crimsonrat | 20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764

Analysis

max time kernel
206s
max time network
308s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
03/04/2025, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno.exe
Size

140KB
MD5

70797e0760472325728ba786ca208976
SHA1

8912f23afbe8b78a9582f2a458b89a7fd697e638
SHA256

20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764
SHA512

787f172cbc18eeb4f8e88420377459f37918edc9aec0105566f9e79555a962d6e89d7d0d6b791475282b2c5fb093c9e85544794639ad2771d9ca4a0e5b456477
SSDEEP

3072:h+f4nYTC3LwjBzaQhlG4a7qWdCXdXxuZjwxfBoy:h+f4nKvaQhcF7qI+xuZjwxB

Score

10^/10

crimsonrat darkcomet modiloader remcos guest1111 host credential_access defense_evasion discovery persistence privilege_escalation rat stealer trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest1111

193.242.166.48:1605

Mutex

DC_MUTEX-2QRLPN3

Attributes

InstallPath
Windupdt\winupdate.exe
gencode
Rb5l52XcV9no
install
true
offline_keylogger
false
password
313131
persistence
true
reg_key
winupdater

rc4.plain

Extracted

Family

crimsonrat

185.136.161.124

Extracted

Family

modiloader

https://drive.google.com/u/0/uc?id=1TcSctGVBajYMA7CFDc158wpvqkpxmkhJ&export=download

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

nickman12-46565.portmap.io:46565

nickman12-46565.portmap.io:1735

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
Userdata.exe
copy_folder
Userdata
delete_file
true
hide_file
true
hide_keylog_file
true
install_flag
true
install_path
%WinDir%\System32
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%WinDir%\System32
mouse_option
false
mutex
remcos_vcexssuhap
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screens
screenshot_path
%AppData%
screenshot_time
1
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001900000002b49c-1682.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

Modifies WinLogon for persistence 2 TTPs 3 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	Blackkomet.exe

Modiloader family
modiloader

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	5524	4960	rundll32.exe	565

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Remcos family
remcos

UAC bypass 3 TTPs 4 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4456	netsh.exe

Sets file to hidden 1 TTPs 16 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5000	attrib.exe
6572	attrib.exe
2928	attrib.exe
6824	attrib.exe
4292	attrib.exe
5400	attrib.exe
2500	attrib.exe
2696	attrib.exe
7056	attrib.exe
3832	attrib.exe
5040	attrib.exe
5508	attrib.exe
4804	attrib.exe
1572	attrib.exe
4996	attrib.exe
1908	attrib.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe\:Zone.Identifier:$DATA	NJRat.exe

Executes dropped EXE 8 IoCs

pid	Process
4944	winupdate.exe
5576	dlrarhsiva.exe
1592	winupdate.exe
6752	Userdata.exe
6920	Userdata.exe
7060	Userdata.exe
6200	Userdata.exe
6224	Userdata.exe

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 10 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\""	Remcos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\""	Userdata.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\""	Userdata.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\""	Userdata.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\Server = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\RAT\\VanToM-Rat.bat"	VanToM-Rat.bat
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\RAT\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\RAT\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	Blackkomet.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	drive.google.com
115	drive.google.com

Drops file in System32 directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Userdata	Remcos.exe
File opened for modification	C:\Windows\SysWOW64\remcos\logs.dat	Userdata.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File created	C:\Windows\SysWOW64\remcos\logs.dat	Userdata.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	Blackkomet.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File created	C:\Windows\SysWOW64\Userdata\Userdata.exe:Zone.Identifier:$DATA	Remcos.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe:Zone.Identifier:$DATA	Blackkomet.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	Blackkomet.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	Blackkomet.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File created	C:\Windows\SysWOW64\Userdata\Userdata.exe	Remcos.exe
File opened for modification	C:\Windows\SysWOW64\Userdata\Userdata.exe	Remcos.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 6752 set thread context of 6804	6752	Userdata.exe	152
PID 6920 set thread context of 6964	6920	Userdata.exe	159

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 34 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Userdata.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Userdata.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Blackkomet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Userdata.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NJRat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6772	PING.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881642412666254"	chrome.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Blackkomet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	winupdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	winupdate.exe
Key created	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
6732	reg.exe
6932	reg.exe
7076	reg.exe
6164	reg.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe\:Zone.Identifier:$DATA	VanToM-Rat.bat

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
6772	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3508	chrome.exe
3508	chrome.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe
6332	NJRat.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
7060	Userdata.exe
5440	VanToM-Rat.bat

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 2684	3388	chrome.exe	81
PID 3388 wrote to memory of 2684	3388	chrome.exe	81
PID 5660 wrote to memory of 5184	5660	chrome.exe	83
PID 5660 wrote to memory of 5184	5660	chrome.exe	83
PID 3388 wrote to memory of 3036	3388	chrome.exe	84
PID 3388 wrote to memory of 3036	3388	chrome.exe	84
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 876	3388	chrome.exe	85
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86
PID 3388 wrote to memory of 4840	3388	chrome.exe	86

