quasar | fcd5b843d50ec2f973aaa27e54b6bf045931cc3cb8d9bea4edaade352fe0f7d5

Analysis

max time kernel
298s
max time network
306s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uni/Uni - Copy (16) - Copy.exe
Size

409KB
MD5

b70fdac25a99501e3cae11f1b775249e
SHA1

3c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
SHA256

51ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
SHA512

43f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
SSDEEP

12288:gpbJjGut6AoE3hVVdFaC/eZPTMTDlpgfJCKuMsVs:oVaurMLcDlpRKai

Score

10^/10

quasar seroxen spyware trojan

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

panel-slave.gl.at.ply.gg:57059

panel-slave.gl.at.ply.gg:27892

Mutex

$Sxr-rpL8EItHN3pqIQQVy2

Attributes

encryption_key
Lme7VBS3l58VwLM69PNM
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SeroXen
subdirectory
SubDir

Signatures

Quasar RAT 3 IoCs
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Processes:

schtasks.exe

flow ioc

12 ip-api.com
31 api.ipify.org
3324 schtasks.exe

flow	ioc
12	ip-api.com
31	api.ipify.org
3324	schtasks.exe

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral14/memory/5112-1-0x0000000000050000-0x00000000000BC000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe	family_quasar

Executes dropped EXE 2 IoCs

Processes:

Client.exeytsYlBqQS1tX.exe

pid process

1996 Client.exe
3176 ytsYlBqQS1tX.exe
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

31 api.ipify.org
12 ip-api.com

flow	ioc
31	api.ipify.org
12	ip-api.com

Drops file in Windows directory 2 IoCs

Processes:

mspaint.exemspaint.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

SCHTASKS.exeschtasks.exeSCHTASKS.exeschtasks.exe

pid process

6108 SCHTASKS.exe
3324 schtasks.exe
1976 SCHTASKS.exe
2284 schtasks.exe

pid	process
6108	SCHTASKS.exe
3324	schtasks.exe
1976	SCHTASKS.exe
2284	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617831478115091"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{8F05E527-28C1-4F6A-81EF-13E2976D6775}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

mspaint.exemspaint.exechrome.exechrome.exe

pid process

1804 mspaint.exe
1804 mspaint.exe
4404 mspaint.exe
4404 mspaint.exe
3616 chrome.exe
3616 chrome.exe
1188 chrome.exe
1188 chrome.exe

pid	process
1804	mspaint.exe
1804	mspaint.exe
4404	mspaint.exe
4404	mspaint.exe
3616	chrome.exe
3616	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Uni - Copy (16) - Copy.exeClient.exeAUDIODG.EXEchrome.exe

description	pid	process
Token: SeDebugPrivilege	5112	Uni - Copy (16) - Copy.exe
Token: SeDebugPrivilege	1996	Client.exe
Token: 33	3564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3564	AUDIODG.EXE
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

Client.exeytsYlBqQS1tX.exemspaint.exemspaint.exe

pid	process
1996	Client.exe
3176	ytsYlBqQS1tX.exe
1804	mspaint.exe
1804	mspaint.exe
1804	mspaint.exe
1804	mspaint.exe
4404	mspaint.exe
4404	mspaint.exe
4404	mspaint.exe
4404	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Uni - Copy (16) - Copy.exeClient.exechrome.exe

