asyncrat | 7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

Resubmissions

18-07-2024 05:21

240718-f2ab9awgrm 10

18-07-2024 05:17

240718-fywfbawgkr 10

18-07-2024 05:16

240718-fybe5szdmd 10

Analysis

max time kernel
474s
max time network
438s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Venom RAT + HVNC + Stealer + Grabber.exe
Size

14.2MB
MD5

3b3a304c6fc7a3a1d9390d7cbff56634
SHA1

e8bd5244e6362968f5017680da33f1e90ae63dd7
SHA256

7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
SHA512

7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5
SSDEEP

196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS14:qT+P+Zw6NLIsFfskh1BmXG04

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Executes dropped EXE 1 IoCs

pid	Process
5408	Venom RAT + HVNC + Stealer + Grabber.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133657537157252083"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zG.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
7136	7zG.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2552	OpenWith.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe
5408	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 3036	2180	chrome.exe	98
PID 2180 wrote to memory of 3036	2180	chrome.exe	98
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 804	2180	chrome.exe	100
PID 2180 wrote to memory of 2396	2180	chrome.exe	101
PID 2180 wrote to memory of 2396	2180	chrome.exe	101
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102
PID 2180 wrote to memory of 2156	2180	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\AppData\Local\Temp\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc1733cc40,0x7ffc1733cc4c,0x7ffc1733cc58
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5216,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3148,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5240,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4048,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1116 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4632,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3500,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4784,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3332,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4700,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5128,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5964,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6216,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6240,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6472,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6124,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6612,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3348,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7040,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7048,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7356,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6756,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7384,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7420,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7444,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7460,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7476,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8156,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8388,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8564,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8600 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8724,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8912,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8932 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8956,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9060 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9068,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9192 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9200,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9328 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8584,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8728 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9724,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9732 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9928,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9908 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9916,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9940 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9956,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9992 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9972,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=10108 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10348,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=10420 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8560,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=10224 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9996,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=10372 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10380,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9860 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10696,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=10940 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=11100,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=11052 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=11084,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=11248 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10840,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=11388 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=11244,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=11236 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11528,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=11552 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=11652,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=11704 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11680,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=11260 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11944,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12052 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=12172,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12184 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=12324,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12332 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=12340,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12372 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10960,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12668 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=12720,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12676 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12716,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12832 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=12948,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=12972 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=13088,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=13200 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=13328,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=13336 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=13360,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=13468 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=13592,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=13600 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=11276,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=13772 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=14084,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=14068 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=14224,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=14212 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=5624,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=6876,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5452,i,985900653140309754,17123800403079454650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:5300

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8 0x4ec
1⤵
PID:1652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6836

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\VenomRAT v6.0.3 ( SOURCE)\" -ad -an -ai#7zMap24339:110:7zEvent28210
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:7136

C:\Users\Admin\Desktop\VenomRAT v6.0.3 ( SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Desktop\VenomRAT v6.0.3 ( SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5408

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:6280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
66bba85940ec23e52e365dae965619bc

SHA1
6ab6d9000f27855ad0b8839fbb24e0c5f4eec238

SHA256
65070a2a4c3df9e2a5eff8bb3062b84e967c28b730f0cfcda2da3c6735c072a9

SHA512
234c61bc04fd06561220514666bb44095a2103814b582256db522f778c371a0c7c9b33524d2af74e2c2811dc776a214730177bfaffaf0d4fa79d9fbf8fee3c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
1024KB

MD5
d09169ddb8ada93911943e5a7d178271

SHA1
7289998b24f5003af4d9f386b5309b7493580263

SHA256
64449f1e490919a1df0e4c8a6c15d1faccf359adacf88113618dd0f204566835

SHA512
22e944c61adb574bef0058b37f548aa8fbec097824f54925819b9111a25382a000403feb4564c418152bb7cddcf5f5ee266328fb0c91f956405d24b141b915de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
250KB