Views/modifies file attributes 1 TTPs 16 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
7056	attrib.exe
3832	attrib.exe
2928	attrib.exe
6824	attrib.exe
5040	attrib.exe
5508	attrib.exe
5400	attrib.exe
4804	attrib.exe
4996	attrib.exe
2696	attrib.exe
1908	attrib.exe
1572	attrib.exe
2500	attrib.exe
4292	attrib.exe
6572	attrib.exe
5000	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
1⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd591bdcf8,0x7ffd591bdd04,0x7ffd591bdd10
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1972,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2100 /prefetch:11
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2032,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1876 /prefetch:13
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4212,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4240 /prefetch:9
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4664,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5356,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5372 /prefetch:14
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5460,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5468 /prefetch:14
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5628,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4956 /prefetch:14
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5600,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5368 /prefetch:14
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5440,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5548 /prefetch:14
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5732,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5624 /prefetch:14
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5452,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5868,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6012,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6148 /prefetch:14
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6048,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6188 /prefetch:14
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6228 /prefetch:14
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6188,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6272 /prefetch:9
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4308,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6352,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6428,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5980,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3688 /prefetch:14
  2⤵
  - NTFS ADS
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5552,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4260 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6632,i,9575841657718698671,8771354115975807405,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4640 /prefetch:14
  2⤵
  PID:6508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd591bdcf8,0x7ffd591bdd04,0x7ffd591bdd10
  2⤵
  PID:5184

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4912

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Blackkomet.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Blackkomet.exe"
1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:664
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Blackkomet.exe" +s +h
  2⤵
  - Sets file to hidden
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5508
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT" +s +h
  2⤵
  - Sets file to hidden
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5400
- C:\Windows\SysWOW64\Windupdt\winupdate.exe
  "C:\Windows\system32\Windupdt\winupdate.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4944
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
    3⤵
    - Sets file to hidden
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5000
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\Windupdt" +s +h
    3⤵
    - Sets file to hidden
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:2928
- - C:\Windows\SysWOW64\Windupdt\winupdate.exe
    "C:\Windows\system32\Windupdt\winupdate.exe"
    3⤵
    - Modifies WinLogon for persistence
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:1592
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
      4⤵
      Sets file to hidden
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:1572
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\Windupdt" +s +h
      4⤵
      Sets file to hidden
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:4804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:5800

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:5260

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"
1⤵
PID:1492
- C:\ProgramData\Hdlharas\dlrarhsiva.exe
  "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
  2⤵
  - Executes dropped EXE
  PID:5576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:956

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1220
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004BC
1⤵
PID:6448

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Remcos.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Remcos.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:6544
- C:\Windows\SysWOW64\cmd.exe
  /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6560
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - UAC bypass
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:6732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6688
- - C:\Windows\SysWOW64\PING.EXE
    PING 127.0.0.1 -n 2
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:6772
- - C:\Windows\SysWOW64\Userdata\Userdata.exe
    "C:\Windows\SysWOW64\Userdata\Userdata.exe"
    3⤵
    - Executes dropped EXE
    PID:6224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\SysWOW64\Userdata\Userdata.exe"
1⤵
PID:6588
- C:\Windows\SysWOW64\Userdata\Userdata.exe
  C:\Windows\SysWOW64\Userdata\Userdata.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:6752
- - C:\Windows\SysWOW64\cmd.exe
    /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6788
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      UAC bypass
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:6932
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    PID:6804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\SysWOW64\Userdata\Userdata.exe"
1⤵
PID:6812
- C:\Windows\SysWOW64\Userdata\Userdata.exe
  C:\Windows\SysWOW64\Userdata\Userdata.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:6920
- - C:\Windows\SysWOW64\cmd.exe
    /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6952
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      UAC bypass
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:7076
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    PID:6964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\SysWOW64\Userdata\Userdata.exe"
1⤵
PID:6972
- C:\Windows\SysWOW64\Userdata\Userdata.exe
  C:\Windows\SysWOW64\Userdata\Userdata.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7060
- - C:\Windows\SysWOW64\cmd.exe
    /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7092
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      UAC bypass
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:6164
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    PID:7108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\SysWOW64\Userdata\Userdata.exe"
1⤵
PID:7116
- C:\Windows\SysWOW64\Userdata\Userdata.exe
  C:\Windows\SysWOW64\Userdata\Userdata.exe
  2⤵
  - Executes dropped EXE
  PID:6200

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6332
- C:\Windows\SysWOW64\netsh.exe
  netsh firewall add allowedprogram "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" "NJRat.exe" ENABLE
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  - System Location Discovery: System Language Discovery
  PID:4456

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\VanToM-Rat.bat
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\VanToM-Rat.bat"
1⤵
- Adds Run key to start application
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:5440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\VanToM-Rat.bat
1⤵
PID:4916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2364
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:740
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4576
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4908
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5292
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2284
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2104
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6124
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5480
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1428
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5800
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5412
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1524
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4516
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6156
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6180
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6608
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:7120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6644
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7088
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7076
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6724
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6696
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2604
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5580
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5068
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6092

