b99bf574aff44208bee96410a7b7d9ea7fa261a6c3001f1888f0c55a84a403418a4d63ab115eb9487a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
600e18399848498060cb5b1952a1dd45

SHA1
2b56df478158ec32821576630578eabc4c243d18

SHA256
2f983f2f0114c77f566785f4b42c193ab3f8d9c428524fd453aa0efd756910cf

SHA512
7cbbec7fe176d0dd29bc5790e4ecbd35714162e43b292c4eff185d180b5a430f2fa37b31b4918dae51f5bc362cb2af985c60bd74defff83c44af3fb7db5e6254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e06f79d2c0dfa04ed312d93c094281fd

SHA1
b3ac1aa436c982abbdfed58c4e3ba2095a03dcbc

SHA256
a5431fb32bf576c6501186d199fc907029ee4a0fd79dedcbafb072a755ddeedc

SHA512
8cbd8a43e95dc1d7270102748e92285acc74fa9f903fcf20980febcb3539d1813f547cfcc531dbb77979e67dac6465adf9bce4ff4dff78e8731e5e2f2f6091e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40c47f3496016759a6e371d65e672bd6

SHA1
c868849d2490358de818c341622302940522a177

SHA256
cc1bfb531daf65e8856ba2fc699b7cfdd59426eafff444b2f03eae418c1e99c4

SHA512
3ba36bb1fc7addb646548e26e311c320505aa88313f9af06c7e8ed439e5404deb96913a646f8e9129c4c515baa69e1f7956b5a61a5f97083a6351d8242c11987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2473c5f786fb780e570f80e18e15ff13

SHA1
c9d00d213bdaf6a30457a2ed909f7bc6a5ca1821

SHA256
5dafd4efa4b6d628c4f9c0b83b8f29f2dc5068bcdf776c1e9f12b31de0484b0d

SHA512
9d75d437fc45c387fc3d367dea99d1d3269e89a80390bdb7025f46d300e18958276c205deaab836cf8c28d6b58395538526948f2d9acae5c4cf18520b97044e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61a8137cfba0cd73b93ea50e4f9667da

SHA1
8dba5dadf0a34706c30195109401b37d4a0d9bc9

SHA256
f9742257553a161a124da9c0022813e13cd7e8b9a8dfc57b40a8671cb4a8124a

SHA512
fc1f3a6a00c68ecc9718a812487d9a313a939f9273289217d247053c010e982ea95f5a845d9cfaa20555060b6d4a6e47503f8764304547ff7935d0f693795951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
db4d054f6d60c44f6586c917276ef2f6

SHA1
6bad60c903f04a87245b217df7078f0b33b9ca70

SHA256
de73dd4b2df35914e0468b8b062b1c60be721addedd07f457520b35ae90d63e4

SHA512
93a1aae7b54bb4fbd52417a7e8fe0287e323416d9d6db8b7a0204256706717f6f5970edcb9f37308cfd18c627dd12e5e5d15c60828ebc266570d2dc5fdd5cd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3fdc630ae4fc855a04f5c71dff0a304

SHA1
a5cf9f3f10e2e045fa7b4a4c9e9da202d844d582

SHA256
dff8bf685484590ba3d3424f8a5489c058bc3e4a78c48fbdd40a8e3de787a262

SHA512
de3a550e5e302a815c31749b6200e3c23e7553262d05d46c13cc42dd58f2319905aed4a35b5e5b7d1b465d5304d50067f4a3ebe097323ff6ed1059f033604542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
875ecffe10886576e852c2bec741e370

SHA1
6084f94a7f91c5380655f67ec3ca0cc7ed73d064

SHA256
b52d1445c04634cb7e7963de46c9e97a82bca1e273aac1d4cce172765e05c897

SHA512
fb18dcd26b5b969364e49be406041f8ad7ecebc7bf1ad5502fa4c19e5db58bc42f9a4ccb689daa4f37786eed75a8d5150d2404a539282cc25491ebaeb7be6ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0e1a5430e62b5e372a4810ac997f12d

SHA1
461fe5339d8dca0a2f010856111f30af10452656

SHA256
b982f07abd2504484d6c803d2feac4fb4612d820ec46ef8cbc878faab4823231

SHA512
fe6b1f24551ca70469ac0077a37ed3d32369b8bebf92b0a34d63924302d65db0bcf79fa0a796d8696e7963b27dd30b87035c57ba1b491ecb816ecd0cfc01eb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4449f140c775019ec7a2cd0e1ea5aedd

