quasar | 8a31693ddf8924f144ba19a8802766188bd13f1ed7eea7c226eb0e01a9e47685

Analysis

max time kernel
323s
max time network
327s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-11-2024 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PORQUEPUTASYANOSIRVE.7z
Size

923KB
MD5

d757d40193d311216967491e36fc2ba4
SHA1

2dd90fa74c489da4f85bdf301053230b480a31fa
SHA256

8a31693ddf8924f144ba19a8802766188bd13f1ed7eea7c226eb0e01a9e47685
SHA512

9be26ab222457605eea0c42a4dbcfa80154cb384e6abf0db6a010fcca172a0eda8792b9e3fff9d67717f095f67448d9310c7e049f7fea8dd5907afe8bd462921
SSDEEP

24576:q9gl2kNvEE7GFdGqXsShFTAkBojKLUI56eGk:46vbIGqXscAkW+h1

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\PORQUEPUTASYANOSIRVE.exe	family_quasar
behavioral1/memory/2328-5-0x0000000000810000-0x0000000000B34000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

Processes:

PORQUEPUTASYANOSIRVE.exeClient.exe

pid process

2328 PORQUEPUTASYANOSIRVE.exe
3060 Client.exe
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
2328	PORQUEPUTASYANOSIRVE.exe
3060	Client.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768714001928206"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exeschtasks.exe

pid process

2468 schtasks.exe
976 schtasks.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2624 chrome.exe
2624 chrome.exe
3180 chrome.exe
3180 chrome.exe
3180 chrome.exe
3180 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

7zFM.exeClient.exe

pid process

4324 7zFM.exe
3060 Client.exe

pid	process
2468	schtasks.exe
976	schtasks.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exe

pid	process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exePORQUEPUTASYANOSIRVE.exeClient.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	4324	7zFM.exe
Token: 35	4324	7zFM.exe
Token: SeSecurityPrivilege	4324	7zFM.exe
Token: SeDebugPrivilege	2328	PORQUEPUTASYANOSIRVE.exe
Token: SeDebugPrivilege	3060	Client.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

7zFM.exechrome.exe

pid	process
4324	7zFM.exe
4324	7zFM.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exe

pid	process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Client.exe

pid process

3060 Client.exe

pid	process
3060	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

PORQUEPUTASYANOSIRVE.exeClient.exechrome.exe

description	pid	process	target process
PID 2328 wrote to memory of 2468	2328	PORQUEPUTASYANOSIRVE.exe	schtasks.exe
PID 2328 wrote to memory of 2468	2328	PORQUEPUTASYANOSIRVE.exe	schtasks.exe
PID 2328 wrote to memory of 3060	2328	PORQUEPUTASYANOSIRVE.exe	Client.exe
PID 2328 wrote to memory of 3060	2328	PORQUEPUTASYANOSIRVE.exe	Client.exe
PID 3060 wrote to memory of 976	3060	Client.exe	schtasks.exe
PID 3060 wrote to memory of 976	3060	Client.exe	schtasks.exe
PID 2624 wrote to memory of 4508	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 4508	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 1012	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3672	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3672	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe
PID 2624 wrote to memory of 3748	2624	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\PORQUEPUTASYANOSIRVE.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4324

C:\Users\Admin\Desktop\PORQUEPUTASYANOSIRVE.exe
"C:\Users\Admin\Desktop\PORQUEPUTASYANOSIRVE.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2468
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffec626cc40,0x7ffec626cc4c,0x7ffec626cc58
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1644,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1932,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4424,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3520,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4796,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3380,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3932,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3200,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5652,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3556,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5632,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5660,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4464,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4848,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4928,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1152,i,12370374971743894236,14205915682837908689,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1021d8a901ae6f472023f8cc20f08a53

SHA1
77bacd8883332c699f71a590b6c5add677409815

SHA256
45f007b6c815cb92d13e0070c7325bccd6bd5ee0db7cf40a5bc0741121d06279

SHA512
522447d6e72148560e9ac0196e83a8ec33e70685026dc74344287bfe9e950145aef848ce57e3bb7a5c3180dd709e20000b694b887bbb6c650823851edcccdc3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e8d57fe5becec67a256311400d11a2c4

