quasar | 085ebdee80d776053153a77ba8396b84a134b2ccb2c6774b06d7d59805d39595

Analysis

max time kernel
884s
max time network
887s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-11-2024 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fun.exe
Size

3.1MB
MD5

08bf40bfcb734f6fbb2b1b8a15081a75
SHA1

f20375b288aa16fde380543c388fab32e3991905
SHA256

085ebdee80d776053153a77ba8396b84a134b2ccb2c6774b06d7d59805d39595
SHA512

ef3977ba5ffbb49de9e7016cca0fb3d0a69dc830363e77bbadf5e5665288826efe87bc3759475c23fbae0bf03b6863b73cbed5961df049ecdf3b7d794e49a8ef
SSDEEP

49152:rvyI22SsaNYfdPBldt698dBcjH/wtxNESE8k/ivLoGdbj6uTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjH/6xnz

Score

10^/10

quasar office04 discovery spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:9224

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/1028-1-0x0000000000C90000-0x0000000000FB4000-memory.dmp	family_quasar
behavioral1/files/0x00280000000450ca-3.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
3440	Client.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762108324992144"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1669812756-2240353048-2660728061-1000\{EEDE6BB8-3584-4CDA-9882-084419608D24}	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2484	schtasks.exe
2384	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1028	fun.exe
Token: SeDebugPrivilege	3440	Client.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3440	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2484	1028	fun.exe	83
PID 1028 wrote to memory of 2484	1028	fun.exe	83
PID 1028 wrote to memory of 3440	1028	fun.exe	86
PID 1028 wrote to memory of 3440	1028	fun.exe	86
PID 3440 wrote to memory of 2384	3440	Client.exe	87
PID 3440 wrote to memory of 2384	3440	Client.exe	87
PID 4612 wrote to memory of 1864	4612	chrome.exe	101
PID 4612 wrote to memory of 1864	4612	chrome.exe	101
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 1400	4612	chrome.exe	102
PID 4612 wrote to memory of 852	4612	chrome.exe	103
PID 4612 wrote to memory of 852	4612	chrome.exe	103
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104
PID 4612 wrote to memory of 2756	4612	chrome.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fun.exe
"C:\Users\Admin\AppData\Local\Temp\fun.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2484
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3440
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd3202cc40,0x7ffd3202cc4c,0x7ffd3202cc58
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4996,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5072,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3316,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5284,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5340,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5532,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4540,i,7451169597506068964,10439681477627858900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4744

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380 0x3e4
1⤵
PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cf3b0f5f99ebc66af922e8192f6d3df3

SHA1
d882e20a8c9b80705ffffedf39c4a5ff58800429

SHA256
0c134bb8949cb51aac5b0719a2e3038a71a363d35bfa05bac839661e8e245f7e

SHA512
2d8349a6d7361f545fb8aa92405ffab9924f0d0f359b26725c6057b0fd936f835fe0dc86884dc6f0c6eb17f0f16ccddadcde0dee5e21e23f6d5dcb932367b6f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
233KB

MD5
e21e1c5d267c7141fd3709f6e68e4f7c

SHA1
63dc49f8a0bc7eda46588972558b118898a11b98

SHA256
5c073779daba3739f20b07242784b76320dd3c5488d6066fc507dc8af2debb18

SHA512
0835289b4f527d9603cc1c1fc549bd87df3e276f3374aecdb16dcaeb39461dbd09e18526e9ae5c5885258589b45ab6c570c018b910d3e2481d981657eedbc449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
48KB

MD5
baa9f9df378773cb28884dedeb3808f6

SHA1
9a43932d23ff5a9d449c6e85f6bc28f2fc221c64

SHA256
515270605d5a6ebee61b69bde18c4fa049479d99578524b17049cad5b481559d

SHA512
62ba4994b070564955b5df3775de2216f17ae2deeaa9441fe9c2cacca9c04b8f4b9690ce84ad6e4d4ae4bd794a8686773b0d9361dfcb38c9beef1cffbbc2b6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
615KB

MD5
e6711cd1ce70c3553a2284e7f9373476

SHA1
32c0025a5f9f25b4164c4c07437cc2d3010e90a6

SHA256
c22466a65869d5b1136ade87af53c9f077143cc3686205c40b9d62197b8d1064

SHA512
a82438b69837224434d9e0a66ff41a33a9fa60acc1fe23d275127436d4d939748fe4b7a75f7529d88cba36ad3160ad6a072c90fdc0f0e5edf20d3995ff66804f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
32KB

