Analysis

  • max time kernel
    110s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-04-2024 05:07

General

  • Target

    https://easyupload.io/cbm5st

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.226:4782

Mutex

aec627fa-aba4-45fa-a0fc-e456110a730a

Attributes
  • encryption_key

    7D414F9EC5601C94A757DDCDCF7C7A7809D8CFD0

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easyupload.io/cbm5st
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9533c9758,0x7ff9533c9768,0x7ff9533c9778
      2⤵
        PID:1936
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:2
        2⤵
          PID:372
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
          2⤵
            PID:772
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
            2⤵
              PID:2040
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2740 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
              2⤵
                PID:3080
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2748 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                2⤵
                  PID:2928
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                  2⤵
                    PID:3032
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4972 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                    2⤵
                      PID:5056
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5276 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                      2⤵
                        PID:4236
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5404 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                        2⤵
                          PID:3988
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
                          2⤵
                            PID:3852
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
                            2⤵
                              PID:2372
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6352 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                              2⤵
                                PID:2864
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5872 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                2⤵
                                  PID:1960
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5624 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                  2⤵
                                    PID:4600
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6452 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                    2⤵
                                      PID:4056
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6472 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                      2⤵
                                        PID:4792
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6740 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                        2⤵
                                          PID:4836
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6756 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                          2⤵
                                            PID:628
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6920 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                            2⤵
                                              PID:1176
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6944 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                              2⤵
                                                PID:3644
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6952 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                2⤵
                                                  PID:4780
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7232 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                  2⤵
                                                    PID:2020
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7244 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                    2⤵
                                                      PID:2332
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8072 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                      2⤵
                                                        PID:5668
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7100 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                        2⤵
                                                          PID:5748
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8208 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                          2⤵
                                                            PID:5884
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7268 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                            2⤵
                                                              PID:6024
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8624 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                              2⤵
                                                                PID:6128
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8588 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                2⤵
                                                                  PID:5656
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8904 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:6172
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8960 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:6252
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9376 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:6364
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9340 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:6484
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4992 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:6496
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9728 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:6644
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9588 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:6656
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10064 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:6816
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10172 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6924
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10312 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:7004
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10264 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6356
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10324 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6384
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10708 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:7088
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10468 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:7124
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4716 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:7476
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4692 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:7504
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10660 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:7580
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10336 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:7688
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10556 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:7720
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10168 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:7764
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9672 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:7884
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9712 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:7960
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9500 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:8036
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10568 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:8092
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11248 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:2956
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10520 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:5076
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10504 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:760
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9036 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:6272
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10428 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:6500
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:6800
                                                                                                                            • C:\Program Files\7-Zip\7zFM.exe
                                                                                                                              "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RyansProject.rar"
                                                                                                                              2⤵
                                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                              PID:7384
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=748 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:5280
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6668 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:5692
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9904 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:4348
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                      PID:6296
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5644 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:7028
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                      1⤵
                                                                                                                                        PID:4640
                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                        1⤵
                                                                                                                                          PID:7744
                                                                                                                                        • C:\Users\Admin\Downloads\RyansProject.exe
                                                                                                                                          "C:\Users\Admin\Downloads\RyansProject.exe"
                                                                                                                                          1⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          PID:6892
                                                                                                                                          • C:\Windows\SYSTEM32\schtasks.exe
                                                                                                                                            "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                                                                                                            2⤵
                                                                                                                                            • Creates scheduled task(s)
                                                                                                                                            PID:7624
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                                                                                                                                            2⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                            PID:7504
                                                                                                                                            • C:\Windows\SYSTEM32\schtasks.exe
                                                                                                                                              "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                                                                                                              3⤵
                                                                                                                                              • Creates scheduled task(s)
                                                                                                                                              PID:8084
                                                                                                                                        • C:\Windows\system32\taskmgr.exe
                                                                                                                                          "C:\Windows\system32\taskmgr.exe" /7
                                                                                                                                          1⤵
                                                                                                                                          • Checks SCSI registry key(s)
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          • Suspicious use of FindShellTrayWindow
                                                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                                                          PID:7192

                                                                                                                                        Network

                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                        Replay Monitor

                                                                                                                                        Loading Replay Monitor...