description	pid	process	target process
PID 5112 wrote to memory of 3324	5112	Uni - Copy (16) - Copy.exe	schtasks.exe
PID 5112 wrote to memory of 3324	5112	Uni - Copy (16) - Copy.exe	schtasks.exe
PID 5112 wrote to memory of 3324	5112	Uni - Copy (16) - Copy.exe	schtasks.exe
PID 5112 wrote to memory of 1996	5112	Uni - Copy (16) - Copy.exe	Client.exe
PID 5112 wrote to memory of 1996	5112	Uni - Copy (16) - Copy.exe	Client.exe
PID 5112 wrote to memory of 1996	5112	Uni - Copy (16) - Copy.exe	Client.exe
PID 5112 wrote to memory of 1976	5112	Uni - Copy (16) - Copy.exe	SCHTASKS.exe
PID 5112 wrote to memory of 1976	5112	Uni - Copy (16) - Copy.exe	SCHTASKS.exe
PID 5112 wrote to memory of 1976	5112	Uni - Copy (16) - Copy.exe	SCHTASKS.exe
PID 1996 wrote to memory of 2284	1996	Client.exe	schtasks.exe
PID 1996 wrote to memory of 2284	1996	Client.exe	schtasks.exe
PID 1996 wrote to memory of 2284	1996	Client.exe	schtasks.exe
PID 1996 wrote to memory of 3176	1996	Client.exe	ytsYlBqQS1tX.exe
PID 1996 wrote to memory of 3176	1996	Client.exe	ytsYlBqQS1tX.exe
PID 1996 wrote to memory of 3176	1996	Client.exe	ytsYlBqQS1tX.exe
PID 3616 wrote to memory of 4720	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4720	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 4668	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 5028	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 5028	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe
PID 3616 wrote to memory of 512	3616	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (16) - Copy.exe
"C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (16) - Copy.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5112

C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (16) - Copy.exe" /rl HIGHEST /f
2⤵
- Quasar RAT
- Creates scheduled task(s)
PID:3324

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
3⤵
- Creates scheduled task(s)
PID:2284

C:\Users\Admin\AppData\Local\Temp\ytsYlBqQS1tX.exe
"C:\Users\Admin\AppData\Local\Temp\ytsYlBqQS1tX.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3176

C:\Windows\SysWOW64\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77Client.exe" /tr "'C:\Users\Admin\AppData\Roaming\SubDir\Client.exe'" /sc onlogon /rl HIGHEST
3⤵
- Creates scheduled task(s)
PID:6108

C:\Windows\SysWOW64\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77Uni - Copy (16) - Copy.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (16) - Copy.exe'" /sc onlogon /rl HIGHEST
2⤵
- Creates scheduled task(s)
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4104,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
1⤵
PID:1124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380 0x3c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3564

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ExitShow.bmp"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1260

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ExitShow.bmp"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff990e8ab58,0x7ff990e8ab68,0x7ff990e8ab78
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:2
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3944 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:5316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3068 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1832 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5496 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=244 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2400 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5472 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:5852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5664 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5220 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:8
2⤵
- Modifies registry class
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4360 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4396 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2660 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=1724 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4460 --field-trial-handle=1980,i,13010937788579702040,2034773860379754170,131072 /prefetch:1
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
Filesize
108KB

MD5
5bb6fbaf0c60d8484054db863ddace24

SHA1
9f2a1ea4f12ad8597a87ffbcac09ca169af93189

SHA256
f52acb3f9a347bfe5cdc32bb2512e2fa49e6609c99b4646e002d487012203a55

SHA512
ab2c63d85ed6dbebdb494762eb40e8f8bcd782e7b7061e2be4c84ce6ff14a4bfdac938148e0c4ed92f2e79e667128c1b1d5325becb562baca9776da02f037a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
Filesize
97KB

MD5
5b5577d5b324dfeeb030a292a64b5a06

SHA1
5a5abd09cdda782192c76e6b3b16f2a1fee089d0

SHA256
09324e0ba6a5d8fe1a1b4f96cf01c5b38b24da18ab9aa6a1eff3918e6007e0b0

SHA512
5482e9cdc348b20fd3abe6d78ba0a048f46ac25ac8d3393132cfcfce07492b8bb957ebc5747037dece8c296b85b2edac21b31404c528f7b628afcbb3b42e0ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
Filesize
46KB

MD5
f871dd44ae8c9e11c5c85c961f8b2ab1

SHA1
7618910822a0f2639b405e3c0b13faff0431140a

SHA256
2ae2564f74716a4e44850d845f0cca255c6c0c3a7dc0c8ee6bfca0212cc394ec

SHA512
3b9638f705f83e37c3e0c9db1205b2ac76b96ba72ac56013a6aca6f34a7a9ff3548e8fc67d2b85c9f23f8337f696baa8fab01523fb04b5fd618b130501eed47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
Filesize
19KB

