quasar | f0b341cff383ba4f0143639eb0515fbdc023b8c98815a4f72191114ab75799b6

Analysis

max time kernel
1049s
max time network
1051s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

3.1MB
MD5

4a0c6269f041778479be25c053014de1
SHA1

7474c9d50ab9e48e165df40cfb5d45873429c1b3
SHA256

f0b341cff383ba4f0143639eb0515fbdc023b8c98815a4f72191114ab75799b6
SHA512

24f9125960573e4a99c9407d6e7d543918c921bff1caabd7c394132eaea370c89b242735089af064639b4ccc070a6844b35785ef6be0db9d817ad26b55a1c65a
SSDEEP

49152:Kvjt62XlaSFNWPjljiFa2RoUYIgxDEDwCk/JxJoGdSTHHB72eh2NT:Kvx62XlaSFNWPjljiFXRoUYIgx3v

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

x5sql-62870.portmap.host:62870

Mutex

42098932-ec6f-4d72-ab22-06528c985236

Attributes

encryption_key
3300C61943A333F53FD91D0A93268174467B5322
install_name
ntodsk.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Microsoft
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/3692-1-0x0000000000D60000-0x0000000001084000-memory.dmp	family_quasar
behavioral2/files/0x0007000000023c72-7.dat	family_quasar

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
3624	ntodsk.exe
2920	Client-built.exe
3996	Client-built.exe
4572	Client-built.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\SubDir\ntodsk.exe	Client-built.exe
File opened for modification	C:\Windows\system32\SubDir\ntodsk.exe	Client-built.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790213208406345"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2980	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3692	Client-built.exe
Token: SeDebugPrivilege	3624	ntodsk.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe
2980	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3624	ntodsk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 3624	3692	Client-built.exe	83
PID 3692 wrote to memory of 3624	3692	Client-built.exe	83
PID 1936 wrote to memory of 2880	1936	chrome.exe	105
PID 1936 wrote to memory of 2880	1936	chrome.exe	105
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 4916	1936	chrome.exe	106
PID 1936 wrote to memory of 5116	1936	chrome.exe	107
PID 1936 wrote to memory of 5116	1936	chrome.exe	107
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108
PID 1936 wrote to memory of 2716	1936	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Windows\system32\SubDir\ntodsk.exe
  "C:\Windows\system32\SubDir\ntodsk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a5a0cc40,0x7ff8a5a0cc4c,0x7ff8a5a0cc58
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5268,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:2
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5536,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4668,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3264,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3400,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3392,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5284,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3216,i,3102787766492443406,12424197732127847357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2776

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
PID:2920

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
PID:3996

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4572

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
df5898e14627f8e44d8016ce31cc2dc3

SHA1
f34883f2485a61df4879f4a9234406b8a70fd92c

SHA256
32e74aeec3ece006049d7fa88f066a4e6fe5f4c3a3e02d9cf6ab47524ac8af0c

SHA512
f0deb605fb268ecc03b5faaf6cd9446ac2908df657c0af87fe3e0b58fff925ea71203a801c3950993b60c833d4c86052e6626a1ae056cf868c531331904531b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
61463495c2d8df029f177fed94b9c1e2

SHA1
1125276cba79716180d533d500d7c6cda93427dc

SHA256
eda5b5eb18506427c89ea773aa9ff53ec4065637e4e1ba123927878fd0d4a4cd

SHA512
2e4f30f11aa82a24ef443d52d265825d026c61e910af91cd2c361b9669d454bc1e339cb96e865072b086ef5a78b959956d058b739e619b78b98159189c92c5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
512e3c531b33edf9b2048dcb41a38201

SHA1
60805373acc3e7969d063d8074d37c4463ff1c8e

SHA256
ae1ef9cb030b778f24cb2980cd5d59f8711140a8e256e9df6663e9cdb2d62094

SHA512
1f2c4a0203f8f710c48c1744fb2ddddc1ca722ebcf1db57808bc640da9b36ba2f274dce39e7fb268040021dbec24b494a9cf6eb083571a185c47892f36009102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
551fe8cf0c3778b7c10da0880935dd7a

