quasar | 8739b236fb674c2c3516bc43ecf4b6583ea22ca0d4b2fe417b6223d654d52011

Resubmissions

02-06-2024 11:13

240602-nbkdjabc8t 10

02-06-2024 11:11

240602-nan1bscb27 10

Analysis

max time kernel
48s
max time network
151s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SynapseX.Revamped.V1.5.rar
Size

6.9MB
MD5

358e3fc465a47e440775cd04fe9e9650
SHA1

c0dea173ba12149b325de5831c2e08d8c3ff7b21
SHA256

8739b236fb674c2c3516bc43ecf4b6583ea22ca0d4b2fe417b6223d654d52011
SHA512

1a8dad583487280053ec13a088f02f54177f2c14318d9edfc60121884e6bda8e06979c47fa2e9100db21ecedcb30431a1842c2a6ef3c69f20b703ea07865348f
SSDEEP

196608:SGOV4gKBR19F8lsJ7WJ+ZVNXARR+n9fmYclvlcf:SB4LFXKsJ7QmVNXARkVwl9cf

Score

10^/10

quasar windows update spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Update

skbidiooiilet-31205.portmap.host:31205

Mutex

b2f09b33-2e5b-4ffa-afbf-3f1aaed274a6

Attributes

encryption_key
6F721445F7E0B1CF58980D84A9D49F4458D4EFD9
install_name
Update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
Windows Update

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7zO03AE7B16\SynapseXBootstrapper.exe	family_quasar
behavioral1/memory/2744-35-0x00000000010B0000-0x00000000013D4000-memory.dmp	family_quasar
behavioral1/memory/2452-41-0x0000000000840000-0x0000000000B64000-memory.dmp	family_quasar
behavioral1/memory/2720-139-0x0000000000800000-0x0000000000B24000-memory.dmp	family_quasar

Executes dropped EXE 3 IoCs

Processes:

SynapseXBootstrapper.exeUpdate.exeSynapseXBootstrapper.exe

pid process

2744 SynapseXBootstrapper.exe
2452 Update.exe
2720 SynapseXBootstrapper.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

2380 schtasks.exe
2040 schtasks.exe

pid	process
2744	SynapseXBootstrapper.exe
2452	Update.exe
2720	SynapseXBootstrapper.exe

pid	process
2380	schtasks.exe
2040	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

7zFM.exechrome.exe

pid process

2608 7zFM.exe
1844 chrome.exe
1844 chrome.exe
2608 7zFM.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2608 7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exeSynapseXBootstrapper.exeUpdate.exechrome.exeSynapseXBootstrapper.exe

description	pid	process
Token: SeRestorePrivilege	2608	7zFM.exe
Token: 35	2608	7zFM.exe
Token: SeSecurityPrivilege	2608	7zFM.exe
Token: SeDebugPrivilege	2744	SynapseXBootstrapper.exe
Token: SeDebugPrivilege	2452	Update.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeSecurityPrivilege	2608	7zFM.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeSecurityPrivilege	2608	7zFM.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeDebugPrivilege	2720	SynapseXBootstrapper.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

7zFM.exechrome.exe

pid	process
2608	7zFM.exe
2608	7zFM.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
2608	7zFM.exe
2608	7zFM.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exe7zFM.exeSynapseXBootstrapper.exeUpdate.exechrome.exe

