Malware Analysis Report

2024-11-13 16:19

Sample ID 240825-rhfkpsybnb
Target SeroXen-main.zip
SHA256 424691c17ca850f4b9d390a795b5c416f3df3c37f223c90fcc8544344ae86b5d
Tags
agilenet quasar discovery evasion spyware themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

424691c17ca850f4b9d390a795b5c416f3df3c37f223c90fcc8544344ae86b5d

Threat Level: Known bad

The file SeroXen-main.zip was found to be: Known bad.

Malicious Activity Summary

agilenet quasar discovery evasion spyware themida trojan

Quasar family

Quasar RAT

Quasar payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Obfuscated with Agile.Net obfuscator

Checks BIOS information in registry

Themida packer

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Browser Information Discovery

Unsigned PE

System Network Configuration Discovery: Internet Connection Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Runs ping.exe

Modifies registry class

NTFS ADS

Kills process with taskkill

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 14:11

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 14:11

Reported

2024-08-25 14:21

Platform

win11-20240802-en

Max time kernel

569s

Max time network

569s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SeroXen-main.zip

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Browser Information Discovery

discovery

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690687193023748" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\SeroXen-main\bin\Quasar.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4732 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4732 wrote to memory of 4848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SeroXen-main.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffbd6f6cc40,0x7ffbd6f6cc4c,0x7ffbd6f6cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4764 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff723ce4698,0x7ff723ce46a4,0x7ff723ce46b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4668 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4952,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3376,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5000,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4788,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3368,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3760,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4996 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe

"C:\Users\Admin\Desktop\SeroXen-main\SeroXen.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3548,i,2867160821799762028,8780356320327163402,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4916 /prefetch:8

C:\Users\Admin\Desktop\SeroXen-main\bin\Quasar.exe

"C:\Users\Admin\Desktop\SeroXen-main\bin\Quasar.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 127.0.0.1 -n 4 > nul & taskill /F /IM "SeroXen.exe" & taskill /F /IM "SeroXen HWID Reset.exe" & taskill /F /IM "SeroXen Toolkit.exe" & rmdir /s /q %userprofile%\AppData\Local\SeroXen & rmdir /s /q %userprofile%\AppData\Local\SeroXen & del /f %userprofile%\Desktop\SeroXen.lnk & taskkill /F /IM "SeroXen.exe" & taskkill /F /IM "SeroXen HWID Reset.exe" & taskkill /F /IM "SeroXen Toolkit.exe" & rmdir /s /q "C:\Users\Admin\Desktop\SeroXen-main" & rmdir /s /q "C:\Users\Admin\Desktop\SeroXen-main" & exit

C:\Windows\system32\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\system32\taskkill.exe

taskkill /F /IM "SeroXen.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM "SeroXen HWID Reset.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM "SeroXen Toolkit.exe"

Network

Country Destination Domain Proto
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 172.217.18.206:443 clients2.google.com udp
FR 172.217.18.206:443 clients2.google.com tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 172.217.18.206:443 clients2.google.com udp
FR 172.217.18.206:443 clients2.google.com tcp
US 216.239.32.3:443 beacons2.gvt2.com tcp
US 216.239.32.3:443 beacons2.gvt2.com udp
FR 172.217.20.163:443 beacons3.gvt2.com tcp
FR 172.217.20.163:443 beacons3.gvt2.com udp

Files

\??\pipe\crashpad_4732_TDJIMERXTYNYSGWX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 da2bafe48e3dee2e67e0555b4a7820c0
SHA1 11fc827b069acf1b718d90bc7caf372ef4dbedc1
SHA256 e05029d5e0d7453fa405dd06aa0b1c633474d21212d000356f09621ba06b86f8
SHA512 89810e95440da8245cadd949043285700b537ec4bd7e90e2d263b70f45fd30bd168b7bde163a251b780653b96fcbca5dd8ebb8b12ce09a452633c3277a1417a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b5e016466ef85e94f67003fbbd044c07
SHA1 dd691f35dbf47d29cf629cab58e8567e279e4e2f
SHA256 52cd91dba00bc47c01c5829d59dee1aaf9893f08e86adf8dc0df89c70f519a40
SHA512 59ea6de19cd6805f8e484eb97423f08fd94a45f477a5326bc55bcda41ddc63edd70f655f631a61f53ae5bf8baa2087f8ffcf3310a33ad3d8b69183f9d31959a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c9d79289-e246-40a8-9213-a359a17296b5.tmp