SHA1
1d1004876bba1418dbb8bdc976378e429c9bade4

SHA256
7df5b94be6d83d1c0c0d6878d25a0aca662220e6e47ea26c955b088424ed6045

SHA512
5a295e7d2ddf0a10fa273eb7a8499d301507d78fd327501e312bef55ed8bc879f5fea0b0149ac7a54a958b67d7a450ef8aa479087f181f93a400860d4d8a49d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7caa1943aba5f66ad36de23cc0fcad7f

SHA1
d1027d6161bb1c63bf2b1cb2be559f8d07c94d89

SHA256
f4664191d21953f09ddd443a7861e93ca0d7dcc65db0b8bcce1b9bfc33eaf8e4

SHA512
aade0010a0d7ea658c8b44597435b57a5f5097f599e1d8c945b028be113a5898b4ccfecb83329c3eb57dc972ce97b2e670c529e4ab14eb35fc9e2aa1c8b5745d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
1f051f10bd00d6d4995cb2268b4b99c7

SHA1
4e7f88a676e7c2f8bfa68ec35fa5ec6029a537e8

SHA256
d21d479d9712ecdc645f0e957c1c0fb700916f59877011209b6f8d70056852ad

SHA512
ec5a8b8666f07b1619af36e4af6fbc6cc4be4b57338ba71df070ba0d6dff155fb463de7bcbcb8dfca7c2aa19a71df6fcb4d8e38e752e015f3cd680e28f2d13e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
445b00bedd4d2e4727d7b72b627974f1

SHA1
e5d58ccf1a15dbbc2e86a9abcc38b457cd1c2ff2

SHA256
279788c0eb05fcc3e909b3266811faae17e8442137436ef7d6dccb8164e6614f

SHA512
d6210de95fcf2d2c90f7a70a3e57173eee6ede2397cc51379217089790ad39139a346ba317614857ba6d31feba7c93e31dda946d1e232a26b404ae403416a23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40bef53bdf4921593562a18331617a0c

SHA1
fd498e740ebdb147f52030c6961f019c404dfb0e

SHA256
d8764b33329ae86defe159f9c95d466baab558e83ad9a394b4f6b37fb6d79263

SHA512
daf64fa40bad5490772612b06b2359426116e6296b1c45a6e7bd42e7005585d45ff3737ad2abca28c6205fbe90090655c1fdfafc4a93d073eac74a7b22d6f0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b235f0834279f3e37f73749872a8eff

SHA1
bea8e1222b36f821f6537745935e8b16aee44c2c

SHA256
a23a9f9713069b3772e2793280a7f464229586bc29e5f194ecbbabdab3d288aa

SHA512
052fcafcaf9f1269c01c09d974e181f6213c996f8ba5bc50588fbdcf8d071c33628c51767054608015cdf9930d7724a6e5fd0c3f3e476002518c23b57303ee16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b21065de01f294237a289db064c66bac

SHA1
08e37b0c13359a9efb3f1256ca5baa3fe8d57d63

SHA256
6e393d5a2ee811115fdb7d3c39d4c5b99836e2c347a346d4250897c306961bea

SHA512
9a90f17366a5b8fb12ec765cf3239c0ee42f39224bc260fc7e089c70fd9c154b7baa31087c55b5817073fabc9b0e7f1f867a8904a038a2176c886893285645d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eedf4814fc0f64268f46d0e1730a3407

SHA1
0bd0168083da62e51bd90f43e1f92546b373bec7

SHA256
689b4f163124a8e0bbc7f9c5ad9e54e83b05e687faf2c69cf8d82fc1e929d615

SHA512
e1900dff5a85256546de680d215d3b37df7a87c0ca82d5030b0e416f3ecfd71fe270b6b8b6e78ae90b976f7035bff6ef373062cb84144d57265ce9a916e4121b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5398babf087e8afe5f4ff0e39832fdaf

SHA1
bf12cffb01355b42128eeb11d2bad2ae5e83525a

SHA256
5ce812cd4653e35ad03059f488afa269a8b76c138eedbe273a27f7dcc9a6103f

SHA512
6d872cd92dd0cf031871ffb4bae2debb9ef980cf87a185b9873101f48ba6403bfee8084cecd9ecd5a1777778f65cbc4434d256c169f3443a2a994abb4678508f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31130a330cb8741bf8bd6c59776b7841

