Malware Analysis Report

2024-10-23 21:24

Sample ID 240803-fqcy1athjl
Target Venom.exe
SHA256 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
Tags
office04 quasar spyware trojan discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf

Threat Level: Known bad

The file Venom.exe was found to be: Known bad.

Malicious Activity Summary

office04 quasar spyware trojan discovery

Quasar RAT

Quasar family

Quasar payload

Executes dropped EXE

Drops file in System32 directory

Enumerates physical storage devices

Browser Information Discovery

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Scheduled Task/Job: Scheduled Task

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-03 05:04

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-03 05:04

Reported

2024-08-03 05:06

Platform

win7-20240708-en

Max time kernel

125s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Enumerates physical storage devices

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Venom.exe

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

Network

Country Destination Domain Proto
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp

Files

memory/2628-0-0x000007FEF5923000-0x000007FEF5924000-memory.dmp

memory/2628-1-0x0000000000BC0000-0x0000000000EE4000-memory.dmp

memory/2628-2-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

MD5 1348632fc2ede08cab5db1cb174ff0d3
SHA1 2a1966291aa0e7aee1b039a1a75fa4879489a2be
SHA256 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
SHA512 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

memory/2628-8-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

memory/1808-10-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

memory/1808-11-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

memory/1808-9-0x00000000010A0000-0x00000000013C4000-memory.dmp

memory/1808-12-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

memory/1808-13-0x000007FEF5920000-0x000007FEF630C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-03 05:04

Reported

2024-08-03 05:06

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4272 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4272 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4272 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 4272 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 5080 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 5080 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 1564 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 2436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 2436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1564 wrote to memory of 1172 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Venom.exe

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffccfbdcc40,0x7ffccfbdcc4c,0x7ffccfbdcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2420 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5076,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3296,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3104,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3388,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c8 0x470

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5008,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1148 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3292,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.104:443 www.google.com udp
NL 142.250.27.104:443 www.google.com tcp
US 8.8.8.8:53 95.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.102.139:443 clients2.google.com udp
NL 142.250.102.139:443 clients2.google.com tcp
US 8.8.8.8:53 139.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 mega.io udp
LU 31.216.144.5:443 mega.nz tcp
LU 89.44.169.132:443 mega.io tcp
LU 89.44.169.132:443 mega.io tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 16.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
LU 31.216.144.5:443 mega.nz tcp

Files

memory/4272-0-0x00007FFCD4C53000-0x00007FFCD4C55000-memory.dmp

memory/4272-1-0x0000000000390000-0x00000000006B4000-memory.dmp

memory/4272-2-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

MD5 1348632fc2ede08cab5db1cb174ff0d3
SHA1 2a1966291aa0e7aee1b039a1a75fa4879489a2be
SHA256 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
SHA512 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

memory/5080-10-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

memory/4272-9-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

memory/5080-11-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

memory/5080-14-0x000000001BE20000-0x000000001BE70000-memory.dmp

memory/5080-17-0x000000001BF30000-0x000000001BFE2000-memory.dmp

\??\pipe\crashpad_1564_GKTPTQRAKHCRDQHI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/5080-38-0x000000001C620000-0x000000001CB48000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c1441db979e668d84826a5ddd34190af
SHA1 a20e782d98195a0f50609ce34655431f01424200
SHA256 0e896a6963ff4b8449730d43ccbdaba9a5b29e68895e09369a8613b81481aec5
SHA512 a97cc0d5726ac127b9de3fc3560d6af0da7d52e9d38b56ef73198d7aa44d383db663c0315830c21406f30e032f130f908bb7cc760b68b6bff5378b341875d360