MD5
8fd8104e401eaf410a8fd90fc2717211

SHA1
24f9c5969623a084161a745156c00b29051b6606

SHA256
c67275e0b765f468a6a1a955a1b7683388605a46eb620224e3a25fbad13051c8

SHA512
04c1ada378a4609e4b3c47aec552b1b9d4e9a01034f75eeff0cc2404f95ea508274bd5c7744e2ea060c863b05f4df5e420041a131bddc5d19f50be5a410d369f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fd44abc1cfc508e8bbbcef915c3f5b38

SHA1
6fc0e625a717f040dc67d9e85e19da6ec485fbcf

SHA256
dbd8486babf400ca976ba6a4375c90b7f13967b0b7bbc988bd2856e0e966e7d9

SHA512
7c6d275981196bd7b9c46c41a2d3add9f4a07d0ad1b709dcc2c416762552d56a254897af8f35526fc7d9ebc626ffa27573663535ef52834c6dc3f57808a46f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
56c2b919212343ff1dd38a39381b00a3

SHA1
5ce4d36579038b5e35b9c8fb304068210dc9ff6f

SHA256
c945b1bf0ed05285a0fa02b3ef9e34a0c7885a9517bd2afcae6cbb0fa60ef563

SHA512
1559a532dab2a28fae1180925f386422266118d382d524cd732868857232b14c399ae2855d41f71c7f034656e8dade13837e48211e05dc541d5200f627da9f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d2572fcd2629ef8ec0c1d2b67a0fdbb2

SHA1
b2d60fe85b81bbabe5e8d349a972ca4404bd7e5e

SHA256
e2f035a85951fdb5aa3cdb88a41d1599a6a29ef5f3f43928a412c3c1c37fa367

SHA512
3f8ccac3b71d80419222e036a04749fc32c488b6a439a58b337accbd766802af5c4980a1b8dc6e64b0bbf7dbe5f8940fc21e32fa46edded6e67eda6d51e2a917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
fb2446280271f9aa0874b2da1906b5ba

SHA1
5d460c05fc73bde1bb794bdd2959c5d3fc998158

SHA256
c2750ff55e818ee71aff73cb5ab156ebc62adf6cb0f3390676a825f5cb4ec276

SHA512
e6ca43c75a1f3962b7916c9e6a43ddb638ab319f654a8323b75ef3fe9686ec7f7e33ad6095b367a53f6cc8a53f3d2d737b58abd63a09a73e3be62b6e73d92db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c1862e3660e13418cc6dfd198a8a63b6

SHA1
ac8dc7271f1c4a4b46c21c3bca0536a939e8aeaf

SHA256
842cbdba60a3946183189937379eed8831d8c8d88b5fa52ccab662e146747f19

SHA512
0d4d9ab50439ba127c8cb4fb82d943ff09b9cc5480fcf75817ab9fcd4e7400f211c245bc4cc849a41410fb0fabf3de22ed910080ee58fcdbf7630e96fb838931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
da887314f9e6bca3e7b85f48bdffe2ac

SHA1
73fa226a12c81ea4a27719e531ea9b8f74d432cc

SHA256
0cd30e8672e46be4596ce9c7bef8587b4187ffc0306036ecc08d79d46956da79

SHA512
7baa74f828e39bded8fbf50bfe0ad71ff1a99d4919d478b046a3b77d8010b5f3630da4c9cb82e83dd74b21f4f655babf6e3c3e0f83d4e6c26f0ac25acdf04044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
37563bc8893af3237a1cf91cad5398af

SHA1
3094c70594e752f71b736b60772ce715b59ca9a9

SHA256
206cc0014cd7d9c507fe76ae0ca7f7501ffd5d3719ab463b06ac5f3db3b57fb1

SHA512
ed98128d4b74725d5654a818fdc099e1ccaa729702fca95edbb48c83006fa72458cb3266283e9565a9b2ebad9db5b08a53287c4e0fc9b31d85dc4a43d6500559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3949f9b5278be233242cc77177f712d8