SHA1
adba99cc8ec2b6a72250cf0f4bbeef58a1eecd62

SHA256
c17e90ffa68db0693efefb23901977e25158b92fab47e7c49aa67be821c50542

SHA512
ea1bae3043b31674be56a43fe03ceb0bbd3d4e5c8ff047ca84b9bbc5bce72dfa22384027210cc26463c96561c577b6ace676c4f8435da500d32ab1818caebf48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7338c919048b7c8495e38edec21b38cd

SHA1
c65f7f18b4c213962ee354bd31f9ab09eafe1459

SHA256
7dbe44dc6ec5868874029e9ec460e95b48e3e548ffc3a168ab9b6fc1aae15c40

SHA512
d28936fd233386da08d4ba630e799b11b4ada91f6669fea7eee649f77fa943ce70c44a7acaf1e07b2ed969609d16d9d588dfe410ec88e4bedba0ccf63575eafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2df861c9d8da4aec843f52e9798fa5cd

SHA1
238b2c72af12ee6cd5b82e1d4ba1871fd3e4b556

SHA256
b5ec4e775bdf0d9a087f13628971d0c91d3ac648f07100b63df2077262871442

SHA512
991b92b3b1d445b96c6ed56573365f5cc997a999380ccff2ac10d5baf79abe785eed46e51152041bfe4ae1759231f7129d4a8f77b8da619ff19d35b1ee67cc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97c4be5964e35e2744ddd82f79cd3072

SHA1
4c1a03eda1b3264bd1fe8f2c0587bc80f846ca1f

SHA256
ec4f7098d0b64c153bde1eaeb264d384b91d6e7e7485bbb8ac289788736313b0

SHA512
52d56c988e74e10cc089fc7c1c6c205cdae2ae52b585df1378793dc5388da53499214887783deec50a9f314d7f50f6c53b6de79f2fde89cabcd9111cc9b2a127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e14289cfe04038dd469c74d3b2276402

SHA1
9557f8dd498e78291bff1829120efc684c94eb2f

SHA256
7b223218d9c350af5e50ceb05af5c5d750c4d548605d9c65d8597c6eec9d4139

SHA512
39245d192eab3714dad35f0e39f5a5391a0a96cd9890aa36ed0d920ccb37adb5d4b60f5577de97431ab9b76478bc0c8af24a22b8d9a12a12014e08974b296ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f48897bf2c844d8ea79650652454f44d

SHA1
2b5f49beadf0304d32f4c1ed442bdae7ba836651

SHA256
8841f9494a7ca521bd7d63376bef0e570d8b5379f98136c6a428242030c5b9a6

SHA512
8cd5ba3db4e364a372744a778d1307c95c4c9b82b28dffecb9fbe5ff06abf4b084a0cee5e8645b81cc8179e12a145f94c0ba9d441ff85b26b28193f14a6bfd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27907251e8177466cc5207199eada1be

SHA1
2232558916f6858097a128b360192b708733e2c7

SHA256
d5ae6de3f62da62d1508fade4879304b3dbbdd97056539063cfdea5dcce60b22

SHA512
6a0c55dd6a3aa42596e11f6c26f774359f0fa56776f61d54f187d7b41aa0d5ff61917242502f1be4e860557523519a1fed1d2b712cc60be945f9b77c4bad9d53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
689b55877562eb656f6f0a0da030598c

SHA1
5821893531475e8cc4bbcbe041bc68d3b8228286

SHA256
3f16f0f0f5517f56339a335024b9922e698a6bf6b3925a67ef66944387459241

SHA512
87354911cbf06a32fb624929d4abaef20d5b9c9cbcfd00cfda4ce30c13b4945da689f1bf848a439713aeb27e2541459f1da6bdfdad852b8274d8d53c41019aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2a823bbceeb299ce5e99e9fb722f3c8

SHA1
0efa46ab147e6b560f76a1fd8c163e52b138c2b7

SHA256
c958b767953eb3723fd1829a07dec01a8679a1e5f9b1b2063aec788ac49d327c

SHA512
a82a07d3ae9cf2e4d45b999c4c296202a9a76026dccee1f012a08e9447e9b4265306998c974f67da0855aad0ceb41bf6edd41d0391c6e8e0797ee93f9a32f187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
883bb56c79a493baf631d9e54d3173bb