description	pid	process	target process
PID 1620 wrote to memory of 2608	1620	cmd.exe	7zFM.exe
PID 1620 wrote to memory of 2608	1620	cmd.exe	7zFM.exe
PID 1620 wrote to memory of 2608	1620	cmd.exe	7zFM.exe
PID 2608 wrote to memory of 2744	2608	7zFM.exe	SynapseXBootstrapper.exe
PID 2608 wrote to memory of 2744	2608	7zFM.exe	SynapseXBootstrapper.exe
PID 2608 wrote to memory of 2744	2608	7zFM.exe	SynapseXBootstrapper.exe
PID 2744 wrote to memory of 2380	2744	SynapseXBootstrapper.exe	schtasks.exe
PID 2744 wrote to memory of 2380	2744	SynapseXBootstrapper.exe	schtasks.exe
PID 2744 wrote to memory of 2380	2744	SynapseXBootstrapper.exe	schtasks.exe
PID 2744 wrote to memory of 2452	2744	SynapseXBootstrapper.exe	Update.exe
PID 2744 wrote to memory of 2452	2744	SynapseXBootstrapper.exe	Update.exe
PID 2744 wrote to memory of 2452	2744	SynapseXBootstrapper.exe	Update.exe
PID 2452 wrote to memory of 2040	2452	Update.exe	schtasks.exe
PID 2452 wrote to memory of 2040	2452	Update.exe	schtasks.exe
PID 2452 wrote to memory of 2040	2452	Update.exe	schtasks.exe
PID 1844 wrote to memory of 2440	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 2440	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 2440	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 352	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 2268	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 2268	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 2268	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 1452	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 1452	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 1452	1844	chrome.exe	chrome.exe
PID 1844 wrote to memory of 1452	1844	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\SynapseX.Revamped.V1.5.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:1620

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\SynapseX.Revamped.V1.5.rar"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\7zO03AE7B16\SynapseXBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\7zO03AE7B16\SynapseXBootstrapper.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2744

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe" /rl HIGHEST /f
4⤵
- Creates scheduled task(s)
PID:2380

C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe
"C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2452

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows Update\Update.exe" /rl HIGHEST /f
5⤵
- Creates scheduled task(s)
PID:2040

C:\Users\Admin\AppData\Local\Temp\7zO03A0CA96\SynapseXBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\7zO03A0CA96\SynapseXBootstrapper.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1e99758,0x7fef1e99768,0x7fef1e99778
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:2
2⤵
PID:352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:2
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1176 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3492 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=712 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2632 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3740 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2604 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1812 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2600 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:1
2⤵
PID:1244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4580 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4684 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4716 --field-trial-handle=1212,i,17124165015657054903,7454945784160072154,131072 /prefetch:8
2⤵
PID:984

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1180

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
480bf3736dee9ceae34435dd6469303d

SHA1
97ee7d11eacc9c1b2b2d7786eba7b51249f675f0

SHA256
30514a6b6d74716a5888fee77f6292fb230c178a0ba9573a841d165f3359eae8

SHA512
7a07dadc8db597b91717520571948659692748d7fe4d0c81a726f2101454b73428621fb3443f45bfbc59362d97ad3bd4fcf06f5d4a90a46f6ae48d352a3d2605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
49a26aa84f142e06971ba9f26eeb48ed

SHA1
e27f3c70824a27eee6648cab04ce66faa713ed0c

SHA256
90418825379fc82074d1759e9f761bab0252e3142670386556c8f137e691a303

SHA512
38f0da8844bb8272a607daac9b51e510606921e6148a212bb0b19cc73acaaf363cb11b32a958792e721d9579a0207a52acfae92989e0f4f03c9c3267945996d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
da06187942d1aa4563d586812fb31c47

SHA1
b648336e28d354cc8f045beaa81bb7edbc17dc14

SHA256
2765a06ba705cf9b3c1dbf926446406bc11a0677c6020fe06f2b2f91bfad063f

SHA512
e1b57abca6b61799402f8981168cc2b6e7ebcc07c8874b5019435f329b042b8760e528b5f632c97ca1f6982a497e7b6c22ed5e4ee825c3cec5489f19016e480e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
cbf82cc73e585a1b9fd24a088fa560eb