SHA1
2a8f1b631db7183402193c3a416fe3177f10f49e

SHA256
05ba803b1f4ac5502b7eed6ccd2cdceea6c079d7407b5395ae0693e5e3c1621c

SHA512
6f935cf00f9a1244a8eb3faa06be88f7e9aefffba6c97cae4c210f4c862360550e5776efa82d67048def219bb9ff7d17205cc43555d0da8ab372f373f76739c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4630c5e754e813ee57993eb2aea8a7a0

SHA1
b9e2726c96ab60a94225af711ad00114e658fd3a

SHA256
0f594635aa17e43b9b4700e7a1ed490bb0d0257ae843f4737bcc0f23130b1147

SHA512
33a838bbcd14e53fe55e8237287b36acc0488b7b306f3215ba5dff9632a5eca82e4b33d12d863506b772e4e0dac07ef37cd89de586767f7f8d5c83288393d57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f02534fb64e819bd447a80872eba989

SHA1
bd692d9059a44db02f99ab05dbb13321ecfbabf2

SHA256
d4062a81b4f1a5ff8851e8e4e41c5f7e46df22091b9a4a46db8237467c73d3c2

SHA512
0bb0bd1e72b61c48a12ac8168bb899ceafe6d77071d135712928dd1806ce3b9c2f173b9d0da3aaaa4f8fb67ffc1d064d4ccd30786d383715eced484cff390ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb23cbcd5f4d3ba87666b473e9922ca0

SHA1
ae75bf09741c08c10ded1a3ae0fccbac074e988c

SHA256
c3971876fc8cd4e845b0eba4a320f9d9182136d9b3b9943ff11d2f771398c674

SHA512
f7a4ff33c417a877b944a6851d4d10a3bed106c15d52c6ffb7b38963e8232273da617b595efdedc09ba7814cbed0e8c95a9fcde41df3b3d92b47de961d7ced4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf56978351c60be9d6a27cbb9a6cae4c

SHA1
be8412f14f72d38f442fb8f9c5dd888b5415cf72

SHA256
4cc37cf87f705b3049f1f8c16b5066819c133ea4570cb9fca116d38068805e72

SHA512
600f1d6d43e9dd8cdb633bb99e19646cd22e4e084aeca1a11e6ecab5157412885bb72609ce054fd107d2120ce43ed88a0ad10f07b1e5fba662ef0b99df459b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bd6f.TMP

Filesize
538B

MD5
3f759ba23c6902fe80fbe0558a11c0c0

SHA1
f6828d6d79fcab4f406ea14bbfe2d762f1630635

SHA256
597afc6a43d7bb8c958f450b7c370228afb04592228ae4c2ab83bc545341c584

SHA512
5f0e6572b4c6f707f6e1b0065406582dd3ce195d719b6deee3da0a83a7823a67f7c73ba0222686ec4a01b5b4e71ad542e7f144f2e60eb9e7d0e9ab5c8c31418f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0817236dd389f5a74e3588f9584e270c

SHA1
bde698f7a0d89e6aabf459e5f0d1be2d32b7e66c

SHA256
34f0ae4242ea2b39c456eda57d8708cec1b3b67ef54a0826da0ee2865a8b55fd

SHA512
3d59a90356955c56e36eff5ccec90c2e441a06503a7f97844640bac9c6d58f48e1150c92026f9cb856fa851e672a01fa2b0aeb30b931ccc66690591f7bd52849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
9ad31ad03630957ce182a7e564a09bcd

SHA1
e3685269a4caddeaac9338a9e849a5ece214f970

SHA256
a7786650212c7200a97c6ef33bfb56de0c072d6455984b51c83a847a780450c8

SHA512
a8c249f77cc63e2a88658217d08bf91990eceaa58ca73775c3a242184834db465c032fe445bd2bef9b591f7ceee26e9cf8933fc0b6f3a0a779dc1c49cb4ac754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
e04ab113bbb8ea34d9fe66f21a66d12d

SHA1
2a43e2fb98cb6fdbc139b6a5c98e269e48fbe952

SHA256
dd8faaff6c0ab5a2f922cc63dd210e1d8a0721119c87bafa51bc3f9b4617c34d

SHA512
ce1b11f8e979fb8490089a473cdc37b1f890ba3dcf5e281cabadcd18649f61a224dfe521446635b8838806c65ef7d56fc52964336d124a4fe9f45ff2ecedddb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
98173a04c9c074b86f663983eaef3b03

