quasar | hxxps://mega[.]nz/file/t1phDbIa#eaJSon1kSolmBkOL99Z04OFKuPzaivFGTUceArcHLWs

Analysis

max time kernel
899s
max time network
895s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-01-2025 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/t1phDbIa#eaJSon1kSolmBkOL99Z04OFKuPzaivFGTUceArcHLWs

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.56.1:4782

Mutex

4933039f-7ad7-40a8-b70d-365558f6056c

Attributes

encryption_key
EA7BEE3E368EF7D787AB8E01A4A119314D7B324C
install_name
nigga.exe
log_directory
Logs
reconnect_delay
3000
startup_key
niggas
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00280000000462b5-259.dat	family_quasar
behavioral1/memory/5916-273-0x0000000000BB0000-0x0000000000ED4000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
5916	Client-built.exe
6076	nigga.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133821115720396869"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
6016	schtasks.exe
6116	schtasks.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
5684	chrome.exe
5684	chrome.exe
5684	chrome.exe
5684	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: 33	3724	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3724	AUDIODG.EXE
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2140	SecHealthUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 3484	3928	chrome.exe	84
PID 3928 wrote to memory of 3484	3928	chrome.exe	84
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 116	3928	chrome.exe	85
PID 3928 wrote to memory of 2380	3928	chrome.exe	86
PID 3928 wrote to memory of 2380	3928	chrome.exe	86
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87
PID 3928 wrote to memory of 3176	3928	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/t1phDbIa#eaJSon1kSolmBkOL99Z04OFKuPzaivFGTUceArcHLWs
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe4549cc40,0x7ffe4549cc4c,0x7ffe4549cc58
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1548 /prefetch:3
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4796,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3860,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5512,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5548,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5572,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5560,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5676,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5700,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5792,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6364,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5652,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5828,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=500 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5352,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4968
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  PID:5916
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "niggas" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\nigga.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:6016
- - C:\Users\Admin\AppData\Roaming\SubDir\nigga.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\nigga.exe"
    3⤵
    - Executes dropped EXE
    PID:6076
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "niggas" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\nigga.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4856,i,739207406123206483,15052488445740031789,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5684

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1844

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x458 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3724

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:5292

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:5376

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:5532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\37eb8971-df5b-4b24-b9fe-2dcb1c8cb29c.tmp

Filesize
9KB

MD5
48a5b59df8ca3d25db4b8054af46d698

SHA1
5aa3903a06468af04bc31871083182491c9eff52

SHA256
e5e8e644b5e3e01e36d787da2e21457394f3b0be0a512482a7ce60e3c25458f0

SHA512
73c31b323a7ee09a680d4a9aadd2fc2465ef5040327327856619f6da23a1765bd44988089f8942c0d37216dd384002653f36d896423e1c9b10fd67b12da24f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
70624bc937ca2db910767e0c6c472c16

SHA1
aac155df108db2b7d6553cc980c6d979a606d118

SHA256
8dd0b172e6a3b89b17ae464e901cbb94f390265cb6d9ba258e7d2dc200462a0d

SHA512
8d7a1f94ab54a92b7b9940e75a1a765e452fc53deb89714af009fe0a6af8dbadb13903feec9b36492a1df23abed27024fb8b84df32566a0d55ae82f60e4f0bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a8e91bb6066116c4c4537924648a641b

SHA1
1a0cfb40d884f2271e97ce3568646fa615188c17

SHA256
df598ee9ab52d927e7fbad5e718f0988fc7856deca30748d078d4253337c6b6c

SHA512
c9db3d854d80180e1b3fd164c34016afad8d86e79b486159238dd39ba63295307aaa716648e783383d4839f66a9565c8dbe572389725fe4d967a87714d4434ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8b5f5c86a955fff67a42330d27775456

SHA1
0ccf1c039e7b902aca5dfd7293682c04a99334b2

SHA256
6245e22de9b5a627fadc9aef57105b0c778f7ea9fda136594fb8df59d8a3794c

SHA512
04c978b5f275e3275bdd0daf57578a37609fddbff5b1959d6526d5ef4fd7d881b0638249dcf1c6384f4f9c6fd38e7fdc96858fe415f4029ad13f44d5766daa06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a73626e1c3c601e6c0a5b2d89da2d423