SHA1
73571350458e95507c765a5013f3653610959f8a

SHA256
b1a6d6375de3dd5978870e693544ab647af0179728443dd86bf9655343c21c8e

SHA512
f7b15cd38354c1011545da2ac3901f8922ee214e50ac339698f3759a15bf7d15ed0aefba8ade20f768c836d91e1bb695327069fec7c617112a7e0eaeda058c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c042ba84595c3d7e635f37003a74656

SHA1
c526f8f80cd3a0a68aea876e8b528843e1bb6566

SHA256
8af28c610fbbc6d27b176d7e1ae3fe90109ee848e6880ecd845a3c7b81997ad0

SHA512
d645063e53875c2f89ec0a4bde539433ef7e9b825fb52ab41a496281b36c95a312764704cd8d19088dee4e5551bdc68a55ae4f7d325a68ae17018c0e3b02252d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86506514af080d625c456742b7d4232e

SHA1
8b0075c015ca969af5d614d14d21a898d41dbd45

SHA256
c88c3c39198e3bd0ba625a7a00d6214fefab9588fa27a6f35df4187e3a232208

SHA512
8b51fbe0d5868e29dacef2fec53e0284fd5238340367fcf948ea076dae8e0cc2b54f0ac04eaf00b72fe85b720b04c5bf8958da5f96d93ed36272c42af5a3568f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f47f893595ca95ee715de7eb18502fd

SHA1
04484c94c7e956b43490234b32e73688e3ee7af9

SHA256
5e150bf953007ea18cc5c875bfa04c40571c704d09b8bee64736070dd27749d6

SHA512
d32b306b70ee61a9d66e567cf60fd2f14113fb5b4bcd8e24469fd12bc7ae5b39aa98b8357eea4172d10b5e1a6a7b088f21c9aa0416dda5d2845b55d00a35e009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
818fed9aa2e0024d181f78a3aebdef7e

SHA1
b033eec75576c8e72881ad08a7ef4ee920a43e38

SHA256
02563186c04866fe00d39e4c3682a126db1f3d08ea4a941b4494684ece15ffd9

SHA512
cdb823bb9a401326b73affbeea8f445dba05b310baa17956c1adc7fc4298af64c23e4e95f65b8af5d4566f634cd71060b7255c7cd03081d9c12b51ccacb67596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2795662b84b0db6040479d29a041920d

SHA1
818ac02d4428ba88d8c72edd1ade4a148b77386b

SHA256
2410f07756a84c3258ee70259c656e7dc6b8e85ce6254252e19f18435f84990e

SHA512
7685378aaab07252d3b54e0a37e9e7443078f230d30f90a3270503004cf599b2aade6781aea2a960bb14257ebc01093a675aa263836205daa3778f20b0746fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f3d82579dd080661becb61d1dad077f

SHA1
168b6584d2e29506cc98709e82e007ec37af4904

SHA256
5b8a63d0c2bf4a04a02c5d6fe3ebd126dec399bd5e2bbf136ecefacbf5eadf9a

SHA512
2633d82fb830ce6521634f4bd4cddd62c771df20d49997fcda1e534c47fcb3565e7a922a8e7d3707a53c0414ff038130ff71ab2eba46f9ae962e500262dd40ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec7d32f85c523c63cb132525ac00065f

SHA1
31fb0bf16e7fc12b2d86c79b33428608b83db7a2

SHA256
7319c660035c648cd6ceefac1dcfaf0b9e17fade1dfe7367c82f1680ccacd621

SHA512
9e30daa379f79017d4d361b694073a84d3a6adaa682086ac86f273b339f6120fdc3b1107767408c690c2538d7a7682d0c44ef7aada878958b54b60d750174ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9db985e0fb7fbadf33e68b0c2483588

SHA1
f2ec29cb28b9ca27142952c6dabf5eabf9def3ca

SHA256
f1b66f0df016ecfbd75c3cabc1e2b6704522eae91395455eb61c8f55ca52a3b0

SHA512
9381e443072910a4886014a9b6f4a34d5d3fe5221cc98c7cd7220462a8532848bf1663e4ab80f16190b4580281f448ec258e1309b76eb69dd47d1675c5f6aca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca9e41c760b534867c494ed50e83d3b5

