quasar | 145141e7ea0e4f2822ae99180440c6292dcb2f9e9a2598163dcab2c360b4f3ab

Analysis

max time kernel
509s
max time network
510s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-11-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

robux gratis.7z
Size

922KB
MD5

97e9650a3610acc5fc5ef7963bb8a360
SHA1

7e5c75924f1259826b1942bed83e33a0215a1395
SHA256

145141e7ea0e4f2822ae99180440c6292dcb2f9e9a2598163dcab2c360b4f3ab
SHA512

91612c9456eb0623b3616258675bddcd7e044b8b940b18fa2f6ff6ea2c0586485c78b91f4fee61eacbb9fb2a751b8d361054a50a4c80e6c658ac50da4eb8b673
SSDEEP

12288:m+QtNw0HekMPi8lfSEcwneuKJn+3/yfa8RSG7c8Tp9mv9+gk6X+avmno7hD4n0w0:mJmf9Fn2+fA/71dEv9dOEmo7hu0W1rU

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

dekuvigilante-41890.portmap.host:41890

Mutex

086d7576-14dc-4aaf-9a00-36298763f03a

Attributes

encryption_key
8932B12BC567FB3E89D07C4894A90D4851404A4E
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
actualizacion de windows
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00280000000450ba-2.dat	family_quasar
behavioral1/memory/396-5-0x0000000000200000-0x0000000000524000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
396	robux gratis.exe
1280	Client.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133753437260904012"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4612	schtasks.exe
2764	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2248	7zFM.exe
1280	Client.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2248	7zFM.exe
Token: 35	2248	7zFM.exe
Token: SeSecurityPrivilege	2248	7zFM.exe
Token: SeDebugPrivilege	396	robux gratis.exe
Token: SeDebugPrivilege	1280	Client.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2248	7zFM.exe
2248	7zFM.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1280	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 2764	396	robux gratis.exe	94
PID 396 wrote to memory of 2764	396	robux gratis.exe	94
PID 396 wrote to memory of 1280	396	robux gratis.exe	96
PID 396 wrote to memory of 1280	396	robux gratis.exe	96
PID 1280 wrote to memory of 4612	1280	Client.exe	97
PID 1280 wrote to memory of 4612	1280	Client.exe	97
PID 1056 wrote to memory of 2004	1056	chrome.exe	102
PID 1056 wrote to memory of 2004	1056	chrome.exe	102
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 1648	1056	chrome.exe	103
PID 1056 wrote to memory of 4608	1056	chrome.exe	104
PID 1056 wrote to memory of 4608	1056	chrome.exe	104
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105
PID 1056 wrote to memory of 3384	1056	chrome.exe	105

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\robux gratis.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2248

C:\Users\Admin\Desktop\robux gratis.exe
"C:\Users\Admin\Desktop\robux gratis.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "actualizacion de windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2764
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1280
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "actualizacion de windows" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffdbeb3cc40,0x7ffdbeb3cc4c,0x7ffdbeb3cc58
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4044,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4376,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4032,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4804,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3228,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5388,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3264,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4516,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5300,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5180,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4588,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5356,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3408,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=1492,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3236,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4512,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4720,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5636,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5692,i,4433398713471448254,6415358756498799678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:836

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\615af073-6d3a-4e77-9fb5-8d1e86762f1b.tmp

Filesize
10KB

MD5
e891be3270d339b8806f19fcbe266f85

SHA1
19c0b37d3c5b8c58c4a7afe1991eefedea5d264b

SHA256
32cd1b5badf6118d3de02cb7d5429fb44546d8843e33f2038a13a08eb31e8bb3

SHA512
1fd3de94f8508800e259b30b076261e05861dd33ceeafd59a4ab65412985c20dc5c1bb31b4ed4e6b645e7a1e220e88d57a27b921c978347dcb906563158d8e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3fe6d39a6d8c228ebe06eb0ad94a3cdc