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5748
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2616
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3876
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6216
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:380
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6576
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6672
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1840
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7048
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1872
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:420
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5360
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4576
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6220
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6816
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3564
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4512
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1876
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5412
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6844
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4232
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5324

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3672
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6856
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5428
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3168
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1360

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6224
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3268
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7160
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2604
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5068
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5988
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1556
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6188
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7056
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6148
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7024
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6260
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2592
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1644
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3980
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4928
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5728
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1492
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6200
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:412
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6460

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2620
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6156
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6388
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1360
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1140
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6168

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4692
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6248
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4280
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4212
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2492
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1556
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1560
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:484
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5408
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6652
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7104
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6240
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6220
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5652
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1220

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7040
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:880

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:6724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6540
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:432
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6608
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6128
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4220

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:6520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5864
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:912

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:2480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5836
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3540

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:4600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7048
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6312
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3832
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3132
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3304
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2708
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1684
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5128
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:712
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5408
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:556
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6660
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:948

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3112
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5000
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6712
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3848
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2668
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2228
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5400
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:7052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:964
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5256
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5524

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4648
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:7144
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:7012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4440
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2728

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6720
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6212
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6304
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1276
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1920

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\Blackkomet.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\Blackkomet.exe"
1⤵
PID:2436
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\Blackkomet.exe" +s +h
  2⤵
  - Sets file to hidden
  - Views/modifies file attributes
  PID:6824
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT" +s +h
  2⤵
  - Sets file to hidden
  - Views/modifies file attributes
  PID:2500
- C:\Windows\SysWOW64\Windupdt\winupdate.exe
  "C:\Windows\system32\Windupdt\winupdate.exe"
  2⤵
  PID:5044
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
    3⤵
    - Sets file to hidden
    - Views/modifies file attributes
    PID:4996
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\Windupdt" +s +h
    3⤵
    - Sets file to hidden
    - Views/modifies file attributes
    PID:2696
- - C:\Windows\SysWOW64\Windupdt\winupdate.exe
    "C:\Windows\system32\Windupdt\winupdate.exe"
    3⤵
    PID:1676
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:4292
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\Windupdt" +s +h
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:1908
  - - C:\Windows\SysWOW64\Windupdt\winupdate.exe
      "C:\Windows\system32\Windupdt\winupdate.exe"
      4⤵
      PID:768
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:6572
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7056
    - - C:\Windows\SysWOW64\Windupdt\winupdate.exe
        
        "C:\Windows\system32\Windupdt\winupdate.exe"
        5⤵
        
        PID:1612
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        6⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:3832
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        6⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:5040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:2432

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1172
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6944
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6688

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\CobaltStrike.doc" /o ""
1⤵
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\SysWOW64\rundll32.exe
  2⤵
  - Process spawned unexpected child process
  PID:5524

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6812
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4540
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2104
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5488
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:3888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6156
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6280
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3848
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4916
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6704
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5420

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5040
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:5188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2840
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2232
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4648
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5284
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:2848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1612
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2500
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2284

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6052
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1812
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4564
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3728
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:4936
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1820
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3824
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5136
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:6032

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:2364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3112
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:3024
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:1908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6848
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:3300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:5356
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:2276

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:6268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:1608
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe
  C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe ..
  2⤵
  PID:4676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Windupdt\winupdate.exe
1⤵
PID:4396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:2780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" ..
1⤵
PID:700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
64081be9c66acf2e17f99ce23fae1f20

SHA1
fb7b4d29af471a3b523359e4e0263c5a6527ed11

SHA256
900edc227187f0a2b991c5eb94c879f18fbf9da19a6fcca5742115d7c86e6dbe

SHA512
7cfbfbd227ee9b284942ccf888fc6122a5784d701d6a63c05ac17141a5446f3f2ae43b15fed7b0c54c48db0fa7bb6a4934de45378112d6a9f0fd5158db556878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d8946a5df7a75d1e657b0385f9ff2d6c

SHA1
d82406ef7d75d34f02396b944d83d6a3b87b30f4

SHA256
e61e862315f7a7079b1ed4ccc463b99a5f61132e9f598488a98a45cb51797316

SHA512
36ea1ac9fca12a2fb61d2fd94ec08ca50f7a049dc8d2fdd4a33f3ea1e7650c91ff89b747ba8a74aaa10280ba85bf69104c83dc88aae7ad079e2ab2ec0c154176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
38KB

MD5
32efc8cdbf664d39009891f28ae9a31f

SHA1
897e8c936c885b5fc66309545c446edca5fbc90d

SHA256
af1503390295503bdb6fd83b354817afcba20eec36322864f943476c5176861a

SHA512
d985288e681ac72080e8bf22d4d2c73e75fb9c5921582e5dd7a83ded9740fe8b18d164108e355a46f1bdfd41cf2dc85acbcc2fc53c95aa63b5ee26cfec0f83b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
37KB

