quasar | 0fe81f9a51cf0068408de3c3605ce2033a00bd7ec90cc9516c38f6069e06433b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-11-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kreo q zi.exe
Size

3.1MB
MD5

28ac02fc40c8f1c2a8989ee3c09a1372
SHA1

b182758b62a1482142c0fce4be78c786e08b7025
SHA256

0fe81f9a51cf0068408de3c3605ce2033a00bd7ec90cc9516c38f6069e06433b
SHA512

2cbf2f6af46e5fae8e67144e1ac70bc748036c7adb7f7810d7d7d9f255ccf5d163cce07f11fb6526f9ab61c39f28bdf2356cc315b19a61cd2115612882eab767
SSDEEP

49152:7v+lL26AaNeWgPhlmVqvMQ7XSKsxRJ6wbR3LoGdGTHHB72eh2NT:7vuL26AaNeWgPhlmVqkQ7XSKsxRJ6K

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

hola435-24858.portmap.host:24858

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/976-1-0x0000000000570000-0x0000000000894000-memory.dmp	family_quasar
behavioral1/files/0x0028000000045132-3.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
696	Client.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752218396714237"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3785588363-1079601362-4184885025-1000\{3CE11AF3-9776-4859-936D-8025FEF9D235}	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2936	schtasks.exe
720	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3824	chrome.exe
3824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	976	kreo q zi.exe
Token: SeDebugPrivilege	696	Client.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: 33	3028	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3028	AUDIODG.EXE
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe
Token: SeShutdownPrivilege	3824	chrome.exe
Token: SeCreatePagefilePrivilege	3824	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe
3824	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
696	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 2936	976	kreo q zi.exe	83
PID 976 wrote to memory of 2936	976	kreo q zi.exe	83
PID 976 wrote to memory of 696	976	kreo q zi.exe	85
PID 976 wrote to memory of 696	976	kreo q zi.exe	85
PID 696 wrote to memory of 720	696	Client.exe	86
PID 696 wrote to memory of 720	696	Client.exe	86
PID 3824 wrote to memory of 5072	3824	chrome.exe	99
PID 3824 wrote to memory of 5072	3824	chrome.exe	99
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3588	3824	chrome.exe	100
PID 3824 wrote to memory of 3644	3824	chrome.exe	101
PID 3824 wrote to memory of 3644	3824	chrome.exe	101
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102
PID 3824 wrote to memory of 1892	3824	chrome.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\kreo q zi.exe
"C:\Users\Admin\AppData\Local\Temp\kreo q zi.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:976
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2936
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:696
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb30a7cc40,0x7ffb30a7cc4c,0x7ffb30a7cc58
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4632,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3688,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4064,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5136,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4992,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5176,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5232,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5336,i,4960415451165710250,11027132778686501005,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:2180

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0b22f238-798f-480c-b9e9-3ea9939453b1.tmp

Filesize
10KB

MD5
79d566547bd9c3b45fda2a59ba198ef5

SHA1
47c6a9d765d501f527b4708e81c9520bde7311d7

SHA256
1f6838fc799b42442876ac1aaf5a64e407295d7d5ad6e3abd04acd0947906751

SHA512
a359c64977eb9db4ea789995fdc4c07902c5dbebe38e9101f723f7a1a7bcfcfb687124de879cb55321f002c564e263ee50ccd975ec90cbfec0d2999cd7d50ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5fdc348b5debafc5e055d0fe4e96006f

SHA1
fe1c97e3b3c2b3e259ba588c97a4c2152e16f468

SHA256
8746665c3af844ceb26c1bcf4222d6d8a692aa044222ae11bcdf715c01acd44a

SHA512
a7f9957384e726f9c6907945d6ece719267a65afc60eb5a05687403d2f446775ba4aa8d97c2f85ea239decfd9497fa5570fea16803faf1b2d857c551f4386e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
32KB