MD5
eed96deb881ae2b11127253153331f4b

SHA1
f5a350024e2f3e2755b452f2a218ecebe10b05cc

SHA256
cede6026733388e8934c9e149b36a7cc97428e8ad137a05860d8704dabacadaf

SHA512
934b89cf82d36733bfafda721498971117a8b21cba7774f05d88b4f74fd336d6c7213dabe1a0ab31f5572985cac9b63354ad4158772281533ed3d56aa31d0a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
32KB

MD5
b2229d4466ee263a188530ba16cd7af1

SHA1
9059266f5a47c5ddc2a792131b9b60908dba12db

SHA256
17b766b8e77333366da8c1331052ce026b1555b24c7f8404333420e97fd6224d

SHA512
1038d1c865f0aaca95381491f54eb83e4e61ccda9534de9e9de4081df3761ed6257d88f72a1054d2f2f4c2d570e3e2f14a73925b2867679749fe47d8762feb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c7c65eea0396edf7c8daa81a9b03d271

SHA1
8f9933dd0bd9f545420536341e6c8bd093bd11d7

SHA256
94124c20a0633286873ab35d6c7d938e3946e66e9226a79992627acb96f83fd6

SHA512
5a4043583bfc1c820a76963e5fc5431ae3200dece075db3b5f1270ed2374ecab30073def225cbf7928dc47a008efa2c4d440d08a57d8c79fe7aefba693121dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0a40d1d5b9ef9fbc753f3d75132fb8d2

SHA1
391af5985513992d99c8e54cbafa36e4b0740e93

SHA256
a02d8ba0a8dec819efaec1c1d930dbca925953466134d51b4e86012d2d6f4198

SHA512
ac51bdd7df4cfeeee774fdc01ccb70ba3782448bf28ee3b18f578d9d1322e706f31422f2dc56f42be3fa968e6a36e26f5f69ebb2f0d4ace1b917cb2c442fe859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5dff58c98d95bd955e1b42d71573927d

SHA1
1b85f1f7ce2fd5ad3faf8f868b0057ae4bc961af

SHA256
520602c41577e15e320780d5e89359a4d4045b63376c561e0ea3566b30c77574

SHA512
5efd1ff976ea75bca0bad2bf4dece1605bab16bdf3d5ce5a2bd1aa0509e35cc83ce2e7608ea8ae3fb066ec170795b6888c7fba3fc6cf8831e6519d3cbb128016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6a33111d0898edfaffa25cc04021784a

SHA1
7d46e9a91e0671838d7fcb1b049df63779a78f3a

SHA256
cd633a846688faea048f5d70f3ed8371626aec7218b77c000caa5978b7f72d14

SHA512
11e16830e7b804844f8a24c7a3495306aea1c8431ae2ad5120fd722aeb6a531bba8f92cfebb810d1b7058892584077dddb18bdd500f64e7bf821db62fe8c9fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
bd75c5bd069809200931a3d5fd73625c

SHA1
adda52c0e59e04304c369efa9cfb8bb1d0fe5cfa

SHA256
3160349941b9200d48a973ec6f1768d9a3b52f245f6241067f2df759e67bfcbb

SHA512
4096ee5574f029013de9736e0f930dd7e48cf85f85d88696b7bf8b08ca47d8ff28075626b65dd946557252f788356e5406b844d88e4722dd4d0fec4ff46e05da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a504a1951a2dac12128a90486d83a6ed

SHA1
6caf98e8b28b0ca859a6d8c5eb6ba993bbd8001d

SHA256
117aaa174e124d022d1b169753ee3e40583a135dc4ce564ce9b57f481fd92c8b

SHA512
e7b72358048d6202879ed79aaebb55e8302c3673ee9787cbd61bde3925746166aea4b81c4cd3da3d84cf510119d384f78c84c0b7275a1b4ff6f735028fbc2082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
29cf1992ae16ec9755a3b6d87bde3978