MD5
b5494b9997f27af3dc63eb91208b9011

SHA1
f3e5d7dcd3ff52a9f94c12a1d82b6a9b821bdb29

SHA256
e719ddf348cf7cab93c0c506d2bdd68d025073cb79ee59fe9ba353430cb12292

SHA512
dbeeb0f5cd731bece95081ad98eda397c6fdcb2d5bcd7ecfad2ab1fe5d267949b486310af158274c80a44ef6a4baf18cf30cd5b1b5dd5967947a5f0b3055be59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
21KB

MD5
78bef63693087a7ba494365de4518e39

SHA1
ab8bf9486a745eee3162a2d1ffe8b398cb4dbac4

SHA256
09d7733e5766aac854ab847a3a6b61486f9d764b767a6552c701ef198ad93eae

SHA512
4ebb92ca59e84fb0fa50177c69f9f7cc874f4811817fae997238588e8f7d071240b1880c677731b95a82372916e8e8441427036f2fd9ba5b84f89ae6be4535dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
27KB

MD5
fa2d7364a6cdbe8144bfc6add239bfe7

SHA1
2b37b884e7235429a2b4d675cf1d4975f9081d4c

SHA256
3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5

SHA512
5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
16KB

MD5
db2656b672846f689c00438d029d58b6

SHA1
43b8d5085f31085a3a1e0c9d703861831dd507ce

SHA256
aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763

SHA512
4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
16KB

MD5
6ad556157f9d08cbd11907cc7ec3aa82

SHA1
8c88395cf5530432a32e0d75b199ec8e54ef20e0

SHA256
4a90341f9ed5cbbda6363c9523abdbec31ae5b1a7144a8429d9da9827d57ab42

SHA512
4b0f4679fe90eefe9c62f0cd841d725a3c0d9240f91d6ab40e6607ee857561e1a1cacedd3853033dac1dcc0d35d880aaa50c27a58e14b3f61d12c095ef3af703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
25KB

MD5
f356b7fbb4f020a4a5806e6128ecff11

SHA1
cf3425f9e282633fdf5e8cf09a379e165eb21016

SHA256
1a18fbdedf143f6822a2ed6ae05d18895a878ff9dd88c866dc0d897132572dd9

SHA512
d57a80a564a33db54b8706bc40521edfef8c750574412bbca59dfd125ce93ab04a32c4a42871d1c266ffca6d35926ef17731401cf91ec4c9e8cc4fc9608cfff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
45KB

MD5
abf9de0611057698251bad0729c98cad

SHA1
cce2f317b9acfdf2fcca95d51e6d5cb3cb430a9d

SHA256
c38cd53f7f65dc202e3c97552f159f6d94b98dc93d027ede2d95e8d19ca24851

SHA512
182fb8b110d72c65b5d59db7c4c0445f20fe0e3425c68ba1d7a7fa181beeb2c6d70eeaf04201fc30184bf2106cde803ce0a900316c8a96d8e82d9eb99a9145fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
59KB

MD5
d5fefe918797245ee1cb3b16df1a2936

SHA1
18eeb33673d7e373ffc52bd2b2a6b07fc853b455

SHA256
c52ccbcb057f2c9073d989f0c37767836616865c6d533d594bdc74d565b1a37d

SHA512
581bcdbb3cc2e3b72bfc3b75c7a39767bc2c57fdaf3cb2301c0f195dd8707f14416a2add83f8317a2be32f2a8309ed037ef458dd5bd2b358e71571f999e12fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
88KB

MD5
2dfda5e914fd68531522fb7f4a9332a6

SHA1
48a850d0e9a3822a980155595e5aa548246d0776

SHA256
6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c

SHA512
d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
110KB

MD5
706ff40422b6129d122e049f98a18949

SHA1
b8e36447fc5070406bc39e1e8d129d0ed16fdf6d

SHA256
9ca54fc2f314db4f86bff7765e0499b76c2558516ba4e74514a8b20efe75ee67

SHA512
85c4e7feaecc7d466915dd52e02b43e40d227e32bdbf87d6be4ad7c6ab5fb03b0c2f23a96a7abf2d5583bee692c59beae64db6487deddc3554dcf601636e3886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
16KB

MD5
14d890fa0c9d3135315a8a46a449db81

SHA1
7266539f38ce33533394bb5cc1eeea4c8059a116

SHA256
2a97b1235113a254562e794b977dd6d26276b39071419d002c2f5e1c8c30e073

SHA512
208734589996bce3c320cd9dee5b476cf7073cc1165e1258ac2eeacfde967365daf4bb613677b4d7fa8679edf49e661ce29cd374fb23f704a6b3f99ee78aca74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
5594d035e41f1c4487296c6edfb71e23