MD5
0f0c9989cbb18447d2f5d954c20ed99f

SHA1
9ad0fd560c0c478c67cc8f118e363b3a1d1cdb5a

SHA256
a43a9e5bbd2d8a8aed070df3b2c799afe064312d6f248c4a498a67c0f9a02720

SHA512
ad6a2c60d3e5aab48497169e380d0fa50d7a0fd2bfa0a07313d880afaafd2ff2be7521864ab7ec661866b1ee4309467ef2733a24dba7e0facde8d190739d9fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
Filesize
90KB

MD5
308b6d399d415c806c62218a2cb14a32

SHA1
ffc2c22a11c7d04f95bc55d56164bfbc0f5c7282

SHA256
a22173601809eba73e34c1c99eafb34e3d89756eedeea66084c854a706dfbdf0

SHA512
1e9005c31d001f67cd8d94d9db4bf92a7527c400e9529abeeec10f9613b249649c7c439fc0aaa8d570783b2b70c1fe63681e56e47f09d91798757a471dbeb616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
Filesize
90KB

MD5
cc3edb5bf1c0f14036fd83bee184ef8e

SHA1
a05b2c4225383e67d55edd9f20d4aef4e81affb3

SHA256
670b7fc9fcf771d7d2e89edc0802d823dd2db36aba52405fd7cf540cd5e382f3

SHA512
59146a9f07c710d7ac83be2921c45349f2c43acc971d38f29f40027d13074b9697c59321c4f33961259d2975dc9fb01ed36075b97ce88ae5e5c3d42f3a8155a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
Filesize
19KB

MD5
111a850fdac66c90573d45a178e05ff5

SHA1
596eb78f1325d5ce58c222891f4700a59c82ade5

SHA256
6c27f8dc2e88d702c44ed6a0f74f8ea65294340619e67589f4381675aa7726a7

SHA512
fbc1d450215b1a215a4d5e058a3b5ec981599fc21a6ca0d54c432b8a25728834fb6a54c2ebd46020e25c1ca7ab197203c59beae10c0569aa5b0532b63ec88903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
32KB

MD5
0ca678222114585bc701a81128e81da5

SHA1
7153ab703cebe63231f07951ee322af357b30d0c

SHA256
d9899ffd6d9533dd3c0c34f02c7ec9f36c0463e0b9386185b0fd0fc5a6247997

SHA512
173f744c73f5dc6578dde2a593a0b66688b9c90e2ae066fcbc75f8c080378cfb4c863047cc36785250e788bf08b77efaaef02b56c1a4a8874fef8654b16c4f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
Filesize
61KB

MD5
1e781329122a0223e65650c32905584a

SHA1
9a0bc5aac0e2af5a32698e2cfbf59e587be87c4b

SHA256
60f5e773fd645392ea42dac9892272ae8c556561758c23c697eaa3e51156e6ff

SHA512
0503005a26844b4b3a40ad10560a67436bc97ae8a662c51f055eed43c105e1a33363b347d7862478508adaaa4e75ce89049be75806c9ea21cdb48227868e6f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080
Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\092afaa13060536d_0
Filesize
243B

MD5
56e6e42984ae73bffa13e20dc58309f3

SHA1
391e865d2d98818e7840bdb99579b4d36b9be8d6

SHA256
682e10278e6cccedead1b2b13c6eae8109a7157d1621d8ac5d1311378b740801

SHA512
3c943a01f49fca0f7b124671a9a3376e86c345a7576a08fa8f15255a67c7c2ea5c723e1c0f2fe4e404409bc786b4e0fb92404e5a8eeac0a32dbdf9af17940131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
06fc98070471facb531702c2aa115a3a

SHA1
54cc499ca15b09d9556221423e68594ba6c928d5

SHA256
1ac790242d793717f2dd2785edd925ef34bc6b498df575f6989db12efe212468

SHA512
a45d7c26d396d34760862716dc8208e2a35f17da544b6ab9c3e7d214de4880476379e4bd7511358faf02cf813d0211a763dc9403eb64bcfb75fc3cb118b3712b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
3ed5b58a7132189782c35c012ac26f87