SHA1
8f4c7e489622ddd9c60f8a1da3c12cc5f410a438

SHA256
1afeac68d24f54de4b9a6be233a7efd12de4ce694303b8b35e5a0f4ef87d97bc

SHA512
22f939c5c33922f6bb5d3b781993d1f9484d7ea03211b8482107a1ceb2c44a2458f4439925c3d94bc5e4a5082ea48e00410a6836a619c8c9cd9562baf6667097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
a79f8910f17b2d79fc33b8ffae141459

SHA1
d99e3841fbf00b88d59bc9577a72326454888968

SHA256
f30e8e25165d6d6d18bd86820ddbcfd1feb364dfbcb4483b8f2fc590defc1764

SHA512
be70ab0d2ff8b3cce91bc29fb15a6e6416ad3fe40fbb39a64b6280158c5c0e0cb4a0d7c907ff15c836958f91478c20839d5f28ec2dbdf637f20d804aff208158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
900f653aebcc3924cd2eb18b5ddae4a8

SHA1
652296f760c14605d20080559847ec58f2fbbce6

SHA256
3fffbc1e5313ee3d4f378e2e0444b39614c1ce191ab3995010d27510fdeb7ee5

SHA512
1b2a5494d22d87e15d862dd23fc778863f659eb70f0d8890635751fdca09e6ba30f7fee683b1ca7498e81bf45ca4d9edc23df0030905a3e389fbfddd362e5867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
42c1e9931cef3dc2ad6245ce88cb7409

SHA1
3419b91851c7e4b823539a694b2e3f1d2b05e579

SHA256
cc29dd677a3b2cf028e37f5b202882fd639fc47c95bd854ce64c4ae8adbd1231

SHA512
67d23348704e7c741f868182232d4806d2c086b982c6212874393ec5e75ab74ab6dcc000c36c1478a7195f13ab86f1ae547a5564c9ee33e0a8786710647a50a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
0baad9531baeebdcc2725d60a1f9457e

SHA1
8e7fe63ce86f133d0eb443b182a80888d29ff522

SHA256
804343b6b4ff94262420529de2ab6a13a03d82f11d64cea880f8632453e3ee52

SHA512
dfd2436d431636c6414eb74eac085b06ea63a6461831c7053a3ef29df32c22940578a968dba09c2d9906eb793b0541df1c3d1d948505f6c553bc4cec68ba11ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
ff09951c04e794d0fe2d0af4b7f21bd0

SHA1
1e233d906f4559f84282fdfd608cd3edc03bd765

SHA256
aaa0921cb1f45c4bae794fb05dfcda3c81a4cdaa445d97295967e1e12b513ce6

SHA512
1420ba7f22ac479ff1e05ceb23d5d76fd0ab52b6aeca696553abf13fec6743ca19f935d1d6e173ccb7b160efd230f392a0130ce407dff3fbdf083c50bfe8ab6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
36899b18f1d9b199b20df5ebdd1f8666

SHA1
7f0af39b1975cd7009276debfd2ab2454e899706

SHA256
de964b65d05ef77b2260856d423ecbc57f07c037ac2cdbab6eff0044f3d47bb2

SHA512
6bc9cc7a7707870e5ea885b649b9bbf18c6530c01aa2ae73f0eb5e030e95f8d42868f9a82b212fde1e4dee95b91487185fce01a5e60866b8884ab8ab0ef9a470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8fb9c7880a1e43763f040a03198999c6

SHA1
23793d2896f4621431a29e6572acc8a66d930324

SHA256
0518c7a0b553a2ae0f500cd252f81d7fd95102837278f6b7d0a2cbb39141b5a3

SHA512
76bf73340aa90868a2b8b49283fa08cfba337b498821cc1b5ff6ac73e91d1749e63e54a5cce4f414f59f2ce867ba107b6fac155c5463cded51fa6301e08dd4f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7648144e62600e746e88d94a127f0506

SHA1
76c21cf370438717763fea27da251b2d2b32475b

SHA256
c683d05f2d716e688c65b582cded4d0458ca11e66c0ce27029ce7045d86a40ff

SHA512
73040ef58e5b9b53dc23c9fdfe05fcaedbde57f28bee89c323d854c63d19e732f0109957596d93242e2d86de226c31ea32c52a0d21a6f8cf91822eeb44df2d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6e476deca973bb86f65927d6b53f39f4