SHA1
c51eb6aa0b816eb9a28e48f8d54e3c36e4db3847

SHA256
425a7d4333205ebf01d2045041a00e4d7af48f1e2d663d48d2300d9a100009e9

SHA512
ef794ef85c5fbdf34e3b6e9afd8ea0c326aa96df72c4feb951ef6d5d05d3ff47da64dad7560d9f81e336e34193ee71340351c431504a8ad794eaad6cc296a6be

Download Submit
C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_0qujsdro5rqvnkpoahafcgl03lubexlr\6.0.3.1\user.config

Filesize
1KB

MD5
3fb8d2a2cd510948957ef43af5de1a6a

SHA1
165c56b69c45db04546436b8cfcd21bf543fe1e3

SHA256
095a2b7ce003847ea27f3eb98eca1c5bf9098c194c137c550bed549fe8d46306

SHA512
ddf025953f0487612cab831866ce03285aa810a406d0a92d4491a2d26c7eaba2c4108c230309732a7ab6184c1578419164afe2fdc8e0179d8584bfbc7e75f1c6

Download Submit
C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_0qujsdro5rqvnkpoahafcgl03lubexlr\6.0.3.1\user.config

Filesize
1KB

MD5
ec49b7f5618d420d4c61a527d52c2638

SHA1
4c627db09339ea9d8266671a866140c5c9377c89

SHA256
1e5fc255b1d6ff6b9fcb242f9aade5db7d5ce869a7bad4a216cf92c90f239def

SHA512
d33bbc0e55aa55a52b12a476d570bc2f2bb649313d416d94cd7bf73c0e76bdbf016b8cecf2eb3aaafb490e36238a8bec3e41e88201b65d032daaed757ddabd6c

Download Submit
C:\Users\Admin\Desktop\CheckpointUnregister.rtf

Filesize
361KB

MD5
223aa0122106fc18cac15e12e021b561

SHA1
2bade0b40788cd6c51a556ec59ef9f333be1df0c

SHA256
74a5cc8f1547bd44f73c6dcab51600b713bc4cdd5978a17b54b695e393e20cd0

SHA512
fa07dd6cbaf32a7f8f9cd52e58ce4f82a6b1bf888f0b64fa3c05ce892faf400a7ee8b3cec50aef9c16432a4d97d6e1825365abc819522530c2fb46ed7068c315

Download Submit
C:\Users\Admin\Desktop\ClearUninstall.edrwx

Filesize
303KB

MD5
11616849aa9b877122bd830b4dc5f0bd

SHA1
d2304b7480701f3811d68099a101e7524c7cc57e

SHA256
2aa11f57d76e8a6d9373a0abcd13ebb6fe5171e611abd85234890e658515f631

SHA512
cb6b5d24513eb328d5dc0974a84287a02f77435bb8605285dae80f8783787e9668c1d98c4ac4882bc40b60e9e1382f8cdea5630045803c00e5274183cac2bcdd

Download Submit
C:\Users\Admin\Desktop\ConnectLimit.bat

Filesize
315KB

MD5
6cefafa4ca43efcde67fd9c8c4015411

SHA1
9810337234c3150ab17a60a2fcee2b930aa006f9

SHA256
d9cc4b14dfab0c4065c47d289ea718210f96e69b6bd24d9b89962410f8e9ea54

SHA512
a7cd2cedb6d76f8ec571f9739cd82ab9044eb4a4eca18ada4d3a04407b70b2ff549343f0d595fab1e7ae1f2bdcf6055bd5364a69b71efd03376ed2e1718a76b8

Download Submit
C:\Users\Admin\Desktop\ConvertConnect.gif

Filesize
395KB

MD5
e0d4c40e287fb308a7d5befe2e2471ba

SHA1
5a667dee28cb68c5a42d364017e97ebd9700cf64

SHA256
c23b72cf95eeaa59fc69f6ef815937afca59f49c9ab71c6b2839b4703af39151

SHA512
3d3e161674e1faaaf1b7750ce32597f81c9ba65a87212d573900df33b01ac3d57bfe220bee8eb2e65b686477c2a3993d94fb366447a49f57c52c0d8fdaf90d6e

Download Submit
C:\Users\Admin\Desktop\CopyRevoke.xlsx

Filesize
12KB

MD5
a1529fe93f8bf78cc693a83190875a6d

SHA1
cdc02d7e4486babc42ab9371aacb6f820bd8b7b5

SHA256
f3a1f754d724a1d79cc81e71c18855775b9c7b6c4b3a636ab7af8624fc8ef93d

SHA512
c830abbd5e5e531f5fce2e4dbe12acbae1b297ab6709c8a11d74ccbb8b0c6ff838a9e84abc35f251159db644ecc9dc6cea35934ceb8aabfe766fbf00bfed19b7