SHA1
914b5c62b614e60db23a40323847c7c6e92442f8

SHA256
edeb3e79d5bc96e1fa85e67635051df463ed18a8f6b09639154767fe03baa15f

SHA512
1813f365a33c0bf947d0c906b2ff68e3eb76457bd91d43b9f91f706040f7b4c9f04a73506c07ad0b752888aa195204d281478d3bd928dd9657c697daa59f3526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
81a61ecfd040e38ed3b8fcb69e3cc905

SHA1
929d3267835d4a280d69a8956d12ac4b7470e6c7

SHA256
966fdfbb86c335287bf7ad99e85a587b7e03f9ab5432cc70d4690fda2a9bc2f6

SHA512
35d11e7e976c197c5a39dc28190694793a19d26531abe41b030faff72b0793924383705d3223b086d6e10ce0d0e9dabc8c6aca0493a14615e9e2d2d7a6d3b196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
051a9c342f536a1f32534d34e39fd7df

SHA1
b407c5f042d2c0b12b636da6874ed0c555b24b27

SHA256
876b6d582fb1f6bdfc1440ed4958444a587784492e48ee5272e84db12c332f93

SHA512
40a5572e6597d0d4141419a0b21cd4acb970cfbd44b3c481dcc300d72ae9b2f0b2ddde7eb1addc0be86f5d3e4e86ab6359c644328b979bd4fb955590e37c8eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e01a5bfa14b34e3ae363894e9bf0de31

SHA1
250466d4a29ea7e32ed7eee8ec4fc57b80badcc9

SHA256
641ac00b736dd062b914652e44f0c8a48a33bc7a8473996cef6429cc6fa925d3

SHA512
abdfed4e0684874fb1778e77daf9bf800ddfdf7407908fa0c5674d123059b39e7ddae1055df361fcd74d56da1dd1c82583a1b82ec6c43209200a9d79910f77b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
92fd549334853234bca7292faeeb6911

SHA1
d875b27b9e28c82aaebac8c9d95cc6e6400f396d

SHA256
9fd628098de64a96d8f0a8a6182874a1c789c93ac69b11e1e0e1953de454cddc

SHA512
44af25c87b585f294616ae7eeffc1d860b4d8a49fd96ec2af797ff1638d220c975649a8a0dfe6c31cbedeed7ec8e63386250de138ad28db9403ef88581ac62f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
beaa51d8d74b40e10c3f3a6fbc3e9bc9

SHA1
5de8ca8d3bf83ea98cca5bdeae745fcd6e930429

SHA256
0450dfd2189ea7829f835fa329b344885b0b57440fd226d594238fe64e6a3f82

SHA512
c41beef1d1fea3c16a860c282717afcc0dc43f673d20ed73701332c38c86e5cd85eae69f9d10e288ef82c80738f2ec6d1d8fdeda93923b8ca59de94e08ad35c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb9136169fb2d47a7b8d2a00e50aa516

SHA1
f54c760675fb5e8dbb82e09453a302bf943cdd14

SHA256
471c93fecb3010b94f580983c95dfdf1fd2fb72e6ffecf3ccaf79a34545926cb

SHA512
22c35494b61660e1ba131a3af29b73110c37afa563cffb5ce638b64403053cf4283e76aec1dd1b45f858cd0604087f22c6c0ee3b56f4c71d0223858ac3273e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d87d4543a49f0d229ce4e1e880ddce75

SHA1
9866e62bf93d1c729e9f49ae9b31fd43c1162213

SHA256
d24e7cbab6c0a934206cf7aee03ee72bc001c2f7d6db42858c5264211c17fefb

SHA512
2f68d1c840a5a8e06c4f0693a934b9c7d888760b41c99fa7727bc39f5ae84722110e5086ad5fad90770294d5152ad11d181cf4e0a6b2bf776c162afa4643b47d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e5e311ab7701ade3d940b9eb0b010f9

