Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2024 05:08

General

  • Target

    Venom.exe

  • Size

    3.1MB

  • MD5

    1348632fc2ede08cab5db1cb174ff0d3

  • SHA1

    2a1966291aa0e7aee1b039a1a75fa4879489a2be

  • SHA256

    900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf

  • SHA512

    52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

  • SSDEEP

    49152:avht62XlaSFNWPjljiFa2RoUYItFW7Bxn+oGdzTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYIrW2

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.246:4782

Mutex

1e9de725-2f46-4350-b6c8-78b3b776a085

Attributes
  • encryption_key

    ACF3D3BDCC7612495B863F26348AD4EE3B96458B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    venom

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 4 IoCs
  • Executes dropped EXE 7 IoCs
  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Venom.exe
    "C:\Users\Admin\AppData\Local\Temp\Venom.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:880
    • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Windows\SYSTEM32\schtasks.exe
        "schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1228
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd84a7cc40,0x7ffd84a7cc4c,0x7ffd84a7cc58
      2⤵
        PID:632
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:2
        2⤵
          PID:5116
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
          2⤵
            PID:1504
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2524 /prefetch:8
            2⤵
              PID:5052
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
              2⤵
                PID:3040
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
                2⤵
                  PID:736
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3672 /prefetch:1
                  2⤵
                    PID:944
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
                    2⤵
                      PID:1780
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
                      2⤵
                        PID:4404
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4352,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:1
                        2⤵
                          PID:4156
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3440,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
                          2⤵
                            PID:4312
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4004,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3468 /prefetch:1
                            2⤵
                              PID:4468
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=208,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5384 /prefetch:8
                              2⤵
                                PID:3748
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5764,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5820 /prefetch:8
                                2⤵
                                  PID:4864
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5796,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5960 /prefetch:8
                                  2⤵
                                    PID:3480
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5800,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5996 /prefetch:8
                                    2⤵
                                      PID:2820
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5756,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6140 /prefetch:8
                                      2⤵
                                        PID:1460
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5984,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6288 /prefetch:8
                                        2⤵
                                          PID:432
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6228,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6424 /prefetch:8
                                          2⤵
                                            PID:912
                                          • C:\Users\Admin\Downloads\venom executor.exe
                                            "C:\Users\Admin\Downloads\venom executor.exe"
                                            2⤵
                                            • Executes dropped EXE
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:2260
                                          • C:\Users\Admin\Downloads\venom executor.exe
                                            "C:\Users\Admin\Downloads\venom executor.exe"
                                            2⤵
                                            • Executes dropped EXE
                                            PID:1276
                                            • C:\Windows\SYSTEM32\schtasks.exe
                                              "schtasks" /create /tn "venom executor" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                              3⤵
                                              • Scheduled Task/Job: Scheduled Task
                                              PID:4128
                                            • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                                              "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              • Suspicious use of SetWindowsHookEx
                                              PID:2564
                                              • C:\Windows\SYSTEM32\schtasks.exe
                                                "schtasks" /create /tn "venom executor" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                4⤵
                                                • Scheduled Task/Job: Scheduled Task
                                                PID:5100
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6220,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6440 /prefetch:8
                                            2⤵
                                            • Drops file in System32 directory
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1844
                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                          1⤵
                                            PID:1984
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                            1⤵
                                              PID:1560
                                            • C:\Windows\system32\AUDIODG.EXE
                                              C:\Windows\system32\AUDIODG.EXE 0x4c4 0x498
                                              1⤵
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2552
                                            • C:\Windows\System32\rundll32.exe
                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                              1⤵
                                                PID:1464
                                              • C:\Users\Admin\Downloads\venom executor.exe
                                                "C:\Users\Admin\Downloads\venom executor.exe"
                                                1⤵
                                                • Executes dropped EXE
                                                PID:3560
                                              • C:\Users\Admin\Downloads\venom executor.exe
                                                "C:\Users\Admin\Downloads\venom executor.exe"
                                                1⤵
                                                • Executes dropped EXE
                                                PID:944
                                              • C:\Users\Admin\Downloads\venom executor.exe
                                                "C:\Users\Admin\Downloads\venom executor.exe"
                                                1⤵
                                                • Executes dropped EXE
                                                PID:2428