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8fb660722308101678e69fa7dffd7a7c
SHA1 afa639fff23f2cfc49e4c95fb48022907526a86b
SHA256 89d2792bffa9f8129b1f577fb5dd4aef964e641e34c4605500779ee347146efe
SHA512 6a0261737c1d1a01393cab951c95cfdfd6c6d9d09f18e214db6c19bf939209101546eaec81dcdb5482ed938fa4dfd30cdf4ec6338c1215cd5c75d318f00c34a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1589524b0f4a9a24ea73fcb41bfb9aaf
SHA1 aca34a8128ca075d25c38a40379f3034e5b194e1
SHA256 db44a873bf770d0637fa088f5db8b21c928245afafaff9245a90fd8cef93a4e3
SHA512 95597927c853df02fb8a7bf786d17d7a8edfb390bb7481176f724d54700c818ce153bd883254bacd1d8e9b7a163965857bbca7bcf16d7f14f1d1af2ac26c6851

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/5080-378-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 68501d443c86fcd40e4593e6a3ed83a5
SHA1 1cff5c4a514db80e2c86b25a466ae8579727fce9
SHA256 26bbf154e4321d344642afd11f5bd8806098d032c9114d45f4327a6a412c7c0e
SHA512 4872a48e9cbc29180b6955c2dcf6ca3e823136003dc54180329ef554a0d0d6d7e39b717625e1f69f9c9adef12dbda9f68768781ef4e1b6fff9bf6d0123b1b15a

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f65b6230925a9bce11384552a6b6d7f
SHA1 f24f8052254ced7f133f2a6020994111d472a756
SHA256 2ea559139e61c2b2b3f4c5555ff6b3e3d44c5d1a329c4654dce4a0cf3c002469
SHA512 b8a86bbb65cf2beffbbe3a9513fbfd4fa99e92c0ca97f919e38f55cdb241e0bee8e895e51fa5850c3bb1063ff5f948100e4e4e72048c56dc766aae13d6685f1b

memory/5080-424-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d737cadaa0238a4b041eed9c701143e0
SHA1 4c03ac15179d4593c6b0bc7985b29c5003de17a9
SHA256 a4f052014773bc0272aacea5745f2dd92295ce6c711cc1b6830cf4598de0e2f2
SHA512 b3dbf8057ea1048f51d4a50b757633da658430fc227e07c2b3b0993904e61692f62751008af8ca9bdd0d63155c83685de43dc7daf3f17e7e4fc7456c5a23e1bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b3a15c908217a7e202eb62c8fc1d20b2
SHA1 93990ede81a453149d55b1c9bdd200441925f8ff
SHA256 994a18fb24a55c81c51cbf4a54a867d59d6b857eafdf286764099f624b1244ce
SHA512 94cc3d566aa8e21843a27c54993f06293dfefbac724070db0c746614cde970805ed02a38f1daaa25aad0a7799f1c088c84a75b0a7a127534883dac95c1f87eb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00674178bcf69e1c107fd97da661a0b4
SHA1 dc495113a1a7d5d22e3c063c1e94998343ffa662
SHA256 ffaf596efdb838189786830a16c93e028b7831236e5b5cc7c54be8cde2b1b88e
SHA512 fd4b3dba4dc67df70e77dad9efb328dae571689c0ad5591055f5a0292eb4e47bda388896882984af0583781901a9b5b500319b91862242aa139135313e421ede

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5a7392d11c96363a58789052ded75232
SHA1 4cd5f7d260bb8818f7d17065e174ff1e3c10b5ea
SHA256 ae2fda05674468a076272d4948525f7dee17a4fb6fa1ec03b66bb59735edc11a
SHA512 4fa5b5ff0c6af0563f9fa2c36ec9ca94e92c80d8b1af28878ea1613a61ea6cbf0ae47c87647f9a6b945d12e76fb324e703216eff74284f039b4c2c091fe93bd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7dc62176696f8db54ece9527507d1da
SHA1 4baad830da35fe01bf5b97fff437fdb7fe1598ea
SHA256 f15b9f64852e8b88980055ebd2a5e3d3cf2a4e32304151fa46733d3d0d221295
SHA512 e1c05ecfbab507273c7bf6ac34dce0bf6b90dc3308aa1a5fc790c95ab45b965d8fb61f78c8f7ad703889497e3762923726fd3bca2c29fb6228f70924f05d1ade