SHA1
784f9dfdf5df1a86b23ab4a254eaa7741dc1e396

SHA256
e9ef54175daaffd853463a9f572929aadb5f5c2bb8cb0a1f43413b26a4a58b16

SHA512
d27675996d616629e05a242180ad02515fecca53e8c7e36a7dda96578339cca7402f973a8b31c427321042a27bea2acc9e2821fff2f0b6c88217ad7e25ae3cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
abcee61a64c6419159f8b6fbad90fcc6

SHA1
8120d0dc6137403a34cac9f48afa5362c9ae0fd2

SHA256
28d630ef3a90bcc8d2841f6bbc2709803ac1a9d6c4ea8b951d1763a6a3f6281a

SHA512
2356ec7d29fa5166af409caca9d0a0489fa4c2b07fdda1f3de8b1ed4ce3f99772253e555219e4b281b3be77fad9a699da457b1672278798d0e39a3dd9e48ac79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d8e6868b646b750059f43bbfc81de905

SHA1
dda771e5421532d93055a72ddc67be75386283a2

SHA256
c958f3a2ede204e3673dce59988e1a9ffb0cac454b872bbe68ef0e4a78892717

SHA512
71feeffa5fa7cf8ac224fdded42067efea6144df1acca5c39ecfa04e9db353d84ac929c4947fd9cb3579f09477d2edb86bb58237916932f64c299c8d98675fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5a2ef0b4c58bac1566a7051dc192682d

SHA1
bb9d66aa347a25f5401c74288a19a406a7eb9dbc

SHA256
d88710e4f1ef19f5105541fa2fcaf75f6b1658c7274b2f988a7acab7bcddd5e6

SHA512
5a0152871b849adf1ddffe36d9d7962702fb396c85cd2cf5420f9c2e2bd65a4f4dbe8df0bf5aea519f36b10fd9bb38cde017d8d0b9f8718bf8f670d98527bc22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f1ecf826477bbf9bd6c374703bf50de

SHA1
3d60202efdf7f0516ddd41cbdf05666a03a19cb2

SHA256
d3e1607db7072b4f89f3ec3605964d580b553d5a51700f7f7a172f25bd1c346a

SHA512
621647c4cc0947b494c1749d5042bd36380e23fda980438e30efc7b0d296988ab8f0e3d6e10db9bd498d076a4d89007131ae3d42c3a0835c415a5029bb0480d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48b2bcd67fa2e000a7e021fe488088d8

SHA1
e2ea5b26e2bb530573e99685e0037122a327d196

SHA256
92399801db1516371df6cc563750af5b6218a79bef24614106c4552881df6d15

SHA512
d7c7c8b1b9b87befb59162d418d068039b0cfe55181723b35329ee74eaa998ecc7c30f6802d242e8b9c7b9e13a5c70c467cd96a9a402ad6601c3a715065094d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19c326b1fe11f67bf192ddc95ba521fa

SHA1
321ba3342845d36a518ffdfdaa2d42450a04365e

SHA256
113b788970dd471e4b39cbeeae0e8b771e2ee87828e62013febf9ca7f7f64967

SHA512
b1891200b4cbc29e6735b0cb02020b4cb4b474ded457f26ae903fb2a771714490aa409e84e0294ff75b69bcc720a13576529b2186c41a949be89614c4c354065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7c47bc15b623f5020f30f35d6b310f04

SHA1
b37262ecd229bbb587301a27bb1527e40ed65766

SHA256
264bf6acbf2c58a47bf4214173b3c07ff7945b8901793f9cbf0435a52d1c157b

SHA512
798cd9eccf7ccbbd2d501aa91bbe9b8f648c25150517418a798f2bc624ffbe6aed0a96aa143d7cdb4f0d52dcb91956f37914b3572e1780072469f0045b4396e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c1be91d68cb8099e3aa02ccd3a87cb3

SHA1
7e6c5186419e55251769a9b862f57c621f092d33

SHA256
dfafbdcb56337bd5ee5abf198c91dfe419d96353bd6a1819f20131b14bf92ea6

SHA512
695e00b9be546f5b6e40c914798aef29ac34eacde8ea65916f4dfbf3f33c44a22582b0abcc8beac3673b96228cc691378abdfc4b59d5c3f20eb9cd3bebfdf707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
95ae94c32c514b98d7ab71c899f2d967