SHA1
a1bd5a252db4f40d8336c954df3833e430c08306

SHA256
9f25bcf82da9384f5f5bbfaa943b3ca7309bcee157d1a1f602ee7466aa18de03

SHA512
463d5a551d18a7e7c194a01553c4c8a25fbaf5324fbdb638d787f5c60dd4a523ab70b102de86e4eac779d48f92187f5be1a98723901b340f1102d2430fb339c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
44a88844a7ddf25bc1f0a415c6f83e6d

SHA1
4a02c249c898f829672c73d4b7aad4223d535fe4

SHA256
4100c055cb2bb26724ddc77638cbbb9cce12ef132cfa1a74ad3e47e83b7bb0ce

SHA512
3cccfaf5ec6108d41b8a645267cfa9e6b712efbf97c837c1e8eb6c6dc720c0338ef9737afc4f82b9f37a282dede4e23fa65904bceade9c6c244a4161e402b56d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
96b288a669a4a93fc9b29cdcaf0ecec4

SHA1
278d00eb3704f9badb2581318b5f08a4f76ab495

SHA256
b9da130fed19f187652de4ecbf0e98a0feadfbd0aa549d91d9deaa1546749d3d

SHA512
cb40ff80a46ee9668af46d7e792215f3534f576ba265f754bb60f54a1d3b8d5f22304d1e50f9f427fe4948b8e27088844cab6fb11ebaab9bbf279edda01a353c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
849f4d9194aaaf01455c5151a16113fd

SHA1
7c341e012cf9151bf83227136ec04cd56c85f49f

SHA256
f7e20c1496be7d5ce58df7c9a701dd0f40091690e6bf80b78744cc880eaf53d6

SHA512
3df109ae807040bb1994417626af43e5e9e72211b13311836e8478b0bdcab87d1c9635f463fa138e5dab033e867e25109ca699ecc015b98256212fe4d4e3bafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
637204a1b2eecc8058f8ac01ad192ac8

SHA1
14acf343b179d318d21ac47c1d20931bacd147ce

SHA256
7e2e2a54d3500a444c98aa3d81f61271d732040d13ad9d464db7d2c813fd0abb

SHA512
2aa5fe97cd196facef7afaad2de022fc6ec2db42c2f21db4da05b70ac686513665cc6acdae30615a87bd7981a61310188b0a78b43d324f511c0eb228c7f5fcf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d0da4a4a9d62cc1cfb2b332c7c876208

SHA1
e0d824dd91d3b282e9530f6beb1efb745ad759dc

SHA256
4e854f1c63413e8150eeba76b46e9fcac4e66502de7068bd2908828d0179930a

SHA512
8874d8e9fdcb9759b2fe5b9cde1d872d2ffb0db1af896f802d61477163a8e89a29edddd6964d90c56092ae0c623e4cf1596415e698053d8d2857c8cfcc63ebf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b222b0a0eead69771841264ee1950608

SHA1
d8c11d544abeacb8eb5db7e558ef64a6a98e0e71

SHA256
0ffb3a62ed6a156dde359b670ca6aedb6a5688b55d4c397d630c2da8218ed41e

SHA512
f9d60488fe176234f4121e437eedaf090fb259df6ccb6575336d6afa7cc7be8c28e42726d6f08d1a93c412bd558675afd42c4c67774d0974f508a2c5ac0c65a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fbeedb412d13e8787f15ac9ac6c634d1

SHA1
8b25a66f08456582db883c99f4a1e483b4128503

SHA256
368f2967377a238d454e185e54cc3502b36353edbb10e26bac432666ae1a9067

SHA512
a5595c5c5c281000b3347f7571306371e47ae4aba3df936e9020c0991b04bf8a8cf6d0d03ec5223bdb9e06d104a0ded74339a8b49e460c3d907442db08f0be5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8cfa2d7d07f5a59698c7e14562f45d43

SHA1
d9945eee2b75dfec782da41a753848509e173f70

SHA256
ca68b33aab42ae5c712b3473e630c7c4966d27d5f6cc9e7301c9324f4a093eb1

SHA512
822e0423daea8d8b1c1ff55e2f49dd17fa6a7f20383bc320fd0ca4e8f84e96b3d03431a23d1298219571f3f7e85a93ae3c0a7aa8cacd729f14fb75eb139af35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo
Filesize
27KB