MD5
27d28e1ca9ba29c9692d527d8c9d5b38

SHA1
45470fd64bc00570d10b2baa537e82c4b6a177b5

SHA256
18eac61511697a508351592171e09505fa5fdd7eb1d4bd963a60aa493c15dd58

SHA512
8605fd6bbb6b714cafc33d05c02fe91f7b292013e53a84e15f4a1a75f5680f1b10d7abba900134860ad0f3b2d4f82a95b22caaad4f6421b5438ffa956ca22580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
32KB

MD5
62648e6e3910199480832b555c8418a8

SHA1
870b6a7bb756b92f3499a20f3d3fea6b320b25ab

SHA256
8631d292e0c4e26adb84ef6a8635aac042ca4615b3fb2c610c66581093ccf274

SHA512
196bfbbd286b7567480513201df291e2295eaaa361ad77620a63fb97b2e657dcac50b34ddbda274a8070385d15359b58b8140f72e38e77ad78e01b543168c401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
8556b2f6a71fbe700adfafea652f45cb

SHA1
a024bc040b73cf680d5007e33e39d8c8338f393a

SHA256
e09490b9cdf3db74689d4c4c597d6e1439e8073469b0122d381c961eacd28ab1

SHA512
db103d6805a5b93013b9d7098d968dbb376f805d6e47b1504beb28c78fe389809bf9731d73570acb848a19ffdc386934c9a307c35778cc9f236011de175205e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
43aa7008e347dbb97d2f8837ba7fd272

SHA1
7c043381f96b68522af518fd759ff13388011bf1

SHA256
978570b53c3bf423ef80618ccd2a5f3628a3ebab46982dc88bc5526f54e6720b

SHA512
53f35f5ffcdb571f31332124fbc4d8ebc7626c6118ed04065073194b42d629eaebde6aa8e8fa1323123ee98da256ce892940e6ca1dc20c7c793dfc661a873847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
bcf0eb6548be4b99821e3f76421bb22e

SHA1
e5e936b6414f4e8697316cab6bd41e5b948e3e9b

SHA256
10b5a8291787008b49c3f51347d0f3e88228c5f80fc2f40c68427db169ca43ae

SHA512
7b212eaf885e8526b1845cfda3b1d327fef10f0b2e1ce246710d08bdfdd8b74b25bc77bd1d07dad3f977093b2edda086226d6e5da081e4b57a6294ceeeac2819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
c2dc3670a81f8ba0be624e658011cea7

SHA1
b75c44963b0384e5f57fccb0603a6babfcc36971

SHA256
7f36a3addd923190f951e83375a9cce5fd04b44cd26fdf45053158bc262036a0

SHA512
bc6dbaa53f7b34d82f07899344cea1a239e510fe17b4923663957b6d0a56f1ba9a1f8d4c1ec16ecc5c3ece816a1b75747b7ed2907230b07c762ea3fd8ec2bf77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
6a9545e37bb62b42ee041b77fee9a4e8

SHA1
63230ad329d9eb0b1671266441e34c6c873fde72

SHA256
607e46f2c74c91b73f96a7468c7150f6e4d874866e3a2aa5d005832b4cc50d97

SHA512
b613ebbb13efed12bf1aba98b341955a570f5f4812b139580caf40ca0485d82fe3ae0e86d8e4249f3347eebd582b4491ef1815234523011c1a5d58c29ecea9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
1b31e0a6d8c392c9ed3a5df28c5f9f48

SHA1
25c258a5b0104a8db41e9d461e92670625f554a7

SHA256
46d809d62ba34cc35204c25ec0ecd9f906d85dcfa8c43f16e1b683fe964442f9

SHA512
d97e3705e1e1797ef4c1d7b3c4693794d7cb9ad9fcacdf200b58c0624d4009910f4ed83fe55022fbd5ac7fb3a979754e9d8dd1a8395bb644d8d6fb7663c3de93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4433c65f5b420c5072e5c5c0e5a3f88

SHA1
b4f3a70b05c9b90bc949556e0211d3286c037b6a

SHA256
d126e591b3ce28073b3e93ef46da0d01a2aa8d38ea7505388698739a6ee827e3

SHA512
9f098ab4b345b46767728aa4cafa2f26621702f951f1615c03f62a6a62113985bc9bb5eea2b0083909ac95564ac54f3fef88bbd52f2c28a8372bb3d5d63efa82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08b814b978f9f6c587d1aea101ed7219