SHA1
e33f242d71964b2f185afe35f1d9dcf29bc8de47

SHA256
ae8e4915abac661d6199af84dfd70c4702b8699767e8ffc3bec9223977ad60ab

SHA512
b6c98e60c0530c0c1ce917e185e670251e8911534746b8302e1a14e05ac7325849484bb8aa01569c917b7ee0cb22b441bca2c2d0d3c525b6858ee818b88c7ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e4b1f98d2ca0083c9835e7260ba823a3

SHA1
02f94dd73e69d01436f6fbb3d5f99865a2cf07a2

SHA256
27717a690cb52598df3e07b9cf0dbea9e38ae299de28213041a4f3c722abb4a9

SHA512
d7349088775bdf3683df66a9423381cf4c581288fd03954786b79a175a744deb97aeb5fe166cb4bb56af0328af366893c0e09d2ddd7fe3564e06b95797b2fd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fad8f36258a9bf8c6bcd25220bceea6b

SHA1
6980dff30f3f651a2f1907dab00fbeec73d889c0

SHA256
b8235c0d4fdeba86d3e7645a1080189834ebd58962aaf8b26cd5c36f2faf1fec

SHA512
ffaf0432aee2f7e8a7ffb18499b496601078471fcc3c7324cb4ab065514f3fe9107e1420d8e75cdae2254dcb2fac41bb45606c0f916959f27c41ba47d8f61942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ba50e0eeace32dd075906e968c75dfe

SHA1
16f8cb64004dfecdf749dcc4ce0694825f83295c

SHA256
ae280c0971917ce767a08b954f671e1df3e3a77b6c1df869601889409311ddb0

SHA512
83efce3c15390dfa0b453ca86a174830b8bfc720bb08758cbeda325dbb440edf786373ae3cf484812fefa2cbe0cd239d70ae7be5cf92b9e4f319384332ae0448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
83c61f1067705a59c7ca570e148376f9

SHA1
ae85777014a83b3d92e99f90cb7a4c114f52e908

SHA256
4645f6ecdd8ae37b93a75b256fbf057a558037abd1c877a9e5ec81151007f41d

SHA512
3ef3b3b260c98cf093c83e1226fda517c7f63ac807399994a3cc0df2e754b3f1e2e7e38d9b3498ff653ae052f798e43cdceb239573d5bf84afd99362d4587bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6ccb44e49376fbc7a96280f990392e6

SHA1
11c7c9fcf29178505be7a32810edcea234fad11d

SHA256
fa5ec2fc7ef012e25444f35ddd6c24e1f776600e89d0b84932e64e969bfcb194

SHA512
888af4e586a7e128bf739adaa08a5c4a310728c994a6d919596769f07f56d2dfd47ec4754c8814effbaac415ee0119e0e98ff284df493a4372a834d669ebfcf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cf806a3c5b39a227b8ce141c9ce44b6a

SHA1
307c990bc242195fd98b2417d615566a9e5d7bb3

SHA256
e8676d9622ee4fb197a0d6cde8c97b3e867503fd3981fd36c6734c26c07e123d

SHA512
920bb5089370a0439cd1c4d476eada5d786b168fb27678fffa3d91813476d6faa078c77670db93e5c3a507e523e7451b49123b3b520e3db76760df65cadb70d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
53adab5b46535285c543951a7a9e7988

SHA1
948066d5b6ead83dce15cb37bb315e4bc76c6c3a

SHA256
93a06afbacfc08945dac9ee6b88a58faab8067016ebc67c203e6927243a4f5c9

SHA512
52caca041d808ad750bef429361d0da83206428a522ad1c1fe1bf6f3d575c0ae7503674d44b33708e010944de231a43fc517113b710fe89e681f6bc4e57dadf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8a099db738e67365ad491c3aa2026137

SHA1
7fda95e9bc6658c9d5919417d4c5dd0ad7ec5ef9

SHA256
d7e1c70a39da80871a7e1235a010e2de4b183109f94ab4f5649b4534563f6825

SHA512
d62af1358134dc7ad2ead1408c56c2a6c7e5fc52f7a1f8ed97f5e9bc0ea7768058d4f9650091f75ea0c950627f0c15d9982ae5ed0faebad38eaabc3459d36197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
64f6b1d466fde0a525e7c64f43614247

