Malware Analysis Report

2024-08-06 12:58

Sample ID 240606-j29c5abf8z
Target https://mega.nz/file/NN03QRTb#VCCQWKKJ1h075jpQcyGbGeZ7Bt4qnwD_R24CCDuDV2c
Tags
asyncrat rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/NN03QRTb#VCCQWKKJ1h075jpQcyGbGeZ7Bt4qnwD_R24CCDuDV2c was found to be: Known bad.

Malicious Activity Summary

asyncrat rat

AsyncRat

Drops file in Windows directory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
Peripheral Device Discovery
T1120
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-06 08:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 08:11

Reported

2024-06-06 08:12

Platform

win10-20240404-en

Max time kernel

101s

Max time network

101s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/NN03QRTb#VCCQWKKJ1h075jpQcyGbGeZ7Bt4qnwD_R24CCDuDV2c

Signatures

AsyncRat

rat asyncrat

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621350759730510" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3620 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3620 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/NN03QRTb#VCCQWKKJ1h075jpQcyGbGeZ7Bt4qnwD_R24CCDuDV2c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff872e19758,0x7ff872e19768,0x7ff872e19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1896 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4392 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2b8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=2032,i,9681953654322414529,9075120248734804026,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe

"C:\Users\Admin\Desktop\Venom RAT + HVNC + Stealer + Grabber v6.0.3\Venom RAT + HVNC + Stealer + Grabber.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.125.203.66.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs206n453.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n198.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs240n117.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n453.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n192.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n192.userstorage.mega.co.nz udp
SE 69.30.89.27:443 gfs240n117.userstorage.mega.co.nz tcp
SE 69.30.89.27:443 gfs240n117.userstorage.mega.co.nz tcp
SE 69.30.89.27:443 gfs240n117.userstorage.mega.co.nz tcp
SE 69.30.89.27:443 gfs240n117.userstorage.mega.co.nz tcp
BE 94.24.37.153:443 gfs206n453.userstorage.mega.co.nz tcp
BE 94.24.37.153:443 gfs206n453.userstorage.mega.co.nz tcp
BE 94.24.37.153:443 gfs206n453.userstorage.mega.co.nz tcp
BE 94.24.37.153:443 gfs206n453.userstorage.mega.co.nz tcp
LU 31.216.148.36:443 gfs270n453.userstorage.mega.co.nz tcp
LU 31.216.148.36:443 gfs270n453.userstorage.mega.co.nz tcp
LU 31.216.148.36:443 gfs270n453.userstorage.mega.co.nz tcp
LU 31.216.148.36:443 gfs270n453.userstorage.mega.co.nz tcp
NL 185.206.24.146:443 gfs204n192.userstorage.mega.co.nz tcp
NL 185.206.24.146:443 gfs204n192.userstorage.mega.co.nz tcp
NL 185.206.24.146:443 gfs204n192.userstorage.mega.co.nz tcp
NL 185.206.24.146:443 gfs204n192.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
ES 185.206.27.104:443 gfs214n192.userstorage.mega.co.nz tcp
ES 185.206.27.104:443 gfs214n192.userstorage.mega.co.nz tcp
ES 185.206.27.104:443 gfs214n192.userstorage.mega.co.nz tcp
ES 185.206.27.104:443 gfs214n192.userstorage.mega.co.nz tcp
US 8.8.8.8:53 146.24.206.185.in-addr.arpa udp
US 8.8.8.8:53 153.37.24.94.in-addr.arpa udp
US 8.8.8.8:53 36.148.216.31.in-addr.arpa udp
US 8.8.8.8:53 27.89.30.69.in-addr.arpa udp
US 8.8.8.8:53 118.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 104.27.206.185.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

\??\pipe\crashpad_3620_VIPTEBADXXSKRRZE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

MD5 89d3df15d984b9e1903adbc8725f6878
SHA1 63edec30a0dcfc14fab139b7c6d9f0ac9cbca58a
SHA256 3b0e6454d1309ffd74b0ffbd462b822e4e47a5979f4b232ea47628e3583b6a5d
SHA512 d0976a544ea8da7d2d0dd9083929ab1739d2eb82b36fcba8ec86f39f2d5e5506b895adafb637c08b6c94fdce6eff3d60da2077cfc55b49d5d1cbde2568b96551