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                768B

                                                MD5

                                                572cd72041ce10f482a592e1eefde0e7

                                                SHA1

                                                a172c1c4c186ff7dc502453c6e8bba21dad99e98

                                                SHA256

                                                2269ea84b608bae2af743306e1d40e5381d1e403bed0c3396709c0cdc091a386

                                                SHA512

                                                ce2f9a9caf79a61dea99e0dff87c1bc83ba08dd57062ea6a20d91f3122ee8e66cc075644923bbc86171b3f1ba5bb266814e960e7e48cb91da20d2a0126099ede

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                816B

                                                MD5

                                                b36ab373d6fec9da3c34d561ddfd9616

                                                SHA1

                                                ac74a1bd8c956277bd4c15c0349e4d07c1fb0f0b

                                                SHA256

                                                733f5ecd2b2b8fd12dd71a246c89037f52f156d5eefe7224429ef5e77c82a038

                                                SHA512

                                                9867895ecf5bb0ea4ad01336b72b8bde4abfc7e6b7bfc101a369fe2f9b8af4742e3b4c935f7459d848e01160ec42681c9f4f558eb84c57f2d7e1b9d9cbf01a94

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

                                                Filesize

                                                41B

                                                MD5

                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                SHA1

                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                SHA256

                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                SHA512

                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000001.dbtmp

                                                Filesize

                                                16B

                                                MD5

                                                46295cac801e5d4857d09837238a6394

                                                SHA1

                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                SHA256

                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                SHA512

                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                Filesize

                                                2KB

                                                MD5

                                                ac4f464b13ac05b3d610f9ed25e04d28

                                                SHA1

                                                dd1b6eabc28e70a04ff517067c356d3c88a47583

                                                SHA256

                                                ce8877deab4ff736b48ef353224e477d27885911437fe5315a6e0d78cb183736

                                                SHA512

                                                77afd313528619024d134e375d918286fb979d2fccd685b94a40c571dedb0bd21f3883d83593e44a2ea7a30e3dd4b6faa85c9d46482023e25118daf012e819fc

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                Filesize

                                                2KB

                                                MD5

                                                b63d9836c66ad76736959c91f13b92c4

                                                SHA1

                                                581b465a2525356c6f5f7fe5e63d4cec56d45b2b

                                                SHA256

                                                a8234b6356624d26139c2c02847404059a60e55eb141f0ba58426574165874d7

                                                SHA512

                                                b77f1b6bca3a1d3e54511a0fa542e5d170c28b4d5a0c5abbc5fb0669060ee3c062bfda303d4ec757f00975fb53ead523c962537a17fb73015b077ce14dfa2b47

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                Filesize

                                                2B

                                                MD5

                                                d751713988987e9331980363e24189ce

                                                SHA1

                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                SHA256

                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                SHA512

                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                356B

                                                MD5

                                                e0efdea3669cdf83ebff754642b49e45

                                                SHA1

                                                1125bb5310d0b3ebabf5e5be15977a686c859b81

                                                SHA256

                                                eacb31a7a96b2022ec1d7d6971f69f091c7bab1d091ea322a86e4e121edb7c3c

                                                SHA512

                                                827d12151b2daedf558470f3cdc61825d46a626dedfcf36243aa9f233dccc6bbae1376d94e05b6a1153c89a426b3e85907f632a0475e4082b610ea882fc16ae5

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                691B

                                                MD5

                                                0ed5374197f6fc996080a995d9d0966e

                                                SHA1

                                                40025a112ac6a9f388abdc22a3e6ad37686618ff

                                                SHA256

                                                f8608860461bb9d92bd210fdc725a379f0a2ac3df9090a904a57f29194bceeb4

                                                SHA512

                                                2984d4b6866296d89a79952693cc7dc8f9e2d2ba1e2d8780d405713344a2aa0001b505d0b50580e1e42aebb479a080af5904c0c615d01890b0091425d730a382

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                2d3b5ecb9f257a37efc78471c1be6300

                                                SHA1

                                                754af26996342384102d5bf7452e94ad6af339ac

                                                SHA256

                                                d8e44f0134b6374565ab298d5b43ca88012826773afceac64d218f95789660ff

                                                SHA512

                                                286a5c3a2cade09c4c81c41e5c0803beb40785d3170358d2eddde3f05d174502c7cd7de996e2199269ec6c2137dc564dcc0ec886725eb5cae4e1003901821710