SHA1
75504708315e5fd13d1ddf1753f76e1bbd9512b8

SHA256
4659671eacd37d755b9e2fe60c7a9b9dcd550d5e9fbb18d89bdb69bd2a20de62

SHA512
92eccb6464cdb120e0368bc827ef9ffc49fb4f6953a16f7d5b4776b64655e6c8ad41034ed2402e4bab12493d8da607c7186bc89c466a08cf099bc5553e0c4c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f60ad0506afe4e677370e4c9cb9c2da

SHA1
af68f8bfddaffdcaf478c0556cc693404a4e2231

SHA256
929b3d5707fcb1737a413253a33202e2b43b3c4172541f98595dccace15f1b35

SHA512
cc52a72222fcb3856a89af57fd237658181fffc1008eb75bb35c01c463ecae952a57d3a70dbf51873156889a1d5ff82d0d9ee07b23811a2d5cf6d3d7edb280fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a79d472b63b1ccb62d17f51cce96708

SHA1
a9f24955bb627b22c43e0be246aac41ef99e3636

SHA256
39743c45f6a02ef21193fae103f84c8ea551b80b251015f83d53d0a8fc37edb1

SHA512
c1f51e15fb6f6f69a7cc4a39d30c11048a5140121ab8f09c469b0b94a66294f0f0ce9838eae3f548d23de215564cfb7a7b3925f72af9a6611aea2cc32327fcda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
235804b31100cf30304ccbe6e7b39e23

SHA1
39ae9725e675bc0587645664871dd9c005a2639c

SHA256
fe4efb2e5f5eddc6090ac107af098172600345fa95cb76ca1d7f152d1569385d

SHA512
79ad8375298fc95c18697f40304e306d56351749e9d75520ceabb90e648ba93bb463c8247e59dc5a3e11a4cf1668d4ae36ff8fc5a299aa1cdad1581777f2a54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
979b649573a1a07d6fc7ab4af23c44a5

SHA1
3e2da4e5f31043093ac054e004868d190f5ab94a

SHA256
69af79da99040fcd01c88f4840c0c64d6ecb200cfb9365b4365a47c011310ee3

SHA512
2daadc17c8e2ba92c587ef8c01201ebf069242e9176166d84d1b7baa52da3b782b7587542c75d152362c95b90dfa438bd46c871297adc642db9d3c3b7c300e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5d51bf9ea5d0018f14eb03ed066fde0

SHA1
35fcfa77ebd13f5f33369c1b43c28e6670070c9e

SHA256
774c103377b8ab23bbe600f406d5c0d8600895b1c61c8d1373c560a41b465bcf

SHA512
6a9102c40fbd64a3d073d7d4ba501dc3ef27924eb9797e3d6f451249dbd30fe7c3d2d68c04bddbc4841d11cfb190a500dc37be7c63dbc10ba3b72c23977e10db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e458421f6fc0f5646a01a015ae5a65a9

SHA1
faf55dd7105193c4e77bac04da85844ce2426f97

SHA256
9398876fe468860fc5ac8b8b279f88d7614999b9c3a182cb1b20e46608c77970

SHA512
30e167a5317df3e647f33f20793f1f853162c2e21ef3f7bfe39940ae821bd7675dcaa3db79a9aeebd6b71c0f1ea73eaa777e7099214c8c118ba7873d767c389c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fb9927d-3539-495f-aaa2-bee647172e0e\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fb9927d-3539-495f-aaa2-bee647172e0e\index-dir\the-real-index

Filesize
2KB

MD5
9eb2b21ab6ebf127559ba21e332bc746

SHA1
bab1e42076fe395c881bb50c848ada1afe203e94

SHA256
eb67af4507c3bb735b0fc023b12e56e837b85abd7824159cdb52de4ab6411c8e

SHA512
1db3a5a116337c45e13d07d10db7dabb148fbc52108348697a256b54d61fb815cddfa8c6438e92966fc0dd0109ef36fba8a34e40a2ca12669e075f4639b9f77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fb9927d-3539-495f-aaa2-bee647172e0e\index-dir\the-real-index