SHA1
90ef53452f5e52bc3eae48ab8ac8001a80642ebd

SHA256
753875d6fc41505eb66ea6a6fb9eec6e62c5cb5b614485ea55b44068508a20b4

SHA512
8e840f177d9e275d78ef229160b78a0b63bfd0156d8ec800cdb6b0e3ac838044761cf3d7a2b57379ffeace120800e87d86228364a6d667e98a4d17d8b26875dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd5b9a365736a6fd7507fd93a87edd7a

SHA1
5b447edc2c3175fa59816a72fdda32f60690f772

SHA256
959f5f58144d57ad9a408ceed5166b767ebec709baaf8b9575cceaa7711b2290

SHA512
d25612fe7ce85f1f114ac1718d5e726fdb87486c9658cd8039a8212d288a2e4d67ccd72c2fb7446d2dcd1b9f7a4ff9ebd6a0f3fa8f44579c1d3bbe194605dbcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
54052119b21f25b959bde65d1d9f9383

SHA1
1d0141e149ac3d8ac53932516b5a4c5f71f18d05

SHA256
299a26a5b65b3793f6765a34bc0a4b1f419d89b2fee3d3150a04ae20aca8b885

SHA512
fbbd631c7b356b57c938ed75838fda09e62a0dde1c2e628929acb26320fd4dc90478573c600e0bef7ceeba7dd278ef6d94919feac1c493b1627694314835fc79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6bcd8a7fc74e2016378718d46021c3ea

SHA1
494fe26ed2777750e4b53c98c16db3bc20ce4af5

SHA256
f07675297a5aa78d6bf97badc27bc48e62177562dce10a59d79838dec5688854

SHA512
f26e7a08092f0f1d62a78b44ca683d8403bb2e930fd0b2c017a5ea3483bccaf835ba2c1db3c62e1af6e135edf74df36b61edd3d695efd8a0680810ecd7e4375a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dca56cfad8e9183b836a4457b879c2b2

SHA1
f6f6427e1d53eb4cdcc0cd7e88e356a6197e806a

SHA256
29520147945fff3f3165f5dc7ff7f0a5139258896565bec08e2b6fcd5fce64df

SHA512
98a2d7ee839c0a1d4c010a85b49e84c06e37c8fb64e41fd4c82a1ce21cf03f12e54ee47f98602b95217e743dce0a48ef2c0389cfa738bdbfbaec7e12580ba50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6c9195d160cd4c701deed2d88597c034

SHA1
31bdbf243450b637c544da8fd6cc4cc5b1b4a918

SHA256
9ab175917191166429408ee86dd1d3d88642a30fac85e4d908e061f7bf6a18d8

SHA512
4a7a3610930dc3630a8024fbb1894ffc15ce5f74c7390e74fa1d6ca8d242e2362b9902dd7b58eb4e62d34afa817a8abda6d76662931d065b8a394e839446b16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
49e60b50e535a2846e0ba413061b94ec

SHA1
b07299e40d242a601a0a828407da88a0c9d86924

SHA256
4b21c9543b0bc7a2fa8aacb713bccb2f8b7e15b5c7e56088561821a9f8049d2c

SHA512
9cc0f04f65738fcce6fe238d131fc573e5c140001b9ffca02ec059a0381bb1a757621ee9efdb128542c46d13f754270720800d607121c1afde87d667714c4c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d32e5eb-5c23-4b0a-9aac-81f118d5477c\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d32e5eb-5c23-4b0a-9aac-81f118d5477c\index-dir\the-real-index

Filesize
624B

MD5
7bbe2a51cdb6115c4dc726c7ca1210aa

SHA1
ad4a0a391bef989c1351623106387d354b5c55ed

SHA256
81b1a8306c9f582e2ffa151eccb050878f71df19e35fc013895f930d8f4ca9d4

SHA512
281236881f4969fcb468531c5b45145bff641adc3dd11328f9dd50fdea4c96129024c3f0426771ad74a11064cb6fae21053076672546227a9b740a1c395a9fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d32e5eb-5c23-4b0a-9aac-81f118d5477c\index-dir\the-real-index~RFe601561.TMP

