xenorat | hxxps://github[.]com/M1W9690/Vape-V4-Cracked-free/releases/tag/VapeClient

Analysis

max time kernel
433s
max time network
428s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/M1W9690/Vape-V4-Cracked-free/releases/tag/VapeClient

Score

10^/10

xenorat discovery persistence rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
676	Vape.Ghost.Client.exe
3644	Vape.Ghost.Client.exe
5968	AUTOCL~1.EXE
5232	AUTOCL~1.EXE
1672	BHUEKQ~1.EXE
5476	BHUEKQ~1.EXE

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	Vape.Ghost.Client.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Vape.Ghost.Client.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AUTOCL~1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AUTOCL~1.EXE

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679457598096214"	chrome.exe

Suspicious behavior: EnumeratesProcesses 61 IoCs

pid	Process
520	chrome.exe
520	chrome.exe
520	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeCreatePagefilePrivilege	520	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe
452	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 520 wrote to memory of 4552	520	chrome.exe	130
PID 520 wrote to memory of 4552	520	chrome.exe	130
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 5108	520	chrome.exe	131
PID 520 wrote to memory of 3876	520	chrome.exe	132
PID 520 wrote to memory of 3876	520	chrome.exe	132
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133
PID 520 wrote to memory of 4120	520	chrome.exe	133

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/M1W9690/Vape-V4-Cracked-free/releases/tag/VapeClient
1⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3664,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
1⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4548,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1
1⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5408,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
1⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5428,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8
1⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5948,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:8
1⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5716,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
1⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6216,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:8
1⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6236,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:1
1⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=3640,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:1
1⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=6400,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:8
1⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe6a76cc40,0x7ffe6a76cc4c,0x7ffe6a76cc58
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1980,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3664,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3136,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5228,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3364,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3140,i,14451441469942014500,11444669027938333145,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4712
- C:\Users\Admin\Downloads\Vape.Ghost.Client.exe
  "C:\Users\Admin\Downloads\Vape.Ghost.Client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:676
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AUTOCL~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AUTOCL~1.EXE
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5232
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\BHUEKQ~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\BHUEKQ~1.EXE
    3⤵
    - Executes dropped EXE
    PID:5476
- C:\Users\Admin\Downloads\Vape.Ghost.Client.exe
  "C:\Users\Admin\Downloads\Vape.Ghost.Client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3644
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5968
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BHUEKQ~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BHUEKQ~1.EXE
    3⤵
    - Executes dropped EXE
    PID:1672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6500,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:1
1⤵
PID:4156

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5968,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
1⤵
PID:5624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8b527312195f1d9c1b9287876b8bc3d7

SHA1
30a134cb95dff036b38b0b28d40f1a409f9d58a9

SHA256
debfc0d32d9c54c93dc0471b383662cdcc99bf60d4af023cef16cc7fd953627a

SHA512
908c7f171ccacb074ebf3dd0cef1459b8f0f31719d3917a66afb717e8e8d9da2bf0a07988be654975582329d5c076b13b694a0ebf01c3ceaa1160381c42f5613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5ec601071ebee8d75413dfb499b9edd5

SHA1
437ecfda67a220c1a0564dc0640f244707ed4eab

SHA256
35dc0f5a68f1ba9e62cf4ddaa4926486073fbbf35d545b4c552db8aa6805bfcb

SHA512
e38761e7a7b9b2fe37cca9c1fbd7766718ab85dab5ad2aa3db4c1012d4bdf8005b2b15433dd6b8bf2df5d7f236aaa013f8ad8b7087a22540fba0603dd231d308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
78c569497f0efa7d3e98c8447a9ee76f

SHA1
7991809fa954991cd1c97de6fe9dd7d7d5dc30c8

SHA256
c942fdca48c7d01cb1fdfe2f39b6382bf4b2e50d483bf231def4cccadef7e1da

SHA512
391cd2a98be686f7955e0f8ae5ef48fc6828ee1785caa4bbb10c9c5708f397d3270df0a6ae23e9e30c6e2844709440879ec05867cd846706bd13a49b77026069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9589e8021ebb2a8ae1563393bb995581

SHA1
7ffffbf2b4b8d783f4660d81d2bb59097f8e4ac4

SHA256
3b7facf9ae80747403a391296b0a3fc290d97c0a9e1ae78bb9c63a85151dffdb

SHA512
6a378051c5657d79ca55a487de12b969969507b6109a4987c62b6084901b7e1fe301c7ac0d8667204401c77c1942ada4d37ff69047f76b33e20670a0fb96abca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5513fb904a57d4f9d239d84f2864e50a