SHA1
9a7f87a3cfd67219b53c21920c04cb24a8029a4d

SHA256
d3410d5aebb32a06168a5a25fb36c62d2912cac8615a936aa8da2fd152107046

SHA512
408c3ff2e61cea9d88863a36a2c969b9e51ab46bb7b8540605499af9bce209447f036e167590f4e64075e0565ec00cb05775e4493154f8f2cf0360bee17cd032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be0de96a3ffb967291f7e1a2fcbd7ab5

SHA1
991bd3c71af5731b2df295781eac9a432c7d803f

SHA256
c65782ad80eacbacb6b6975623c5f30933e2b14c875bea77dfce3fe8a4eed9bf

SHA512
30dfaf38f752a3b493051139ce7a5a6473dd8d5f2539a71afd6be1c7e773907fbc69477050029178f544edb3061dd47094ea2e3f9c529c816131de5950963c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48e40d9195735d3d78618bcc5cc62040

SHA1
36fc540504e0bf37613260a49e4e003cacc3f7af

SHA256
ecbf34ca3c67fbb53a828998b805377e547673cd56d5a4b0b1937ff91efeeda2

SHA512
b1a30b46949261dfa939ff9f253ddbdebb43657d7a3de7a0234bc0581a1d2383da83bc7d6f1ad8b0f6659ada5283d37c3359f2235e15e21c9477b26cebf7cf49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
152265009256e606288a162d1dab71f5

SHA1
0e56fd59cbf27c360ec8e048a2ceaee7e107d749

SHA256
49a670a63a83dbfb08f2249243f78ab0d6d0fb85d2d602c9bb9b3559490f447b

SHA512
c9148aa3e57a41a1f8220c63eac1961501e69ef2560543c689152b2a4d83d6d9c5b140e5929da55f3c779f80e9c84423c16192279e8343ea3edd2c87da3c117b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca25d43df711894098074803fedd0c71

SHA1
8518f3406eed402e151f0b99796146703aa3dfb3

SHA256
7c468023a7efb7e898f93bc63ce161e748e592608c61be0f4f7744b4a8117dec

SHA512
0b2f20dab009bb697e112d015654624d434698073c5ab115df59d3c3475baa9b6aea075b12fd0198716cee4ead05ff343116b4a1f938022f78c12c03e6db9518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9213ded39ccfe8ae46f3a9450d676cd3

SHA1
9c135c8c07de6597d497f2fd54833c8f649e2628

SHA256
acb2865d4e5bd88a47d7a90c5163ad6c9470dac3f502c1854b084d3019ea0c1d

SHA512
995fa7d68fb2611c86f2fc06712057e4be21252e31f30895892a8c90de4073ddbd707a554e0154b8b075b695ba7be374706df62a879356087420f066f5663aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca3e79c6fcfcf566de761658d9f227f8

SHA1
b8d5c4fdb114c89e1c3f1c3226c2bf3b56f5fa6a

SHA256
3bcadbe44b6d281551f5fddb97755b772c92575b41cf5eaed557c6aa20a6e331

SHA512
1427f640fd5a68f7e17d32dbc0083bc3d2645fc2d773d9fae34525bcf0928c5834a78a55d6b0ef071d966fef623747c3e6e1f0fd72937eab52ca49769320ddad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bd18ff1f4e7dd26e0d57dffe5340aab

SHA1
96ff7e415e8803dfc4a76b561de9b9e9c51b36c3

SHA256
9562430ea94305ef2c31179a05b28823a8705d7556857c9a8978a3ae57fc20d2

SHA512
91e4c49aae149f7d7c2295d59467313320950cf061c9a4a73e39d08fdaefd8106d5858997b11d6de58df4067d8b99abd97326f9db01dd48c0f5a7c75a0aea8b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31fe998cfdec51fda7cec028a7724004

SHA1
5dd9077f33a9f99f4b4620ac16dd9c8a75b426fe

SHA256
4b089f7843b6ac3e322f81cad992a7019927d1387e6e960a485a825902074e29

SHA512
9fa8da4fac0a3aa7f671f2f7d1709cd7452489dcee500fa5381bd9c757e01382f00043a69b571e96b7a522c78e5c50990e8479dc2fcbc0ff052d40c13a5ec5b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
524ce681f8d8942f009dfc11fa57ce39