SHA1
9d4cb230943bc6d329e00c39eb303eb47542b32a

SHA256
8c7a095d70fbb41df0740a3afacd0c3b8d768ef18ec13d31bc57c6f5d05c8558

SHA512
76ad845a2744c74fe8295b6122754fb730332b7955c7469daeb7bb51a7008139b6e9749c6cfcb396638ccbefe0a3fcb5359361e917ec9955cb1e6511fe6b9f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
ec717383c6edcf465390caea4f2c6b56

SHA1
390e37371fb58830fe0fd4db4feae3359b4c1b45

SHA256
99052c9eec4d3029189293516345e0190ce90ed55ad2278d2cc550bfb306b73f

SHA512
d832910908316d82722bf1f780105efceb6b672b457233577bfe52b33575891aec605517a92ca5498a4ab8f381e2dd416f181384541d560ac9c72ed4abd85b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d1a6aaa7063cf0d21e130c0ee5d01017

SHA1
6779533188c0ee946aec65a19928f743f4233347

SHA256
d19aad800addc798c6073106e91a8b019974ee495004732d289b8805d5a85d04

SHA512
6f72322c9aa139c89104839bc48b4dfc98fac48e927f999ce78793835d54220eeef732dca1832f66c85b6c8113584c3c3c10271f58c881b030f10639d750da94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
07f1ecc7adb046b93f8abfa84624142f

SHA1
7c8708f4a9bc8edb3c99969df13e71f8f521e086

SHA256
ee2d31a4b5cde3e09e3b94adc1080c18a46736c1a710ac8f6f7cb6a36aef38c1

SHA512
ee1916fd571e1f24a061ea594a61334fae74003b6cbeaf0d8a5798e33ad9c44321b691b3d475709ceb2d99de8cd80c5fff0362694a38e9e211900993cbd5918a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb787464932b6bb636287b1991697d41

SHA1
d18c9ebbe8f77177918a14a8787c3f130a805434

SHA256
ee51cff063ac470c54ece6ee6124d124059fd8b8c6a89b2b419f21a41c013451

SHA512
801ffe689c54ab0d9c5896ae83971d3ad6a612fb6339ad4446bbb7fc7346cc502dcadf0bb89079590bbae715d42ac842173c8da91fa04d6d9cb9cf72af62193f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d11e13fd6bfd91311e6f84451319e7b7

SHA1
d53a499c89d14dffe9e487f10538ca3d65c4d2ed

SHA256
1783b6c5dd8e83be99903cb84c62c77d1b979edca2b0c0fdd3554f86033268f7

SHA512
8334a91a88bc9119d0e4587dab41db3d5460df95d3e6bf9f9413df2372b2af91fe3e601af81ef5edad2c56a54553201704f9cd9b34307e44ccabd40cecb3c70d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5460c227dcf68badeeceb0fe3f726b7

SHA1
aca718bf13dd4a526e96b99d25e7345335029ee5

SHA256
6ab83f7eb38ffa8644edc2daa0b47a7dd8f007dc6c3d619645f861178dc98793

SHA512
5b4be21a709b2f07a6d883e0cc35278d83275ef61a4265c4bd18c2b0a576ab1d6371afe44220435ca39ca2e0a84edef786711e15df53a9866e0d9488e9e496f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b40464cbf4cdbaa5be9a5e9906e69fa

SHA1
737c0489b239fcf012c3e5c00cdc79f753234767

SHA256
79d3169b4aca1cce3849b8975ec47f206de511e322ff76786eeab61deb0482e0

SHA512
2de904fc7436d919ebd1701db176661f3ce7d105e07198bfbbf9138ac95be7ce322a8e65580a46374f0ba395b9e6ddd064325d3bc3918e1ebcf41dd5114bd4b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
21054381fa9876e34490cb0e284ac21f

SHA1
1de162348a62a964036e1502e60f6d0dc9f2e653

SHA256
5e5d4b8264a29b3776107ce1ba3695bdd922369aeccaa1773070eeb25913324b

SHA512
4380c3d78bc2178b8d4f85ec8e52e36f23cc1ba6b2f44063dfa010c0a82be6a4fd72a1b9cd1a4ce65ec2aa05e8d5f909cfe9f5bc2142aec8acda07168a34fdc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d756588101984af73faa38f4311e85d

