quasar | hxxps://limewire[.]com/d/a0277023-1257-4da8-9713-5bfa31dd9421#EZTHzEoBf_maTIM6MW-ySbUDLGKVKIeuIZUBcTtVr8s

Analysis

max time kernel
49s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://limewire.com/d/a0277023-1257-4da8-9713-5bfa31dd9421#EZTHzEoBf_maTIM6MW-ySbUDLGKVKIeuIZUBcTtVr8s

Score

10^/10

quasar duy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Duy

ily.vuivemc.xyz:4782

14.167.107.177:4782

Mutex

c31b9b46-046b-4667-a401-fed2195635d2

Attributes

encryption_key
D4025C854CBFF958E14B3B61E32C8A430CD7C80A
install_name
deb.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
debugger

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0009000000023cef-416.dat	family_quasar
behavioral1/memory/2708-419-0x0000000000690000-0x00000000009B4000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
2708	Solara DDOS.exe
3640	deb.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\debugger\deb.exe	Solara DDOS.exe
File opened for modification	C:\Windows\system32\debugger	Solara DDOS.exe
File opened for modification	C:\Windows\system32\debugger\deb.exe	deb.exe
File opened for modification	C:\Windows\system32\debugger	deb.exe
File created	C:\Windows\system32\debugger\deb.exe	Solara DDOS.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799380451900250"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3688	schtasks.exe
1508	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeDebugPrivilege	2708	Solara DDOS.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeDebugPrivilege	3640	deb.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
3640	deb.exe
3640	deb.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
3640	deb.exe
3640	deb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3640	deb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 1612	4440	chrome.exe	83
PID 4440 wrote to memory of 1612	4440	chrome.exe	83
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 2212	4440	chrome.exe	84
PID 4440 wrote to memory of 4408	4440	chrome.exe	85
PID 4440 wrote to memory of 4408	4440	chrome.exe	85
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86
PID 4440 wrote to memory of 4608	4440	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://limewire.com/d/a0277023-1257-4da8-9713-5bfa31dd9421#EZTHzEoBf_maTIM6MW-ySbUDLGKVKIeuIZUBcTtVr8s
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc7dd9cc40,0x7ffc7dd9cc4c,0x7ffc7dd9cc58
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4332,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4532,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=2252,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4612,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5316,i,11559574120105990020,16438026474393137030,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:1748

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1488

C:\Users\Admin\Downloads\Solara DDOS.exe
"C:\Users\Admin\Downloads\Solara DDOS.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2708
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Windows\system32\debugger\deb.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3688
- C:\Windows\system32\debugger\deb.exe
  "C:\Windows\system32\debugger\deb.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3640
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Windows\system32\debugger\deb.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a6a8796d1fe681b2b484de0991d36117

SHA1
0917576404769ade4c31a25c538095a26638c677

SHA256
dac21945e57c3e51c59f9a593dba18f03b5ab4e65257bce169ffc1b79d8fd561

SHA512
32255a81c8ff219f0999f91bd00fddd89d008f3cd87ee5c3df3d0364a315db11c26b55e2195e2acd99abbe58733ba03a05b5acecbc11d2883269bbb193824c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1fefde3e04a590cf877bf6212a8e0cf4

SHA1
6103fb0e04bd464c3bf3737ef110f03729dca883

SHA256
a00c6b5116e09921d760287aa0559156dc60552b24c5b4e89dd390b233f2be1b

SHA512
21129eda2b76f49a424f12cd0201c5959f22c01dcb8072f167575145158b11b7b42fe2f9c75472eaae2b31bbc2361a7d3179d703d9b92b367af3f620d4fe71e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1562945f89eec0851fc1c3b79177b015

SHA1
ba313844b012b5683eb2cb0ca28acbbcaa8c82f3

SHA256
433ed42baeb5f12b5623a2ee0ce801c13a45b1f237f960ac62f77e6d46c004db

SHA512
2b44a7b15fe764c403102667cb6105493d8ef81966de1fad4dc71e442c5722415eda758e7074e7a99643da3845eebba8954715d873ef5fe789de1b37b1bf8e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b113c9e8c0bd468026470dd9ba770bcb

SHA1
37befa6ec55349ca40a8088658ead332f6b9089f

SHA256
ba28392eafe1ed146bfbe22946ec5a397aacc4fc9a4d68cb87a737276be43e04

SHA512
6a9d8e7716b5efb08456160bd45d18ebba634c0023a3402a4b3f3a087c5cb1f3cbbbd301ae9ffa2a7b5ace59ec2c5665a1fb4196b980cb9fe5810b726a923f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b51f52c2ab27d70ed3602ece7caeae9

SHA1
e5935bcbe1fc4b6de987efb77ba9afc450ff7750

SHA256
daeac7aa6296c6e823ade8aeedfa3638df54ef54974fbb3f7a0e28a2c55e1450

SHA512
15ace0d7fb690db8d7e751c91d245bfe6855cecad54e688d95752577ce517e78b167660a818bad92a07651b6841c66a827958a0c632d83eca6008aac7bef8759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b239e9842f84108593656115d07ee5a

SHA1
0e8d7a76e9a73ea86d9fdb5a51ce40778e387358

SHA256
78d039f609a90656c530b6fbba0571384b9587ea3b293ce0d7eb25050da0bc18

SHA512
069e18e8fe2fedb0ca58dccd222d15cf41f8a47fbe1840f2b71bb803f4cae0d04805426ec70f007870a2e1a9581b87f46a8fe1515ffef5c61405dae6564244d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69f0b0d3513096b7f5d50291e1634cde