SHA1
dc158a679b0a7747d6fc66d99d71c64fa0afcd61

SHA256
4af4c8413dd7a2c0812a1a3b0de67d77bd34011d5caa4c1b8e3019f9943a9a11

SHA512
e790a3040a2dca5fee7af2a8220c743242669c49d9297f61d442f8b73cb33639b2d2bf9d70fa9baedfabae4c69f2fb41b91cc6ab28123e498d47d4eb047a5cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
e5fc91cbce096df1d36191f9eedd3c64

SHA1
1a8076bf524b6d2b8a44c18fa8afb199a60dc1c9

SHA256
0e111dba5797ec182bf4af537a2c928ebd3957b99ed291610fbf322d6c2c9e19

SHA512
c9b064fbcb2df48dcf5bfa4387c164acb2bae075af013e6c39166dddc7e91ce993caaa0fdfac3ba1c3a12ca6c21577d99776fb1445f3009c7359b926a173f668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
72KB

MD5
7c244372e149948244157e6586cc7f95

SHA1
a1b4448883c7242a9775cdf831f87343ec739be6

SHA256
06e6095a73968f93926a0a5f1e7af9d30ecca09c94c8933821ca0e45732161ed

SHA512
4ce4d73b785acde55a99f69ea808a56dec69df3bb44ac0d049c243fc85544db4c020412634da52a069b172e2484a6f2c36799e38adbfb988bcb5703fd45b3601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
409KB

MD5
a5d7481efa9509decf23518559466d1c

SHA1
eeece8d8543204793748984c7b7cf99a8caafc89

SHA256
cb518e6834c159642ed59286f63395ddac5ca4ae058b16edb1002e3d4ef8d422

SHA512
caa92d69e07130fb5757d90c6be2f9d3eca4deff0b810adfe09c8de38522477433f59bc7a4245f4a1ea52f3ebe9e045f671ee21fd8f466c06fd7f08b23acc2ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
52KB

MD5
086e8eb48f6dd97c22884e9ad70399a7

SHA1
1bdaeadec9ac2c24bd5afc167550a32ea6ce6c73

SHA256
65072f5268f9bb6d8e1bff12fa265442710f03d3dbcd50caf73220d035e94ca6

SHA512
95718c2b94c0b967af7de57b0ce0da3ee3cc3603eaaf2d2c7dd5ea5290d6bc8ff7de5be71c43b6780268b33304381e9c07e8ec56a077bd8589f2cda4889489dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

Filesize
346KB

MD5
24b4876810c0256d34ab5925eb90f2f3

SHA1
ac43d512edc6a37f9dbc27721b1e9a77969df0e2

SHA256
897aabcd85043720ff8ea15e181d6310de7efbafdba40c03cb9d613b732118ea

SHA512
1a3666b632195e26ea44352bc7b7a3446732cd2a02b21937d02fea0e619581c3b84c985f997701b514f9a219b36c81651892189ea48c27cfeaf7b88ff4700675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
744B

MD5
1f0ab40b03d8e4c2ee9c4ff7ad5682a9

SHA1
11cc52f55ae2f4ef0e81d2501ec4ada270b2ad4d

SHA256
2be8983dc7d379fa5036c627fe319bcd3170f3921b30d1bc21c8d21783feb6fb

SHA512
e1118989d24f09d14297d7513ed64a02dca7932647530e209bbd7ca7924be73c629f3dafd8086bb57889669034bd86e5ddd4a14db499fb3d2b1f7039bcaead81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c4b3f86251bd71bc34e20b2acc653980

SHA1
45f71745a3b28bbcd6d4c56022d16a375198d170

SHA256
84f043f9a53a44330b95f15d803153bf9c73f4a782156e2646954fae82ed8bc5

SHA512
02b238c938129dd26b04ddc9a3a968542c5cdfbf9506820204438b0bc425293434f35228035a5cec783134ba5ce38e1ac431413ce40f86d1ab994da4493ac3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83404330606a3d974b9977a6238b9c02