Filesize
48B

MD5
23d2b6480ca120aed96603dc98d42bc4

SHA1
7b23389f108bc1f0a6bb7424d64d770eae9130c3

SHA256
6aa264792158b9d8e585e8bb1854cffd3c31fbf8476cd8bdb86bb1349cc31890

SHA512
86a800091c9197b183982790b3138bbd6cd1067794d14075a2a3b192a15d1eaa978382b1929318d7fe68f76ee539c4588cd881254a4f7d55cad72bb65ab0333a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5199a7e-1600-489b-b15a-8819f05d7406\index-dir\the-real-index

Filesize
2KB

MD5
646daa886494266c060167626794793f

SHA1
182d5217b9e408f40343f7cd407f3b50d6831c12

SHA256
16d3f8361304803b487172eb9daf3f96f232f6b94fa6b99a2810e4a475578eb0

SHA512
f8f30d3c586ba9521e296e2e4240e80a38e197193ea2d0f8e5eab859ba5e878ab93821b6934c0467ac846ae374c4ea3d78eb5852ed1f03d69e0cb372b76d3ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5199a7e-1600-489b-b15a-8819f05d7406\index-dir\the-real-index

Filesize
3KB

MD5
db92e1df4f0e0176db2fcf6865430b99

SHA1
3f7ecc707368cb3b3b775290cfc40e305d6ce6a6

SHA256
e777bfcd04095b172067fada25584931fc07e0b90d9b74b3119ba00c5255f11a

SHA512
ced40d08c759bf2697f680710faac83c58dcdcc91eaf295d8a8ab3250094fb83b12df9b0671fcb3e8d6cfbfd47e97fd65a7375ea1a9793a84e9ea130e1af7448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5199a7e-1600-489b-b15a-8819f05d7406\index-dir\the-real-index~RFe5fba7f.TMP

Filesize
48B

MD5
cbac065b30c9a6c2eb7bf47ffd053761

SHA1
90470589da93fee7b1a763a13f3c431592c1d387

SHA256
f0f379147c4d2a96e27555f82328be46fb3f38bca9945c7c087baa0c0721531b

SHA512
2eab0d22eb49d38f023bbd81a63c18577a02526c1b89cf7e9adec7f984e11f7a933bc491b6bbfa05d57c52c27d727c2847d6b6a6dc9b34cea3707d00499b5af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
32095e2f7fed591b1fd2bcddb8fcf8d7

SHA1
fda285fff2db062c37aaf65415ee4bec0039e5e6

SHA256
1b1a7f650613482d5808f0945186725928816d0489f2100949217ccb0bf7130e

SHA512
989f73ff7b363b7c778182cd275b8a0438ae17d1468a18039619677f160f704ddaed44a7914bebd02bd18a8058e453a8bdf324c658a612a1b36dd919314d9b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
733930eb6a4a220960f9099b1cfbb614

SHA1
7ee6e81097a87a05021161aea55360b7d36a7b53

SHA256
95374adc441695024c64fac262883386d3eea314567f2f7a3fa8ed473c49e239

SHA512
657c52beca7cb044761be5be10164ca689dfd788fae0840d22715df6c26acd9c329b6e93f038369e87b782b10609a3b22e539ce2fbb92f539d476b2317f2f221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
4eea8043296de71025fbd2ef39f34fc5

SHA1
5d4a4581d05bb438155120f6251df658522ff4a1

SHA256
73d68502ceb93a38a113f31f9cf95cea31b81c6fae83caa57e5f413559c890f2

SHA512
ec13206ec059e5b0821fef83e07bafc59a3fd6870bb2dd0ffc224e8321516843173aa2df5049c2e590d03dafdcef1592cf62387d10598434f8b04c0b9d62522d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
ae0dcd848043598da4024313a3c26833

SHA1
5b68fda2025c9e9a9efa9924cb72de7f6960a272

SHA256
bc34bc726e39153d0f4b3d3f33ac9cbc9c08010ec428d88ca6c9324f2e79ec00

SHA512
5f35844d5323787fae95085229eb391deee42a0841d67c2454b05525ea24ef608dc44cf86ceba62533d20d91ac07cef2f0cb07626288773fefb2a94057a93569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
60d1150dd3da256fc67e209d14862c8b