SHA1
a3ee4701d5a1c11bf987e94384fafe3a079e5ef2

SHA256
2aa9a03264d5009b872d20ad7083cfdcc4bfe9b51b02014f5a2733b7f8be9516

SHA512
694be1fd225f39bd41e8e02c3898ac526ade0f21085fdd8f220e6894d5a1bcc5d1b423f3d5a02bc2a0963ff49233a009bd4d06f8ae1f5b30408252c626f400b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\920ea9aa-cbf3-47e6-85ce-6e14c6c5bd7a\index-dir\the-real-index

Filesize
48B

MD5
543cf718540acdeb83c3c3fb2f26daad

SHA1
117e7c8ac2c1ceddc19d320f6080fbc3841ebcec

SHA256
ad2fd3343f8d115e680078cf3e0f248b23ab0dbae5ae2d16cbd9695883cf8d05

SHA512
255cefeef7da113f46c1a1a4768a12895d7d79f157f8b6cc8b45cde75dfcf7ae9412f43b7fbaa0877dc431c7ed796af0147f138e3ea17157b0ead968e5486543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\920ea9aa-cbf3-47e6-85ce-6e14c6c5bd7a\index-dir\the-real-index~RFe57f443.TMP

Filesize
48B

MD5
c8dd53b0ad2b78ad25bf8edfd2f469d8

SHA1
463373e040096f8df2ff754dfcd941bdd12bd246

SHA256
9289580e933542130885ac91f2f6e04b33586de890a1bad4c50b95a9429ebf4e

SHA512
b0e3aebadd458b2175b19ca297d8b8c4532be8c0f53df26fb2460d9825b1ef94754e996e35e7574be9b997f58ed633390d27bc75a55df252a032f417ff9190c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt

Filesize
111B

MD5
2e3ef55c61956a7fe132292df60c38a8

SHA1
f776f0646cf01326a037b848e3773016434ec182

SHA256
36d5359c455fcce2a66042f35206f81d77ce15806e8d1ebfe4e963e72d538b36

SHA512
bff45bb17a94bf100406af3cae29ef260da8106bec94588f87195015a2e3890f267ff277f7978b0dcd925bc239f897bca6a42d99eacdbdad7d31760b0b8b0904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt~RFe57f482.TMP

Filesize
118B

MD5
51f3301136fc9d951834e725a6949bea

SHA1
c927ec38946901fe94b42e6aebeae90e7a8949bd

SHA256
b59f7ebe87d29e9001dc10b6e3ec5cccd1b5e91229eb08a3f8d4630ca1c2f49a

SHA512
0d00a30fbff8387190161bb35b56ff2505de5ca10a5ed3f11eed75e4da2490910576db0208bff5ae115edbd942e029c23bdf5e18b28ecb766f83bf7c155d4d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7d2b2ec6795f0291a0b1aa0ba8383cbd

SHA1
61b516a83a8b5621f9ce12d0a6a6310214d7cdae

SHA256
6fd453c74ffbc2f6935fe9dccc83563f201fbca45dfc6b75271b0f56e2bc8bc9

SHA512
01ad6038a91c5a2c05f7253387ee39585eb35bb8d027b0254fb249e34e6a52cac1dfe5db7950e6c6c94b4dfc521aef5e55c9dabccbeb84b3553ab6022904d44b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c58d511bbd58879544b047ae65597924

SHA1
053e92e59641a8ab055840e536b9f7684f842487

SHA256
31c4310119e7353a7c4943c36c39de26d74ede0da3d942a46bbc416d2c47d6a4

SHA512
3d841e72cd18dfd99d287ca80c9f7ee079bc21d539900eb6226890f72f89be34cd9d39cdbdc742919b50d8bab0ff3c30c30e3a6940ad67e832aac388e8ebaa36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
02b81d68af2b5a75f6b06aee0d0070be

SHA1
80275a3c1afd046f668c55152a2c1840e89b59f1

SHA256
c464c1c65b06b67ec31e908edf1d9b6c12832920bbf779cc0bcd2a77f84f835f

SHA512
401961327fa69ea9f71cded76ae9eaa51f5e6900c7f7d876646b16248b494ac196f980f1a54abc14542baa98c1f677fb5b666c18ebb5ba518e4e08dac8252da2

Download Submit
C:\Users\Admin\Downloads\Solara DDOS.exe

Filesize
3.1MB

MD5
c1f87241edd3d42c52f2fb2f81c386a2

SHA1
79320d8efcfc6c067f268739fd0c951eb96d30a7

SHA256
7cf88b74f18ab2909803a3f5ac5f8c8e9a020395d9a94efc7e77037dc68e9a89

SHA512
ac0a8f02db6447fb7b074d41a88fc632bbf3f97104d3b7c172007df0a88550a89dfa16b1eb817ff60a156347cd03b9d2a4942e1fede174f15102346efb7e231c

Download Submit
memory/2708-418-0x00007FFC69C43000-0x00007FFC69C45000-memory.dmp

Filesize
8KB

Download
memory/2708-455-0x00007FFC69C40000-0x00007FFC6A701000-memory.dmp

Filesize
10.8MB

Download
memory/2708-420-0x00007FFC69C40000-0x00007FFC6A701000-memory.dmp

Filesize
10.8MB

Download
memory/2708-419-0x0000000000690000-0x00000000009B4000-memory.dmp

Filesize
3.1MB

Download
memory/3640-456-0x000000001C3E0000-0x000000001C430000-memory.dmp

Filesize
320KB

Download
memory/3640-457-0x000000001C4F0000-0x000000001C5A2000-memory.dmp

Filesize
712KB

Download
memory/3640-460-0x000000001C470000-0x000000001C482000-memory.dmp

Filesize
72KB

Download
memory/3640-461-0x000000001CBF0000-0x000000001CC2C000-memory.dmp

Filesize
240KB

Download