Download Submit
C:\Users\Admin\Desktop\DebugConvert.dotx

Filesize
280KB

MD5
d653200f25462296f48f47348b0a1ca0

SHA1
f652dd3e89fb7f4cae65c2cb9bbf74c2f52b68fe

SHA256
0b1c241b0ddb4c3600478a73549e6faaf4011a0fa6268544ddb2a9392aa637af

SHA512
fb2810daf2b72a044340a7d474e4803c9b0f4c8f342d7fb10702667d17bcb861d7c89134204e8e33a47eb54bc747292243b61c6ce4534f01fa556ef99bcf2189

Download Submit
C:\Users\Admin\Desktop\EnableCompare.bmp

Filesize
154KB

MD5
3dd010247e0f0332c60938ce89f17609

SHA1
91985a28532608d2a843d343e55ad13b65d4c663

SHA256
45741cbe0fe3c65fda6754936c1cea69bd92f5ddb1b964be2f7a3b28dd9a6a76

SHA512
393c7b41af7dd768fe8ec44ce18a86a20b23bcc62fd68bdb03c871872b43dea446fed9f6dd888858d35fd88f05944ef8415aa56429306e4c22df5165a200e20a

Download Submit
C:\Users\Admin\Desktop\FormatSkip.shtml

Filesize
326KB

MD5
707dacfd18e5165f4552355554a3bf8f

SHA1
03c43ddd6f0f0ff248fa977fb3f92887547430c7

SHA256
d4165d5deb3bfe780e415937de2e8934ceeb2076594538bdea9f74ed319d6574

SHA512
5957fe547ef838d4c2b9118e7e7185924b292801ceea5fb192f76fb89ed0cb4b09e0fc31cfa914b1f54d4d60e20814481e64ec9ff56d0b9edb4bf49b1c5f9614

Download Submit
C:\Users\Admin\Desktop\OutGrant.mhtml

Filesize
407KB

MD5
46ffd8cad947eab8e5d7d6135d89d554

SHA1
5d9ccb4ae6df7f4513d708b261468a76513e1893

SHA256
f1719f8f68084f101a5f3785f2348bc8855642d87487769707e96c8af6129908

SHA512
8d7581a286a9ead54a6048badf6e3c1fb17e4ee12864eca6bc72eb5ec03c9ff3d70591acb355d76f6ebc210c8be2a36bb94a65744352ca85e9d19773b694d1db

Download Submit
C:\Users\Admin\Desktop\PushBackup.xls

Filesize
200KB

MD5
ab5d61abf67f4704beaa4c0fb92914b5

SHA1
87c4d695f4d5eb3379d9d9e0cb7cb7935413adb5

SHA256
1b5c015bda1704c119716b611fa017aaf92d2483d638b22abbf5288105accbb1

SHA512
35ceee6147d528ef1ca75db2d442295e77aff3ef4bee55c94995401bfc7fcfff9bd5cdc2f6f4ec8536cebda3c078e024b07737174287503cf638a144769a57f5

Download Submit
C:\Users\Admin\Desktop\ReadSkip.mpeg2

Filesize
372KB

MD5
e58e39cf59827c1c08a403aa0182678f

SHA1
ec8326b55759fa7e36725fc5dc25aee416a068a9

SHA256
f6f809f734acc0649657337552eb333202f86338a1020936a88ef70124b96a6c

SHA512
727743b819ebe5d8e92baa6e40b644f8d8fd6919d00c815a25fd46cd4b0f9ae64702a23d6168ae949a61bf41e4f85c40832a37a3868a561ecf2b8dbd33f4af85

Download Submit
C:\Users\Admin\Desktop\ReceiveSwitch.docx

Filesize
15KB

MD5
8acea58b9716442e5cfae846b480aac0

SHA1
44994e8254e9b878398645033f55a2119c255c80

SHA256
003c5bed225b7d6e13ee421ee5f6234fce24351a9275fd77edfd833e02e1b8fa

SHA512
4fd62c4a63667ef8f4fe2a1e722716909fa4458d4c0bc04310a52dce91d92f91a2ed24a28460f278bc136b7311e8b65c353dd9796bef1169ac1c45fa30fd5312

