hxxps://mega[.]nz/folder/sb1jiaSI#E3SG2ovfQa0z4kyqxqmaCQ

Analysis

max time kernel
299s
max time network
301s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15-09-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/sb1jiaSI#E3SG2ovfQa0z4kyqxqmaCQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1528	wscsvc.exe
1340	wupdate.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.cfg
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Venom_RAT_COMPILED.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wscsvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708758128632617"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4596	build.cfg
4596	build.cfg

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 4164	1408	chrome.exe	73
PID 1408 wrote to memory of 4164	1408	chrome.exe	73
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3488	1408	chrome.exe	75
PID 1408 wrote to memory of 3408	1408	chrome.exe	76
PID 1408 wrote to memory of 3408	1408	chrome.exe	76
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77
PID 1408 wrote to memory of 4980	1408	chrome.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/sb1jiaSI#E3SG2ovfQa0z4kyqxqmaCQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff62989758,0x7fff62989768,0x7fff62989778
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4472 --field-trial-handle=1764,i,8017780573508520732,9621924155293713018,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1528

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8
1⤵
PID:4188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4328

C:\Users\Admin\Desktop\Venom-RAT-5.6\Venom-RAT-5.6\Venom_RAT_COMPILED.exe
"C:\Users\Admin\Desktop\Venom-RAT-5.6\Venom-RAT-5.6\Venom_RAT_COMPILED.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4060
- C:\ProgramData\wscsvc\wscsvc.exe
  C:\ProgramData\\wscsvc\\wscsvc.exe ,.
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1528
- C:\Users\Admin\Desktop\Venom-RAT-5.6\Venom-RAT-5.6\build.cfg
  build.cfg
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4596
- C:\ProgramData\wupdate\wupdate.exe
  C:\ProgramData\\wupdate\\wupdate.exe vr9FprbQt9FOBuOIdBMgJmXdWGEDtiSpg7UcL7deWAea9tSkR7UbReaW8Myd6EDf
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wscsvc\wscsvc.exe

Filesize
259KB

MD5
04c37e7ffc1ffa36373b4abb5e71d15e

SHA1
26c156d4616baf34d85466f42444acbdcc3d0e73

SHA256
54fca0045340d0b84822ab5cf37ed84d73c41b3ab4b9f0ac7e9b98616d6124e8

SHA512
4b6bedb26ef534fb23cacd26fb341875428a66b6d9698d4d950db9aa9608973e4a6fba9ba025e89d885a707213f37a8a14ec811768f4de4a61c370c2caa702cb

Download Submit
C:\ProgramData\wupdate\wupdate.exe

Filesize
1.8MB

MD5
9269aa8162e145a56de29826250a3e71

SHA1
53fedafde572d6c55ee5a800b7e67438829b4f96

SHA256
025ed379207abb2734e78135399fd152193accbaf4739dda37dcb3189439b236

SHA512
0242a6b5e5f3e0514066a4341e2da82635b91f93e1081867b93218527f289de43793c772555a26835dfa2f134e08f624332f2f7fb74204da1d535c9241b7f4c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
60c90ae6f56d40fda738282710b06c57

SHA1
9097850277ce6bf721db7f5e694494b544d4d5b3

SHA256
f1da20ac8842404dddbee311507e4a79a7988b9b1a98eefc15cfe3942e118a2c

SHA512
68edbe968eb8527eecf99b8836180ec41ff231a1d56021a488715ec4313d2b28e4911586ac699f95952ed702b52cfc14adff8fc8b9f8c8cd19de819e9d8828ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
800B

MD5
02eb4c6dc90aae74e33df07410401398

SHA1
cb5095605159c7cd3dc83839c641ddb4040974ea

SHA256
300aca4dbdaa92346e586de720fe076e04ae9d6cc73d640a23e2f40c94a6e26b

SHA512
accf40b0cb71468f270e643eec4d8574028e97a712b4d5d6bf521e2b7b7faa459a5ae1a0f6ea474dac5ed793b1fd5a668250d84d88c26b78cecc83580f1dc8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
89b8ac0dcd9acf8e24136cbd7b53924c

SHA1
b69822e02fbf25ba0d4853973f2c97072c993021

SHA256
f8efc02b34f1b65e35ac170f3dfbe6570f9f7ba8a731eba42f4a0c99b7d64de9

SHA512
1da44cad8d4a9ce727394861a560c32d986b9c8a5a045b484ed237cfe0312d048b8e68f23483c95079a5b6a86a001925021d4ac95041a850ebdaf13337e70931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f62e5462dd55d8f8d9d50e4ffec9119a

SHA1
b7b61152a9b20e7e060ca3da7da2949eeec67667

SHA256
48464a851a9eef8286251c1ce886d17fc269d2221bdd018c81da4bbc7d9033bc

SHA512
7579b15653218066b62b163df0be107ce7d2a030c63649745a74daa387ab22b8150fe89725d803c1fc356d489781425fed0fd956d43d81fa5407270978f4f6e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0f2dd46acaa7e8caf4cf0c33790ff2b