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0970c40600efac86ea40cd1433a1d0ca
SHA1 a307b6fdaf0f2c5b2812d7b76a82e8b7c142e5ef
SHA256 4026bf2495e09a413f4758913412042bf25c03594c9f1107cee221ef7010a6d6
SHA512 b4373f223fef2c5acc27ae07d85836f2a4707333f38d16204f3d8c6d50b7eded0c19b66d9ac9d8ec39a4b842cc00001332d37cb3355cc70a8a60f2cd070c0c02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb6cb08fbaf7ace760c1f4183cf952f2
SHA1 aaad2dfd82b6b54a7dabbe8eab1d522dd657c4b2
SHA256 1d2dba5501804e17200e9ed3a0bb45f58d03621838ffec7b4a431fdbc074bbe2
SHA512 bded3f94c601d08e336ab12ade0c18c8c2d3d4bdca031b981f967f0cd6ea38599a1e588d520f793880b9891785fe13d79ad65af28d2e5c102a5e8cd030684e16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1c48b83a15c72498eeb514fe502b2fa
SHA1 507867ad79f4ae555255c4ca62d8ff79f970a8e8
SHA256 9d2666ff5bff663d69cf9a59c3472ee210eabc28f79bbc1cdb4af38525f9e5dc
SHA512 6270900ec616e3394bd529e678343ab5cc8072709b73e473f3d5eb422752c8bb0a468133c903a4744658dda6a66875c86cecebc995147d9ba730e5e2b913605f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 03b2f1c35427815521a06d6559fa9567
SHA1 b86c5d5b700da897f7bd86c098645ec2e0a02087
SHA256 75aa664476efbed36953ee10be3151305a122878d9f75259073f69342cdfa4b1
SHA512 e694630ccb7756d985811fc02a81f56ba25d02f4cb85339ed6801be9d2c44f67872adce42ac5f2c588e49cf66916daf42ede9918b85aa1a7420d7e5197b775b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe57ce0e.TMP

MD5 aee2baf64fbecdb8d385cdf7b3090d70
SHA1 a44264e83ee6f3f3e6c89c337939b9495e26d73e
SHA256 b0cd9726bcd601a0cfee25f0feb2f2a19249f9a5f74cb415045021a8d3026b98
SHA512 53dcedc48d70bcaebe8c800d2ce19c0a7913240d9199cc3e1bf27839bd5c3e0f0f65768616cf60079b389019c2e1e3cf4ce3cb86a9aaca340c96f23570fc6e96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 78630925f5c4d6d5610198dde9eb5735
SHA1 1f5145cdac90ac06fe59ebce3f4d2484d310eabd
SHA256 805738a4166998007a3d40e784317f1f7060df2954ac9864e57dda20fea9ab0d
SHA512 124bef498d1966d1577c9643a69c576ff46a23257ddedac3e0d336ee14f5034e5e2b4f997345be710d122ee3a8e47639aae77cce2809b9a0380126a206fcd5b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ce3e80d7d9874bb1225382b7e8a4ea54
SHA1 17f8a6e371a6f5a0268edf847e2330c5087d025f
SHA256 cdd0beb441dcda998c9e680b1faa2540c57d0a5383c73343e3c851ea5687ad24
SHA512 af47273a28341e1f982fb38fa127bda70c46e007c04929d613bc97da0ae6d8bf1729c0cdd3d67c49cda939c5dc5e9c5b8f070369da31e886b3231e91040ed567