SHA1
6c3adad99da8b523bbc49a85fa1b9fc06ffbeb68

SHA256
524aba112b7341ec0ab3a7be19e4b75fe8b30943db3b494edc1c0c465b9ba5b1

SHA512
c262cc25da3d98830a149b1dc89eef29a4e36fbd08a216a6ed8a76ab864ddf134817447b9eedcf82f77ff2dd2a606d622a97c6c451ac07d90cc1e2eeeec2df25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e74ca3b18fb46d6f99fa3f40b38910a2

SHA1
6d2e92aea01c30754fb7232649b9964ac99ce0ab

SHA256
46cae958290ee026c033651707d6a7798a674900bb0a4791f9443b112d0a7f82

SHA512
c9fbe316e912b33bd45db0d314830986d1fe6a861171f3592cd805a7190fbb89707738ea367a375e528353ff2543031d8dd5d82244db2ab4e70f2a3c4da099b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
b164a95120a5ddee7d754fc03086c6b9

SHA1
2527b807060a6401a544a0ab6ad8c467aa67025e

SHA256
fc20ef0d1309652d16dc79c308c154afc353e699b1862ba1138920c241098539

SHA512
c0668dc7a5a9af50172110a0f020ae15351137ec4903b759e79bf243a0c92f7b6e15f6204d53def723695e5b6a84526da667af925fccc92d73bf50d716d81a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
2b39a3611a797325bea3cb5e7d70d4b0

SHA1
6de7d44970c432b08209aa41423b0b7d8e95fdef

SHA256
3961c19ef65bc927c75f2361af62c20eb9b44036fb76469cda5fcebafcb1ef0d

SHA512
038f71ca63407bbe886946705d8e24229fb6e48307129f60486a02300068b5d27e5c43c03cb3ebb5be6bf580365c0b888dcabb7acc79ace3af139fc0a8ab8a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
70107063087e80b7d213ece23acf91c7

SHA1
cc3b4e70aa86c24b799b41955f515f6e8b0c53d9

SHA256
519b61564fc18ec90298a2f96cb957189aa0cbe4e8609ec59d46334193db62de

SHA512
02837cc604f6ebbaf88233b3ca88b43a09f2e587f85a05ab995bf3c799376ae0f1dbe4b158cf8b69f00848d5d1ae3797741189ce6f4220f4f71f09377470b6fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e0ae49122074b1f64baea5f0746079a6

SHA1
0cd47fb14944c0e108a60943892e1e712c922fa4

SHA256
b18ca6bd2c0b2f8655762df75403814e94c199596ac400ec00597a61e898f554

SHA512
1e955cd231838bf02c1ed7fd35af404fb91269ee9789f7db55392c2d56fd251af72fa52871f0cfa170d8379833458f7aa3b987dfc54cf2d875efa6e1351f9aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8aa47838902441165c08a52267c7ecdf

SHA1
66061ccef85e914849ce5be0d7cc53be951df908

SHA256
01f11564448d0c6ba26cf9a3f7a2b12e068f8da4d64d1da54b60b85a769ca6c5

SHA512
573c6d7c230b673f86c85498b43e3049988982155418f02bc557ee9a75285d27d8bf2ad98927ea6c0ff0ae25e22f0bfb5556d20cc2f8de2b271975b2698b8fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
6221af56955e745001fc3c24d935689b

SHA1
f421e505aee3f75550707293de196e287a4756a1

SHA256
47889b0786610c4abcb7b22ed75af5527f27b3c61168096b5e91aa353bd782da

SHA512
6435e34999cb79e58333debf102d18a19dc8eb4fabf386f9f77a93326ce0eeb9d51260fc6e962d04bfe0931221ed9fc0cec2d4bf5046a6540fb0f23dc2d1871e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
521b5ef9861d4b973ffafae18f8624cb