SHA1
e92bccbfe7abf758640dd2901a95a7d344213f7c

SHA256
dc08d99a074f585d64cb1ec68b2789f44e43eac4ad9d0c533b3d93b7cd24ac50

SHA512
7eafed3cac4eef4400a95b3c8a660e230ec8a1069250198be3acb9fc6d66b9661e88f82fcf6d00b6d19a69bbddba23141e516f414bc7c39186c7d420d42e760c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78608e5b1f06b699628777db54c95c14

SHA1
210d283f747ca9a3a1fec5ac1d2f6ebdd04af44b

SHA256
59a784f9832c840a03e6205e2a5186811ac9669c08a9fb7d5204439a44ee7f8c

SHA512
ef795b40fd8a59ea8bd0b91b90c524b665be6295a37e41cc6fe1b72e053ad49f64bbbb4ef72ecb94efb71b6a41f370737a1cace19fb41e3d81aeace8719245e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eed613d90cd3e5912721fc1a362aa2f1

SHA1
055f93041843c69efe2ede0717fc8f1f274d12a0

SHA256
81ac3f92389b43aeb2d6ed6506dbd7019b94c7829976e5e760234b120dafbd92

SHA512
a2ff5f4424d65f264293fa9a357d06a78bcf59af018cfbd811f0287a58dba6c1c898052efa2b9ad0cb20a8716bd45c80ea74863895f9f1650bdaa2a8e24542e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f49be622b6b2f191df76e86e791cdb79

SHA1
f308c8d4b7da9f0dd32c15043a5a8c73d22183c0

SHA256
1aa5d35310122ba76c3cb7460c506d39be7c74b56472a47d95ad2c894b2107cf

SHA512
dc5724e59f08b0a51e7e3cea3dd0612c119552c24dd2723a9257dac9da2cfd99160b9102626bdb48c659d93fc071ef00ab722ec7c2f9dd6a29cbc4103fa8ed88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0946f2a04964f35554f292235d12068b

SHA1
88ad28d903963a639c0d2b50490e5de5177956ec

SHA256
ffa7cc4bd3ed28c2bb47fd5e246cbe9252b43bb92a068e1e41250c12db8ed416

SHA512
85a84ad68ed0958b301df3d3ff4f9cfa42ead4943057691abf6b4074b7c00bb4f5e56f94637703315bf9d754839f13657e19065226901a9b1ae8c9eaf909a77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c9c4c9030a053a9d1f1a9eb758a4383d

SHA1
d72fba265e42065778148dee033066d34370bd76

SHA256
8e35972542c103981d08a3bf2e37a00d335b6f5c23bb0a0e3dc54e83b5d5c6b7

SHA512
5747a68db8a3c67c2ab275a1cbac4cf1ddedbce3a5033e25c78f7a200e54b471c858cdf498daf819259dc94e72ca1e8d516a4cdd0f45c7373c50a6d7f9066b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a30b986539223950e40a837f05632291

SHA1
545809208b1e20cd15d5a76d6192c37db38173e4

SHA256
82296a144f053ac565ba7c8c15767b11ba6968db76c473066bf8935b4ca1ce95

SHA512
fcfc4116d94048cb32f564a73364ad4b65c8e5b4c25c692965df2a047708ba6ce64a8f96d7be3bf54d7557589aab3067394bcccc6985a19a03fcee8abf33eaa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a18339302a5b11065e288c22fdbd3c5c

SHA1
c664f39dd3eea9e63e8d4a0b951da657c35fed50

SHA256
6e1bd372fcb24751f98349a6b89a641ed8890a30b8069d71aafd9206a26bab9d

SHA512
ce208234575097ac813d87b32d9db6f55b6b98c65ef7c96acfb6946640d2a1fcd77151cbd51f7233aaf7e8f258974931895a55638838e6c670a0a1c0c21351de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4af50cbf1001570c0f126c5ee6919ef