Filesize
2KB

MD5
4699946b1a972b53bf3128347a65d6da

SHA1
d13bc617c5e876b35ebd15e9afed41b35289c5d9

SHA256
ad7ba8a8bf06eda3d20dbc6ee7d6cc22d4c83d43717f76cc66cd98b76614c6f2

SHA512
8633b4cbb1b0468375f99c280d8c7641f4c85f9eef02931e1b3a510970caacd12ab8bbea35df3f06714962a3dafeaaacb5efb75ed3c59db431f7c9e3843fcb84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fb9927d-3539-495f-aaa2-bee647172e0e\index-dir\the-real-index~RFe592215.TMP

Filesize
48B

MD5
7e1f6aaadefd53cde3f1638a81d4f8d3

SHA1
453711cd44178ce3b38cacf36d1f240d38373d25

SHA256
84aa3a2ed0d29bec900996b9987d0b91e42f3b4884885234f8d6a6c39d8a73b7

SHA512
294f8197e27a048988f77cfe919ae34b52f648424431efd2c3451074ba7da4c6f996e57e684d53e2cd0188bb3957878cef06724d497db829ac508dd04f552f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5de66d2-c3cd-42f9-b681-6dc7fde5f52a\index-dir\the-real-index

Filesize
2KB

MD5
7fe33d4b2e289de7c7d813c5d2191b17

SHA1
4a5d7f505ed04e4360659c0a4c25b4f0a46f47da

SHA256
86054c524ff42e3129fe601789544fb7aacc40004b30400caaa5cb501bb1df16

SHA512
d640b7cb91e3bbb42abf4c7c0b60fc9eab94048002129264c75996eae8261e6070704d5605ffdc89ca68b2d5b881d74b5cdf1b4c4af0ac0f428c016db12a6f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5de66d2-c3cd-42f9-b681-6dc7fde5f52a\index-dir\the-real-index~RFe58b35d.TMP

Filesize
48B

MD5
dfb49fd387d268b655c801666cdda292

SHA1
54a77b946561256a054573109520ff9fce8007fb

SHA256
74c8d4b7c9cadeb89a950c42e00883cc4c2d532cec633dc64c4f56d3a4e6cf0d

SHA512
79517869aefb5d2b357a8b52ed0c9e63cc6502737e8b33b670f0ba955226024b856d77fd9c1e752b38c37fbe79c646b818b21c40899dab29b055708d016aed44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2e685b1-9155-4721-b5c6-e1526d008032\5fe7d5d1694e8411_0

Filesize
2KB

MD5
996a12bfbac4d89e3db594384c999e84

SHA1
35f4e9759949ace2b55f9b0e6a20dd738129a592

SHA256
bd100abb0b74718b3da4e26e5eb1c4d2b1b79390e765a0e36d4527afbeda884d

SHA512
ca9090ffcd197369bf9cc08bdfadfc0c17dc663bd3cbae2d60d57bb19bf2914703cb9265864dddd0faf691345545051af09c5252e601f920de1d20f4df831cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2e685b1-9155-4721-b5c6-e1526d008032\index-dir\the-real-index

Filesize
624B

MD5
9b88e4ccfa1a5f31c1811217c37b9e11

SHA1
9192f8044a93e6e37a5648d05a6b3f7edac4c415

SHA256
fb81ab7858f84bb75bd7347a61ced6b89b1f6933685bd038ca5a778712eb0378

SHA512
e8f35698bf55d59ade51a8dc2ee6c2f0d25a2a971ae7ded7d919aff68db9ffa78e2db710ad8d91879961f9e7d724e3ca6613305f2d418909bffbb6997557307a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2e685b1-9155-4721-b5c6-e1526d008032\index-dir\the-real-index~RFe590e7d.TMP