SHA1
4fbaa9eb683b50267b56837c8cb0ac3e561918c3

SHA256
be582c0e5de13d4d7da53e5412679bb1bab194551e0b628bc0376a43718f21cf

SHA512
6067ac73f1c9f7a86fbeb5041a01ce8eb0b9fb709c6d443bd86331c4756415a7e17ecdd1f3324c70fdf6f50ab61848e98c85b465d80ab8c6ad91c35467d87d31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1c85d0f349ddb3ba1c536a98c9df0088

SHA1
30b1dd68581afc8867c6b8db7b167116a4b8935b

SHA256
760722ce60a9359aea476db9542bfe9aaa493c3737a1908d38d69796de5f490f

SHA512
af9e5ea04c99efe1922d92c19182acba961519771c4f8dd4cc2d82ec7eb48b78b69c65c43630727550afdaa7f73a6fcd54b52f31797252733defef283032a92b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3b24c1ef3ce32e6c04dbf4489551960a

SHA1
b48905ad03a6e4b996a91645d2b55255bbfd81e0

SHA256
2ae5d37580c25d544861b5a9ae073d63f1bef0bfa68d05dd2bdb2fa9175582ff

SHA512
1f41c7d426e0dba0e691d003a4d67f2e56a828906232832c400f2b6b1bf37a7198ba2679001ee65cec3374f9f693873d8a290e9ed6551b79341ed8a91f53f704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9a11d436fe042e1a60f64084aefadbda

SHA1
5d2963212003555a8bca16f746654b8b02957565

SHA256
0a897465749b8ffe38e1dc20f1d11101cc4bdabc2d332f0c46988e8b8ebd84ea

SHA512
369379dd2b1735389f8547e70ade12e89eff816d6f18f5f5fa1aaa05b337a2ccba76f2d278906b54d18765d704c4427c8e698c3902f63ed47b78181825d2c184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9a13baf0167a4c74c3bb18b1384ee995

SHA1
85acb3bdcda3d43f469b0c8e7030c5236623efe3

SHA256
29d1738ed9b099d7e2ee47a6e64e329bea25eb75de80270d03dd1f05b68d0970

SHA512
a03ca3214e994f9c1a837097516908d9b1235841f412bc7b38ed8279322acac21904ceafc5a6d855d54bf4da842a0dee5ef5df476d5c0082a6218c9fe2a0c6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
86KB

MD5
21b99db6353764fcff850ed4de1489ee

SHA1
e1771dc14a7d394e89c3a222993ce56c86f44236

SHA256
0791bfd5c9dad4b28433efe5937084a816644a47560926dae6831452468c718b

SHA512
c92d27c11455e82d60302a0c206e711400f1a74f91473ff1a710453d4a23aa7e4f5632e349c12e4d6b3572a03f0171495bf4782c4ec67101c705b570ed76de4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
44KB

MD5
4829199e6a5f896653a07f378f420e20

SHA1
ea33810361856e36459b0da1d93267c6252b25fc

SHA256
f5d8f9bc07f91b59566bbcfa3c572d6d2ba2f35432b9ab89bcd7ad343cc61ebc

SHA512
83ba69988097dd4a39a19136ca5e68d0116305cc1d04fc519f59cb208ec0e8e5e592abe8fc9badffc701fc56bb6aa293c4089261f4d4a9b3d616026f000f48b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
20KB

MD5
38e28801d3222ef034410dc0a4b8e8cf

SHA1
deab3f7e5c3c0b90b79427591c67026efd10eeb3

SHA256
fd99ab7987ab298eb69e512dd4694493749969d8ff3094dcf79563139ac6c927

SHA512
8564809bd64a30db808d1ba061226ca41edd445f25cb388cca6835b9552bf12204a45f241cbf037c9ed1b0dc63ebdbe368e3a7a4e5814b625bdd8d691705e6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
24KB

MD5
e0210d118b3139c5c77b0a3cdf07240c

SHA1
520912218ff8fb26d188dafe6eb7d53e4a1347b8

SHA256
09afbb320f0230e85ca0b2ad49ca106b3cc9bbacd2e45bb4e8faed3a3fe93444

SHA512
dd11395f2f830af1571beb0293e78a4ef01c252371194bf0e8154d6494d951e44b0e34219ab52ec8cc8ed47eed88b99592e9fbfe2c8d4cd65e26faa257a64550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
28KB