SHA1
e46441fa5c6c24a06e9d3f173b6ad485650cdd85

SHA256
71b06d3115dea60e8bb061110a6c8c9b7c56ac96df36d88f532aca176a0699e0

SHA512
776a890774973f9f2b38d6c6fa15ca3575e1b749a1e6d8e794e1a8656714dafbc13ea7d1fcaab628fa25d6859549e995ffda42d59a0521730b14f39b900ea76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bdd4ec0411145e686f9427cdae60ec08

SHA1
1e972b1c2612a3f8060d246e51725cd133ef43ea

SHA256
38b148d172acd91199b3f4b1157b49e1c988556d15dc3441b5cb03d536644ac9

SHA512
f9e71566b5ba86e00c55cdc18864ae7c27f19278f7d886d152e54f4d2f1958e62c0c0076e11bac0a67365b716e407fcf1f07b20a89cdae29182251ed5b7b2e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a8b8783a900009c3f14b00cc3d347025

SHA1
be722ca78a0575e7bf4193325d7648d1ae5cd1d0

SHA256
08a9a783d5c105a13ddfd457ad587eda2a8addc45152e735a75de7c5b3ac64c3

SHA512
50dca5c160ca9676ea292c45be9fce8886ff92d230d0ff94f8c5bead6637efe2490cf463c7dee2b3fcfac88372d158f7cdafb5217819ddf0e96666ad6f193112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
7a41124a49b9898f562a9ddbd36c1573

SHA1
f6b338e9385a781fe9f9380f92c6c2bc0037146e

SHA256
5354d6d148413ec69b3031f58adf1b55325de2e116d80fb650202608d39c6b78

SHA512
87ec8e0f316e67c47f245f66cc4168ae82eb3c12f8c628489853f533d3b989ecf7e5fce63e360b32cdf039f37f8c440a003fe0a5aa0a24a4565aeea426b179ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6123cb144d6b10e066aadf23da9126bd

SHA1
b99e146776a3c821de0f9b1367cbc3574d035ad7

SHA256
925a6638e44b1f679ff3210d0e0751bb48ae13d4c381265316ed71b815f76760

SHA512
e8b9de41dc9662e1bf846234e39c3fc696b6de1b01fb1af14b2cc228c00f6c8739101b275053da3701cadeb58d7d971f3496d3a126cb4b73cba45d6b336d115c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a47a9464cf96c20ead6f8024d49d47a8

SHA1
cf499f16f743990a4fc8c6f04e22c27b32a0d6ac

SHA256
cffa0eb8c0e2305508dfef1c4ccaa13b4f7e642f5ab96baa74d33867619cabb6

SHA512
16fcff09af0f32014c7a24921fd4658f89956987c90fb948bba946dd30571b6c23ebeeda0db4412e006d5f03b5599cd3921ce26eef357c714197f35d74ee287b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
212c1be35122caab20617591884bb389

SHA1
443df01c13a2c3fe7eb76b70737966b298341d33

SHA256
f67a6311438a48181728f6b926cac8681842620a0e24f65ca298ad0e0a20afd0

SHA512
158ee37bee29be58169cbdca353a4afb74304ff5840a41211d1c014c5ab076fe7fddbb6a6d5e55e04c81f65f8e8e8b12fb9333af92607d9a725b4527f78da0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c64ec087ab360dadb608900433c57b45

SHA1
b97b95d1e5a2ff6be6fae0214b64533db39320e1

SHA256
6d03c506be2899ba8aea9381d51150c43249b7f7e99b79c5b3b8b20e7e6494cc

SHA512
e69d8ce8e55d460c1bce8c2039d42c0db547ba4c367903aac764cc4533c5f3bc967d3c1d92cfed4724a7ccb1e36a31061bc2319a0b6a488706767557f7e94728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0c1f6c25d491868cc0abf8d2520655bc

SHA1
579cee2f72ead3226b9b34faa560380d05495bc9

SHA256
b98a522be681bdd104bb24538b9f910b6217af1b8394e3f6720d1f3ce68b3c14

SHA512
9788b764b004594c4905f057fca9f34e481ebda5f2482dd6724f9d97909d0cebb1e24d9cd3566eb6f174c7959f0f11023a27b21827cf91444bd507355e23e629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ffc15a7323f88b7f2238d0faf628726c

SHA1
70998ce91e2afaf90003f126752acbc6e46c893b

SHA256
df890dd2911415c03d9bd31a16c729b4f1a1f4de05484a46eee02bd25e3899ad

SHA512
5c5b248a215e784a7a907f3c236b8ee0160116269d26d00210c36c5fabad6c0dfec7f620e2accfb3af6e1791ffdc316b340329b72ce9a05ba21d15fc972ff5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9e59c8928203b594b59b8d32e5e7ccde

SHA1
59a028997ac7ec26bb4675079ebdfb40cec15394

SHA256
159286b7dacfc67fd5937095784adb7eb8ac1222ad31536de2f60d83fe0259c5

SHA512
1ea91e913028edfa7450024a77ca53de56adbef798f10f157fc1b97a2004420591e59d21cfd4bd1357fa524046738a6a456eac0354fea72435123c7dcd3f6e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
46e3f49fa767ebc5973f207951eb4e7f