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86f4d1144007c64094977f8df168bb02
SHA1 ff04782e7ced238819f9e667e01a391b189dc39d
SHA256 a321eee6af6a21d1a79bb9d6553e24372aad5f4dcec9572522ee8ce4bdc56880
SHA512 1ad33e98e661cdea850a24fa47edbd9d70b2b323ace875b14310ebfa92360ec42c589415b45817c293870afc141328172aaf22d8c5c80cfa284cba836d7a858d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f498bcf06d672f95d68da21b96b49e8e
SHA1 69482c9dec33294af256dd4c5847561bf4ccabd0
SHA256 d8a708d237b329db04681c20efbdadeadc164c909c53a209b44764f824fffd4f
SHA512 dadc23e920fb2d492bab4f0b9d22f3653ebf34f289be4be60e3c1a8e5e59fd8941a9394e52928896c74a8bd07363e6f42f2b2418a3f86129e086f880238bbd17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2ca4f79c3cdb1149ce5a395d1815d20
SHA1 8a838e5c65504c468caad4191737af35f4c46e53
SHA256 b19375778e459a025f6835e72904defba83689605a7e86e2eb78b00be4ca89be
SHA512 ed87091c18ee426da32f555d6cf22ed9669fa3a55f0df7452f12580843083f7bb19877bb3d1276ffbea94781a89cead1a9e678a45b0322aac557397f9c92463e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 074a483c070f09a94dd2a3d394cee801
SHA1 789fcb6e45b0cde084d4adcdf5281858bc594c1c
SHA256 50c189a9211eb7d3725dddd899f0754c5d279dbbb0c8dcc07580477650c9b824
SHA512 a7d77dbd9acf7e1e39e4650b115464ed17d0c92a2b850e94ca2ad7f0a7c405a0575a55d44350996ca178b30a181fcf534a58708973998d2da6a81c44fe7fbb8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2e248ac82653dc62c1e8c935a3082f3
SHA1 dbc82bd26d06a1a4f2fc4cbdf14f0b6a86609162
SHA256 cacdb8d2ab27850b83de0e905368f934fa121ab07543e44c17685f6bee146dea
SHA512 bdb37c0564b3360ca08949efa0fe10c9852ef461a5f500c2018ec070100a46b8642ad01ac6dff324c0f3fce707f4d82bed5d983e7e3e31f4cbd452a2e5c78491

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19962cb5bf2ac813efd5f042bc9e84ac
SHA1 37fb8a613760f82e2f8656da590872a283df3529
SHA256 e50ce657d48e0bcc260a2401701426f74d2801ac77fae992b607ea1306b96ffb
SHA512 01245f7d6897f28f69e53da9b0d0dbc8c55fc6603d011773708cc54a9178cc32aaae1ce6b42e274ef47742213f3c4931c5442a451180cc8ac8742517623055be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 180f88a324b8dbe51c63e180e8520a6b
SHA1 3093b2d814ee50e6d907ef5e214b32dd513a8d52
SHA256 af37fee3594815d501bf4387cddbfc21c9a1063875e86b0b8b7af8e4dce109b8
SHA512 1a83bb74c8833a5338937f6de06e0261bb997023930fff047d08d54e2f0c2b597a8a6f1f1d951b590b10971de858253b13f275005f30b9e5d94b49887b4c59e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20a91c1ea8a1783cfaa5589296fcb245
SHA1 5622cc5572656102ade8df91c62e86474ac092b6
SHA256 8dab78cc73472833e5ec9b3447c1fc6b8b1b0b8180ff375a92172dc1746d88f7
SHA512 0630311458f03e2f8cefc4ada0b182e8b534fbc1b7389604dcad990cae79d01cc1b1d0e62efa8eedae04908877ee532e90cd21658b02497b7b01ecb6b26661d0