SHA1
07dcd2c1f2e797eb36d7d32e92d537832cd84465

SHA256
2c50881a8042b22c65a044e05e755b8a7732237d16fa589994c9e2d013a5bf99

SHA512
397a5795d942b97ea4b24c7f09e05975e2b6dc6669ce1c67965dd2f2620ab142daebdf560af6036e9270677a11d714b7b8121dcb1c012571a423be24a41b8a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
ead1bfc28b5941322bd4dc5fee3b4dcd

SHA1
c9a4c0e269fd0e7064efdffc41ef69dc400e3b98

SHA256
25bb729d5706554566df92fa1ee95a3b99d886785f32076072d730e7367e0e00

SHA512
80db3bfef00ef9e2a7f94ad024f45fc3d741445914614b36da91b7d06fbb287bb76faf025904786f8202f1e1c5a18b4e60e7bc6bc812064cf60143b36d57b76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
e5e35248fb387ea9c5fba4a1a6ca2776

SHA1
6338cbd2575041b7e1131e74822a60ff4aff9ce0

SHA256
949d68ec604878a2baf7abdf5bd8e28658de4c324921f0c3c917b8bc41fa9b1f

SHA512
118af9dad69cd52f3e9d49fdb8eea66dbbcee4fde1176677539c98ab07f33acf5b5d962c7af968ae7c4deaad12cfd2211cddb47c889e9614e941f7d665fff540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
6bed86bad1c48fa681dbaad5849a1672

SHA1
2111dffaaff316bf6f2f4280c3fa6bbaafe80eb9

SHA256
73ee0e4b882d2925619f028faa2eb773bf2dbae2aa32c88f37865c90b6d03fbc

SHA512
2d3081c7c3de676dc9a3f65a613051bcf5f552ad24e34bf7ed6bb16d266af66585af3c627dcccdd2c30a4bd49e9765d3b4e0cf0ad0d03a58d9023715278cfeb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c1edbd5e5c1c5f4ccec272a6d07c42e

SHA1
ad800f6b2acfeb943153865d62aff468ebf108cc

SHA256
95f785ed6b34a1d134137f1369f80f37035ea026cc58524416badd6a16b33add

SHA512
809ab917d530616c3fb93dc6b71f55a6b9aaa36b4be0444679a9ca45e1e0d60c0ebc8a4cfb89a352549bb745b6b4779ab6355efac280692652e2685eacc4b985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7637d551b3e1c1a274276bc91820fbdb

SHA1
0740faa38973000eb75d5663f615376c1da994ab

SHA256
9d0b6959f3b3daf17e99cdc801b3a6fe85a48c54393c2bf845bfd05d2025b7df

SHA512
100aea3841adc346e28692c91103b71791c4d84145af6cb0cdec4db182c2ac2cc9717c49f433127e474f93d60cb21d81b884e45689474b9afe4e59e74140a924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c68789e4bbca27a1ab9be37f59f0e76

SHA1
cc6d4eeb268e50660d5d34f266c63b557887448b

SHA256
261ce8a451047688545315afc69ea4a740733e1cba72dbe0713f5767f14af925

SHA512
e8a4becc4e8ec38e29f390e60172ccccf4da96a8f628afcbcb853f28d6d467c4c41be9ef02bb0de6a61f9e9bda7f144eda631bedf7f2b44f926fc4eef346fe35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9f53b0054608fd1aca5cb3c35d51c224

SHA1
a30f00df59a5b1b533c94dfbafa021f79f721f55

SHA256
171a09613c543a84a2e21c227716e7c707c5b8a669a7ae50eb37d45706aebcb3

SHA512
65ea73416b6c183f5095b0d3b706f454933148d9e981fe5c5e281489484c6e27cc1861f62652292829de25f7078c83b3f7d8b281ec537bcdb76d3376a25ba70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57aa04eaa833ec340ae266d68eb5f43a