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e138.TMP

MD5 cd127e87e1a95289cac354fb80077f16
SHA1 118907e0e022691fc9301ff77dbd827e6936db91
SHA256 5d8049303ba9b8da4996ff61afaa9ab2ed4bf85c84c1982d49e9c2b4136d580e
SHA512 928edb92cebbb11385724847c35195debade1d00b2d50ae106d7e25700720bc558e23889f7ca8cc3b8b4a9c69e0ddeb9584b628e0b6ffdccfb462d98e87a629d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3d760970500006d4e80da9d0b64b8cb
SHA1 72a87edf6ff628023cdf3267b92e20ce3b27c2af
SHA256 120e38fda5132d42ae3055adfba4d89ee265d064ff3952979ef0459121b5f189
SHA512 173e5f5e74e1cf42273ee27d15eb14e7caf869f244ab13774757e490c2e9333fdef5ea7346bb265b6f4ed8d1feb190e22f0261179cddfee50a6c254370d32cc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a8ece461a3bdba3a3902552d0d562355
SHA1 93d6c5ccf54e224c3d90c09e1d8422a42baa6e18
SHA256 e651a32b8b57802268118addf5e8ae0b7ebf637344af738e5c4f7adde3895001
SHA512 407619728f974c50a3cc34d16722250e3b87abd01ff38a9f4598c6892ac2183713f54920662b0d1804387b6c573f01e9a0105bbe6ffd1a9a2a4367a459415c4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580ab9.TMP

MD5 dbfd2a1fcb2d5ed3c18d56880e245699
SHA1 91cc15d3b9ac66e385a8100373d41eca0c4fb1a3
SHA256 697f95c1ba687bca6d564755ef629fdc9f0b69902bbf67b83380a33a350dab3c
SHA512 44b4c9e7b1e07700b0630b900dc7fdbe78445fe81af082fdb521d9bb45d18cb2ee403679454ce5cd71c613b90f33c59a963567ae372969980a5961cfef573840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2434cd8c8d42676b955cd43b61ec64e8
SHA1 9625e7caf5af6905c423c991b266a11e6e2da519
SHA256 47bbb02d3eb9701f649790c1215c4bae74842883b961248c59bbbf5e2ccaaa3d
SHA512 7826847af68dfe3ebd3010fb6fff44c76812f340fed7f8ddb557a255759eea5f39b54c0d20c8ed9cd13e04853196bd7cc7756808cab36321062bfce6759ba14c

memory/3404-452-0x0000018668040000-0x0000018668E74000-memory.dmp

memory/3404-453-0x000001866C880000-0x000001866DC84000-memory.dmp

memory/3404-454-0x000001866B990000-0x000001866BEA2000-memory.dmp

memory/3404-455-0x000001866B6D0000-0x000001866B922000-memory.dmp

memory/3404-456-0x000001866BFC0000-0x000001866C098000-memory.dmp

memory/3404-457-0x000001866B5A0000-0x000001866B5F0000-memory.dmp

memory/3404-458-0x000001866F450000-0x000001866FC0E000-memory.dmp

memory/3404-459-0x000001866FC10000-0x00000186702A2000-memory.dmp

memory/3404-460-0x000001866F030000-0x000001866F3CC000-memory.dmp

memory/3404-461-0x0000018670740000-0x0000018670BC4000-memory.dmp

memory/3404-462-0x000001866B970000-0x000001866B990000-memory.dmp

memory/3404-463-0x00000186704D0000-0x00000186706E2000-memory.dmp

memory/3404-464-0x0000018673060000-0x000001867310A000-memory.dmp

memory/3404-467-0x000001866E360000-0x000001866E36A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri

MD5 b8da5aac926bbaec818b15f56bb5d7f6
SHA1 2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA256 5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512 c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri

MD5 30ec43ce86e297c1ee42df6209f5b18f
SHA1 fe0a5ea6566502081cb23b2f0e91a3ab166aeed6
SHA256 8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4
SHA512 19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2618b4b02d23dd67b9a3cd9143b0493
SHA1 008d067814a738d8e805a1ccf108b287caa57b97
SHA256 a29c00f5a00e680c25987f0b2efc1280a23379659f079a804fc468fb864a108d
SHA512 bc0a1cf8463e031194996f71b71086c3c660ad9f62e4e529f7b6b812d0642dbf63e56d363758e34955dba7e2d4f36040a0f9ba9d349bfd078a78e7deebc85730

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6fae971c0e2301776a6ae0f0f587b081
SHA1 1444a27b9a8e1978da46eef8797bbb44285d1a50
SHA256 b35a74eb0be861df4e2c02f5296fc503d413f9ac5a59c47563d84af74f9f313d
SHA512 006d4a3e94fa2f46f70fe90b1ee33df195246353301791fa8a64de4a27d5d6121f442fd3339d7f1bd5432ac219b0eff7b2090fef7e795f5140f015ccd3095153