SHA1
79c596a1440ff240c54e2e914d3cde021d65c9ab

SHA256
7dca5b89d3f387213a56824845556b52bf55044dd20bd0bfbc25200c55560c95

SHA512
d5f64b0331fddf0704c0c74253ee138395e1052c4ad1282e01916b994fe0763b9f92f04d4e3471a4b00f52c4e8bd1330325b9d4fe675d4eca702037fa25d6fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e16907d891ba94ad640a30e8bcf9987f

SHA1
291fb2e2562e121fa0f16f8366589900a8dec044

SHA256
979b4a43a75192086f29d2275cbefeb25511136e143c294c54befbd38df17671

SHA512
dc0f13702ee81dcd3e21c8d06dff5e7e6ead580d8712073679acc3aee4310e3b888737f7b605f05b41d6c3c129f90fff6f057f08c0d793c574b823597363f40d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
2cd607e638bf16d31ff6a2942792c62f

SHA1
40dcfd53c1a33e68a1c219b8496283615c78ad31

SHA256
4c1a53f94d2941eada4656fcb3d45bde352417d6826c21f3f4d81b0e8f2115ef

SHA512
d5f9c4e772afa1d2becd46bd6953bbce7889d4d117d3127048465dff0725b16248eee67ab488e802e74848e710ff117714c97438cd4bcb434b387ac821a06b2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
ff1cd406df4653973ff66baa7130225e

SHA1
dab1bb36e931e86040e911144323f5a1cfa4e971

SHA256
e4523e450847e837ab950882885c2f12eb9b3b600d1f5c6400c473df84d45202

SHA512
7cfab10510cc6e7b388931349ff85b24da91256c550616352998e23e8f7e14cf02253bd5068a4564c10be97cffe39d7d338636ca12948a093249c157565b71a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
8eba1728f37cb6e6356361c1d9497282

SHA1
946d35d7bbed9228882c8d851e7d26af63613489

SHA256
12bcb6c34629e02528b905e2fbc21fd89277202962082a9a972323a58d84c8c4

SHA512
3356caa9f7e58808834aa753b0d1e4c4c71176fb40932601fbed6a97d9015560540dc3a2c9567f6ec1423aed00e2e891895ff7d52671686724a79b6184499b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9b1f70ee5bfae14adb8a29ff3939a89

SHA1
92ce112bb85a95112189c6abb6b38c110c0ac447

SHA256
a075f9c83d3cc7494c407d16ecc0190dcd28ec28e0676e2ca284b0274a286f66

SHA512
aa8b67c90edee2cac9463a6ad0c0874570a1a00d444eaecd6433d7330f9fc3d2b77e753f55dc4ed259ea693f3031b970fcb286c61d747c75639d6692a1bea051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d00135f0e7f7cdb0f0c9da853afc212

SHA1
aa2cfba717d3c996cd806c5cf40c55b202b864ce

SHA256
cb5fda8b6e81de63a8b026e77a46501a026064bf35091b4c513b10432ec6eb28

SHA512
d7603694472cc0130062fae939b2c709ec43f2cb121100faca6002a174ecbf87397e7aa735e9bf0aa158303cd0efd97413bb79bc7daea5f56de81ae54bb2535e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
664da61b80b2cba221c493da1a9fb102

SHA1
b07430a98f054801eb3d628b4be4e2a63ee0d644

SHA256
b1386772903852a4602ec469628460ccd6f6c9014b0334c90f71f45fe2930fa4

SHA512
b90fd1d90efd8720bc772141d3f6f5983d0922563963131b231d4d85c22a4487d753e16dd0624cf08f97d78d33b66de4e13ab327fc93949d415c822d8910a547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20bfdcf53bee10dbb1e4f2f3c50e9c60

SHA1
2bb9e15e7d2c137e142e86548599871e4fa5b29b

SHA256
a863cf3de3d8a552e1fac6bf2a1aeb825e69f5100f573d9524b172de3fbd0ff9

SHA512
875e36cac687da2de808b27b3baba486c17fd86b089cebceeb0b65bdf5179e36ebd88b59c55fc828caa7a0179e2a7f7c0ef1a91b527e553fd7e212992eafa9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67f9a71f73f82a6d2d48987d7304f9f5