SHA1
ff95fa8840d97695366b2cadc84a85b9254b69ea

SHA256
99617b96a2ac51e58fe19b715fedaf36fb4067f230418d5bd91daab51e8291b2

SHA512
23ed2a0184348e6970672d69a4ff9fbefe20b35f374db4d44946208d0285ad1b5f8df2236dd68a46708ef42bf4c43fd61c3f554ff666dcdb96a8bcfe3c5b6063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc9f015af5b63c4f10683c6748da4fe8

SHA1
b4c7760245b004d5b1669af5584b35d56e2b50e7

SHA256
f9ea9afb4c9f12c37223dd943c0407c34ab0b70fc3bbac77c686ebc156f729ef

SHA512
9dbc6143201cc6fdd27c6889564c17a991f5df943e247200908cecd1893a7d107a1a14c80cb6660be26d0f44d01941c5663e46fbf2fa1a0ad6f4a8fb7e5eb881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51184885160b69c25120ce6b90fab649

SHA1
d66095db3a406a1682d1f984ed8e923f07b180e5

SHA256
c38921658bac3a91cc36cff7502ea0c03de3b5efb60b91a55f7d07ae6471eec5

SHA512
2d96d6104df874718a555c11c5d2fae8dc5937948abbbf5354be591c1d31e89c294349656e9a5028b3213f74a656b2fc47dd918d2d48a113c8ce636eff73567b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
435134d48b657425f5c0ceed9ee76732

SHA1
7771aaa8516e59abd04de45eef5f13259e5dd021

SHA256
a26ca722fa189234d16036920e29d582b1dca63a58c0925bf17e8479921fac61

SHA512
c639db6de687cb3558cba8dbd404ecdc372a2070bd25eefdab17bfb297522b9242c51289e5504e987ef0830e28d60bd87290cd4a25c64d6dae0b81b8188fdbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2f4f0c007280a69e10979c4b18bcaad

SHA1
1781c83e5f0300219e66b73ec08151a0038bec2e

SHA256
64e1e0aaa8413f98ad7f20e3dbaf8d05f7acf1f40420363fbe45f4c29aa3ec8a

SHA512
079f8c7c0be56e431a1d155b3c67f27638a126b12bb233bc26b4ff764e2424a72c1bbeaede6951e5b59c2258d3964731b220e643118c28295938a31b0c315151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f7f0d312b4f8229e762bc5c0a9b61888

SHA1
5b894ed2082dd8af8b8db3ae8cb69ec10f81f1f4

SHA256
84b64c833a867ee0532e459ed1e3fc31ac0231897dae201108bf4a7df3ab7e94

SHA512
a1582841350bba8bb7f51ec4aabf0260aecda3b7fbba73baee2a259c81f4afaed147f5722932b22c2949d08ca78d7d1abe6f9a490dcb9cab49944a09b2512f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1938f7ab04140a93eee10760d3bd628a

SHA1
e70e406a3f14f73a8f767386f37dae03fe9bf08a

SHA256
97faf3a1f32e8349a061fe9cb1338652d2957a96e5f874adf0b4f45757bf5618

SHA512
5044b6000b033910070ab26fa0f67adbf62234b83f8d2f0f28727facb3b2412626ddb55129dc7b815e665cb838666108c8e1e84b7e4bf0a873f85856192f6d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4848dce9e89230f6b0ea1ebff3555d49

SHA1
f9b834ba90be432e7bd68e49e73ee419083e6836

SHA256
d15460a8e5e74775fdde53fdcc219f25b0c7e9d8f47603b9275f57a9679ba468

SHA512
2abab00a216d3bdfb832669bda6838360a584957d38fada71f622844b2ced9cf72f55bdb085990e1d91f5b91e210d15c78436ef0ebb18883cd417a90de10a99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed7f12b5e29c3227857682c8fbaf4ce9