Filesize
48B

MD5
aaa8198fdbc14fa150051a325ce5863a

SHA1
f7c6a51b213478d602297f400611faaca03fce21

SHA256
e7f91399a3cfabd371fafebb1d0ec46cb65787115c6d3bc95f04de2f28f0167a

SHA512
0968e389f27978b55d506d9abdf078e1954222f42aac2272a32eef7d56fc84b41173c10b1a970248db6876dc9b68796356e9f7d59412a951ff765059d71e2b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
f0ff769e1cf1aa9f4552020ba07f09fb

SHA1
543c15df296296f31eed05a9faa84ad5520315ca

SHA256
4208c903de289b2fc4b558dbbf4e6c6b7438e5c9f5ed75bc7c4444f34a7d6913

SHA512
4bb1edea62db538f2db73ebeed2f3a2294e8491c238294b76f41a5db5cebce307c7bc8c576406967d2c57905d2919aa98ab6191f458151dadf55ba28afcc1951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
1877f922a39040b45dfa4e7a65e3a34b

SHA1
03449ad222015bcd1499f62449f884cdb6c26578

SHA256
58562ceede4c95abe140ca07e87c7fb0b32ef335f4ac5c226c858f8870423b56

SHA512
062bf025eabcb360470a042d5e1b9c59911ca908beef113d34a70419dd53516f9f64e9c90a1052fb529c4b5c3f64da23bbd43bf4162a7a507b54f58b4e0beafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
a4aac009300c58654e2cf3e2dcde4618

SHA1
eda221aa9875b2cdb9b3241593b7e59220e77a78

SHA256
18e9d38ecbab9f2cb0c5025ead8e90c3e9116fa75496f26bab4bf7479b0fe1fa

SHA512
27d53eca3f7af492646d6fd4315844463926fde04b9a79aa701f4d4194366beb7f94b22d97d66c0e69aba21949ba0982bb83d00c2ed80a0a7f46d4f8e0cf67db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
092588f585529f4b24e4cec3ff703e45

SHA1
dd4cea99007e05cf4698278f1cb62b8c39475b59

SHA256
3211d86bf51d0825dc67f5bd1efe0fc55bb1d81655209f6671cf5bc88d0c367f

SHA512
0e859d970897a683fb98dc53aa6bd945623b53dd954f9f531ff71b8c44114003e2cc200e8abdbd4e3bf92a34986588fa913aac776aa66e551a77b60c14a9b93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
326f4682e300ee8423bb70b0b672eaea

SHA1
32b33b1ad0f699e6982dddbf53e4b5e1f709defd

SHA256
6c2896f89f5e04c8236426261174efb05dad5b862d03f28d0b55f7351d3f97e3

SHA512
7e02d701afb531ee12ae105d1e85ccfee9bedddb74d92f80c4160f516fcba6f61f4023382fed86054b5cadf68adeb5039e4479a94337edabf3093be2bbce6a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
ec214fa72609cea4311ef071185817db

SHA1
73e17e1502930b8d631e2bfceb68ad7d0a094800

SHA256
381338e8398c2cb11fc868c83789b834a63613954ccf904e90ac7468750cdd48

SHA512
46556b8322aee79c395a26b2cf91636dd44f374eb60292069b26154e060945c04fd5e850cbc84e403f15695a98975ed4ca6b8d4241f88914ecbf64a8e1a95290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
9d3ac305d7259104a54f0b05ee8f4b74

SHA1
017a455d206c3e89b8b675c7784baca2a15c3b1a

SHA256
4960e4a2e551a17396aadf473741000bf5907dc3c27ab1bf1eea92db077b29e9

SHA512
d99feb9c587b547b89bad932330846ce1bba2e7884de037409028ebbdb25a1a2fdd38d189dc85eb2a32877971f0cfd611c21510651c95bb7b90cce0d417f8149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
ee7519a7e034d0bafc903b937cc658ca

SHA1
b729523c8d20181c98ccec58b616ddf19028ff94

SHA256
9578b43766be435940fca17fda10b32a3126deee75a3d886723257181e7c0768

SHA512
5d48022a9be79770b623d8d3c241ecc48770a777f4356b58b3f8b5961dc5d7d48a4fcda658ec96cb4a298782caac524537c37a7be03d0fcae54758324abf987b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587318.TMP

