Malware Analysis Report

2024-10-23 21:24

Sample ID 240803-fsh8ssthmn
Target Venom.exe
SHA256 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
Tags
office04 quasar spyware trojan discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf

Threat Level: Known bad

The file Venom.exe was found to be: Known bad.

Malicious Activity Summary

office04 quasar spyware trojan discovery

Quasar family

Quasar RAT

Quasar payload

Executes dropped EXE

Drops file in System32 directory

Enumerates physical storage devices

Browser Information Discovery

Unsigned PE

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Scheduled Task/Job: Scheduled Task

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-03 05:08

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-03 05:08

Reported

2024-08-03 05:10

Platform

win7-20240708-en

Max time kernel

125s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Enumerates physical storage devices

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Venom.exe

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

Network

Country Destination Domain Proto
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp

Files

memory/2416-0-0x000007FEF5C73000-0x000007FEF5C74000-memory.dmp

memory/2416-1-0x0000000000140000-0x0000000000464000-memory.dmp

memory/2416-2-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

MD5 1348632fc2ede08cab5db1cb174ff0d3
SHA1 2a1966291aa0e7aee1b039a1a75fa4879489a2be
SHA256 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
SHA512 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

memory/2416-8-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

memory/2356-9-0x0000000001200000-0x0000000001524000-memory.dmp

memory/2356-10-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

memory/2356-11-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

memory/2356-12-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-03 05:08

Reported

2024-08-03 05:10

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3220 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Windows\SYSTEM32\schtasks.exe
PID 3220 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Windows\SYSTEM32\schtasks.exe
PID 3220 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 3220 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Venom.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 2496 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2496 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2488 wrote to memory of 632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 1504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 1504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2488 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Venom.exe

"C:\Users\Admin\AppData\Local\Temp\Venom.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd84a7cc40,0x7ffd84a7cc4c,0x7ffd84a7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4352,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3440,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4004,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=208,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5384 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c4 0x498

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5764,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5796,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5960 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5800,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5756,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5984,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6288 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6228,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6424 /prefetch:8

C:\Users\Admin\Downloads\venom executor.exe

"C:\Users\Admin\Downloads\venom executor.exe"

C:\Users\Admin\Downloads\venom executor.exe

"C:\Users\Admin\Downloads\venom executor.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "venom executor" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "venom executor" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\Downloads\venom executor.exe

"C:\Users\Admin\Downloads\venom executor.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6220,i,10075390807884759930,3284817973986861888,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6440 /prefetch:8

C:\Users\Admin\Downloads\venom executor.exe

"C:\Users\Admin\Downloads\venom executor.exe"

C:\Users\Admin\Downloads\venom executor.exe

"C:\Users\Admin\Downloads\venom executor.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.99:443 www.google.com udp
NL 142.250.27.99:443 www.google.com tcp
US 8.8.8.8:53 94.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.102.102:443 clients2.google.com udp
NL 142.250.102.102:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 102.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 mega.io udp
LU 89.44.169.132:443 mega.io tcp
LU 89.44.169.132:443 mega.io tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 14.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
N/A 192.168.0.246:4782 tcp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 28.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 gfs440n202.userstorage.mega.co.nz udp
JP 103.99.35.202:443 gfs440n202.userstorage.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
JP 103.99.35.202:443 gfs440n202.userstorage.mega.co.nz tcp
N/A 192.168.0.246:4782 tcp
US 8.8.8.8:53 202.35.99.103.in-addr.arpa udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
LU 66.203.125.56:443 mcd270n310.karere.mega.nz tcp
US 8.8.8.8:53 56.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 gfs208n160.userstorage.mega.co.nz udp
FR 185.206.26.70:443 gfs208n160.userstorage.mega.co.nz tcp
FR 185.206.26.70:443 gfs208n160.userstorage.mega.co.nz tcp
FR 185.206.26.70:443 gfs208n160.userstorage.mega.co.nz tcp
FR 185.206.26.70:443 gfs208n160.userstorage.mega.co.nz tcp
FR 185.206.26.70:443 gfs208n160.userstorage.mega.co.nz tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 70.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 192.168.0.246:4782 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 192.168.0.246:4782 tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 192.168.0.246:4782 tcp