MD5 65fb69f1032212343f1413bc06fa8293
SHA1 3e60597681ce0d2ddf55f5e6d91279a1865a4447
SHA256 c5555439fc7bbaa8cd29745a977a520ef80223eb41711bc5d4c78c77bbcf5e3c
SHA512 60b9bf4c6a791abaa7a6d74896b5e5a7714f8cad03a51e8a333a812a4919744602ca792926da1ec17bcf2c0ed0fe7bff4e7b60c14e5864ae5e7e02fcf4f5eefe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e12ebff3ee45c7fb640de5b2a03e65e
SHA1 f41287ba7d7946d00b66d6896a2b13cdc0cc45ac
SHA256 4efec8671431f924e056d6c8218932ca2f1bd800ba638c636cb632e1cdada343
SHA512 631d267529f628457b73fd260685da76de32f239e6a2ca81bf730f7106137de76c8f919e92ec293276f87f6935e2057b1862da2ccc8e6f2b76d6e87aefdd35ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c1113440650405c0f1b4d0266f51d8bf
SHA1 bdd172e0abb415fb6eccd628baec788da278abcf
SHA256 22264f1bdbac1b17ff5bca8ea9baeba1dabd7f301b422d372f2ab94c9527cb02
SHA512 63f0bcd6c17d57c4abc180aba4a9d596d4df83bac7f2d7f2aea0c72abc82fca89a2ddeaec2256aa27aae01d7b0e62a00fdcc3a59b78dfd64fcb9797d94177934

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52f0a60eee464bea084f7973a1e0a057
SHA1 dccf4905b701daf8adcb5c993805958efd0ea07c
SHA256 df926ff5ad449d3d74ea5d077a1ee3b6acfbd8181bac2bb71b5897f8d96b22e5
SHA512 6012f175c983f8ca27112d0805e48c38dd6fbd082b130e21ea3b86e195fc1fba1fb90493de43d8633d0f1079ebfff7b33b4866f88755c72c142471b050bcd47c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0df626bd3205750700654627dd48e76
SHA1 d9e348f3e827951b40f6aec18d13523e59bf3b0a
SHA256 c4614aa715f2b5ce0ca30649a556bf20e06cc16cc318d7568ac98739c656c0dd
SHA512 f553efc200eb8ab6df3eda90b64015ffe987215723b795892d50a04d77d14b7b2a1893acd9ab07b5eee4ac07c63c191cd9945cf53a72c13e357598f85fe85c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b45c8deceb0aaac419c23459177575ed
SHA1 79abde7bd3c4cb9a4fb4426bf8d557210b157031
SHA256 41044265ff1c2666f2b73c01d21a198167239e89c91a83cb0173ed59d3e3638e
SHA512 ff7dfae964dea1e8e1c2613494fc12e4ae4a0c5de187c9e6414597c542d9380001f4a90eaccfdcbe8a0f343a78921396c803802482cb3af9b5b946973d729eb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9201ace524a636172f212fd5c2d3b9d6
SHA1 367e79146574ed5b3390deffe97f7da9a58d04d4
SHA256 7a0ce9dd09b9510f5b35701d5f7060c3afe1b4ba66c93a16b752dad1b4a96634
SHA512 67142ae9b643ecc7c5e37a2d6ba64c1c571d512990998144ebcb93caa7e529812a25e485eb6dd30d3f7081885703e644e1c469a473764ef232542ad944ecddac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 624a17ac92cf1ee3b023003d171d9d9a
SHA1 c77a7846a1a476d4c770734996cd6ecf4c8bf6c5
SHA256 0158ae988cb1b5f492b1e1c84421de37b454bcd273d57661e26e13829e78dada
SHA512 af254324a00f2db2c4d196a303fae935b18b65ea9bb958888443787038f840086b7b1a4200ce347f68439d288dc90a7213d247556677073b51d23e058bacab77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e95597335baf150d66fb599b5a522b79
SHA1 8b6e51d45b8737ca27ccd5acf2c83e15b032dc22
SHA256 cf8671a0c771ce886bd7de18bfa78514caaa159e91b648abec3222ccd0eb1f52
SHA512 53923587557e249422648ff8554d3fc252795a1769cd50cf0623ce9adce40e40c7887ad69fd51fc14ab212460fdf9110b521f42f14ddbd825d8bd86fb6be4ea1