MD5
6b4ca20e99beb91b47fd15e3c5ecd0a0

SHA1
fbbe3dd38cffebfa724618fd828d09826d815d1e

SHA256
4797fc1497acce42c03a13d933704c3a1620f9fe53aedbc7f57d5f1531f9d528

SHA512
ce267fc8c7767769291f11b451c17ce2245d26f8530efe0d2129e83f00ca6f35635278555442a2b936934762d333b83b3babddf82e324ab1571df580439a823e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
64KB

MD5
686e413047e96460e648d435f3d71f98

SHA1
e570fe47edc508fc5a53eec2c785c7133a363361

SHA256
9f0d1a0165dab2f9b3d85527aa9d71a56389088dfacefba7e579a8cb0c3f268d

SHA512
4bee95872539619db51f7c6d4d13b064d70e6bae5ac186f884ad409e104765dcca14f4f589df8b41ba8719acb44e277f4281dfcf65d1f9c8c5af6e3f0cf15848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
Filesize
59KB

MD5
99adec199701191fda80529b0506e475

SHA1
ba63a6135825ed9f463762fdb1fe8e4a3cab26e7

SHA256
86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b

SHA512
c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
90KB

MD5
e8621835d110d25b5cdf4aeec547edd5

SHA1
79c67b34282f07bfb65ba93e881c69339629af0b

SHA256
a9c67d4f76abdef539338c3421940e11785a1523f2c5ad712c5a2673cb6574ef

SHA512
f82f720e5b2a372866929877e0f920c961cb7e3b58aa138cd19412de9cf5bb09922ebcae9bf99b7f73c4bec277c736f73f7954668cd0fa1c11801e4970acad3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
67KB

MD5
e4619ee8863ed75103fd55d752037036

SHA1
3b69c3f48b9c35049e09a0f2724cbd48ceea5642

SHA256
bb9153c3317dd6fcac3c6049b0d82bb968a8b60fb99517fd4e367ab61a052bf6

SHA512
bf0e1921334e3ac48fff7b9275f318d7fcdd6d9a120f721d95c8d8e26abd903b491d4c53465aeae43a9e92468403c759bb1ee68f344f8a54eba67cc1e1b1abf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
75KB

MD5
0049e2c4454a1b88d7e5232ce501274e

SHA1
562dff86ef5302b31a35f3335b94f2120f83c3ea

SHA256
97977d6df3ba89444d76c5a05e1923ab4722e3c4a9c8d04cca207493fd2e5532

SHA512
34addbbd3ebc57bf1b6c39d876211d8756bc74decc658c8a64d253414b93ebb7b394837ccd7b2fca7772794f114443548f7b98c8a023cab3a286150bc8fe7ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
67KB

MD5
5acf92eb588a05e340f8ef807ae63ba8

SHA1
df6abd6381966bd559305028c1c45b0c2760c716

SHA256
f00900ef735841d8fcf1f0994f51bb16025958b5e4719d1c81dc74d7d08f7434

SHA512
c5b0ae0b6bab3c772d630d23e0d8009ed59e350bd2f5c98f026a90fe9b4b211779f3536050a64ea53d3ca8f290c77ab8626bfe590c09f3e90e452d8d8586bb9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
Filesize
20KB

MD5
e68c49fd30b218d571e5435773c46d89

SHA1
0107595579b3d17c8cc585b8a3b08ca7ad1814b9

SHA256
d1fc73a52c9ee2f44fe2bb46b0dce37af0a9709bb1c1c2992bf435d3aad7bda6

SHA512
ebf8476180427406119f6760919be8983f1fa322df3982a8fd7d81bd0b26ebc4505048d4e4cc281aafeb5046211c458637f11e8911a8fcd277019ab7e1c9e247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
Filesize
30KB