                                                                                                                                        Downloads

                                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                          Filesize

                                                                                                                                          68KB

                                                                                                                                          MD5

                                                                                                                                          29f65ba8e88c063813cc50a4ea544e93

                                                                                                                                          SHA1

                                                                                                                                          05a7040d5c127e68c25d81cc51271ffb8bef3568

                                                                                                                                          SHA256

                                                                                                                                          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                                                                                                                          SHA512

                                                                                                                                          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          575950233722153f56167d98ad959144

                                                                                                                                          SHA1

                                                                                                                                          917947a4c96a09076deccca299fc334a6dce0f9d

                                                                                                                                          SHA256

                                                                                                                                          f6034726bfbf814d6e0f01628f8094d44d7d62576fd1b39bcf6696b6e79eecc5

                                                                                                                                          SHA512

                                                                                                                                          2502bdefde351a3489bb1a8719149b84b7f610f5448d97d487aeff390518eac00f293bab8245a3cfb500dbb6615a1aef95ef1b83e4e341a7d80e526f613c4f3a

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          de14cfb351687c0ae0183021724809d2

                                                                                                                                          SHA1

                                                                                                                                          77bcb04a01b68fe00748936c575484fcb3ca8323

                                                                                                                                          SHA256

                                                                                                                                          712a40ec6ad5da6d51a16f9445a9e8d6748192611ddff25cc30499c26fd57ced

                                                                                                                                          SHA512

                                                                                                                                          1699287a290e4aeb28178afae3450a28c2aa693f8b19a5452bebceaf9a71d8addb219d5f2b8f5d329e9d92e004fabf868ec0f8484451bef12cfe2236f1ab7d09

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          29eab28c08ecf616fcf6b6201918f07e

                                                                                                                                          SHA1

                                                                                                                                          8c0c0489b70b346e53b6fc816ff001cceff5c0d8

                                                                                                                                          SHA256

                                                                                                                                          c0ea4a9a99ca90cf76fb075aadc85291d250eb4ac42aae8d0f1b011a6c6ce4ae

                                                                                                                                          SHA512

                                                                                                                                          a2d407e8f973c38262eb0a00eff784f27e360316afd4a251dd90a3bfa81ec599a04e932255f92d8bc55fa8a5fc6b5c76c8b1e4d7352098f0139248fa480c630b

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                          Filesize

                                                                                                                                          14KB

                                                                                                                                          MD5

                                                                                                                                          917e27520ce9076378d4ecfab9e2d7db

                                                                                                                                          SHA1

                                                                                                                                          e78dc2b58ca579269f1b74cb9cb770cf19bc4dbc

                                                                                                                                          SHA256

                                                                                                                                          fce3055a6fe74b6f25c6e4adb06e980ccb7a190442aa6ff2818b9a946f35730d

                                                                                                                                          SHA512

                                                                                                                                          2831d979a80fa232403b0ae0f16d92b2e2626e65ead446f271bc28c91bfb652297705e6cde47e3c7f23ec9440a4c9ceb4f067fd867fb74580a17fa363b8ab91c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          d4a9cfdc7dccd16469e56745f5d19b5f

                                                                                                                                          SHA1

                                                                                                                                          2fb78146d78c991941c3e536a1b68af943a15016

                                                                                                                                          SHA256

                                                                                                                                          0b9906de076030e564a6e471f7a833020240d4ef303528990e2fc5b848b6e73d

                                                                                                                                          SHA512

                                                                                                                                          245f3d1da6f9fe5f681240358e6ea4122daaad760abef86958f8590b9378d4bfbc6c2faab75adfa33e9f7a648f976a8b4258f846f445b43fb96f0bec813bc38c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                          Filesize

                                                                                                                                          5KB

                                                                                                                                          MD5

                                                                                                                                          c37c2c3e85d7e794e6591216a98dc83b

                                                                                                                                          SHA1

                                                                                                                                          54160ba732e9f391b71550791997cae2d25c0fa9

                                                                                                                                          SHA256

                                                                                                                                          70db338c3fef0b90c509bdefcde502dee65b4f30000f6196fa694ab2deda6a5b

                                                                                                                                          SHA512

                                                                                                                                          7388fd498479cd149dcef41b217b1091ec514b3da6b0959840f92dde19fafb745a629078260fb0d3026434c133775f59ac82faded1e21b903d3392092ac99c87