SHA1
c0d8d01a16d09b1675b95467b4bd83c5bf5ed8f6

SHA256
e40959ac61c90ea5e49451f4266324494b2203f26481ab5a16fe5b404b876f4e

SHA512
c25739107dcc011cd6063d62ed824ab04b6a9c43ef6f63bb19533fcd60a3f099adc12d566989afe7faae49a9263699b0468a2aac313510f79057d3b5b4781255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3420b5e5e6c585ba5d7a9a709fdd5f22

SHA1
2f0dd3e36a534b3245f69ee2921f26194a81e584

SHA256
ab042eaaeb1c54bfe83d3f1aee7ca53dd888ae07df023a27420c08f487b5e8a5

SHA512
e966874b198b59a3974b40a2209ab33d7a20cb6d646d550bf01477e73ef2107c2b079862fb14352da9dcfe9454dc857fd9a49d4081e7ba51c7890cef372705fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91fbeb3a1ba91952572cdeb47b0f0d94

SHA1
333e61c4fa4b817ce02b719b72f57ea84754fcae

SHA256
16a004997fc614e6ab2b9cdd102dc6866e51a2150fb8dbf329f3c4c1536e2607

SHA512
421280471a98814f9ff5d68f2999049c96793bed0b535c9ec87da7d7b2971cb25577a8b679019fe078bb6018a82c4fbf752f252d8d0de8804778d0ab4a3eebce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d810eade0ca1e0031d83648634c27962

SHA1
f7246cf90ae10cb62b80f73712665ef90d29e346

SHA256
1175b23fdfe93cffcf7ee1df7884a0711b08902fc7a40b997c26f731ca69c280

SHA512
4bee685faf5ba5d6679a86ffdb67b16db8715153a89cccbbe2b89f7bc22a988c817d5d0301fdcdd791644cff6ab1ca2691d7139ae938943b9c0af53ebe24eb8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
377548741abfda9339345a73608c0020

SHA1
6f6e1fca039fdc5add53dc46df697b5e241ff5d8

SHA256
89648ed3f3905620fec06465f3f18fe47600ed15b1382801a15ed3a05657bc2b

SHA512
08e44202cce4ebb468af7be5540c9ad90dac9749457d1019e83ee2c041281b84f5fa73f80abd790eac11bd3f573931ad3d33136902ae1aa55bd8d351d5f6d833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac00da9a3015f75ed954bc89671d7317

SHA1
beab52b45efb823d3926a06110cca71b7ea7a233

SHA256
46c4b0e21538a62e9991de6e506312482c3f2bfb04c0101352bec0c7911b7179

SHA512
cf01e6c58ddf7b421d3bc65e89cdb08792c25b21ae433f9f46ddfc58ac2ec9b0c73034f329c47dc19b91da83ae13021f5874723a436776a2ebe2ff8569ad7689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81755b0b2e78957ef6dc764b54d725ee

SHA1
a22d99adc24c73ffa8a0f6448938f1e7f8fd13c9

SHA256
742ee1aa5b75a9abd81a4769965a75d1c8de145d980bed195001249ea171ff99

SHA512
6ca6dab2d714c66ac4d4006ee0e1daca9f7a4e2c4f490d72ee5c2be20ad879c962812ce541e1f44dbfc25635b9a33cc8157fcdeb0ba950d2ee4a7ee658645566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3fa1d194fbc705efbdf10a7ef784319c

SHA1
9ed392fbca635d7081f61f9d38f831005d1144bf

SHA256
88e25be00e9df2bc490e57ff8836e759f5cda864777cd1cdd6f8a5ed2b5856ff

SHA512
3e08d200f956405ee720c124e172f7b94f6aabecf37cb2e70b07b133d435f7436da0233329af47daaed5a0d79c86d359658aeb6e35f75d97c1169de8392c72e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa5affaf602fe6f513e97a1f351de3c1