Download Submit
C:\Users\Admin\Desktop\RenameRequest.gif

Filesize
143KB

MD5
489f5c083bda535539174b37bc51de4f

SHA1
afd1db066483c46ae6cddd73c1816d78ecabb77e

SHA256
cff1e8f9e196d87158276ccf13bd7571f015527f93b516f9ffbd1adcb1670c10

SHA512
f49bc76b422acb0d4cd8097e561209e4963ca0291c47c9b74a78d44fa0f7e7c0ffe1cddb95d16629200a466f528cd800f157fda60fb83930e61c4fd1db6bd432

Download Submit
C:\Users\Admin\Desktop\RequestOut.m4a

Filesize
384KB

MD5
654a3994cfe43637784909638a122c86

SHA1
de99de6b4a363e19fa1532220fd0740ac5b0c3ee

SHA256
670d714cb706113cc1ce6987a90660a640fba98f21949eebac203ce07dc8a28f

SHA512
e36989abbb53a958a59c51a160838cf109f741cdbf25afd7c885b6358761853e8b1c6584cc58544972b3e56ab454d20cf07456ffc0d7016f1e69c7bf6f7e02a1

Download Submit
C:\Users\Admin\Desktop\ResizeTest.vdx

Filesize
562KB

MD5
a9424ccd17d0d3ab256b54bea12b5bdc

SHA1
0442dd2f458c6f90ab1c1eadab7e2b406dffc4fb

SHA256
6773dd4f5bd8913fa98711074a55f04cec32a5276d41c87bfd9fad2e9af030c8

SHA512
01b2a684a274089fa06cec2043b961be51d6dfcdb5b971b582acdbef5ee9d436b3e3b3f12b72bbc437df9a8b7611cbb7fc85cd4a5193116d93ff6b40dcec65cc

Download Submit
C:\Users\Admin\Desktop\RevokeOptimize.mov

Filesize
166KB

MD5
3798692ab0ee2ec0743e8d9332d874c6

SHA1
c7719c7b5b9c41ddc9e6f1337d4ccb37b569184e

SHA256
fc8986e2246ceb2cd0467efb14910f50571dab50bb385a6f3ceb0ffdc4796465

SHA512
49d9498e1265989b278129f8c248d08a05da3d43c2a82589a4376c700209b88c0bca20ec29506825668dc3de039278daeb2b8a76e938208be2e94202161032b6

Download Submit
C:\Users\Admin\Desktop\SendEdit.vsd

Filesize
235KB

MD5
65af1214a4e5938f515962c510fa07b5

SHA1
0b295de5b4663e9833be32b6fc150495c97d7d3c

SHA256
82fdbd52e57caf6bea0a25722fb10521b13f6810a9880fa48df9fc25ed0d9770

SHA512
309a76a237cfb4ee3ac8f49f0f5ec202c6505c682eb9d0d23b28aa2559aed40916c3534b127f836412c9fb837b37884e5a0bfe3a9d17796eca4d5479e2c9911d

Download Submit
C:\Users\Admin\Desktop\SendWrite.vst

Filesize
292KB

MD5
e0db883c05ab5ce082877ad3a82e2f5d

SHA1
40e57c542bc2511e3404b5c769ee90d30d7791bb

SHA256
2757d64b2050455bbc876f851198313adc4a679c8136c5f835fe4b3478a02f7c

SHA512
e082583ce1a56ba7815d0695ed7080312e5ba3fa1ca423c11886fcec304245f9f24e18a1a4247158a46f424e6d9758f18812e42062d94dfa97ea98321188723b

Download Submit
C:\Users\Admin\Desktop\StepSave.ps1

Filesize
189KB

MD5
dfe43b2098bd2c9cbc891b2d7220dbd4

SHA1
8470df1e1db2d1efadd3d66160cbd319e10b49a4

SHA256
0c1c9b620e4e6a3660598ccb2e08baf13a3cde39aab367925a1cbc6c28af1d2b

SHA512
be09ac75bf994d6349fb480e569ccce7deff8a421a786e4f67967c503c7322ea17d7401f176711a87ccf65d9acab497206b35293adc8ad7ba60f0492a7b4d2cd

Download Submit
C:\Users\Admin\Desktop\SubmitRestore.ttf

Filesize
349KB

MD5
7eb776b621890b1e70a8beddbf3e5b6d

SHA1
7b2942a5bb703aceae65fd5cab943c1f4c1b6aed

SHA256
9081a260e6815507f4adc4ec9abd4c2adaea02bce6a2fecc7aa0ef90cf998537

SHA512
26dadce80e7b200e8ddfa6040e3886dda79bfce66d576dea5437fc27c99eaee69be05e6f2db6822c6338ad6d2cd39df8b593dd931902186ac2cd9291de670cf5