SHA1
50a5c4f0e0fb928e8037ea1c3a4e5db5312a5d9e

SHA256
4e3f92c9ab5dd95d3a030ec05e6914f696a95593b9d360e71f660fb3be15e381

SHA512
5e1d603b592ca2261914c552f0c0c886dd577776b68932393f5912bd4f575fd8f3b8f813400405d6d8328f3c6fb037b5db0621dc5609e86e550eee75b96efe55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de017c57e9307c4e71b38988479c9652

SHA1
6521952ac73ef3946524b5ae30b0ad6cd7222f60

SHA256
3aa86b8b2cb7b25efa2eecdf18024420766d4e7ed6dfe0345aedc02541a734bd

SHA512
cfd06d059cce9d0b0dbdf920ba8883a316290c45871c6a63914f2f30598c8371829f3c52c309ae5d1c81010e112782779382c44482f7b4e3118ce303dc948a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25710745f67d428acbc6a09fd591de3f

SHA1
d1cc4284305a13ee759afa196dac4e9b8a8598a6

SHA256
8995dcd5dadc1749cac3f49986179b71675fc3ebdbc95d69403961a915cc702e

SHA512
35e6bf1b1b8486b5db8f2ef28609be406260d3b1ab5207e0a74d57902e23e87c241d851442ecef01be7f60371ed4d06d4e4a10cb173918927351e104788e0abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e3592ebc09a062955229b3fe7ebaf97

SHA1
7809564737bd2f0d0369bb0e99590f088bf06297

SHA256
8a51203d6caf90fd8f25704e0eddf462918c817a42115172443c9b0cfa65a7dd

SHA512
cf230ba5d6f0a15e50da811a15c6009e749589654f282e6b9efd5f91f68db1ce17bd6ffde10b86d9526359ae40d8527cee48c87db97de8e701713568a349fa94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4625b334cdec128dfd2e07510db39c8d

SHA1
0c80a9642fe606f49aabe91cc51b35cf8482b84d

SHA256
100e733274fa977bc04c5c00eee90ef7110627861744eb3f0344160911feb6ea

SHA512
5fd48ca169fc4c294198f3d23e3bcd092152a5a98afa1f8ea5ec3f62f466f1c67a867557a2c2788e7e38ae1387d2ba6566ddb25844a62678c64029e5a18332d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21472d6a9c8f9084e2f103c2350e7485

SHA1
36ba2c03f80e01c392461313e9f1823e02da68a0

SHA256
b3c5ed4c2fb03976d883f747bd897d949b3305e4db1a196f36a7080c01df911c

SHA512
cb26167b3503c401838aeed6ddee8cb308f6afdf152ab312769c5ea3839e8d2db6646de15ab983c72acc8bf7cbb19ba02d65f031217b388279965e0e1e926719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
786ad1179aa0bb8e06b49680a41c95f2

SHA1
fd0ee1809eb0c0aae108933ed5d2786289b13795

SHA256
910c7e8f4e8b6b3c8b4b824359513f987da6e5235b3e5f1fd19d83926220454f

SHA512
8909117e1d6fcc538768635f2625999cf101697796cdb57e3dfecda8cbb814e801988d85f56c0c77ca0a74a0f083ad3a296df804565360ee00ee0f178a5da9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8bac683a994784c25c9284718193dd4f

SHA1
2c905dea21858444986bf40575cc954b96583ea6

SHA256
3f22fa456c02c24dfc8473ac1820e0905cf51596a4cf39793a3e71552d021e14

SHA512
9d126b8736959ecefb71a444c2876cb168c8b0f7dd5947af279ae9a8de3670f53c966c8eb76dfba26f2d2c9f806d2d49b44a86ce346ae09b5dad08121275bbc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23b998c129b9a138f6cc836423ee8030

SHA1
57094ec9e4b3ca12dfd0c384c2aaa438e7b20767

SHA256
ff9b99f136574b189df57ee26de0c5caf3a270259d46ee0b36b3ecae4490ba0b

SHA512
f6fef400d2c05670d9bfaf4063a0e2c4636aa37df4e7b80d2db4058c7fa99df849626bd491edf062d6da7424782ca922cdf3f3808914c9f23529626d6871679c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e94e9d91f6948bb443df8eaaa59b987d