SHA1
9e2365f46dd6c5d0980b109e8f68f3f2366ede5e

SHA256
1b281936e9212e2b10c6c642fef9ef1a65497e89169ab176f1f5f974feef3556

SHA512
cee68dd966515bb0c184401df16c305888d702daa69243cf92222b37e0948612f99ae2d350bb8f69e917acfb2a5fc5da044a1dec40149db111f41f067894ae53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b037b0399a216d371fcee2666de7c344

SHA1
8b728b7c8e108a49caca2bb3775568763ce05c94

SHA256
760c605990a30206361aa631ff3e445c0bf5782dd750fc23375bbb92060cd242

SHA512
dcc97472ebe654dac01484b59f7ad7c288d67e9de037083ef6b896c8c4461e31d56be532e5892d5eccef990e6a4e426844aba6c6798d14f837cca03e38df466b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
50227db2e186d3779dab25bf1ae7c6bc

SHA1
66049711b733c61322c94c50f7048b02f472abd3

SHA256
c8a02672f642e81615265d50e52a68eaa5439232b3691827f411a492c58469c8

SHA512
e1343f1d8d77627a0c4d94318949e4d4e664bcafb1f0c18acbd0ca5f8a0647d529628234bc9a58804be4713cbfc1195fd2e3472f5a0cd99de43f90359a260011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4787bae3af918fa6d0d3b05b49c38f34

SHA1
07ca0e5dbc064124241cb3f61e04c971bbeffa3c

SHA256
ae792bbeac5a236466099949b47d5cc66c700687d4b269395ea0735e478d116d

SHA512
308faf79d3e4f400c45b0fa046dc7d6a66d97d19f692558405f66c1bd87c07654a6130b009afe4b1889c1342dd10ea752ed346286551a2797e56187e4283c239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c01f1b2c91f5bff2f97ac6c5d416c43

SHA1
03d3f428738858ad279cf121066660c40e384a53

SHA256
0e0855a6bb745bac16be17b7c24d379bc9fb31e074cb953170a19723fcd4efd0

SHA512
c0163cbecfe97767e98c86b3b176f5cb3799d6d369f2a6566b57206cdd199319ba54040079d9aedcadf5d0ade4848571ce531c4340f3e03012326bacd4f7a4bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4bf8216e705a384931c0ca0a07864ce6

SHA1
7ea82f714bc4c9176e4aae1012ff7042d7611688

SHA256
97c392e8930b7d2465174f49e432ae045719a5966b2ec717a8a54390dd293c46

SHA512
43830fda9062006cd1034b572c3ffc33f49d16cdea97354b2f7b5a5371f93138d72acc09aa2e1f2a1f2060ab243728354c5abf13431bda2f607c48a74d3375a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69a0029694eaddd949aa14ef63671daa

SHA1
abca3fe3363e84857fa7a0357ebdfc52ba15904d

SHA256
39993ca591fd19297db4911ea5735edc0073cf03ad03b95f7ef218762ad96540

SHA512
b28c26904808d653da51791dfbf4eccab0e2c1ec631f281256c7c87b6e53c91d5065d74fe1196c07193356c217475c4357449f80f75ced52c706e9933cb39291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6c87dd2640f5b0228c8689685efdb56f

SHA1
0ed1d5d49952837019e67d9d49e3ee412a997d62

SHA256
f4059364a23f5525410f3001c5c09f7e03ac06ea0602310447831e1c008533f1

SHA512
6d3e8c3ae7cb786ea436b5a3349e575dd1fce331035aca475d51301efdac2a4a68620a0a964d94e852c590f1d451d8a8996755254ba1667f2077d1dd337b6ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d12eed3469db0180cae9db38853b9bc2