Download Submit
C:\Users\Admin\Desktop\UnblockMeasure.png

Filesize
246KB

MD5
5c93e45baa711d1164fd4d075151b888

SHA1
f4e0fc16b36a45b341c862a38b16d154e835e23d

SHA256
98d650a65a98b9e3b3ae9396d66924ca23977faa9be577b08a434da0b8e5561b

SHA512
888dec1c6414826afe3b5f2334d7ac0603d7cab62cd6fb2f164c1bc5cd0e28bb4b0ad567f0e864a328b64915d40885ff3d98e6393df3dbd797523ea604bdaf20

Download Submit
C:\Users\Admin\Desktop\UnlockPing.jpe

Filesize
223KB

MD5
2edddf0e0f55d066ae11f5214606d42f

SHA1
de254bbe9350b680f7254364f0a5bcc563af786e

SHA256
a7f65bbad827edbd0e438aa6bd14b296ca6a5050247db534d20e7a34f30cabda

SHA512
66b4a0e0c2d6bc60d91c33e235a59e4c0ed26a773f03abcbb0a4e9b31efa7f362adab3b70c23453562e5bf62c7a3b4f20834b4d271b1fe21c068c66f2934e4bc

Download Submit
C:\Users\Admin\Desktop\UnprotectTrace.ps1

Filesize
212KB

MD5
a4344b3aa733cb401f7a625f9724bef7

SHA1
8d8aa6623efebef4330d1b9e1dbabe4fa4fab836

SHA256
7fd984e73af767ac61ef6de9be3fc3f2391ce6f9ad08de8154d37823d0b4a7e7

SHA512
1ab668d851da38e63d7feeabfb6f2da65d8a73f8667d4dd485e252e5e7f281e4103d224cdb18530ad7e37c75f734da0fd37875fdb02835dd9cabb7ba1af1260a

Download Submit
C:\Users\Admin\Desktop\UseResize.search-ms

Filesize
338KB

MD5
0abecb2148fa2b5d5dc58fe5cd55470f

SHA1
a85cd92fcf842945ab0c0894a8fc2e53685d7063

SHA256
b436021c91fa21c5719e5f24a3b76a79eaa246ec8bafb81b1c4b5c69241831cc

SHA512
844f2fbb08e18497e5f7281199468d555bc88293224d9cae7d9ed14579ef33ec42434127030a98a6e6f4dea6cc76fc88666004e9e47cef0ebaf9eedff94ff61e

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll

Filesize
838KB

MD5
e59c802bbbc1ebc554f3f7b6a3259ee1

SHA1
fdb4fa99e15d6519f18f7afe972fb2b128c5caf4

SHA256
d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6

SHA512
34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll

Filesize
5.0MB

MD5
5c3017ec9073a7a4f3351440c3daaa8a

SHA1
ee1f73f8618439fc8a42f38b32760367bd5ce6b5

SHA256
e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33

SHA512
5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Drawing.v22.1.dll

Filesize
291KB

MD5
cb877cd3b77a37f8e279fe7dc6b4ba6a

SHA1
a03989c1144a57e9088daa40f829a49298135b03

SHA256
bc0d40dcdcc9f3e2e7b7071ffb033811bb094cc6a63907c994acd5415b577930

SHA512
8dbbbe8606bd36c2efd4f456840c9cb5dd4966097f3a6a0e81104fe4a50695adf558612d74fd31978728455f699f6623e73dfd5e3fcd405e0afceebe83ddd97b

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Utils.v22.1.dll

Filesize
20.0MB

MD5
07adc748684fd33a198f2dc6eea12666

SHA1
28f62a05673447a3a347aa6a01ae8cd518126956

SHA256
50cba5304bf0a620c119a610e73f545fee688462860706785db507110739a093

SHA512
893829cb3e1a27e5cbcab9a3b7ef290b1ec74cb21fc46358f2a08a3149d54bd34258046ac47387ad5777d794478230bf2605897e7259ac7a0241dc1272e121ab

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraBars.v22.1.dll

Filesize
6.5MB

MD5
8f335dc88eb706a7b50f45a3fd308dee

SHA1
1bcfb26b7e945fe29f40a1f2ad19c4be4d590edd

SHA256
3f31296a5be7c607874f4fd3e66df9d2c460edbc5c4b41ee5ce93534786310ac

SHA512
0d42472c287497878a08393b1b39608c0f466520b1ed9aac83fdbd25171941d40d0d0eb1012503894aaac5a5b64db7ea8d280df6d5f7afdd15490d4cee97ea00