MD5
c3caa237ff99a1e55d7fbdb3f48b10f3

SHA1
a31ee58ddeec33770613cbfb6f7418cd94e07ade

SHA256
13a06d8b3e97713b984a16b8dc8e4e80fe59890bf88791aca961e8a54911fe93

SHA512
ed93ded04db5accef80e0fc3d45197ff8a0e031a23a901ba2cd2611d4ec96bd6208c9ef7f0ba79e3f0b9beaf927b674a7dce1fd1f58b3762fb70476817271230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
Filesize
21KB

MD5
b6224efebeb8354b04c920a19ae75087

SHA1
5ddb919329e668a44892b16e4a4ba01b00ff0afa

SHA256
f7233044dee9649f804970594e1e7a2435d5fa362e1ec88ae8b5ec5545a2253a

SHA512
83c68eabb6febf1d04a46ef7919ef12ffb56d88f7a8887bc20b2a8df5c337269acd228089edea65d4d2abb2bda1dee2478c626ac68308f5405ee691a3b1e1f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
Filesize
29KB

MD5
55966d309d023bc6f40b08786ad2f9ba

SHA1
4459adb0b74b3483b1f661f015db183938e42dab

SHA256
d83f88c5d5a849b7cd32403809ec38de91793dd6b9a4f9edbe625b3f98269322

SHA512
05a4afbed6e6e8c50f9a493a54c2f247f5bcd8910181f1dab37747498c34d1fb0f31e1ec526275334c3b2b0b78b61e79adc7d33c909968e784b8445709b9252d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
20KB

MD5
584f52a96aab6de9f2eec20e433cafea

SHA1
06cf2045e966787f71b070c8829eb3b206485b3e

SHA256
5ad1ff39ed7ac284a9c7769b0e0bb4fd76c8000e4fda8e783facb55d31ff00bd

SHA512
83a70686c5b26791b7dc8ac517480c9c4e9aadf3c7172d73f6a80b39bbc30954da0c2c6c9f3b0ffc6dfd6f289e0414109235acd3b38db21c03b564640a2693c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
40KB

MD5
0c4880fb1de7d2ef097042adee0d2d31

SHA1
ea7b12eae99f8f044352f1dd1bc4f7ea3786eecb

SHA256
506fd688cabceb56eed3a3ffaed6afe80f124c61b223b3c8cc231c74ceb5c73d

SHA512
74d5d2148505142bcfee0f99d3879a4c5baca87575026df3eac7d504b56c849f827645b83fa7fe2d64bc6bc3b53ee35ad458ba56b846b2d4a5e03996e2ddd80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
42KB

MD5
9c84bcc5829a19a39b66a469600e69ac

SHA1
cbab67ecd0a4191690079aafede10c70796f6326

SHA256
aed0f1a44515d9aeb954a1b8c80b27c6411535f84e38c774b52aa7eacccf75c6

SHA512
0ae225b5a6d038a8ffb5099f487e632f0cb1e796852c4fece019517a5f482e9c6e6e01f7d409bb563b4e8c80eb114aee2021b8dc45ff38ff385e298557a8b448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
Filesize
41KB

MD5
e0a5b5b5b60870c900d4e965d0582b5b

SHA1
324bb751461fb997107f4c2f869042b093ac3ca4

SHA256
a4658e257cd9b7c17301efa73ef9d9d66c9561ceffdbc92fb5e5b64454b87f96

SHA512
e7c17425d5a6954710393ec309e473db216db095072f64caa968b9a3e1943efa75160873c8d965ee1a36a7493816c11a59bc24c245014fb9f8e6b5d043c7455a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
40KB