SHA1
e4e5bdbfd85cce0b7fb6a758c8a191a5fa0503df

SHA256
978474c8e4bada95a4b5b473c7d34b60032faa99dce2eb56ebb56754b0ef4f1d

SHA512
932048e962668d4f7f659535088b8212f68eee3ad9d4dce347688a8d12f30613b04bfcf68be2a817410ddd290c8c2069f240a99328c6f59bdd6dbaf48408c087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a6b67a49096cb7da35f82d692d00fde

SHA1
f71b92fa916935b9aa0cf4ee04b6bfabf5349148

SHA256
047c6abd7c12e5b74f200a24ae925cde5a9875f1845aab61da54488ccd91ce27

SHA512
5a742e17b1041dc452563a6860e97cba435602c03844a81990d4c311c61b0d85fb43b049b6fcc568f4cc0b268b0d440422fdd6e5675217d5047feaa38e56083c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76fafd4bf33be47f0d5f0565766694ad

SHA1
25c93b4ec2e33af691d400f4970486ee613fa2a0

SHA256
9f4e69b41e735808a3a8a1c11ddb8a273820c65b113992375dcb50ff0f11e1c6

SHA512
03e6e9533a999991f23373a5500d0d994be551bc04b8b5df7ce43483d270567028dde874a66fb5fcea237ef4aaa8d6677b0089f8bd5fe4ed4d5729162ddeae83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
57fc3a4c902cd6d7bed80ac0e0fd9d1a

SHA1
bb04de5a491b5296a1ac37b03e94dc6439d5d09d

SHA256
59a7be239962a7e9bc417bb202770b979e0ba1101bc28edac40a7560d59135ab

SHA512
0fc3908a064ac0c2b6850ecfb25c32b6a7fc9137021627d781cba4a6528c180672f79f5a53e37d4f502848374fac3537e945445ff3fb10f954b1f89457999433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d13a.TMP

Filesize
48B

MD5
3e1e164f46aeb1adbea5e0657662e028

SHA1
a5bba41d0e7164d05b8d2c69d412fb70d9ebc2b8

SHA256
5e8c3abc1b2373d5439b604e4161b3eb4d9c7122163ca6650f9f1cf4b7e6295f

SHA512
b878162fd71ff229ecdf2df9f108ad3d4ef5583f070610720c1742c50a0c513be2e379a6ae28b87320e018eb76af14e2b3013fec34d5e0a0c548e2cbf5bcc8fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5428439ab5a359f35360879708d4a793

SHA1
920bcf43406d3a6860462698044fdad2a62b3a7a

SHA256
2b6bc9dabeb490096bb6e864dc39603e75c763c914be91ac42b4413ec427d581

SHA512
b1fefd70f41da817e99f4bcab1a0f13a43b00749bb9521b880a2cb7c60108edce89087d66af612ca8cdb6440355aea6e5f9577a6520b50ffd3a5503f186debf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
9789c0f492f13a032695bc8aeebeb9f3

SHA1
e681a71a88c73f784b92df5f6d0ae4e5259dbbb7

SHA256
7faf85e9034df613509deab452bf7781a4ab663a054565094437e669ee49b48f

SHA512
e5d157fb52ca502fe0d66b1510c971ddf370c0f395fb484203cd574d385e9946334fba42886cb7c7ffa2cf06e6685ea678ec428b4584ddac8b77e8d6ba58eaea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
754e4bcabc2ea4d8a4128aee53ded723

SHA1
385e0fe9b86ba36c3de8831b100658dee66798ce

SHA256
ab7206acf3f6f9df766d59a231b825c93ef02e8014efd8e2c467a0fa050d4f8f

SHA512
32f0ed2fd387af653ade141db20743ebfe01ad7919b208616bcd4b594a22a1a92881a2ad1972bf84c05887eac61973ffb415d0910bdc7e830b0fcf5bf46a84a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581e51.TMP

Filesize
98KB

MD5
9280f8dd991d01aef8e425d1bee60e42

SHA1
153f16f32c5d24c49277b2f4879b46da1f67848e

SHA256
ed84a9b76d2314366c541f4e825c20aa096ee456bbd2259d9d68f6fd6c79c56a

SHA512
3a7688141129e9e83f4ea63f92d4a321d94b13ed2c5f94baff2147542300be9544411354894fc8e98f363ca26900443759f10d1556556ea316d90acd8dcaa5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Venom-RAT-5.6.zip.crdownload

Filesize
45.1MB

MD5
f0b6183c893b7200eee3aa677d32a2f1

SHA1
7647b44dd6df3fa0e825d141fc2761eba17caf67

SHA256
f5b33ab23f297e8e45a96db445c1a6a8e7878f14614f2e5d5c919f4ebea442d6

SHA512
d163a7f58c09b55f6b8aec0b58e3fcd85b5f539b06d5bd16856bb79bc75a82ef789ca47bcde43ae92d6897434f1ce41c1dbdbe2bbfcda90ab0d8a8ed834c128f

Download Submit