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          MD5

                                                                                                                                          4b70f44abd30c268b3854351b8873a81

                                                                                                                                          SHA1

                                                                                                                                          ce6d96bb0fa7d83ca6c2b41c8aea0833e0b01e57

                                                                                                                                          SHA256

                                                                                                                                          d5db848cfe74a90465e1f2afb56206d55d7b597463b64ea6b6dfa71e5b998539

                                                                                                                                          SHA512

                                                                                                                                          7d2e60bd248b03aa4e2eb6fcb181ed6d4dc560878aeb2769e339941e3bf2e716191df3458057a183f037ff8022d3c29244ae08d09ca8658946b6f82eb1b24658

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          a7286daa4736fe3a0f3832d330dc743c

                                                                                                                                          SHA1

                                                                                                                                          9296356f692aa9bb77e88d0daf72cfadf370f26e

                                                                                                                                          SHA256

                                                                                                                                          b20e6aba4dc2aba2d1a11a5c63234802fe08f89ae565e4c319e13009cd3afc20

                                                                                                                                          SHA512

                                                                                                                                          d881260dd5850c0f5a020d63d40608e45466d69b698ab1d58ba18d49ad29eaeee62d0bf90c961d920cfd73829bdd0208539a2aef9903337e0d258106c85ee085

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          7KB

                                                                                                                                          MD5

                                                                                                                                          11f88c9ecb2c898ef348ad18c2c44246

                                                                                                                                          SHA1

                                                                                                                                          c44e8570ee87a700c6b7e9b2ad560907b2d44228

                                                                                                                                          SHA256

                                                                                                                                          93870f66f59af1743df030d0a5d156456444c1c045bb2e73670f30ca130db68a

                                                                                                                                          SHA512

                                                                                                                                          ec7bbcbd0397ec4bceb62c4e5fd308bf8bc31ec3c4afd590a072332d54f8a9369512ac329526fc5915e69c638e3b913f28a22c70d91a52b45b7eb806bd3c5c79

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          cc764f1cfc960924912263aa818d502f

                                                                                                                                          SHA1

                                                                                                                                          982c077bf32080a8254e832d3a1d78468e0d7d1b

                                                                                                                                          SHA256

                                                                                                                                          e27d21e22a49f723ae43ab90ab6230b349d7564bfb1a4d6877879f8e2f73bf9b

                                                                                                                                          SHA512

                                                                                                                                          5562433d0e4d9e3ac13e0c7b15ecbe8d2aebba1dbd975c2f8ba447f7687762c15d26836408d7a9fa840ee7bc75b3ed39a48f377919587022a73eeef0369d83aa

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          MD5

                                                                                                                                          f8aa2440bfe79d992b0f60220cd49ced

                                                                                                                                          SHA1

                                                                                                                                          9b0fa98bd3354c5596a154485fc2225e1223c19d

                                                                                                                                          SHA256

                                                                                                                                          a1c48f34b53ad2ec50a8a0766f33becc2db9b68b0f0d7be3f23b800cb2a9dd45

                                                                                                                                          SHA512

                                                                                                                                          5001299f1c9d1bcacf77b65a4de2cd8e72f5225da192b53d84d24472ea055fad86df5934a8fe237ef299bc8d7e9c3d8ac3277c9c9a3182b2141b504ae485082c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          MD5

                                                                                                                                          ea77c486ad630e92a3160dadf3d91f9b

                                                                                                                                          SHA1

                                                                                                                                          b80f9a6811d2e4fd6c4debf55f056b2088d158d3

                                                                                                                                          SHA256

                                                                                                                                          16cbd78c6f826b2d86f64698c0e4512ff9076ca2169cd653bd460cca518db9ed

                                                                                                                                          SHA512

                                                                                                                                          8533f2e0dc107d9bc258f903b8c842e58699d00f1b7c77aedd4f727f33306bb5e24ec2304e313f4363d8f4a53dacd16f34116091151676a38a031cbc5f44dd56

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                          Filesize

                                                                                                                                          117KB

                                                                                                                                          MD5

                                                                                                                                          8c03c13632b1af6bf07325516db44903

                                                                                                                                          SHA1

                                                                                                                                          2b208c13444ebeae43a35db8b083d193b08bba5d

                                                                                                                                          SHA256

                                                                                                                                          2e2b0669d7bb1f94e6d2c6ab344e22f40b857c544ac17273914299308741049d

                                                                                                                                          SHA512

                                                                                                                                          0136b7eceba95c35a915b92a2eb9ebd1fb9842cb5a10ef7d2c29db99037934e3cd6f8d46ed0e698f9752c61d503fd224e0438149195fbe8d8a062889b461c392