MD5
dbb4a59f3dd19c1db7bf476301154821

SHA1
828e1e49fb33bd8a44497c04e70a978e6f556679

SHA256
57823a06bb8c73ff77bf3a2f6760d2ee1745be9a9a7cc5eaec3eb21b402e1915

SHA512
322bd05489a9bc800ad157c3f4151466d3c5d7c6644ef40a5504412d75eddd2921800b291ee6312cad9d5b4f8697db78dbf7503e32c52e1d1c0aa1b1b9bbb48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf779ba3.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
9edd696d14947a678e64d71df41e6881

SHA1
23efb0b110accec20370a7104f7e57ec77163029

SHA256
7fb6193dc1e39339a528f1a689f4c5ca465e977d9d8b2cc42f4f5c7c69b625e3

SHA512
5dc77816c754d4eb75c60e05e14160973482992d754e21a870b01dc53839b9475dc7ae30c48ee3616e9fd0c6fa90d78677416b4a2fb354588687a4833ea7b69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
72f90852e3034330b2578aece66ca440

SHA1
5ee176f9a9ecf4a482ac5e680311c8176c518632

SHA256
a875c9b18ed072be0cc1f0b7691c48c5aa184bc3b32b10c5341b1c9aedba3df2

SHA512
478683ec3846c38a8b385063963011a5ab103a352ba38eda7960cc31e8c049252cd216027c12e76033c09d05b2d82fb593e4cc70ee702d41b63a8b19d74f055d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
749d1f94924ca56f4100134139253fcb

SHA1
9f5c1d2a791d478fb37deae8bf9ca081dd0c3f4b

SHA256
a9d916ed2835e900e29a10b7ace44409ee15d0461e332346a0dfdbbf36a1294f

SHA512
cafe0acfa9a8959001293be55bdb07689b83dd94ec580f72244ae11aa8779f945cc78a95cd0f57499b4446ba5ce029beafbe7d8b5fe87b0d444a235586e96a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
357B

MD5
62057b68ea4be06a4a0794992b2b4cd1

SHA1
cc8c57409f4722a4dfb2bac6b2c92d20214947ab

SHA256
9712c5a252512711492edadc235f9db794b57b36c08fa1461e88d1588e0809e8

SHA512
74ebfb1cf0215975875f6228db580506ae010db9cc8f4c6e542967ce9bf1ce202c0ff2cb936bb04ae0ac2ae632279cc8a47ad091e434722675c137cc516c84e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
f324bcfc19c325b1ce1d3d5b5b5de309

SHA1
4f2f86bfb0d7f66c52bbe80ac785f6a76bcb6db6

SHA256
14b1d02cd7e89fec601ccb9186922879ea2498e6da41eacf52aebd7a38a22643

SHA512
408740c805d7e7ce58a4c26847c60278b7b1f10203fc851b4951cc478f0ffcc4a5b0002b89b0b6d5c8401b749e08218dbaa5166124d9c0b0b95c28786e0500ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a2e0488e92b07f9effa1be597fea26ce

SHA1
a5eece0a03bf27d261c359318219d92206cb42a8

SHA256
1ff3b6ab0fcd0dbae1589bca1d3a3a083b110f441997cf6696a453e2d277c2a1

SHA512
014e6f538e85e535d62e72d35ba280e6d5ca7530a3e5c66468b9f8b225829e6d47905962317dac6b605bc16aa9e19e2b5cdaf155ffae6c33ea39b154c820f14b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
c887de5c433d92f798f6d80e3f74bdf0

SHA1
c21bb82a7bf6140916297e16d69f38293dbd0bf4

SHA256
3649807b88c0fbdb07679524c1ba68fe6b0f0b053e3f6fe531a067a482a54686

SHA512
5eb8b1fd3952b19c6a643ee801ca4c781483b15c7e98f12620255059051810ff5c85e113ecca29035e82382cccf8df574162420dc0e5c80c4498667755f2d663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d6ab2dcc44562a684c945f637a894d29