SHA1
912c30bd0b13a879b5d16706316916f6c319271e

SHA256
ae6bc4130549a5e4651fd335404d30e0a0de2086b04db38a244eef769556a8fa

SHA512
6efddc615355c2568b72c9b31c6a9615fda07f8096e07fb0c709c67718f4722ac55c3c03b8f531fc24c24566b01782ed7d307176fcacd6cdc54625b08a366b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
63be26e506afa1b6f3473a8b0b52a611

SHA1
8a32af9d16d0f409cc55869be40c12be7bd4a5b1

SHA256
b7730e9c5905bd44ebe153012453075393746805479a23e28fec8d4b9cc11f40

SHA512
c9a431125532e6b1fd610de725168d9d40db65451039fd81c19a1a5ab90c6721b2e159b7782e40680e589304b333f6b5322d16ff87d7fcdd1e815d048a2e03f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
77bfa477da6dad73ec1c5e6b1a38ae49

SHA1
6d6f95c0867c687d5551072a6c82e8ee6b10e177

SHA256
cc1e83067986b7e7c441f2cf0bad40f2a0e240855d088c9937e43a0e273016b9

SHA512
2170166ed9367443a4355a8d4a1c918ee7d9b62252f449d18c86139bfb1247b15718a85a75ce3aebdebd86744ed97f424c52a867f1f05d391baf0a07b720ee1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6dbe580177612f82b17f9cee5c701e05

SHA1
83763f5d2e89e457ec5c79548ff54e898eb080cb

SHA256
4f5a80aa1041356ab2a34761fb6339f93c740ebf78b1ef66c7886d92ebd0203e

SHA512
a614409a2e856257ca5483251e4332776de9cdb250533dd89fdda7052cad423f759e60ae2db2d652def0e9ba1257e8ce5c941c4e6ead755679b9faf47d7ee01c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
102de038f7dcbc0e86bbdd438b8b4231

SHA1
c3f5cad3abb7c1c2aa381802d74275bf9b452ddb

SHA256
dd39582a6e6338224056a7a42a1bfc3ada6f4ad889749282a0be1d2197eb730f

SHA512
45b039d49f6849a9577ed882332c9991b5c318b3fa506f13c2e1197d49fd03722bd1a1920a4cd710945b3b6ec8e8275a2e1bde9b8c3a02c6d8ffdd8f647da400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
9f1f149def9bf4ba8a4d02370c438e04

SHA1
5295f46660e1c83b9170fb6af9faa2a509ca39b0

SHA256
d19da22ee7d14e2bca2f02889a550defb91c140552f105c331c2e22ce6d7f91d

SHA512
ea9e5763033fefd6a950db30ab9e0377399f329773acd4ac421f45c0ea6ecad392eedb3110e519ef7a5c881c1d4e25d77a64ca5f2c1a0375f34364c93489e04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
784c08ff9b2c4112fbe6623bc1fc5549

SHA1
f5757fe3890d65e04ac7111475129a71bff7784a

SHA256
c03a4302d3e8f3f86871dd479ded20abf2315e105ca9b8d3996f1cd0a4f13aeb

SHA512
8996c786ab112d2e6526aa3787facebd5830d2ca656ee7dc7b22df04cec8d1602be747c3a527aafbb6d3cd1f4377c9ecdb385c844aaea61d617a470c97348b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d42909e8fd8ff6b2f87f04a39674161f

SHA1
42e216c041b2008ab434bfd54d235f33f21f948d

SHA256
fdb23a23f4d65288d14631b7ba1676c50a8216b2522ab0eb604d66b13242e952

SHA512
9ea51e1db93462d87413258627d8593351204ac8e5cbb6996663f93309c5c35e6aaf7e80f73e832cc9c855868eeb5115bdadb14b307b6be94d8e3776fe4d03fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
23a8ca27e799b054fec1690978ad13f0

SHA1
c92a67b7886a29d169001ec83c82632c6596c5e5

SHA256
f62e9ac2ad668c873ba0a634df36554770d072e87ab536399e62a4cb874d5407

SHA512
eb9d6fd9feeb9e3cf5ca2c463f957b5a3a7ce713300d99112d035d96f957c1acf9d2dd0c03c391e1592349cc8e696aa499e872a4116e6b3104c430a05f73fcab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
96adb46ba9879022c3a2920135dee0d9

SHA1
1d9f6b4f087beb2650243ccdcd425d8dd9f9aa38

SHA256
388eb1976fd24e17bccbd1f1c0fc02fa4d1db7d821165868e9ff8059ab21ed32

SHA512
3380786e192a35f3f123149e874ddb26f752abf7b793c099fd4c9b56931894de118e75765e0989d0eee5df55962b62d25468d25cf08f932a8b88e9d0a7381723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
6634626bcce2e636a898d5a552b84394