SHA1
f7689f7417d72fea122aa6a95ece7d2f0a63d896

SHA256
a6f9d3534e45d713acf2b2ea24ea4c13b636d55ad49161c9c5bd04145594baa8

SHA512
ddb57acf42568b60dc5595dcc24ae36d0569bcde753a69d693f36e1c8d3204891acd6618384534284016a452d98f4e8d3561e3b3cb33ed8265b13669a7c2c963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fd1d08148ef19fc2de10eb45c037aa22

SHA1
3c9bb55762c4a5c2d7344a6324893fff24eeb39b

SHA256
71841779b32ab039a8311a093bf72a089a80cf36c187fbb03c8b5acfd749dfdd

SHA512
9709ebc4037875ab0b649f55dcd8e47f10198c349b7b1bd47814508f2c8a5e418665f74c0ad4984227a82d3dfc72ffeae7a813aee3a8b81722db03f3718e17e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c4672b2f-ccd6-471f-9a7a-572ed584bdb2.tmp

Filesize
9KB

MD5
9be2c260d8078b4bcaf80e71113a01de

SHA1
8eb2e95e6308788d1c0f02eae3766737be766981

SHA256
093bc4945689b96bbccf917eb25d37196c4b7e3a995b1792c62b68e97b09bc95

SHA512
9dd5693affce7c0e20c802d3e56969b46388dd86fbe07b08513aea3cb37127bf4371bdc6092e894b8851a6d2c9fe9461c17a882eeb2349f8672be1ab24f1e6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b272f89b52d9a69d77e28fc394adeadd

SHA1
14e58ef8c1cbb723bd4f29fbc86be70248ee0836

SHA256
4eecfe4a564eeb1c7b3d7eb9d3a306be9260814d28b76d128c883b1e06e0babe

SHA512
14d56b0e260c878fbf09763401d37d70ea99de476f89e83a11ca7466803417b3e0f7b18f7c263f891aedc110ac17494e510562bb7147c3866dbf48d9897ce5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
da5160de653a5f0dc91c880f49fd45fa

SHA1
a30806f9d26a0ad853fd74ead6a4f533f04bd82d

SHA256
f686a23163545e0029fa29269b41e5b4fef1c95d3969c4f530289df7961bfa76

SHA512
23bcb00eeeecc6c940ffbd0a1a9208e1b0c0ef309615100dc9d0955deb49fc140e709e4a982f6a96270f9ede513f3a2c635fc89f5940d13d33d6a6d6b3b1f1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1936_1975360604\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1936_1975360604\fd8d313a-c908-4e3b-843d-c1c26e7ad260.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Windows\system32\SubDir\ntodsk.exe

Filesize
3.1MB

MD5
4a0c6269f041778479be25c053014de1

SHA1
7474c9d50ab9e48e165df40cfb5d45873429c1b3

SHA256
f0b341cff383ba4f0143639eb0515fbdc023b8c98815a4f72191114ab75799b6

SHA512
24f9125960573e4a99c9407d6e7d543918c921bff1caabd7c394132eaea370c89b242735089af064639b4ccc070a6844b35785ef6be0db9d817ad26b55a1c65a

Download Submit
memory/2980-614-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-615-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-616-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-617-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-618-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-619-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-607-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-608-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-613-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/2980-609-0x000001583F2E0000-0x000001583F2E1000-memory.dmp

Filesize
4KB

Download
memory/3624-38-0x000000001CAF0000-0x000000001D018000-memory.dmp

Filesize
5.2MB

Download
memory/3624-8-0x00007FF8ABFF0000-0x00007FF8ACAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3624-10-0x00007FF8ABFF0000-0x00007FF8ACAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3624-11-0x000000001BEB0000-0x000000001BF00000-memory.dmp

Filesize
320KB

Download
memory/3624-12-0x000000001BFC0000-0x000000001C072000-memory.dmp

Filesize
712KB

Download
memory/3624-13-0x00007FF8ABFF0000-0x00007FF8ACAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3692-2-0x00007FF8ABFF0000-0x00007FF8ACAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3692-9-0x00007FF8ABFF0000-0x00007FF8ACAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3692-1-0x0000000000D60000-0x0000000001084000-memory.dmp

Filesize
3.1MB

Download
memory/3692-0-0x00007FF8ABFF3000-0x00007FF8ABFF5000-memory.dmp

Filesize
8KB

Download