SHA1
97630c7a3afb6e1e28cd5eecc8de147288b5c382

SHA256
6850451a4b32e6616ec65463d73ea838cbe6493e6633695d4087a2c9e2e2da5f

SHA512
1733552a9a7f9e98addfb986f229e90fb76d5fe073bfd9e7a6d04d39edf0a332df9081fd3c1c2ecc4dd0ca5a4d6a4415eae5d2afd0a12bfdf864e5e8456db8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b2ab64f2a651d5c90ad7069343d2947e

SHA1
1573584ed740ccbac9d853d90d75e127020e8679

SHA256
7c2c51d90b3d09a1b81a2f189e73f51215c7fe73013e89ab67016b8e6de464f8

SHA512
583399025f3f7c309cf23dc0494d3f5fbe4c279c8fc5c3a8f1355fa5defd2a38fe0de3066fb65014ef33546ab5d1ad11dbc18ea1e46b866328a8036579340531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4956e6af2173971ff27b1597f3eac5b1

SHA1
2226f21132a772647d0e3c8ddf7e9e7c85e7e537

SHA256
6b7650f9a7d263e216d855c9079cf2e69de40cd7f56d18dfc38342999049218e

SHA512
0fdef118d00d1dfdba92b68b143b51f3b37549b06db8cbe03ec4463f437f4b56cfe1a0859a292d669dd4f46775caabf59439106dca64cf476d62cccefbf605be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a0864e1fcdc60cd07aabb6627878683

SHA1
1456f23bd4ba8de68f4a162d9e97008d80cec658

SHA256
0903e74882ab33cdcc1780839f85a532d442372b0609987f004829785c698f0c

SHA512
bd2181e02fe2065cb1a70eaec8ce5df2eae18d06c4c1adf8df7cd30087561742cb736f6d08864cdaee8e58772d4418c53e626c5f9a8bfa9252c8f4e0ed58c06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
6c92d192c3edea465e8e90660e893c26

SHA1
7365600f1e85d5f00416b26c47b3b2d28bea9eae

SHA256
8b5e55436e316336ef6300bbb204d06e534e9668ab315f317b4658960189f1a1

SHA512
e04fd25c7a0e6b0ec15274dcbcd2bdb9e9a9b57d2cded5bdc87993c7a36f0e7814ce7f2d375fc39ce7c9392cfe134075defdac8ac6c16020924fabdd5afeeeae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6198e51536d5e0b4ad5b4c2383470b0d

SHA1
fa42193f8220db2dc0fd333c8849773ce2bbe072

SHA256
7cc312fea1824f995a411a48710edcb5d404eb2d35fa8a5435610f2e296bff26

SHA512
fec0fafca5f94d26ac307a5f3dfad09215a6b3638663fcd61a36dfd284b0b04b6d1cff9838090cd8094965916f29c16c3b5e5d5a270c44782af68a77809de1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
790bf061b684e89157b1fd9c0e2d7fd1

SHA1
9069fe4745a53437992c5dd647eac2d0e7984b34

SHA256
73e869b86d208f83e8d50fca73467b9177abe2bc4af6445af270faa3c1aadfa6

SHA512
0ba6e1150a1b95a4d640404cc81648d3f35ad36e3e387c917ee3b552162b89b3d36288174dc351a5943eb1e283ad86a1a806b12616bf2b40650c1802493c83b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bb6af1e9fa53417266f0c65e903a950f

SHA1
32d9645fc5a162abaad0bc6dbebdb9358f99ece8

SHA256
a4f723d8a433ebe58deb56f38ae4614ed6deb098cc61dc6b7781c20ef0030820

SHA512
1f9b6bfcc40497f7e873225bb4213cd77129b1ad76d0a9e1e55d00c9f3ecd29118903c65ad1977cbcefd669ffd02d93a11c5e7f1b5455faa25435ded724ff9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be9316e2e386f7254253abeabfc81055

SHA1
095cda33f4ff495da1f950d44be1f5856e094b23

SHA256
27a3ab9b0d45f41abc4aa757ebc7b7ac22b1799ef5874c625cc7af0607ca4b8c

SHA512
bea4984f5bd46be32a4dd17b507a6c6acc101c34cd335cf16c941fec378a34302b6232eda76ed1ca7f3b8f2ac4c046d211a857c9e34d173059d8396484a803f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0da63ae2fe0a6450b0150c97545efd6b