SHA1
6a6ded7edd11d3ad726069b544ad74d6312c4c5e

SHA256
d8b6b7e89f269005eae31456c8e074c3aff17dc2d0363db0f7ce281abc100e94

SHA512
d76bc227304f8c5ae85bb7b59ffd5dac98546efdf2db852755d865f8fe7dece5358a18ef7beecab2bdfda91eb64a24078a58944af2fa4277624fc51e0fa1c7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cfb2dc82947ee59522b6d8d3e81a1368

SHA1
632be54cf79b2b5add31e818d29ff90aaab37cd3

SHA256
a02585eae561d73703835de6c78458f5b7be03071971667a40b03530e1b0f9a4

SHA512
3c375890bf7a13c822b2b22b8cb57684b596b3a7695b2d66c9c9aafa0ddd9097ba11da2073f43a7ec803d56a990ebca9be15271f78c33da15900efd796b3cf43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
d56e35ac004a555ef33a68277de538fe

SHA1
9ca956cda1e1213608a7003363e03a907d6c81b4

SHA256
f16203878f0cacf45039f77119fd108ef5360e39a4ade2427ab7578d998b58c5

SHA512
0acaff517a83da333d66d5c9acf4cf6a32ceddb5b52d0946ff15ed251648680997ff86144f0d2a20dbe45fe5679b7963ec45b3517bd6b2f76e795d15edd09617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
a85010de23aadade3df1a0254ce7e0f8

SHA1
0e9d49411d281dc453b2a5069b8fffbbfefa8c34

SHA256
866452e91a0eb73c2cdbc5de59f2c4069372fb6c083cdd87ca8261cbc1c0d07d

SHA512
d8f7781b372daacbe541f46d4c95cc4d8273daaaf954c63660d3711dd82af590715903cccd8c8ab04f87e91463c8e8268e11fe57eb689cc2c7a478982cabf914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
109c45d9c8ed1aa2244df3589f52d502

SHA1
59f3a766df31284bc1220a87f1b7e9f9a2a22182

SHA256
857920d59a51a360192e1f4f312e97688bdf24c8db75e2408e16703e495c08dc

SHA512
fdc27a720ad7107ded3d7e191eb739a4ab1e7a7baecaa35bc9cc26f4c48fe34cd98bbda31f0d308c8e9c7baedc52da548fe800dde554973e45951b206b4a98c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db0b25d036887c5dec2c88d3278ccf0c

SHA1
0f958f48ce20f6287168b842c79a69b40ed9e1bb

SHA256
862dc455dba661ec13bf394b8f7dd1a3d7c4fbe4fdbd0898e70a447b6876f1ff

SHA512
e43d0f702c05822a7f6801c1479427e0d12fb721fc57981e3e78a6da7d0161e67bf1f8a405769b7c6d31b664e5f4b8aaee6ab32bef7a5c4be8219371aa2d9f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fdb928f8f52fadf2455b78325b7e962

SHA1
3963ac4a0dd05aafb8869f1ff335663c882bde4a

SHA256
bb56a68db8b40ea25cd348df8dc3190141dc3d7aad11ca1f23c8711764e6c240

SHA512
53bd403fa4e04c9e5e300cc338ff9bb2b499e39a6db0a4bc19e1f8de3ee3fad6d7c5c5aed044f999dd9d1476ed097299a1c8784a536511c7243a3c19f6aa7575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ba7b55802245498b1a49ec6402b1c8b

SHA1
5af43662759b87294f5cf84da2b981f7ef992ec9

SHA256
7c52af9a1214a86ca4bb345e1eb6a7b405325db6ac75c3af9d770dc7db3ee3f9

SHA512
c40c589dd28c9f945a91ea4492f1bc4f72d9c1c59c32c882a5350ce31b6800b252bce6bf0c34dfec4209b6d80c0acac9a628aa1eaa69125744d3447b3ff3a405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b13e188eb489aa39c3aa500ace30d27f