MD5
4c0c88980ae1477c8f2a078b543477d7

SHA1
2889d0269b14335b5f1236cb974dc2e1de08e19c

SHA256
fb8a8e1602c87acc77e619992d0cba0b0b580d58554ec0caf9d63d4a0d0c298b

SHA512
4887dd95de705e69cf893f22fac53e9370922173db71891f311a06e17b9623c9b402134ac1d510eb0d41d8ee724b631c3d4460d50ba9a70dca5dc397a759a176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
4b1c838c27d92d86e4ea01a92f346a56

SHA1
790fac3108c8c3dca74b4379dea7f19bc511e134

SHA256
a046ea08c69bfff65e863eb1d84081cd223394dc31080ea8daa40876bf7742aa

SHA512
436ded21a82a809620c49b54ac710f837201db263b7384f3357b6f328a8441606d14d8ef32c0d7896fd85f2fa1f7608f0c601a7ac215bc1dbce43e6d8ec702df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
2b351311bc75448f793e89a5ffdbe6ae

SHA1
30a04f0b8351a31a1cde2e178931a5eae7d0f92b

SHA256
e82c79272d9d7bb73448eb9268797905315fe7cd8688c2f5d819aeefd43c01cd

SHA512
56377419ea9a7189f751bd944fe68d8a6054acf4debed90dbac2c4fd20ff9a1625ede925b51a9d69d23fd018c9ef35d5d570fb09261e5a7f574af810b4d5857b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
7fab64004a30a26a07b354575eb8e694

SHA1
f57260b16820b8f72771fcfdbb78f5171954d37d

SHA256
d99446f6b5db9a9379bcb1d3d04468397942058c75dc840033708a1ef7f1ae04

SHA512
bb6eccf865722b3be2611fca1a8381178315341e6bd8eafec186ac57b94f08b95fa7c8ff891aaa1ff82603453a4c8e36029823d40834b43610c71b9a82fa48bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
1002c24b20d5497098c36eed41b05688

SHA1
5dbbec9b8cdf6cb377dfbf13eec97637ffa8cf8a

SHA256
1636e5b51e6c75b6bcc2c3ee883899820a84559ca768362d2262e87c87210bf1

SHA512
5b0d19a1a4a3261f0184f895dcbace7e2ef6ef823d3b71ba02a38367c87d35817e9bb55882ec8f639e0f32a3a0851e4d47763fb4247e017079a97ba40e443336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c39f3.TMP
Filesize
120B

MD5
309c19b1c035e3847657b845b0475d55

SHA1
3854cc92ad34648b8a97e1a6baab9266bd420599

SHA256
3b87a3dc2dcc5befa80118b2ee89510f02e0f1bec88955f53139433d8954b908

SHA512
95ed56e1b78cfc45276ebff6c9d85b638819d9924808de2628229551c0f04d2438ad3505c7df6f4461ea9b4989e997e93c64cf87e7d9f4afd320b3cbdf0a3be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
beac11dcc79de1d773f2727edf3d233e

SHA1
11bcdfc2a700f9838e6fb3e7a1a57b03311ec233

SHA256
4b29adbb2d6ff9c380e0e3f434de85b764c95d4096e4b7afc2d517d73aceec87

SHA512
39361a115a9a4fa11cdc8a00a73491ed051d41c8f16982464c0af08ca00c52b77b4fa859dd442f5e6e8c8233819c4bf8aa281bfa49f8d441dc87837708a02ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
0d037bc1cbf828f4812a7f7d50033f31

SHA1
d92094b5e8f26169f699df2ac6f2e456bbd97bcd

SHA256
d74bf26e1b50a535fe320d66a1d6ed07a2f21b86ee77ff7899ff4535d2ee02bd

SHA512
880da7078eda9eee6dca732ce0d60bf162231a3e525aa9d6fd5ef1557e5e4c9831fb07054cab097631da7c3f468936afec8f2b8227e544a5531d7d6ae33bec31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
bbac62099a9d400e60844b33d6057825