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraEditors.v22.1.dll

Filesize
7.7MB

MD5
9a4fa4e33d64f44451fc4223a5616355

SHA1
124caceb4e82537403a4b5e9b21487c369b69559

SHA256
fc4e229d2237af90eb1b76205b543098ee958cbc7558d7a6dab41b5210fdaef5

SHA512
869b25aa356a957ba361b4fcc1b3aa8363e7bd23a577538f904995ebaebb8a249398e35cf381f5ba06baed95c8dd3e5d6e3aea8efe5ac8e48ca2482c9d549bf9

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

Filesize
14.2MB

MD5
3b3a304c6fc7a3a1d9390d7cbff56634

SHA1
e8bd5244e6362968f5017680da33f1e90ae63dd7

SHA256
7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

SHA512
7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe.config

Filesize
3KB

MD5
a1c2a2870001b66db41bcb020bff1c2d

SHA1
8c54c6a3564c8892aa9baa15573682e64f3659d9

SHA256
0aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5

SHA512
b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b

Download Submit
C:\Users\Admin\Desktop\VenomRAT.v6.0.3.+SOURCE\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
C:\Users\Admin\Desktop\WaitPing.otf

Filesize
269KB

MD5
43cbf6498910dcaecc9a658af392184c

SHA1
340e6067fa35a58efef50ac29d6f7831cfaf47d1

SHA256
437fc567a929c0a5f43cfc166779909ce3e782b7549fac80350d00ff33a9a62d

SHA512
b6c880dcaabb758c1aa277ad6cca10b781c0a084546e7717a2ce97669119d60f5cebb0f9b6ace9dc751e31b0f4a6031fceb23b451d68eb095d8d9d5d555b6d88

Download Submit
C:\Users\Admin\Desktop\WaitSearch.mpg

Filesize
258KB

MD5
a4b165d230efed08e8eb3f06822da011

SHA1
fb42de26f060532626d69cfe569b0dda19d01849

SHA256
1a3e28e560dab21037e7ffa4e8b0201c23d4654a30475fce3bdaca0d2e97b708

SHA512
0e5e843d1d79d88e8e67b77a584b86c7555a664caac0776cd7855a6407af80240cc372fbbb5a2ba0750f6b59afbad0ad905a9f4396b38f7393ebb9f3e25b3956

Download Submit
C:\Users\Admin\Desktop\WatchCheckpoint.wpl

Filesize
177KB

MD5
5a396e11c6944130f189bb533ce9c070

SHA1
718622e7d4aaea6a9b97e95f95057e105af8ab95

SHA256
506249ec6487b92d40bbfbd2cbc3c5ae001441ea76505ecc8637b2198f0fe086

SHA512
e1235fa818e99565ec87e3eb8a999ee054cb685ea35077e7ac174196bf0d493c105b40eb3359e076cd1731fe44cbeb696aeea9d781ab756e85df7645e158c3e6

Download Submit
C:\Users\Admin\Desktop\WriteEdit.docx

Filesize
12KB

MD5
719986335200ab4e1c9f4b5745deca4b

SHA1
22138a7e32cd0e08f28c8af0718ca046d7ddaf82

SHA256
93eb86fc36d47fafc0c00267c9507b3f22d5b376426995e3beb5087109781bc0

SHA512
d15053aa84200c9cda66c8ba6aba150ba61053632e8615806011eff16a55911ca9938990fc9ba91258c851b1ae208a9e2bbd6af0d80987f4b48a9b37c76b4b9d

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
308b87d2024020a8f6dfb83f97c7fded

SHA1
2d708990afbe36d16d9b8501bb6c5e5ddbccb274

SHA256
b9f6eee20d0425ef769421960ab987a8b507af2f2f76d9c8aa1e06cd018a3203

SHA512
6f0db630a8a945760a4610b5e5452b638496c5f8c24f6f468ee9b21b6b2bc0837bf0e817455559b6f786b18c64c78f9a8ee0c6d7d7347eed0e5d2191b9ccf858

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
1834083cf5e7343fba897f0d01663eec