SHA1
47e5aa0f47967526d6744e75bababa1c84743c09

SHA256
9e0be11e497daa5602eddd09b7928ca3fa46443984ff0ec0a4c99841f3ceb461

SHA512
8633ee8ceae82ca40a7ee3134135e8de9b8f5c4d67799b07ae97279b8fb66faf9805e1a654437aba104112d28392d3902cedeb3ef6e3a200f315ed58d5ae22e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05a4e72bbc81523886a413bad911ac21

SHA1
37b3b25fafc681c65f89e5177173534d25042dae

SHA256
f4f5ec63522ef1f3e47fd016a6fc51cdafcf81fed9b572c3d574bbf3f14f3f70

SHA512
c446c3b363fde5166b894f665eb25b3d0ffcbc7756d608837fcbc0e54b2ca7191e323f08464366a5f98ef185794c3eb916aceb9425f0d789c0bf20fc60576a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f0d4c7e352a8273efeddd694480758c

SHA1
833a6866ad77d7f42d1318601492707b85273b70

SHA256
1a5c3380b88e6264aa67718ee77eed4ab86d7a1b05f00769a96dc1ece655062d

SHA512
1a829893640f31bdcbd555152995ae695f1eeef8ffbe2b74441f1c3120e47bc7e88055d63b608109ee532d45a1e2f5008e5734cda9b96cdbffcaa7f8239cecb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32cb5eaa12b1c563f559373eae520ff0

SHA1
ac08a29dcec7650d83eb47df31cd660aacd0ac0d

SHA256
745d4ce9de4c59028d501dfeac983ac457ab90dd5ed2ddea901a271b18ec13d3

SHA512
9cd2cf46b6f92ed5772916fca4efc3f1ad63468b91fea4d668a39dfea76efa28d7df8b0b7b26a35c2f074491e525a8bc5623b516f5b81d18a65ecad6ed4a5b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a75e2843163b68a2bcb1b5cf1547019f

SHA1
a7d6538a0b6975de2c8c1adb12d26832ce745f00

SHA256
461f7c4692dc8ae409d468265549d13eeccca3c9612c84f12bc1f500ab0495f2

SHA512
130925a98d95d84f15ad2782a29781ee59f85d0c26ee5fc88db7196c25c94795645fcb23b95c44cd7f069434ce531b2367fa00edfeb90aafd3f2d235ef5c0721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4373411cb8945057751346cf28eaa064

SHA1
1c513f6b44dee5da04ed561696dacb19fa4dd89e

SHA256
ced98b6ff249de78747110ed9098ffef5a1f382e5c01448af6e2d0b5c5bc2529

SHA512
9bd52b2bd060dfb00efc4f1d199849b16ddd8ba74065ff63fba08a645d70b3827f89ea4215e592ee6c0977dfb0e03bf4e293346bb15236a2e93b42f12450a7e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0eef4fdaf080184e19a498a388085c48

SHA1
e1c125f5ceb2cc904815c409f90a903397b966af

SHA256
803d9f34e0bdb0744ebc4a5b6eb4f02dad5d3a472e943806d07b7d2b49b380a4

SHA512
ccf6a7788bdd1f4f6dff0ff1ca217e34c62307742609044696612862a627000fa46dbb18d6dbacd7c987312d46a91a966b1cc0f28179d1115c9d5e031cbf67e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
768d972adee61897b616a68d2ecd94db

SHA1
a65ffcbec5eeda5b481bba52c939c871a444a422

SHA256
e8ed0842b0b28179e8392597b4c829f38a592e713fbc7ca6f550139479d671be

SHA512
c0fa112c64423307b4bebb9a885a275cb368126cf870d5e55aaab332f65d68ac1bead92d9a1c426287693f5b2958838ecac074dcacf0d104a57556e870a87fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a13c48e4095ae2aa3f1c63616eedbdc7

SHA1
467c60e27fa6da6f979f6421c2bd1d53bf2b4ec0

SHA256
0c24633e227164dcaf7c6100b12ac0ada7d56d0468bdb7b67571370f9092ae24

SHA512
3fe706294fbffce0335dcbfd0ec0f75a58fdda508bdf1786f735f7caecab670c37bdc9c8abf1a96fe060000f1b67efc792e907bfde1c9655b49094948ec80460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0e4e6e3524b0471d7eded2b329bb635a