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                8KB

                                                MD5

                                                e2107db3fc9f0fc8cafa2f0c185f226c

                                                SHA1

                                                70396b3572cbfc751842d7eb13edf913735aafb9

                                                SHA256

                                                435ccdfaa0ffe72297d9037fbd08a50804697544990322ef4f027edbf5554a5c

                                                SHA512

                                                edd4369f7232d4e4e97a19cc38e9ace3b4c129bc58e54d66576c16ec1637f3fcb2343698acf4dbf425562e5266e2af673f479d070f8e9eb278da5a70471a6dce

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                00d23b360b37ebfe4fc5224adeac1d98

                                                SHA1

                                                713fddd40886d8c5fe273e18a660052ec6252cc4

                                                SHA256

                                                c9097384a48b11c9730978af42213a5503a088825ac49018813f481faef2d21c

                                                SHA512

                                                60240a14e788231d8660d5b96acd1573918611ace06b4ab06ae60d644cbce09d782cbb98b8237b71a7e83fda70097906629d9907bca43955d71284f136b087c0

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                a981f230db1e4f78295f2057c81126e4

                                                SHA1

                                                138ea6392c85c00bbd1cb2202cbb53f92060e7e9

                                                SHA256

                                                2424a63abb859beef9dcbd4fa41f4c773d9b3e571860fdca8c85748021d3adaa

                                                SHA512

                                                51e8a252b751539bb50654f2f7537fe559f8d9620597918ae4e8556ef5054c29faa33424de1e38f943417f9a9d522605a0391cfee5f9826c4282681c1fd26d41

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                fb5fe715c8dfeb4c0b97167b20b00eba

                                                SHA1

                                                31bfe4b912e2c440700b260de20ac1ee97ffe6e7

                                                SHA256

                                                5dbdaf083621144787cdcd113fea7c02a8d961b1b43c1240ee2b8921e661ae68

                                                SHA512

                                                901ae036b2ab5b89e44a564ad4146c4490ae99740bb157a91696a9b908c55ad2def2a2afd57ff33921fd0df6c1edb2e8fe107b0e31b9f1a0f178997608d39fc2

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                90e89f1badf3ce711357a50fe4e71b8f

                                                SHA1

                                                bd6202ac97dce0d6bc75adc0b6e72b49ec15b904

                                                SHA256

                                                19b6398d20dfd36f9e7de3b4c2d9501a70534bb550356bbcbdd38fe230416588

                                                SHA512

                                                8e5ef6289666c2f3303ba838f7c456f122610e4388f655c2701608a4d11f026c55d24b30c052e44624b19baf3e01ee56423124a8aafacc80a13a36b26016b5b2

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                a9d6b8668ad25721ed3c6f4442ef9540

                                                SHA1

                                                3edd4771ab12b9b457ebf3232297076d73d334ec

                                                SHA256

                                                fcb68b1d4a8d3fd6c8260cccc20564d2f3885a04c673cc4632795ed818963041

                                                SHA512

                                                b725b8800c47539bbac23b2de5090a0348d543cb260761b19ffceeb465c64d809af4a1814c41936055b895f722a8836ca92295c078988f0b2b6bc8fb0c358a9a

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                3639219d0d32f02c4d0388f8cb7501cb

                                                SHA1

                                                1b4defd1beebf0233f592458578926ccfaa93952

                                                SHA256

                                                5bece2c3b63b294c80215456dad86d4c60fbbe4a990c8fdfb6cb52bec2f0bbf9

                                                SHA512

                                                b2c068cfd7412265d15d335dd8d07c00d890fc64762e244cee2cfc1d58e20875f88e41ecc5f6ac5336ef8b6ccfb3a5f03bbd086de1fb5fd0c5415ffd89ab74dc

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                Filesize

                                                96B

                                                MD5

                                                e0d76acb56aafd72c5cf2a8ec5691cc3

                                                SHA1

                                                86db595a156d96cefa4bd84737eff4059204198c

                                                SHA256

                                                43e2137e6ffe5daacfda0fdaed91994d605c1c681ba10484bacc643c0c564a67

                                                SHA512

                                                77db5fb55e6eb9f2d124ff191a6cabef0e4a0be7044ea3e6b0402d9088bdc0a5cb227995561f57c0e7924b31acb37e8d48468211afa75731105ee87858da40ba

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c6e4a044-a9ab-4794-abca-974326e50aa5.tmp