SHA1
26d538c11ce80222b0f2f0c2a3e59a7190c34b96

SHA256
30344833bf58775dacd7c1e29662a3ca8b773cc2c9a21c7171a84ec6cb4d47a3

SHA512
46641ee6025600d504f4d01ffbd54362cbde89c277f60c867a31c802dc4d73807fbc54d72540b504e74a92355cf09267bfefef18586dd5be1adfbea646da6c68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6f17a21b917762338dc41a95aedb9a3a

SHA1
abce2947061e2ffdd6cfc14ea544938b93d31c32

SHA256
b683fa330ae31890e579e5bc56902d0b5556a4c0f322a09c5792d484f600dc5d

SHA512
e8e32f6d0e903fbfd118f05683620c5a64d0de7536ec0ec64252b90973ec80ed47c127e4581f767352eb2e00721b5f74d2e50a052de76009d498967a43ef18dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b8a03d8671f83696ef7e4a67de60fc3

SHA1
f80a0ba75992e89564b8e7e5a5ac3904ecc4fc04

SHA256
45c051b6a5ea75858aece0b52c1906f7b7d7bba37d4a29c60b6a5971737d240d

SHA512
7fd45cdef0e53565b68288b055dcb295568361a88fb9933d8a5deb3646583104b99af559c3d899891f5e0dfd919a9a8debc742131d30b9ab3b50a134f9b62f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d73abb243fe056bb3ea545b046834b8

SHA1
f221efa646bae92f592c8282a348d16f8d21a4bd

SHA256
cbf607f55849e1815ba3c16130a3b09a95968b45c7a37b7fec716b61c4aa51ae

SHA512
253465d3bb2b0b89886a5b5746051f4b9f2a1bcb7c9d0971671df850ecd3288d43e4e49a20d13ef0d9764937bcf318d3618794fb17d0d16700a11113c8ad539b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50504c38b8fb994902365fe675d01d71

SHA1
d8c444aa2f513e65245f2164b245f376115cd896

SHA256
f9341b7314af043aa79f82c0c0dc69e1149ae6eac138ce31cde1bedfb2000a08

SHA512
787c583bf814627db2ca9a0d48ad237eab5d1206dab2935371dca424d386d9be5e688d53c1953ff5f1bb10e276e08c82b75caf805d81890ed18e87fe8c92a7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7c7527339ad6fa3c6894cf78fd8a5cc7

SHA1
b14054ee3427291472ad25f9a05bddb388621c05

SHA256
9f288449f910bdd6948a4a05926b84236b407a4034e3b61eaaccd950ea5d9176

SHA512
372f203ed77e62fc6baddb486e665e3b9cbf4dd68395a9bcfb421bc21c481fab88d9efd0d291648cdcfb78a0c138c129a4a9cbbd98f77d263ba080f0f7456a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5084ed941594f5c585b9db7d1e4b5b70

SHA1
787bf99dc4822d7657829d65663336615b6e070c

SHA256
c750ce3e4aa096b83cb4af890d6ff7b182fc5deac77d103aaeb4fe0435da2e77

SHA512
32a9d9662cd30116c2dab9c6a9c8118dc69bae47eefbb4376104e5276b45ec3af7fc2deb1e1499edfd528f4123e623d4234ef62b1521e9b4f85de5811f9895bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
419ca4a987118c14b3ded897c3f003ee

SHA1
8fb85776526d922cffb321c345d5d3108b0a95f5

SHA256
cc3a41ce0efd1deca009924d7d1b92dd59001eeac5f04583eb1ddf6bf981c215

SHA512
bfc44958295e31be87bc4e6cecb643142366df0669040b44de48dc70a4bb00dc33a7d31f7e11bd08a96096a71887d3546afb261924c8eb3d161145c0ef8f30e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67f495ba669a8ca1ac0345c6e981dee8

SHA1
25dc65bbf278a43c50fe872ec65a908b4c32cafa

SHA256
557c362fbe3071d9bdfd7c1164382d5334509ba53a636386547aaa9eda1941d2

SHA512
33c515ce080fa1bd1696ed40e55b5ad7b332d6f1d13c4f31559e43cf197464ef926db4075124bf087a90dfeffe5f348fd61027b383d6c4806c6acb38fda542d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5e0630d2486de3539b183dbb464aecf6

SHA1
62ee12c7385e0edc83c7554934ee9ae1d449932c

SHA256
d7bf0b276c9ebdce4385eebc602eb1421ac3cfa14984352de0f6a78763c0fbc5

SHA512
58633f30650b419ec1aa7d298571b6ec56213136b37356bc0a93d742d45c06272c645797aaa74568d0af6f3f768edbd566455eddd96caec259af666d4f9c0796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
000ffee76cb2295755ae3cc96e4d83f8