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ddcd.TMP

                                                                                                                                          Filesize

                                                                                                                                          104KB

                                                                                                                                          MD5

                                                                                                                                          08013f933d042c2e654f4f7d2ea2420a

                                                                                                                                          SHA1

                                                                                                                                          cde6f69a0b77a3c0f3392daa16971cd48b7821d2

                                                                                                                                          SHA256

                                                                                                                                          3885d0395a532ddbec2146c7496fde9e22e49a7ed086d63da0f6f13f7c841551

                                                                                                                                          SHA512

                                                                                                                                          c605b477d3295cadc2fcd8dfdf2a1621c5b70a182f1fbb4fd5e7f658f8e597c0b2ff73c45065a590f85e5ecf104b5a14cbc65142444cb6fbfd76e3ddf460bd6c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                                          Filesize

                                                                                                                                          2B

                                                                                                                                          MD5

                                                                                                                                          99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                          SHA1

                                                                                                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                          SHA256

                                                                                                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                          SHA512

                                                                                                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                        • C:\Users\Admin\Downloads\RyansProject.exe

                                                                                                                                          Filesize

                                                                                                                                          3.1MB

                                                                                                                                          MD5

                                                                                                                                          20edba711349a03803c2f96bbbe18b39

                                                                                                                                          SHA1

                                                                                                                                          675607f2c3510c35ea0784c1051e3a96c3b44416

                                                                                                                                          SHA256

                                                                                                                                          8e3077a2601f2727d79389b445d9e90336a0055c0f5a7ce330cbd4006876f1f9

                                                                                                                                          SHA512

                                                                                                                                          85130c87a19dc29bb6b6c26aea68f7173bf0df69c2a4b80e90bc2e14c19acdb1457f680e69d75c916fe7d546c470da5bb38b970843b33feda74847f5a675ee4e

                                                                                                                                        • C:\Users\Admin\Downloads\RyansProject.rar.crdownload

                                                                                                                                          Filesize

                                                                                                                                          1.0MB

                                                                                                                                          MD5

                                                                                                                                          44d6e8a53cff50cc3363e729ce3ecb04

                                                                                                                                          SHA1

                                                                                                                                          c9b66072ab2179194baee927b4ab04d43d64ddf5

                                                                                                                                          SHA256

                                                                                                                                          17f1c062b320bd3c8b938a07f9518affaf837fc253fe20c624187faa114938ae

                                                                                                                                          SHA512

                                                                                                                                          a93a888e5438c9a1d7453874da93d6aa860fd92be616d4a349870f025c3c79ab3ed24403f635d3e1496799930ac08c9c1f58cf0580720a70bbf43c2aaad11189

                                                                                                                                        • \??\pipe\crashpad_3876_XYRLXIOTWCONBXQE

                                                                                                                                          MD5

                                                                                                                                          d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                          SHA1

                                                                                                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                          SHA256

                                                                                                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                          SHA512

                                                                                                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                        • memory/6892-332-0x00007FF93FE70000-0x00007FF940931000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          10.8MB

                                                                                                                                        • memory/6892-333-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                        • memory/6892-331-0x00000000009A0000-0x0000000000CC4000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          3.1MB

                                                                                                                                        • memory/6892-350-0x00007FF93FE70000-0x00007FF940931000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          10.8MB

                                                                                                                                        • memory/7192-459-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-468-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-470-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-469-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-467-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-466-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-458-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-465-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-460-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7192-464-0x000001B6056B0000-0x000001B6056B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                        • memory/7504-351-0x000000001B8B0000-0x000000001B8C0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                        • memory/7504-352-0x000000001B860000-0x000000001B8B0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          320KB

                                                                                                                                        • memory/7504-353-0x000000001C170000-0x000000001C222000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          712KB

                                                                                                                                        • memory/7504-384-0x00007FF93FE70000-0x00007FF940931000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          10.8MB

                                                                                                                                        • memory/7504-373-0x000000001C960000-0x000000001CE88000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          5.2MB

                                                                                                                                        • memory/7504-424-0x000000001B8B0000-0x000000001B8C0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                        • memory/7504-349-0x00007FF93FE70000-0x00007FF940931000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          10.8MB