SHA1
18b81d88c618fbe325cabd2c3dc16a791ba1f23c

SHA256
8bf9664bced46df9be1be17519863bbe8575fc080b5cfd678e28e02cde9b78d5

SHA512
162f497979027384fda28036bd74e6a276f59f6791b5256cd8fe7a1077940566354d374df3b81ef8232a955a3bb8b6406c2e905b38c706542edbfe013ece8cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
441290540e7e8ce2c00e0f3d9a5697b0

SHA1
0fdd28ba1123ef7901f669ace7a86d7d1ac2ca10

SHA256
5504e8f8a588d137f85b6dc7d1e96aeb45a7a6d7e9d17f7362130e86fbb6a5dd

SHA512
69f242cf2dcd2e7a75d4edf8d1372bca8d688c72d67aeb283e8d9adb6a62dfe0c116902d886533384abc8df9ed52c5f04590019a762a97b28f0592ce89b7cc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\NJRat.exe.log

Filesize
319B

MD5
2a0834560ed3770fc33d7a42f8229722

SHA1
c8c85f989e7a216211cf9e4ce90b0cc95354aa53

SHA256
8aa2d836004258f1a1195dc4a96215b685aed0c46a261a2860625d424e9402b6

SHA512
c5b64d84e57eb8cc387b5feedf7719f1f7ae21f6197169f5f73bc86deddb538b9af3c9952c94c4f69ae956e1656d11ab7441c292d2d850a4d2aaa9ec678f8e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.bat

Filesize
187B

MD5
08d2e4a2d9e2c22025fc369cc551ca6c

SHA1
fbb518fd33cf1c752f762dc43d904cacad3aec00

SHA256
0e7dc72dce87f7448c7e65dfdae1ffebec653e4f066807a94993feb1039787bb

SHA512
92993473f027749718df243d6ac9480c1607cf908b3b01fc7dd92bd6afe4b8f3b0ae17c79fc75ed79c52cf79fc5f7bdc1814a4d132fd80202d80ba6539577686

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3388_706253613\d93f15a0-18a1-4d01-a01f-0fe6d4b4d703.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe

Filesize
183KB

MD5
3d4e3f149f3d0cdfe76bf8b235742c97

SHA1
0e0e34b5fd8c15547ca98027e49b1dcf37146d95

SHA256
b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a

SHA512
8c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SysWOW64\Userdata\Userdata.exe

Filesize
92KB

MD5
fb598b93c04baafe98683dc210e779c9

SHA1
c7ccd43a721a508b807c9bf6d774344df58e752f

SHA256
c851749fd6c9fa19293d8ee2c5b45b3dc8561115ddfe7166fbaefcb9b353b7c4

SHA512
1185ffe7e296eaaae50b7bd63baa6ffb8f5e76d4a897cb3800cead507a67c4e5075e677abdbf9831f3f81d01bdf1c06675a7c21985ef20a4bae5a256fd41cc0f

Download Submit
C:\Windows\SysWOW64\Windupdt\winupdate.exe

Filesize
756KB

MD5
c7dcd585b7e8b046f209052bcd6dd84b

SHA1
604dcfae9eed4f65c80a4a39454db409291e08fa

SHA256
0e8336ed51fe4551ced7d9aa5ce2dde945df8a0cc4e7c60199c24dd1cf7ccd48

SHA512
c5ba102b12d2c685312d7dc8d58d98891b73243f56a8491ea7c41c2edaaad44ad90b8bc0748dbd8c84e92e9ae9bbd0b0157265ebe35fb9b63668c57d0e1ed5f2

Download Submit
C:\Windows\SysWOW64\Windupdt\winupdate.exe:Zone.Identifier

Filesize
92B

MD5
c6c7806bab4e3c932bb5acb3280b793e

SHA1
a2a90b8008e5b27bdc53a15dc345be1d8bd5386b

SHA256
5ba37b532dbb714d29f33e79dacb5740096fd1e89da0a07b9b8e6b803931c61a

SHA512
c648be984413fdbaeb34808c8164c48b5441a8f3f35533b189f420230e5e90605c15fde2ce0d9fe42e9755c594dd1ef32de71a24016277ad2cef2f9afcf0ad93

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
331B

MD5
87b562368f8cbbcdc30d408d86dcca8a

SHA1
618bfc37b4bd6ed192aae7d3dfe83dc2cbf4146c

SHA256
4e0e1f2483710b2fad4255d9cbaadffd3796449682eba3267e64d0bc23d9a96c

SHA512
e7b596de472a145bdd25e6df39299d2a3ed7b32c1df61eaa949464ac8e2c48e917da41562757fb0a54d7f4cf6511fbb77bf459dd709e2f1a21d652dc8d7e880f

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
625B

MD5
d7e76d89080fdaa6ee45d617ec59c820

SHA1
83cbdfca4ce831861a7d0166b0c086cee4ae432c

SHA256
faba978fe1a2065cfa9c4d9be24885834a0989d5c08698d5c055d408e6cf1bf7

SHA512
232989f2f53977647f6707212668f70263d08b5e99a2d3e963e8dba5f7edea2ef3439de5554ba389f6a13fa4484fca66da0315eeb8ba060643bf112dd7094b37