SHA1
cf066fbe39b9753d4539878602550a186a9e1c9f

SHA256
c92485b691824db307b3301519bc81d7cc3464275caf0ff67da110a8ec87eea1

SHA512
ad57e8e49c8015cfb08abe4f36155178f7d5a5bdff249d95cd9e542b7f1def5062400ab1aa91d07e78f9cf760ed1992565c3f3a0823152d1cd895a5b9ea0aa3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
c707799299a2ac07c915da336faf06af

SHA1
44dd48f72617891bdbbb8d9cc586f9e9abc877df

SHA256
84e4b9f1fd588f3689139ff5f859fb78ff78fc63d986bd7083f91197af47fa8b

SHA512
a7981f8cca159c9032e3bdca3fe47b5d8fe1de19fd06aed63b8a6d6c4255cb049e4b3b5f3466cee596a1d1a199dacf678c924b7195dd0e8eddab9fce88b9379a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b436e.TMP
Filesize
89KB

MD5
4bd1f36ba72a7b17ac2034c8d18411d7

SHA1
b5c7a0c179323940e1dacd5ddcbd65a61b6e7ba1

SHA256
b0017cf901719c761d55ac65695132eab9ed871921843eedb3b2ccd086f8055d

SHA512
e8782d69d15b2884c2a062daba9a0e83af5052cbccc014dd79ae378f5a39b4bcf99bd4267b5c5e18feefbfb821509267dfa669829c53c46d2b449a7f54a859a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ytsYlBqQS1tX.exe
Filesize
277KB

MD5
dac0c5b2380cbdd93b46763427c9f8df

SHA1
038089e1a0ac8375be797fc3ce7ae719abc72834

SHA256
d02538788fb57f568ece292f5fc20e9775c86d504de67f57e22534f84adc73c6

SHA512
05cc1f6bf25a6545a06c735ae7a4a7fc25489bdb9fbc8d5797be623982662c4a93cba2d20bfe14313ef1548eaaa691e55fabdd8e3d3e45de9ab42dc62f9a7023

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
Filesize
409KB

MD5
b70fdac25a99501e3cae11f1b775249e

SHA1
3c59226479bfdcd1b2927bcfb1a7516d4cb8dd71

SHA256
51ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246

SHA512
43f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44

Download Submit
C:\Windows\Debug\WIA\wiatrace.log
Filesize
1KB

MD5
d47d61dcfa95ddfccf2037ca33c0f980

SHA1
54cd39343b27ce30c14ce7d3dbf3ca42dc8cc2f1

SHA256
9eccfd05bfc3e1b48682132beded793cdf01b25fc771e67c247ac43b19d932d7

SHA512
a2db1a7a0f0504fc6553082c2d6a8a4fcda342322689fd1f524f5831fc60a08216d57c213403c1464410ccc2a58832a3e88c49f471ddac516f108fb31b357cff

Download Submit
\??\pipe\crashpad_3616_AXUSWMFAQPUCYHMF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1996-20-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/1996-19-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/1996-18-0x0000000006230000-0x000000000626C000-memory.dmp

Filesize
240KB

Download
memory/1996-17-0x00000000069B0000-0x00000000069BA000-memory.dmp

Filesize
40KB

Download
memory/1996-176-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/1996-14-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/1996-12-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/5112-0-0x000000007462E000-0x000000007462F000-memory.dmp

Filesize
4KB

Download
memory/5112-6-0x00000000058E0000-0x00000000058F2000-memory.dmp

Filesize
72KB

Download
memory/5112-5-0x0000000004A80000-0x0000000004AE6000-memory.dmp

Filesize
408KB

Download
memory/5112-4-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/5112-3-0x0000000004B20000-0x0000000004BB2000-memory.dmp

Filesize
584KB

Download
memory/5112-15-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/5112-2-0x00000000050D0000-0x0000000005674000-memory.dmp

Filesize
5.6MB

Download
memory/5112-1-0x0000000000050000-0x00000000000BC000-memory.dmp

Filesize
432KB

Download