SHA1
71b7b6a3768c81ae4de6a6661d0ee7cd90015bf6

SHA256
498adf5cd9397856e0ebd667523fe921774ca6846ed659736dae698aad9b6d43

SHA512
b3b3d77996042f31067fb95818049134da963fcba2ffc16bfeb96dc2b9ef740792cc7c6de2889be7a741457755dd04e37598eace058efe64763492a5f7e7c15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4ba5e37d3d775973bfd7b7e46e8a94af

SHA1
ad3be8060b1b237891c6724c2d7a8aa876ca8f5d

SHA256
c13a8f9285feea29234cf2289f83b4b2a5f8e310970c4049aa5cdefc56121580

SHA512
91870cdc61657e5d6b127d80eda36e62cf7417b6dee5986d4373b737e02bb69b32c91af10f6ce790c7db28165af0db36fb47b7d4e187db58fd15957268b0be03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
2743adeb13da7f45ffbc89608752dae4

SHA1
c502255459397de05748ce2f49e758121c79cd6c

SHA256
bcfc32dcd23d15f2d39a3dffd05cd889e49fdbd3ea6e585975eeec488daa4d45

SHA512
e13b453975b0081f26c859e03b93cbb61f5d933b972100fcf7edab41ed3f3af99a48b5ffebe9104e070e8b5df87e148d80aaa351af5aecaf913774856651aaec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ce8642375c0d132a2ad72809c3e0934e

SHA1
d5f90e627ece663aaf272658a02ab7e7b75bdec6

SHA256
9559680a01e393ea17f1170661f5b95b13a0f504584f76cfd6f9b2fd9460c8ae

SHA512
789cf9e500e36d1a7a342a8b6b9a52bce7ea6d4e1c6de68a67209b9ee72e6df457ed7ae31616e204063c88d0683d62a65025be12825022b9a54fcfe93afbc0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
74KB

MD5
e8299e9882d7ef75ae15ee8caf2b7bff

SHA1
4cbd2dbd251613e29520480270f33c9e37df5ede

SHA256
e2d53e19960dd5c0058f470985b7c0b2ae74de191210b8c395adeaecf943f872

SHA512
e9816aced8f2372f0b180c4b7a0ad6222c0b8e3cfc55a689f07dae6686ae6444273bb7a043639143b236c4ac1c013fa0893bd23420bbb1977aecfd2763cfac24

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO03AE7B16\SynapseXBootstrapper.exe
Filesize
3.1MB

MD5
9434a1822088cedbce057d280c235864

SHA1
c09173a18e5ae2d9d38bd4d3d196adf1423f924e

SHA256
de29011246319ec8b60774d8c4cad4e8299e27eba6dc7699cd257fbdda338336

SHA512
7461b706ef796abc96d7f2549091061910fdf81a77ae0f8d0c20c5de870164410f5dd3b68e3e33a5bb9b77c3ccf59fd787164530b6d2d03688d4dceccb4fb632

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar33F3.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 524484.crdownload
Filesize
5.4MB

MD5
cfefb36838560b726b44c5eb64bc55f6

SHA1
28b9646a5d6e9aecf4b6cdf6bb97fe30f18900f3

SHA256
eb02f21fab1f3bd916d086a5129c7d9aa39027cab9b61e93866e0bfb0724d85a

SHA512
732173841815647fe8d3fa758669afebcf9e754c93ed1722b4d4119d04f6a5297ca6177ee1c777b3302ff6f72a810a037b2d344c66ba6086af791ed8a50c9519

Download Submit
\??\pipe\crashpad_1844_FHLCJJVRZNQMLJLR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2452-41-0x0000000000840000-0x0000000000B64000-memory.dmp

Filesize
3.1MB

Download
memory/2720-139-0x0000000000800000-0x0000000000B24000-memory.dmp

Filesize
3.1MB

Download
memory/2744-35-0x00000000010B0000-0x00000000013D4000-memory.dmp

Filesize
3.1MB

Download