                                                Filesize

                                                9KB

                                                MD5

                                                5f1bb56e64021677d82976fadfee4f3d

                                                SHA1

                                                fa527f3fb811382be65e53b82fd4386c3d603db7

                                                SHA256

                                                789c978921bff88dc37ddfefae3f135ef62bb569407b645aa95e63737c9435ef

                                                SHA512

                                                fe8ee03b44060fb079dbec6e53b0f14251c0d13f348e3fbcc28f9d7997115f70d0d1cb84516ae2641edffe7ade6642b193e2463bc69057f3117fb20c24fa51f2

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                195KB

                                                MD5

                                                5c02754a500d319b7c9478fd4d724f65

                                                SHA1

                                                916460f7f39674cbe958fd046a33e2e88a1e584a

                                                SHA256

                                                988a9703ced6a75511831d9d46a7fdb1a086320272490d925d82c062251417d7

                                                SHA512

                                                6d7cb87df7e23a1c715beefd34a058e14f88e6f87b972ffbe12901e7c5e17205e4b717fc46491460fbbf194e502a70e9d536d86ad727f56443e85953650fbd7c

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                195KB

                                                MD5

                                                dc826801c3b5b8c97af9dea8e869e843

                                                SHA1

                                                34101e8c50f7fe751b4c64ec30feabcaddece6e6

                                                SHA256

                                                4f431ca69bd9561ac2685ef19d3f38cee4b1d49bbce68d42d5c3d4c99ad2f402

                                                SHA512

                                                0e8801b6238d220be646bff8e300610072bf260d65b91c5f406f191e19f2ea7e3385fc8b569a4ae9f449633a3c00a36118c05721f0375024ca247b5db7f5d159

                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\venom executor.exe.log

                                                Filesize

                                                1KB

                                                MD5

                                                baf55b95da4a601229647f25dad12878

                                                SHA1

                                                abc16954ebfd213733c4493fc1910164d825cac8

                                                SHA256

                                                ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                                                SHA512

                                                24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

                                                Filesize

                                                2B

                                                MD5

                                                f3b25701fe362ec84616a93a45ce9998

                                                SHA1

                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                SHA256

                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                SHA512

                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                              • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

                                                Filesize

                                                3.1MB

                                                MD5

                                                1348632fc2ede08cab5db1cb174ff0d3

                                                SHA1

                                                2a1966291aa0e7aee1b039a1a75fa4879489a2be

                                                SHA256

                                                900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf

                                                SHA512

                                                52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

                                              • C:\Users\Admin\Downloads\venom executor.exe

                                                Filesize

                                                3.1MB

                                                MD5

                                                7fcd3fc792bd631ae9055127392a0f5c

                                                SHA1

                                                fa2e9d748dbee62689579cfb3cac376549eb063c

                                                SHA256

                                                6fe4cd2c15952dc044b40bb28ad3f0fc4dc8530ea472241675201ec1a82a9743

                                                SHA512

                                                961486995fa0bfe4cc34313d1e0c38566e3644fff72291d5ee5f08d3edf31ee75188d6354d48f2f31322b8f5e074de2085a8ef6548df9acdc381fcf6ff238b14

                                              • \??\pipe\crashpad_2488_XGMQBDYJSGYTHFUN

                                                MD5

                                                d41d8cd98f00b204e9800998ecf8427e

                                                SHA1

                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                SHA256

                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                SHA512

                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                              • memory/2260-601-0x00000000000D0000-0x00000000003F4000-memory.dmp

                                                Filesize

                                                3.1MB

                                              • memory/2496-10-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                Filesize

                                                10.8MB

                                              • memory/2496-13-0x000000001E0E0000-0x000000001E192000-memory.dmp

                                                Filesize

                                                712KB

                                              • memory/2496-12-0x000000001DFD0000-0x000000001E020000-memory.dmp

                                                Filesize

                                                320KB

                                              • memory/2496-11-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                Filesize

                                                10.8MB

                                              • memory/2496-404-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                Filesize

                                                10.8MB

                                              • memory/2496-38-0x000000001E8D0000-0x000000001EDF8000-memory.dmp

                                                Filesize

                                                5.2MB

                                              • memory/2496-379-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                Filesize

                                                10.8MB

                                              • memory/2496-602-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                Filesize

                                                10.8MB

                                              • memory/3220-9-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                Filesize

                                                10.8MB

                                              • memory/3220-0-0x00007FFD8BFE3000-0x00007FFD8BFE5000-memory.dmp

                                                Filesize

                                                8KB

                                              • memory/3220-2-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                Filesize

                                                10.8MB

                                              • memory/3220-1-0x0000000000960000-0x0000000000C84000-memory.dmp

                                                Filesize

                                                3.1MB