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

MD5 13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1 c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 21a33e945cef1dcd25073de2e7ce5cad
SHA1 4408ffb59d8b3d356ba8c82aeb6b2b6f0bd1603b
SHA256 e348925e8cf2b6d8261e1d716ef785230705a1257dcb539c7e7c66a53a2589bc
SHA512 6cb42deb4b64f2a20a883ac082fe77cb444ec47a9f51741ccdd5209f57e736be7fbc401f0b45f4df1b9f3a509485e5c710ddb3e075761dbf58553cd6dc85aa17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c7fad9dfc27643d4851d42f5490e31a
SHA1 0af0a86ac7d9e95ae53ccf584e0dd6674d86da5c
SHA256 1b7c41029ec7c5cf3fe453d043ae51d8fe60d03266096e71540984ec6021c9c7
SHA512 0bf6be2fa062a8a60f580178beef3f6c9e90619e2796ec92fe23376f099e9d4be1fa06df876920f8d4cfb41079ec4f72a271d5ce043c6c8688a90940ea0eb98b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a4936d67d4d2fa6a7057a68e8900ec41
SHA1 b960afc91b701711ffef2b74885f625737f597df
SHA256 4320450d171161e772329c3f525ef5ef63cb694ded434a8b6d24e5cc178b3406
SHA512 9b47f0bdfb680d17aba75fbfe86e0e97294bc7fe082cbdf873bd4c2b3eaa8199a67db27193fb7f2d70aecb8f2cdb266e6cf999da69eb2db5b0583ef0b8de6fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2997e586db0004170e0600968e3ecf8f
SHA1 4cb0e02de746111f74b4dba4cd6521e0bd804d1a
SHA256 efa33a2199203594e3c0f7bf3e78f5cc9d2c2f2830f69a06bc1c07123ccf2a54
SHA512 b89f03daf66e30ebed259b24b8ebdced81963692cf8d06a90eac7d15ed86d8a0eb59afa4ffdfa493a60e66e23af996951b0ae638d042398d76c7f56366791abd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 238c0bbe5216ebac4aa0e69fbd26c1ca
SHA1 fdcd0667e683b87419aedd6f0b8c213e04ca89cd
SHA256 24d12726aff36679f6012bef6e3f66fdd62d0fbb4b7bc3a41f2a6756e5526543
SHA512 282e09493c77a779e4f095c89646b92473d04d512b0ec0ea815220dd1136e83af6267c1e58e42dc1eef28353a4ac8ded5388f4ce8ef8f40acd28cdb3915e1c7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd4e9ceaafed1f0630d440345a60527a
SHA1 f3a57bbb7a36cfe6c75c44d6574b72abe122708a
SHA256 0a6dc00ad794ff9175c2a7ec9d8352b064b9f6d356d623e8dcdde7d2eac8de66
SHA512 4821f97b3722b9be902022b2c06469e08e7fe5728ff55807c55d96e305c6d036c6c59ce1c107533d93e2a237ba8cfc567f9bdc65e1f491451bb58a6622d8eac0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b2d3873e8f4f0b4c96bcdd560f05cfd
SHA1 db1ef32da51a9834f8b39370c564ac3ec1344878
SHA256 baf9965aafbc957ac226c5fdac3a2cdeddb1afe8c75e713ab4bafbd26c7965de
SHA512 c501fefa03fbcadf0b35e674dcfefeb55e7855b2376a3e8666215f8226893a458cc463191c5ac914876b80e421a5f95a1f10f5cfa00289b03ef94042d5fd64de

memory/3448-519-0x0000020163AB0000-0x0000020164032000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\49979061-04bb-41a9-8625-de2d15652f02\AgileDotNetRT64.dll