Filesize
119B

MD5
699aa81d16b449783ea586175a6f5798

SHA1
efaa144539e9ed718b3d027fc73e1cd52a8d9e69

SHA256
c5124cb92b5e050a51fb2c293f4a0629ece0a27cdd1c67c62bbde426daf3bc53

SHA512
2c22204d4bd8499f4eeb53e8ad0f228124c723269a9edad8a687b413c40104985fef9619a166dd8d1329011f424ebd20a2c3d7be63a0a164307879238ef76ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
2dd983e9694d722465b5c27fdf924d7a

SHA1
cc99cc8dbcf642e7a1170e23c9c1d8b23dcd98b5

SHA256
375729ad28e164322be0df87b0358ee6387c38376ecdec6312468c3fde81d6e6

SHA512
ff078efea6453720c52abf3c8e1903d6e054ffe2cbff6a0be8b156721bac789b77e5f9532b6f2e81c3197c061c30a7b98a31db546b584f3d31e267730120baae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
eef2584e90a642d93d2790250120b072

SHA1
eacbce8a1b3387d9bad6c446fe0f1c2ab1e8d081

SHA256
cb4956cf55c6ebbf013d9f81cc6d42b7bee52c4a83dd22eaa8b5e66dd200b1ea

SHA512
7d75621dde216e00e0024d441f18201b543e7c2b1d25ec45af9a239548739823cdbce5ca3d2c4ea7cc895e3906a94267ce901011bfcc3c2095d7850ed1a4940a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
29febdaedda5670ed19ab26d88fd57fc

SHA1
708ab0115e03082bdc9354084b965273892d3207

SHA256
a409c5dde9b4a9e4e56216bea64f8ffc5b199b5cd5ef8e29524ed97171b1c89b

SHA512
1f8ed8b3f385b13d505b04bca4202291f251fb090dbe1f6bb20b7cdc43c267ca9278707314408b3382521844768fcb9108f0172169dbe217e93e0a9c8c25b994

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
28ac02fc40c8f1c2a8989ee3c09a1372

SHA1
b182758b62a1482142c0fce4be78c786e08b7025

SHA256
0fe81f9a51cf0068408de3c3605ce2033a00bd7ec90cc9516c38f6069e06433b

SHA512
2cbf2f6af46e5fae8e67144e1ac70bc748036c7adb7f7810d7d7d9f255ccf5d163cce07f11fb6526f9ab61c39f28bdf2356cc315b19a61cd2115612882eab767

Download Submit
memory/696-9-0x000000001CE50000-0x000000001CF02000-memory.dmp

Filesize
712KB

Download
memory/696-12-0x000000001CDD0000-0x000000001CDE2000-memory.dmp

Filesize
72KB

Download
memory/696-48-0x000000001E990000-0x000000001EEB8000-memory.dmp

Filesize
5.2MB

Download
memory/696-13-0x000000001D550000-0x000000001D58C000-memory.dmp

Filesize
240KB

Download
memory/696-8-0x000000001CD40000-0x000000001CD90000-memory.dmp

Filesize
320KB

Download
memory/696-7-0x00007FFB372E0000-0x00007FFB37DA2000-memory.dmp

Filesize
10.8MB

Download
memory/696-6-0x00007FFB372E0000-0x00007FFB37DA2000-memory.dmp

Filesize
10.8MB

Download
memory/696-14-0x00007FFB372E0000-0x00007FFB37DA2000-memory.dmp

Filesize
10.8MB

Download
memory/976-5-0x00007FFB372E0000-0x00007FFB37DA2000-memory.dmp

Filesize
10.8MB

Download
memory/976-2-0x00007FFB372E0000-0x00007FFB37DA2000-memory.dmp

Filesize
10.8MB

Download
memory/976-0-0x00007FFB372E3000-0x00007FFB372E5000-memory.dmp

Filesize
8KB

Download
memory/976-1-0x0000000000570000-0x0000000000894000-memory.dmp

Filesize
3.1MB

Download