SHA1
c31ffa0003413888030e5412d10e0a8c933fbf25

SHA256
2348fc04c74622054532f664e6603afc7479c95046e9c759a7d33583608853b9

SHA512
740ec2ba82c39e94202284e51c398a6d8f3d7db0a69de07ca590dba6fb9a53ba88231b1e2e0260414dc5d6c3d332e8f1f0c986285de06d7f176641d1ba102128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ac8f63f9b0b8ba4a4fbbe74deec6d7db

SHA1
be24b91ae9a77577b865141e876e2f7f9025b0eb

SHA256
2a681b230930d24258a077fc3491e1e82dce92bc54b0f514551085b3931e7c27

SHA512
333eeef5f45708462f596fea598e4d35a093e9528ebffe81b8449a1877cec9cfa7fd4dff9cf3f3766d10df2f100f16144384ce399f76948f2443ac7453100c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d1c911a760ea5d6360070b05c3b7dd15

SHA1
1f175a8634cde2f2d70bf4429310d0f476dd0398

SHA256
0303a52ccb8208d953544f82db12a2357f722d8d2abdece42dadb62dca6eeed6

SHA512
f54f030f69ecf01d6802baec8a97e127a8e99d049d78c13b62cfb6eb0b6f44cec1f11e8ef0b3b1fc4a91a97259cf3bd279ee1cb668137f6ca516987547871d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db976dee21cc24f239842b49fa153178

SHA1
f0df141bdd3d01bc934bc2374932bd3d0866de28

SHA256
771dcababc049221f056ee06b0abb1bd5d2f086ff5c825959e2b80378db5caab

SHA512
f64b68fbd9b5ffcb9ac0c37a592a38f43b7f86d0f1e9d58a73b11845530002a8e8f6b690c73fc6a1bb61e672e96bee3e6dd54b58244be6d070159d91e7d5e482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f47071c91dd3bb249194ed2d4e6c72a0

SHA1
ab6087ba2a38e9cfa5fc97daa9e334c2489170f6

SHA256
d6db41955cde3b3aa980f5514c8cf8b1041d48b1a02c679b73ef604ea8322fc3

SHA512
fd00981e972e1d614609bd9021a9d5a9353f78e3b9b145a7b2b33a950ece5c8e77e9aacdf7c501c84974a6abb1e5b2341a1794d40611a208e3fd8010b3cafa41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba1c81ef3008537b929bc3f13b61233b

SHA1
83475feada4352be53c8ad854dd3e8d2f0fcd829

SHA256
e3ca79c88e1ff1e704d7b388626de9b5a33ac61afce4871ac6550986a60bdc51

SHA512
14cef40acb15cc8ec27b50902ac498787e7ef0ff4b7be226979364d7fca25f58e9976f1030a51bcd6d3bec69f9d0943e64230da1fae46387f59a4e325c1f47d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe03b16c44165e7c3007a9765e164cf2

SHA1
d079167dc680d4dd18c1bfe54ff37019ffc95606

SHA256
0f463d64ee927630287152cbf58f7c054699e5a93dff5fdb88b967464ab65bf9

SHA512
a1b9674352b3c8e659f6297c579bbabf4e4fe42db9774b788c40bb0ee5300fe71bb6ed6f59c7ab5a6f0ee644401c3742cee6b07e87f3d7f2a05064fa5c60d35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a38d1fe716b1a8a759b31f6f779b63eb

SHA1
9b3d195657f4201ecd26b6db20f966f3d16ab057

SHA256
3223c72e98b1080455a662545110687d9ad5d202d5d86fb7ad4a81720c10821f

SHA512
e0f13792009968028ab0f31ad0d9c9adef1b945a8139a53aa0ae62d187a96296411eda4ee077810a44271e8c26f1c151af1de375a8046e0cc98b0da09b0b524b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bafc3e3e5112717109fdee350e4c27a1

SHA1
2b7d5c6b259554d673ecdb651dd3f25afa9ed110

SHA256
c81c7c08997bb5ab7c55cfb3e9e967a16d71e1c6f59103de3d6a9f7580670045

SHA512
68bb3535a66b5b6eb8ff6878b100800ffd6ef25b0bfc83c9b5b86684b8daaab0dfd9cac8faf3b0367b6a73cfec2cf80eee4438f01aff5e90fb682e9a5df87e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
59ca6090ebc84df323519c88a5b0de19