MD5 e3bd88b3c3e9b33dfa72c814f8826cff
SHA1 6d220c9eb7ee695f2b9dec261941bed59cac15e4
SHA256 28e9458a43e5d86a341590eaa83d0da18c29fce81f2383d84bda484e049a1796
SHA512 fcb7e384b5bda0f810c4b6190a991bd066eedfc8fc97af9837cda1ba480385c8bc09bd703c1029f9d8d8a3eea3dbc03af97b014b4713a4ceea6ad6ae85b3b6e9

memory/3448-527-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

memory/3448-528-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

memory/3448-529-0x00007FFBBFFC0000-0x00007FFBC010F000-memory.dmp

memory/3448-531-0x000002017E690000-0x000002017E6CE000-memory.dmp

memory/3448-530-0x0000020165CB0000-0x0000020165CEC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a112f2cfcc69d977f7766c5beb8935b
SHA1 c304f0ce008de3fac148f5d89c391b065d718407
SHA256 d4081c1ef9a37b1e5c9ce5a41263f9a5de6f8162de9db0e8ae7a036a6662b0fd
SHA512 72613f45f60a0290b6fe9bc9360aedc328c28e76ab9d81d44f2b7ba12b4e06940c9524b329031ab554fa3bb53ff60f26282f54c51e9977886679dd19e3e48ecf

memory/3448-542-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

memory/5112-559-0x000001C93E580000-0x000001C93E6B8000-memory.dmp

memory/5112-560-0x000001C9402E0000-0x000001C9402F6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bcc27aceb1181cec3fffab5420e77e2
SHA1 13c0e2e5c384ef97ed511ca1f1d3ffaeae2433b9
SHA256 26d49fad5521b80d4a0f58e905cc78627063cbd9acc43b2e15cd1114902d2a6b
SHA512 90f0549bfa7270506a4483f638cc1dde0cdc147a86107539a4820dc479da5e6eed73efda5e53eb56369977b889f3435efc1cd7126fe465d8cc09d4788322b000

memory/5112-571-0x000001C95B290000-0x000001C95B552000-memory.dmp

memory/3448-574-0x00007FFBBB1E0000-0x00007FFBBBA3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1f971908459c9d561317f2fee239aa3d
SHA1 f5fc6ef2eedbe0351963d6a49d01c80a5a320797
SHA256 30dd3cb962e59f3ebf10f55694db5cb61543723aac5d59d850051412cd515db9
SHA512 78779e375f933e563357acbaf6120e6a60d3c4c9fca785bc9f84e693c25eb3eebfe0e2926638e4a6d06ea270933e9b9787ecc95da0fee4ebd4a8e98465da40dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92cdf8c9faf02dbfdce528dc678516c3
SHA1 a9a00267203b7e14b5c10abfba1bc93fe9d633dd
SHA256 51ed38d055e03fc1007acad61abd8be2e0eb5807166f2eacb00b1c11a2c9a119
SHA512 88051d403aab21abb33679315c3eec379ce6b1458c6c67744f5f096e4fb611e77f6a6e760d663c0e84e3e322b9dd3db2eadba567aa5a5be65da95c8649521373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e9a6d4dae5ea6d570a3afc6d29b5249
SHA1 52a58a4db15605792d5e129dde4f0482e1a47c18
SHA256 49f5fe1f6092a2caeff8c15a6218dfc6a4578a88615e3a500ad34123a62ed4ec
SHA512 53a421abbc844afea8cb820ee633fbd82aee92bc9ee22fcadc7dcd9854f11d2545b3da2cbc7f767c031a9ae2c0829f882519766a70960121a0bb386c6e687141