SHA1
cbae474b1afc6f0d529e1d57676d8e568494191a

SHA256
cb1535706476bcaf64559ac803117fdf324f376cf099d78aa902de74314d19f6

SHA512
ac9c6572b727c4eae4f48b2fda59f4cfd13b5f71ad0275b6929048c71b22973d54314fc9b9aad013859cb1c2d04985f06ac45ae6340df9f5e0a8ce1a99200ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
a9d4f4899c179683a289ad0c1e166b91

SHA1
15fb1352ce94d0084a4d17070c5e075a03c4eced

SHA256
c2d27e5f465c7f2a3010c7d8ca399320fcb05d2e7669b842bf619611bc578fcd

SHA512
8c94bbace34a32be50ebe78135c3ba00061204b1a39f722bac82b688ce597099f6c1924dcb30357cb4fef0899c1ef7dd735d8d915c981bfb02a872bc600a7ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5faa43.TMP

Filesize
119B

MD5
94c1187ac6b63b35ee9fda7af89a5d52

SHA1
eabfc1bcafa1f42bbf2155ef196bebb2ac09eefd

SHA256
fc53a20608adac7b51a9bd1bd9909312f0a26fe29f7a51d0c27bfb104bf10698

SHA512
98e0206b34c34afcfb6c0a54d243b754fd29095843a394a534f8d8a52d65bc8676d56c621017cd8f7cb2abef19388af9867dc36a1e4b68d2331c18516df3238e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
ba5f764489ad3f40cdc05cde6f7f4a70

SHA1
16339122e467febbddb2f4ffab58f8c1634ce9b1

SHA256
36ed44e93767d063079af5d8ef3ef0ba00395a9ea1ada7345d0f57bb8264850c

SHA512
de2216bfaca0c7ca6d7e5568679a6d135fe9ad81711ef6ae2f3996f7cec68c8748257c9abb0419835c4c6ab7e1cb7fe7da515b59e9e365b24ec712e2dac2b15e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
1dbe7a7d9621fd5dd15c9ebf548f183d

SHA1
84274d6656a6b4cc5947b30db3fc8061f4844b74

SHA256
4980d193a2a9773b7924b8ebfdfdeb0f7b8e2fa41058e04cb122c1f0689501f8

SHA512
7af72298eec69240d0188ff0c1ac8182dab5e3d8a03424332048ea8f9bfec0a283de8afef9468f2a499580ae170243312b1f076c5decabe7f3dd7288829e9a92

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
08bf40bfcb734f6fbb2b1b8a15081a75

SHA1
f20375b288aa16fde380543c388fab32e3991905

SHA256
085ebdee80d776053153a77ba8396b84a134b2ccb2c6774b06d7d59805d39595

SHA512
ef3977ba5ffbb49de9e7016cca0fb3d0a69dc830363e77bbadf5e5665288826efe87bc3759475c23fbae0bf03b6863b73cbed5961df049ecdf3b7d794e49a8ef

Download Submit
memory/1028-2-0x00007FFD29500000-0x00007FFD29FC2000-memory.dmp

Filesize
10.8MB

Download
memory/1028-0-0x00007FFD29503000-0x00007FFD29505000-memory.dmp

Filesize
8KB

Download
memory/1028-6-0x00007FFD29500000-0x00007FFD29FC2000-memory.dmp

Filesize
10.8MB

Download
memory/1028-1-0x0000000000C90000-0x0000000000FB4000-memory.dmp

Filesize
3.1MB

Download
memory/3440-13-0x000000001D7E0000-0x000000001D81C000-memory.dmp

Filesize
240KB

Download
memory/3440-5-0x00007FFD29500000-0x00007FFD29FC2000-memory.dmp

Filesize
10.8MB

Download
memory/3440-14-0x00007FFD29500000-0x00007FFD29FC2000-memory.dmp

Filesize
10.8MB

Download
memory/3440-9-0x000000001D0E0000-0x000000001D192000-memory.dmp

Filesize
712KB

Download
memory/3440-12-0x000000001D070000-0x000000001D082000-memory.dmp

Filesize
72KB

Download
memory/3440-42-0x000000001EC90000-0x000000001F1B8000-memory.dmp

Filesize
5.2MB

Download
memory/3440-7-0x00007FFD29500000-0x00007FFD29FC2000-memory.dmp

Filesize
10.8MB

Download
memory/3440-8-0x000000001CFD0000-0x000000001D020000-memory.dmp

Filesize
320KB

Download