Files

memory/3220-0-0x00007FFD8BFE3000-0x00007FFD8BFE5000-memory.dmp

memory/3220-1-0x0000000000960000-0x0000000000C84000-memory.dmp

memory/3220-2-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

MD5 1348632fc2ede08cab5db1cb174ff0d3
SHA1 2a1966291aa0e7aee1b039a1a75fa4879489a2be
SHA256 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
SHA512 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

memory/3220-9-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

memory/2496-10-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

memory/2496-11-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

memory/2496-12-0x000000001DFD0000-0x000000001E020000-memory.dmp

memory/2496-13-0x000000001E0E0000-0x000000001E192000-memory.dmp

\??\pipe\crashpad_2488_XGMQBDYJSGYTHFUN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/2496-38-0x000000001E8D0000-0x000000001EDF8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5c02754a500d319b7c9478fd4d724f65
SHA1 916460f7f39674cbe958fd046a33e2e88a1e584a
SHA256 988a9703ced6a75511831d9d46a7fdb1a086320272490d925d82c062251417d7
SHA512 6d7cb87df7e23a1c715beefd34a058e14f88e6f87b972ffbe12901e7c5e17205e4b717fc46491460fbbf194e502a70e9d536d86ad727f56443e85953650fbd7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d3b5ecb9f257a37efc78471c1be6300
SHA1 754af26996342384102d5bf7452e94ad6af339ac
SHA256 d8e44f0134b6374565ab298d5b43ca88012826773afceac64d218f95789660ff
SHA512 286a5c3a2cade09c4c81c41e5c0803beb40785d3170358d2eddde3f05d174502c7cd7de996e2199269ec6c2137dc564dcc0ec886725eb5cae4e1003901821710

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e0efdea3669cdf83ebff754642b49e45
SHA1 1125bb5310d0b3ebabf5e5be15977a686c859b81
SHA256 eacb31a7a96b2022ec1d7d6971f69f091c7bab1d091ea322a86e4e121edb7c3c
SHA512 827d12151b2daedf558470f3cdc61825d46a626dedfcf36243aa9f233dccc6bbae1376d94e05b6a1153c89a426b3e85907f632a0475e4082b610ea882fc16ae5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/2496-379-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/2496-404-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ed5374197f6fc996080a995d9d0966e
SHA1 40025a112ac6a9f388abdc22a3e6ad37686618ff
SHA256 f8608860461bb9d92bd210fdc725a379f0a2ac3df9090a904a57f29194bceeb4
SHA512 2984d4b6866296d89a79952693cc7dc8f9e2d2ba1e2d8780d405713344a2aa0001b505d0b50580e1e42aebb479a080af5904c0c615d01890b0091425d730a382

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2107db3fc9f0fc8cafa2f0c185f226c
SHA1 70396b3572cbfc751842d7eb13edf913735aafb9
SHA256 435ccdfaa0ffe72297d9037fbd08a50804697544990322ef4f027edbf5554a5c
SHA512 edd4369f7232d4e4e97a19cc38e9ace3b4c129bc58e54d66576c16ec1637f3fcb2343698acf4dbf425562e5266e2af673f479d070f8e9eb278da5a70471a6dce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dc826801c3b5b8c97af9dea8e869e843
SHA1 34101e8c50f7fe751b4c64ec30feabcaddece6e6
SHA256 4f431ca69bd9561ac2685ef19d3f38cee4b1d49bbce68d42d5c3d4c99ad2f402
SHA512 0e8801b6238d220be646bff8e300610072bf260d65b91c5f406f191e19f2ea7e3385fc8b569a4ae9f449633a3c00a36118c05721f0375024ca247b5db7f5d159

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 572cd72041ce10f482a592e1eefde0e7
SHA1 a172c1c4c186ff7dc502453c6e8bba21dad99e98
SHA256 2269ea84b608bae2af743306e1d40e5381d1e403bed0c3396709c0cdc091a386
SHA512 ce2f9a9caf79a61dea99e0dff87c1bc83ba08dd57062ea6a20d91f3122ee8e66cc075644923bbc86171b3f1ba5bb266814e960e7e48cb91da20d2a0126099ede

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e0d76acb56aafd72c5cf2a8ec5691cc3
SHA1 86db595a156d96cefa4bd84737eff4059204198c
SHA256 43e2137e6ffe5daacfda0fdaed91994d605c1c681ba10484bacc643c0c564a67
SHA512 77db5fb55e6eb9f2d124ff191a6cabef0e4a0be7044ea3e6b0402d9088bdc0a5cb227995561f57c0e7924b31acb37e8d48468211afa75731105ee87858da40ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c6e4a044-a9ab-4794-abca-974326e50aa5.tmp