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6541ad9c333ce3fdda23ae01caf33981
SHA1 fabc2675dd67ff181010614a7e76ba87de1b0096
SHA256 8b7c2ae32228d8f52416c91fd0ca49439dbe8f6e86388c495c052068af7f7c3e
SHA512 a5cb294a1e8f57570650941763febb852de874a71b9a16dc32a052e7856fef840438a19bcb69d14ed249ef58b85081e6ef9ba43b60deebde5dff1148ad75e33c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86773f0febfb0245adab4a3a01124ff6
SHA1 28c1e335daf61b34edf4736fdaaaaa14dbf823c8
SHA256 f3bb09db58e08d5f8b99ba6658eae19cb5eacf54c2b2ee25a1ff55b0bca9b790
SHA512 f2217c21debf6ea959eeb937ecb631316f21a8937e57ae0bca5a6c2e1e79eb5443506744c9fa4de0adf942c424afb10574e5e7210b4a64253728c84be510a02c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae3e54b41789fee14780e7c2f1289ab3
SHA1 05b780b178d0f8edb806c91c4f4324586e6bb7f1
SHA256 6bed6b3ce0f6cef89366b8b02bfda76cf20fb77e4fad935e3096c9e5fdf48b63
SHA512 7398fc6ccd59e1bc9c3550df6f5102508a87e6cc57dc2c2f42b1d4e96a95393482b93436cb341ff0475268058caf15d78ec944e1c8ac635d18b0b3aabd3ceb51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 92489791880feee49ba3b0c441e7635d
SHA1 98eb40508be3c880e30ca01ff6913b09349d888e
SHA256 f7ffe6cb665dc0c6e7ff7f47c530a557a5aa0d5c5a87b57c8820930b75e4c6be
SHA512 b5fbca9470efbdfeea2f7f467d42b499cc330914ca8489a67ae05fbff003803857fcbe3bc3a0a01bf8ce1844647f7252aa2e530427c17e212d354e03b7ace7b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de619e1770b8e1c9bddbf9d20b3e96fb
SHA1 4ff44a889e37efc1468046fccb32f28aa45b2990
SHA256 a33c745234718f3582ff01abaa56749aad7bd72a3df55aaf3cc59e43e8dceba1
SHA512 45b0b3e3d3de61c945e6377e18b731df2250c1556ab47ad224038fa0451d92329d42a41ebe99351109d82351e3e8f3d1371b79570cb03821bcb6b8b06a3629aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 345539188ab01f322a5db6e6ff9b6cfd
SHA1 31e40c8168c057768f8a6e1f15f569b7f1c45008
SHA256 eea58de46de4131fc9429d81c046d146008522eb243855dc9be08678f1643d17
SHA512 0c19ee9b9a9439cf490429a533944ddaff87bc8a28ccf0553e6aca173edd64d87cc82e8072495dc7a0830a758b95b523d3b39fe6c8baa160a2ceffebc0d416da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ad200e09a22f2a692cd232f7b239ea2
SHA1 6d544618f00f77e98cf70e90fce319109e0b1671
SHA256 09a260bb85e93e29f20689e01972328a933010117782bbdc071234b1f537daab
SHA512 14c712e0f8230722bd5c0e91756c85d80a1b96dfb426c386fd00cfbc9e7ee80b30e354bf032538947cf3cbe3a8ebdb256c3fc351711d590fe564418a543b14ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ef25c5544af8875abbdfc566448693de
SHA1 9960f8efe5344fa700a00ddd5d210c583539da4c
SHA256 fc0f72a700bc5c5f5d8344c8652ff41804da3b1cfb7f32566da5ee34d35dd2c0
SHA512 b7af5b4ea8649b181d6da9db19a4b3bed9847906a711bc19b6a1e39d6b6b2a2a627cd1c4bb3b38b8217c677cdabcd9512e52d37c654f763ca848c96256be5690

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 628a337e9a47e6b56d3b5933de0ff686
SHA1 a3c9c8fac8feaa967eb75c7b763bd9a80f21d1a3
SHA256 069a9af82c04a29ab814fec2b819e2e70fc312d28695010d965918cdf266b2a6
SHA512 ecae1d38725140f513ec1c89644f5f42a0b49d883dfac33acadac9bf3fafded78e0d6fafc7788bd42a3c31f546b666813e5d5d7b2f7f22bfd8e1f55c72995ade

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b15433435f8dd781ecc4150c0ab995be
SHA1 4f12540d40664f6f61b4f82bade619e1a0b4d7f7
SHA256 8bca777cba1bf9110476470159f98a882ea1f6ac1df6c5f24da552532f9b24b2
SHA512 db0be2768bbe013360f41b9c21b61a9973c6894708c9a82c16fdf58623061972e179e4d6c9605e5134304b60408011575421df0eabcfae43011e400c790f2edd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6d54ff59d3016dbd1aa1990034a2ae2
SHA1 650367b3844b96ca20efcf0da6334da9394edd9f
SHA256 dbd5e88f6305da0b287e727c1aa04d18d94f2ace25a3cd35760591cbf8648d88
SHA512 87b38f77f260ddad07130f455fdf523bb13827e2d61e67bd6a015870694c34f82f6c403e12ead3a383608560d273b8d04beef06eb56c4694892afa2555dcd8ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a880268d2285c4c5ae8c9082e4ffe965
SHA1 2df0e4e69e77f47b8822afb120558fd354be640c
SHA256 14b0847a3aa7e3ed3cbe0fcb8039e2e5134074f9daad97f43145bbfe0fb3f383
SHA512 fe86f2b7811f03ea959b6eba12585b26aa4c712740ca71f4b8f21a3515c38b0d77bc92664faae7ff29940d470e8683462ec93e1447d4fb104c2cdde62f0849df