SHA1
47b5dc9947e361eac397c0fba271e6d7cdaa8af2

SHA256
f40c5bc63e819fe27e5c95980fdbc570379156f912581771efd05084da98ca62

SHA512
c163f6e166562b6850da13a821ca97bc3a5e7e2bb05234a54be0ba2a33d214e300705db5b6476fc17966fd8839df0b7a74b05286d6f2fa1cdc0ef95086831003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
f8099de2777b5c68089217ac3a4c61bc

SHA1
65967b2553f9d2cd3f9edf6ffea3d8267f9ef9a4

SHA256
3514cae50c2aff875d7b360fabd0ea85a6c190deaa50c6287786ff7e1706d943

SHA512
4327aeb0520cfee950ed7110c079a38bb1e474a80e41f6551dfe964a9858dfc93d72eed1718e1ccd9fe4f37574f489fa52342f8c3958fcf188556f16e0719211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
7610e4265534247af23282e644b6bdcb

SHA1
dc69fe43b33eefa1806add5ff9795ed62316dc8c

SHA256
c66859519901d86440f0d92b97fe5dbf736010916a8216e6f85a5b610cdd6d0b

SHA512
058b8f6ddf2f2e550717e77323866cfa0579c99b9cff21887c23628ab8e3457b53481164037bbaa96ac36b103e22c583a608ba71a143899ebcc59905a65004f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cae11ac4eac2127beea083a681039b62

SHA1
50e48d3012581f2d8d7c95f94c8cadbfa8030a2a

SHA256
b6dffbe31be0e144f77b5c46a13c1369d3154ae12b3d2ef33170fb6a30a93ffe

SHA512
054b720ffe7bfecf7c338d3cb6ec73abd5cb9d8462e2b47b7ceea8c79c93b8cafb2671f34196399ac892eb2daea65faec69ca78556ed0cdfc4be3bf89e83c68b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AUTOCL~1.EXE

Filesize
68KB

MD5
244c234696a4a686ba7b6e4652d6200e

SHA1
09806d289fb39ed2997eadceb901ba8e2e5616e5

SHA256
2930b9f36c5719b27475da8bec4990528fc2aa55d768007b06b7d4c1cdad2654

SHA512
c40b6c8e1ec76e0018c0a15d0192e2371445a8250d42de78ccbfb3b3a100f9c21261ad7bad20ec92dada4d67ca05ae6474a9555a414167c96a1e479d93ac07f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BHUEKQ~1.EXE

Filesize
11.3MB

MD5
7fd68fb2d8aa4e6f3590e3bd4fc022ef

SHA1
ef29623916a7df347fa5407c69016a12e8d8f0bb

SHA256
14b85053b82554c954450d5010ca5cc3fc90fcdb63c0f391317d795466ddc137

SHA512
fd246076b7bbbca062ed7e8e7ec5f45c570fa36a00f7171499aaf2cd72b0443cfd9cc19683886a259e547a442073c338d558df099bca746f911a9fd84bad4bbe

Download Submit
C:\Users\Admin\Downloads\Vape.Ghost.Client.exe

Filesize
5.2MB

MD5
35df05b7c1961a0f69bd99ea78732656

SHA1
0b6c342574f28ff311232549db6c4f147db779dc

SHA256
1da503b09db301240e0e884cb784c00ac36bed73ff1589706db852fd21dc1b90

SHA512
a19686a1d3b4366091a931d2270c8c263c504106abb9b302de6c51df271cabd6523b699c37c4333135f61699d037d640f07a15e791c220ac1dd5a190eef5eb1c

Download Submit
memory/452-449-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-440-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-438-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-450-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-439-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-448-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-447-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-446-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-445-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/452-444-0x0000024FB7BB0000-0x0000024FB7BB1000-memory.dmp

Filesize
4KB

Download
memory/1672-454-0x00007FF7058A0000-0x00007FF706407000-memory.dmp

Filesize
11.4MB

Download
memory/1672-460-0x00007FF7058A0000-0x00007FF706407000-memory.dmp

Filesize
11.4MB

Download
memory/5476-457-0x00007FF60D9F0000-0x00007FF60E557000-memory.dmp

Filesize
11.4MB

Download
memory/5476-459-0x00007FF60D9F0000-0x00007FF60E557000-memory.dmp

Filesize
11.4MB

Download
memory/5968-327-0x00000000002E0000-0x00000000002F6000-memory.dmp

Filesize
88KB

Download