SHA1
76c2068be779ba7ade371ab3e63eaf0a1b73914c

SHA256
cdf35b9e7d77bd31b1ff929ef5e383216158112f6f51fa4e3a083dcea0bf76e0

SHA512
57d1aa3e4572fddac7e01123a6895dcba87c8fc6a1056bc9fd04f51e68302b686f66675471840d3d24a8f515bf5579ad0adf0078f3feaaa97ff322a70f936ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8908c71580909b4da7a15a7d044568f

SHA1
07297218ef1d8a2a977d45799ff832eb43497e5c

SHA256
a86ce237e26b1094088b0322388a8688be9fae44e706b1815458a660b4e64954

SHA512
f39e81757420e386fa48faac5663e3f1cff85cc859df40701bc4ec6670f0e1c9b7ecb3606b56cf864b14536c497f3c9c545ad54289b55ce45e05862520656d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f426034210b7d892d7ace9a31d07d2f1

SHA1
edeca19f49e45358692df903b959f97ce2c6f765

SHA256
e681ad1b7fdc0b80dfb37fb8de8f9042efb56bbd3972214c805f427585ed0e81

SHA512
4fef12d1393f5d23a7484d74a67655e390a8e719ca14095466fef68588d725d863bfdfdfc9c7fdd38f9828d08f78b38d67844d63cf78504f2a68134f2001ba1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c98d8937f9453132764818042712a8fd

SHA1
e2dd860424a56f7315f295d146da8d26b394be3e

SHA256
c4ee93d49224011eb1087ab15c1dbcd6c4bf7ecb77db682f19900af63f7db749

SHA512
5fd49190e22c02b2b3e9e7b4eaaa82ce887b30ec3643ceedee9212a7f0f14cee7fafe10fcfe0cbb5022aa5ddc6383df151623ba2ec95ad95fd8ef1a9758e2af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1672f3ad91dbac6858b05d75c55ccb0

SHA1
c8bf1ba094489d0de4d4f508f3b41e72596fb0fb

SHA256
04fdffb6b0c8fca916a8b72e5a8ae842c786daa3eca4c8f4f9b54a784d74ba30

SHA512
2e9f0b87e71d09cb568720c171afbc877b5d8f3d4639fbba1c778ba16a667afcc2764c24e463d10a90a05cf852e6a31643b4b67c9d3ac602564ea472db3b6174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc740dc2df505c759808c1e88c3b728d

SHA1
713b972131c5f81e80b4c7209700914a9c226e54

SHA256
1308e10ac8a28cd89a7d4eceada927293726c0372bcba4b866110cc96f1706fe

SHA512
608b2e9af17f96c8cf5243bf2207c7d1753186e1adf02da4118a936573684f8adcd366ad8d53209c76d5a281a57d823f49680fc256a45f1f27ccd41a239df3f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e101decfff7bd9ec73d9ea51f0f25cf9

SHA1
e6ae3e9c727b887b7a7c7f1027056d1026f6b739

SHA256
cc0aafb9290348505951a9f445fa5bf190cdc81caa1f2a329e744bb56c312eaf

SHA512
293cd7ab4b8ccf690eb1b7e413b3911105537c96947fb69a27b5d43ff3dfe60924a023f2b2a84f071d364cf4a4b20dc42eb64e8f8545241864bbf9b7bbea5ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8c8b1fe45b21de4f568d1a4b71520fc2

SHA1
ca6937b7663eb69e128b6de22334a56654a3108a

SHA256
ee3d4ed96b762b14f65b092f9435d183db8a57bb7a0e8191f2ac7d7c628ab03f

SHA512
c9f2fc3b7f7c1c731826f54f0382bab3cc8def70b21c0824c35a9d83b6034ac55baec9214e643501c8b376fa9d88c06b88e5bd1142947747faff59411cc7a80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
e942caf2fc8895f7ab0522669eba0e4b