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
737B

MD5
eec252aa35a066050801ffe02084446f

SHA1
4592ca2029011cb45e9f2fec0b7401cb26ebce13

SHA256
781b9b48f0fa2c209404ca334e5be85d75102168d40788a8b688e6e2a975dcd2

SHA512
dfd16abcdee0ca4bf797c9bc7fc3eda1dcc3deb56470e9e66105216fde8f2a09b0b8dbcaaaf886dcb4abc79e2605ea16f17516591572a3dc1aa13410e3270747

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
849B

MD5
a24570ec3a97f134019d1c638906fc3c

SHA1
fc02f34a9f131c8dd224f091680b6977fd3c3b2d

SHA256
81c7499a519a46e152e38782e3a83a07d0e99855fb0fb2dc0ccdbb3decd2ee3b

SHA512
1b5281c75a5b7553ebcf805e9d05ae8aff7fc599d0b261a4437585bc848853e02c93b67a0cdebbf87960e18d1dd87e0b57b9f061fa8ee996c20cf131a393153f

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
863B

MD5
6ff0e5e26b368b46a4acca018ae43c91

SHA1
6cd898495a47be4ca79a5a8179bde1c1db5544a6

SHA256
9dd85c129dbc743402a049e9ecd0bdb4440ea1d74cd59166b80a588b4dcc625d

SHA512
fd67024c0866d1bdfe3cce74d82c61327bc37e9e71943bdbbbb6142863c49bee4c1bf2f1a4015b4a465b0cca2ec760e4d2d88e8767d2d46446c36c4a5fe96fd9

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
912B

MD5
5901e2db014966fc49f1f30194e0f207

SHA1
4d6c6a2042ca31bef9871c8619e1da401f2ed03b

SHA256
61991f541d397a242d43c9f97480a2979a4ee6d9baa394a6417e9ac8c55d188c

SHA512
fa6824b8db44ed7cc6c5761a174a47d9d0dd327aac884ca509c475a0d817f16762edd355b7da3131bdab1b7dec1ecb407318d30e17b1363eb7706cf8dd54c738

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
939B

MD5
91ae31f76e8ad3c7a66a1f08e0628766

SHA1
53539563447c8c1b4b091e17b007e7b4c3e3454b

SHA256
eddee218e0c6388e7ae7abe51b850de3e589f9f153345c56564c668fbe6bca3d

SHA512
eaf9a497a6b09276b6a5148cc798b9e802b2b32d484fe07209def84764ba8a363d04dd056aca6604876564e4b56c5d276141733fd013c5cb68184ee02c0d36f7

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
54521d5e03120e5ef4fac25486309c27

SHA1
6049c7baeed949ba2b41e66d1a205e01c9cb4184

SHA256
859d44d3f3e7444a7c675c081b72dcb9bc32e934bc750b2a6bd86ed9f10d45be

SHA512
18f437971532fb8c118ff2beef0d7df3ff532cb3b703bfeafea4205b6a0214e98f639dd3ec9fd6655be4d31b1acb443cac4e6ea72d30b1609171c4f3f918f73b

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
d442810579ecf18421c62bc528a1fae3

SHA1
7317f3fa829e55d00a073ecf0dacf0a73262ec4b

SHA256
de6febc72115d99e1f5f7bd68591d82ad2a420aeda130a62d9a2b411b9ea83fe

SHA512
59d3237b04c7ed754a904eccc8d6e17e596cca30c3e538d45cdd7e375f20a22c497e92bb9a19935d6e57d6c1027130ac83d73ff48f4337e1929df7a0c8a516a0

Download Submit
memory/664-1657-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/664-1614-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1220-1696-0x0000000010410000-0x000000001047E000-memory.dmp

Filesize
440KB

Download
memory/1492-1659-0x000001D0B4430000-0x000001D0B444E000-memory.dmp

Filesize
120KB

Download
memory/2008-1698-0x0000000000010000-0x0000000000011000-memory.dmp

Filesize
4KB

Download
memory/2008-1697-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/4944-1693-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/4944-1695-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/5440-2563-0x000000001C140000-0x000000001C1DC000-memory.dmp

Filesize
624KB

Download
memory/5440-2566-0x000000001E570000-0x000000001E880000-memory.dmp

Filesize
3.1MB

Download
memory/5440-2565-0x000000001C3A0000-0x000000001C3EC000-memory.dmp

Filesize
304KB

Download
memory/5440-2564-0x0000000000EC0000-0x0000000000EC8000-memory.dmp

Filesize
32KB

Download
memory/5440-2561-0x000000001B5E0000-0x000000001B686000-memory.dmp

Filesize
664KB

Download
memory/5440-2562-0x000000001BB60000-0x000000001C02E000-memory.dmp

Filesize
4.8MB

Download
memory/5576-1691-0x00000150F5910000-0x00000150F6224000-memory.dmp

Filesize
9.1MB

Download