MD5 5f1bb56e64021677d82976fadfee4f3d
SHA1 fa527f3fb811382be65e53b82fd4386c3d603db7
SHA256 789c978921bff88dc37ddfefae3f135ef62bb569407b645aa95e63737c9435ef
SHA512 fe8ee03b44060fb079dbec6e53b0f14251c0d13f348e3fbcc28f9d7997115f70d0d1cb84516ae2641edffe7ade6642b193e2463bc69057f3117fb20c24fa51f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00d23b360b37ebfe4fc5224adeac1d98
SHA1 713fddd40886d8c5fe273e18a660052ec6252cc4
SHA256 c9097384a48b11c9730978af42213a5503a088825ac49018813f481faef2d21c
SHA512 60240a14e788231d8660d5b96acd1573918611ace06b4ab06ae60d644cbce09d782cbb98b8237b71a7e83fda70097906629d9907bca43955d71284f136b087c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a981f230db1e4f78295f2057c81126e4
SHA1 138ea6392c85c00bbd1cb2202cbb53f92060e7e9
SHA256 2424a63abb859beef9dcbd4fa41f4c773d9b3e571860fdca8c85748021d3adaa
SHA512 51e8a252b751539bb50654f2f7537fe559f8d9620597918ae4e8556ef5054c29faa33424de1e38f943417f9a9d522605a0391cfee5f9826c4282681c1fd26d41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ac4f464b13ac05b3d610f9ed25e04d28
SHA1 dd1b6eabc28e70a04ff517067c356d3c88a47583
SHA256 ce8877deab4ff736b48ef353224e477d27885911437fe5315a6e0d78cb183736
SHA512 77afd313528619024d134e375d918286fb979d2fccd685b94a40c571dedb0bd21f3883d83593e44a2ea7a30e3dd4b6faa85c9d46482023e25118daf012e819fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb5fe715c8dfeb4c0b97167b20b00eba
SHA1 31bfe4b912e2c440700b260de20ac1ee97ffe6e7
SHA256 5dbdaf083621144787cdcd113fea7c02a8d961b1b43c1240ee2b8921e661ae68
SHA512 901ae036b2ab5b89e44a564ad4146c4490ae99740bb157a91696a9b908c55ad2def2a2afd57ff33921fd0df6c1edb2e8fe107b0e31b9f1a0f178997608d39fc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b36ab373d6fec9da3c34d561ddfd9616
SHA1 ac74a1bd8c956277bd4c15c0349e4d07c1fb0f0b
SHA256 733f5ecd2b2b8fd12dd71a246c89037f52f156d5eefe7224429ef5e77c82a038
SHA512 9867895ecf5bb0ea4ad01336b72b8bde4abfc7e6b7bfc101a369fe2f9b8af4742e3b4c935f7459d848e01160ec42681c9f4f558eb84c57f2d7e1b9d9cbf01a94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3639219d0d32f02c4d0388f8cb7501cb
SHA1 1b4defd1beebf0233f592458578926ccfaa93952
SHA256 5bece2c3b63b294c80215456dad86d4c60fbbe4a990c8fdfb6cb52bec2f0bbf9
SHA512 b2c068cfd7412265d15d335dd8d07c00d890fc64762e244cee2cfc1d58e20875f88e41ecc5f6ac5336ef8b6ccfb3a5f03bbd086de1fb5fd0c5415ffd89ab74dc

C:\Users\Admin\Downloads\venom executor.exe

MD5 7fcd3fc792bd631ae9055127392a0f5c
SHA1 fa2e9d748dbee62689579cfb3cac376549eb063c
SHA256 6fe4cd2c15952dc044b40bb28ad3f0fc4dc8530ea472241675201ec1a82a9743
SHA512 961486995fa0bfe4cc34313d1e0c38566e3644fff72291d5ee5f08d3edf31ee75188d6354d48f2f31322b8f5e074de2085a8ef6548df9acdc381fcf6ff238b14

memory/2260-601-0x00000000000D0000-0x00000000003F4000-memory.dmp

memory/2496-602-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90e89f1badf3ce711357a50fe4e71b8f
SHA1 bd6202ac97dce0d6bc75adc0b6e72b49ec15b904
SHA256 19b6398d20dfd36f9e7de3b4c2d9501a70534bb550356bbcbdd38fe230416588
SHA512 8e5ef6289666c2f3303ba838f7c456f122610e4388f655c2701608a4d11f026c55d24b30c052e44624b19baf3e01ee56423124a8aafacc80a13a36b26016b5b2

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\venom executor.exe.log

MD5 baf55b95da4a601229647f25dad12878
SHA1 abc16954ebfd213733c4493fc1910164d825cac8
SHA256 ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA512 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9d6b8668ad25721ed3c6f4442ef9540
SHA1 3edd4771ab12b9b457ebf3232297076d73d334ec
SHA256 fcb68b1d4a8d3fd6c8260cccc20564d2f3885a04c673cc4632795ed818963041
SHA512 b725b8800c47539bbac23b2de5090a0348d543cb260761b19ffceeb465c64d809af4a1814c41936055b895f722a8836ca92295c078988f0b2b6bc8fb0c358a9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b63d9836c66ad76736959c91f13b92c4
SHA1 581b465a2525356c6f5f7fe5e63d4cec56d45b2b
SHA256 a8234b6356624d26139c2c02847404059a60e55eb141f0ba58426574165874d7
SHA512 b77f1b6bca3a1d3e54511a0fa542e5d170c28b4d5a0c5abbc5fb0669060ee3c062bfda303d4ec757f00975fb53ead523c962537a17fb73015b077ce14dfa2b47