SHA1
d76700218b38114bedf26bad48bed9451c36b606

SHA256
a152bf9c89fc2af68324e7bdbb5e2a22a2a4f78eed8c6089f55a3753fbc84fe5

SHA512
7e7eda6522de0ab6062f62b7cbfe25fa12793aa6a462db260d451a9c62c924cb4690a21c29afde24bb1ee906a65504b018492070900232511196ce0506adda84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
27fe8612d72f8e0febabedcbc4966d1f

SHA1
70315c53ef5ca2c8e925a9fa2847a3bdebc9aa7d

SHA256
d2e550bebe9ad3687847f3d5ebfc44b438cd539b5e10dd26a14ede8712b3024f

SHA512
a84a1d2780b58b2e5c37f37d1025bab5c7c5841607c55a38e689a40e346307aa9ba8b7467c0751c32659b6b2a52dd21da5b5b2a38937a6af548a203a33e34beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
a7580ef50165d9e77b2fbca1c2542d89

SHA1
c27ee343627391d1343b0997ac967bdbda9f2f93

SHA256
621f6d40b6e1acf135aceb03ce76bdfcacca833fd4637a2191dca63e08ca97b0

SHA512
c334757a8bf7145d0a3b283d7c2b9f8fd4b071522db355128f0fe7dbb0363f1ddd2d54610bda7b86386f9dd52ee5b0bd7e0e0aab1b90b032a5870d8ecd837c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bf07e208-dded-4962-931e-ae24f02891b6.tmp

Filesize
233KB

MD5
f37838b8aa80e6e3407f7816092af702

SHA1
f2f1bdc34685bbc8b3f6fc7013fe0bb3dcbcfffe

SHA256
92171627497b4539e20e242d63c9d274cb40f23fd4168ab18bcdf3fb7b17c008

SHA512
dbfb35c03c51c0f521e0309ed517db743001fa58c6631d8fa1a8fc25473ee179ce519e05cd351b6eaae80725816237371a61224addb1becccce0c6bc266f8244

Download Submit
C:\Users\Admin\Desktop\robux gratis.exe

Filesize
3.1MB

MD5
203d6c9e557a2f7149dcc623a97a7d0c

SHA1
f96f6b72f57349ec97d876e43f6b6f4a0b215a2c

SHA256
d2e2ca4f6973f58766e17ca3e9fbb96ce48d48c8160dfd40d2b3a9bb2cb804ce

SHA512
866ae8f6811e2bc770335640b13473016aa5417d29ffa2436c81b7ef6c3badac3215348930c5c2c428503c47411b42ada1b608fc986d98308949de02f650519a

Download Submit
memory/396-5-0x0000000000200000-0x0000000000524000-memory.dmp

Filesize
3.1MB

Download
memory/396-6-0x00007FFDADB90000-0x00007FFDAE652000-memory.dmp

Filesize
10.8MB

Download
memory/396-4-0x00007FFDADB93000-0x00007FFDADB95000-memory.dmp

Filesize
8KB

Download
memory/396-9-0x00007FFDADB90000-0x00007FFDAE652000-memory.dmp

Filesize
10.8MB

Download
memory/1280-74-0x000000001E5D0000-0x000000001EAF8000-memory.dmp

Filesize
5.2MB

Download
memory/1280-11-0x000000001C850000-0x000000001C902000-memory.dmp

Filesize
712KB

Download
memory/1280-15-0x000000001C790000-0x000000001C7CC000-memory.dmp

Filesize
240KB

Download
memory/1280-10-0x000000001B5A0000-0x000000001B5F0000-memory.dmp

Filesize
320KB

Download
memory/1280-14-0x000000001B610000-0x000000001B622000-memory.dmp

Filesize
72KB

Download