SHA1
c28e4923f8579e6e81da7608ea4d3ffac380c69b

SHA256
d385ac41bf363054f6ddb08ecf642604005d62271123e2f7bd8e65958f959d67

SHA512
0856da66705f86128215354b1b36524f19b0c0f002114dce0a047266ced5e8aee57f8cb6324b83b86f61d28465d32b9c2ca2fb2344589da382d06abc98c9418e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
fd330088b64f582925b0eca305fc3594

SHA1
962266c8f67fdc876dbc6b0b15c12fd8921709e9

SHA256
304ef4fbeeb17a36be1b9cd1ee8d6b20ffc4511ed4de53b47a668aa09067c111

SHA512
06121b74d498f252756e74f7c518bf1c3183d96f009793add656c067a68a996634a72a47326009f9b54656c129ba2d45c7473a714ffd93a8588ae3fed1c0dfb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
0dec89c9b3185f5c20213b1c1c835e6d

SHA1
53f1e6d5be20e83f2c76d2ada32d0f5136766626

SHA256
f87cba6554b1baaa94c33f847f4ee492c15f72fd3898b48f1fccc4bc12a11f9a

SHA512
44f56878029b1d4d31632861af29509d2e59d5b653f0ee3ca2d0747fbc48ad222d5b957743f9fa6188a55f9fef3933862679e4bfedb0cec21c845730b746d3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
30db9fe970fff9a649ac2e4e8f2568b7

SHA1
d1f3ee92c22f756eb2e4a495572e99b10aff6af3

SHA256
c74845e454ee1f6826e26ab96310a0da1c02eb72a78bd96c9bdd410f86be08c7

SHA512
411f21a712c70f71ce3a120c24f82fe666e13c52c4cf156735bb15bca8b55bddcbb17e762c62fa2b1cc2d23a65c3a761238677adc2adcdf1f429308d5bd6d2c3

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 ( SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe.config

Filesize
3KB

MD5
a1c2a2870001b66db41bcb020bff1c2d

SHA1
8c54c6a3564c8892aa9baa15573682e64f3659d9

SHA256
0aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5

SHA512
b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b

Download Submit
memory/4188-0-0x00007FFC07CC3000-0x00007FFC07CC5000-memory.dmp

Filesize
8KB

Download
memory/4188-1-0x000002580E010000-0x000002580EE44000-memory.dmp

Filesize
14.2MB

Download
memory/5408-1737-0x0000018373C60000-0x0000018374172000-memory.dmp

Filesize
5.1MB

Download
memory/5408-1736-0x0000018374A50000-0x0000018375E54000-memory.dmp

Filesize
20.0MB

Download
memory/5408-1738-0x00000183739A0000-0x0000018373BF2000-memory.dmp

Filesize
2.3MB

Download
memory/5408-1739-0x00000183743A0000-0x0000018374478000-memory.dmp

Filesize
864KB

Download
memory/5408-1740-0x0000018373900000-0x0000018373950000-memory.dmp

Filesize
320KB

Download
memory/5408-1741-0x00000183776B0000-0x0000018377E6E000-memory.dmp

Filesize
7.7MB

Download
memory/5408-1742-0x0000018378510000-0x0000018378BA2000-memory.dmp

Filesize
6.6MB

Download
memory/5408-1744-0x0000018378BB0000-0x0000018379034000-memory.dmp

Filesize
4.5MB

Download
memory/5408-1743-0x0000018377E70000-0x000001837820C000-memory.dmp

Filesize
3.6MB

Download
memory/5408-1745-0x0000018373970000-0x0000018373990000-memory.dmp

Filesize
128KB

Download
memory/5408-1746-0x0000018378210000-0x0000018378422000-memory.dmp

Filesize
2.1MB

Download
memory/5408-1747-0x0000018377550000-0x00000183775FA000-memory.dmp

Filesize
680KB

Download
memory/5408-1750-0x0000018377510000-0x000001837751A000-memory.dmp

Filesize
40KB

Download