SHA1
99b6b47d315cec15c8e3f54ced8d09d9a683d67d

SHA256
b846247b8f63c46faef1160cb247df0bf16dbd94fad74c3f3476cd38b45cae73

SHA512
c5c0f1534205c0300f0d2d29c5240e8942e71095e5572e0e7c7339f9f9e9718dd1d12e8359606dde709d129cff37da2817c2d332707326631e20408066eca1cf

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
236150b6fb50fd4d0b5cbb9bc72806c6

SHA1
0555fc1dbc506ad2d388643bc3b073adbb6de11e

SHA256
00aca70eaf1505d2fe05c880369fd0434a31060d5b4a83657344ec3d9ad3f203

SHA512
8b7da0dff53bc77297a9036ac03718067771d5098a93f19d1c54afc4a77b3633b08250802076a632b268b1cf4213a077d3d1e320eb83769cf62f4725656f9a96

Download Submit
C:\Users\Public\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
a1963e484be1115369d924c733c6512f

SHA1
894b48bb94a441ba7c84d79e8ca7338499a3dbfd

SHA256
8bd3a57582a818fb2f143119184ff56d25a784985c61472f4ff76eb5ba2d518a

SHA512
508aeb23dccdd177935d89245d57c4d5d9e1671cc183bbf772d7c23320dce10f7e60bf28a537ac6016e8d7cbcf1a8be83b62cf78db88f5a477682855c24487c5

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
ab8314207a2e2495411da76cf3c48e33

SHA1
a9d944fc4096d6a494925b389c976ee8ba568e83

SHA256
67ae4b8ad800f1d1e867936a8805444b55447f1688a5220946b981745bf101db

SHA512
ece6d362852c59dec7567e01323d769be0a2eed3d1f5a1eddfd0e143dcc0d8f2e92aa4ce56437f758df1bb23176cafa5fe5a470368e29ed832a75cd7d26c5324

Download Submit
memory/2580-2390-0x0000000000160000-0x0000000000178000-memory.dmp

Filesize
96KB

Download
memory/2580-2396-0x000000001C960000-0x000000001C9D6000-memory.dmp

Filesize
472KB

Download
memory/2580-2397-0x0000000002330000-0x0000000002340000-memory.dmp

Filesize
64KB

Download
memory/2580-2398-0x000000001AE80000-0x000000001AE9E000-memory.dmp

Filesize
120KB

Download
memory/5972-1216-0x000001ACCC480000-0x000001ACCC81C000-memory.dmp

Filesize
3.6MB

Download
memory/5972-1211-0x000001ACC7BF0000-0x000001ACC7C40000-memory.dmp

Filesize
320KB

Download
memory/5972-1215-0x000001ACCCB20000-0x000001ACCD1B2000-memory.dmp

Filesize
6.6MB

Download
memory/5972-1213-0x000001ACCBCC0000-0x000001ACCC47E000-memory.dmp

Filesize
7.7MB

Download
memory/5972-1218-0x000001ACC7970000-0x000001ACC7990000-memory.dmp

Filesize
128KB

Download
memory/5972-2341-0x000001ACD2100000-0x000001ACD2224000-memory.dmp

Filesize
1.1MB

Download
memory/5972-1219-0x000001ACCBAA0000-0x000001ACCBCB2000-memory.dmp

Filesize
2.1MB

Download
memory/5972-1209-0x000001ACC8390000-0x000001ACC8468000-memory.dmp

Filesize
864KB

Download
memory/5972-1220-0x000001ACCA820000-0x000001ACCA8CA000-memory.dmp

Filesize
680KB

Download
memory/5972-1217-0x000001ACCD1C0000-0x000001ACCD644000-memory.dmp

Filesize
4.5MB

Download
memory/5972-1201-0x000001ACAC420000-0x000001ACAD254000-memory.dmp

Filesize
14.2MB

Download
memory/5972-1223-0x000001ACCAAE0000-0x000001ACCAAEA000-memory.dmp

Filesize
40KB

Download
memory/5972-2393-0x000001ACCC8E0000-0x000001ACCC992000-memory.dmp

Filesize
712KB

Download
memory/5972-2394-0x000001ACCB9B0000-0x000001ACCB9D2000-memory.dmp

Filesize
136KB

Download
memory/5972-1203-0x000001ACC8A40000-0x000001ACC9E44000-memory.dmp

Filesize
20.0MB

Download
memory/5972-1207-0x000001ACC7990000-0x000001ACC7BE2000-memory.dmp

Filesize
2.3MB

Download
memory/5972-1205-0x000001ACC7C50000-0x000001ACC8162000-memory.dmp

Filesize
5.1MB

Download