SHA1
31b190f9e311f32963ad81979d30fb1d7dde4bd0

SHA256
041a9b749fb7ea290a8d130268f17c73b6b8f36d13754cb5690256a228e08661

SHA512
d0338da6261138e73707fb3ae0cb1f15e473a190d38ba67a8d2148f1252df64f51872dc39ef28b075966381d224a7da9f6b100117a59d89cb311b3fbd511bd4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
6cc49567bb7108c2c9e67b46d37ebbfb

SHA1
acae5da930576bae3715f20cbdfe8f478f882ca6

SHA256
638360a6063384b6d1a05191dfe2584a16342cdba46781e35b57d5b4cd764512

SHA512
2691a25f60469967ef13d3c1a2290c4d2cdb7c48a93f05b17c73d01648816c33b8eb5fe48275f51734566861515b3c452082d77c319c8aed0675cbe50fb61b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
08475c1d3d29a3a5eba4bccaeff2d2d1

SHA1
d335467515a2a699355bece4f82ecdd226cfff88

SHA256
94d7847c794cceaf20d74fb870c2485e329428bb3f6d498d011e744cf02afea2

SHA512
05d158b41d03114b7754d119b3b022cbbe29a286f12f4c4102212e49050b9c3c86a7221e7469dcc8ebef342eb5a079f788a2bb240a0700e0a94e4e82708a15d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
2df19e5e62774f48883a5402146f751e

SHA1
349eea55560cd41c36a27dc8f7300779dc3b9ac6

SHA256
00bacc17a9801f433e7f8b7121bc4b3a296c5ec97cddc9cadab7d478896ff480

SHA512
c601625b29168046cb2629f057f1e3275e5215ddc19f65515d70a87902eb4f3fe2a7460b88e20463872aab1087eeb5b602fe533de949f47936c34c9f4f2aa8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
0d31549bb0816c01ede94847f144253f

SHA1
5e159860ac2f225a6b720ec2c72d4360375ec3f0

SHA256
41df106745ddbbd27c43896820972059e214a12a744b50c1ea0f29be3ef70862

SHA512
d51d5e6823b34744abb863403c3731ec3940ace4929a09f79ec130510550de1e2d693cfb40ad962f41bee822d4db8ce87caeb17e7744cae66b78d5fb2c43843a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\PORQUEPUTASYANOSIRVE.exe

Filesize
3.1MB

MD5
73565f33ed4d8741291cbb30409f1727

SHA1
4d3a54b28f3ea80f884a25905e27165bdc353109

SHA256
aafe953e627f9e733e101d7211f0c9594dbdf82ec4019b2c9aa361cbc478f0de

SHA512
d897b098ddcdc94ac9177bc9a90b700c8b9a7cfafa74f729beebf74a094f76a7bd69e764711bdfedcdd231465daef16e937676e391ca2c010df03fecc863b583

Download Submit
\??\pipe\crashpad_2624_PKLTZGVAFEULGLSN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2328-4-0x00007FFECD7A3000-0x00007FFECD7A5000-memory.dmp

Filesize
8KB

Download
memory/2328-5-0x0000000000810000-0x0000000000B34000-memory.dmp

Filesize
3.1MB

Download
memory/2328-6-0x00007FFECD7A0000-0x00007FFECE262000-memory.dmp

Filesize
10.8MB

Download
memory/2328-9-0x00007FFECD7A0000-0x00007FFECE262000-memory.dmp

Filesize
10.8MB

Download
memory/3060-58-0x000000001DF30000-0x000000001E458000-memory.dmp

Filesize
5.2MB

Download
memory/3060-10-0x000000001B850000-0x000000001B8A0000-memory.dmp

Filesize
320KB

Download
memory/3060-11-0x000000001CB00000-0x000000001CBB2000-memory.dmp

Filesize
712KB

Download
memory/3060-14-0x000000001B8F0000-0x000000001B902000-memory.dmp

Filesize
72KB

Download
memory/3060-15-0x000000001CA80000-0x000000001CABC000-memory.dmp

Filesize
240KB

Download