SHA1
f21fa2f8ffecef9253f6e0f528298d6972e80571

SHA256
34e230189be4301b3bfa3f6e7a352ae6a265be4679a7c205fcd69f45a8c442e3

SHA512
d3bfc98409ab002da40c2bc8c8634749a60bd94c3ca9b67a6877a3bbe3f86098988f3028d1c9d69b90e78e3beefdb574b791647a1c748146a60dc4bec5f9b7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6852ae446dedef6275322ddfcc01ef7f

SHA1
834287c80803fb4eb32dc9307a10d19b2842793c

SHA256
570c0dde313995f6e9a60f1e2b8f691f3302796f0279c1f138f6becedc6dca60

SHA512
44c5a1dd8a333fd365a76857ba46dcd379edfc9409da74b03b2e54e81ba981debd69f3a5904eb1b08d996bbe7e50f0c7a667ca5c4cdc0f866926b2ce9b67874d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be9240d93b29e54ea3490b3a70746e89

SHA1
0d03f2e9beaa1f16130d39c55d18cfe43fad04dd

SHA256
b85bc3651436db45eadb99c3a7949dd3d41ea8e6a3e9352e66213a2e0464b810

SHA512
6ed8dea94940b9497d60fed5af9454f8a1bccf6522e4569c4551e807dda700248611bedb986de104c3a8dd0a326d337981b8dc8cb49acbfac80a88f22c638cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c46bfcf9aeb328fddf52dcc93a607f46

SHA1
9b8bd9d8dd508c74376c86d305a67916b534c925

SHA256
f21b99fe687c0c9463a279a1b288e17303a01d990052d822a072ecb36c28ecd4

SHA512
f9f420a721cf1aa312ca8591de77f702f65746bcf75bfc4eea8dd63eb6ace56dbd7039df9fcdc0254d89300e79d3123b4444c36df6204b7af37f210607f67eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f79ee40cfbe9c21196c4c5ddaa2b770

SHA1
ca1097663c39e4cf9ac957c37aec30e3fabff74d

SHA256
07d6a3fdd42b816087bfa69328a31fbf70f85b7442b1ba2c9d22feb2061377cc

SHA512
607990da78eb022a7741916eb335f7bd5bddb3b15633fcee40c61b42de956866e638edf19bafa35d5297460af507c79cda3e9d6fea137695aa863e0a702a1ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55eaf4c60c19577fb55898c76192bc2d

SHA1
0957637d06c1a8b44b3a288c9a835bdc3aede93c

SHA256
efb206ce0305d8da18aed2e1b1eef30b2c0c037e460e23193c76c4c9a7829f8c

SHA512
af72abd395d1fdcf43ff233e339aed0c597e15dfea2133054604194204d5de7a2a1df7da01aa44aa21e92a7cd521235cf9409383ce5b2ecc7f2793453ddbd4c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba5fd48ef68bf1586630f87402dbd4dc

SHA1
0f4a5f0a39f6672a5908dc7e2232c4ef7e0d7f9a

SHA256
b2b5566bdacf05a07a7bd38eff91490f83b4ccfb0f30c4e0cb2aead186f1b7d2

SHA512
a6af7847e290c540adba445c9181bfbdede97363096a53ee638e78d95736021c1d71e2c028d2dc4731bf9f6e499b1cfbe691d1807d05922983d996abeace065d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c89c0a7d5056c43a2e817e363349c1a

SHA1
dcf14d3769d88f60238aadaa9ace3acd648842a4

SHA256
7123e420692c8f525ba4dcf6436649cfb090b2ad5e5580a6154f0a744d1e53aa

SHA512
9a087fc92fc953158f489af372a3f24f4ac679a95a7af56f8c95fc717af3d660c794591eb30e3e69780546b7f1660f966666cd67ad273650425b2b1da4dcb850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9be71f646400b5abd4eddf1a20458968

SHA1
2fc30f1958a2584be99a637ac2c27a5064129caf

SHA256
cd8a9af902519ea91710344bd9e63d672f64c8c6cfa7a0c79dd1e19ab455d4d3

SHA512
6a173c0ae4ee58213ab209b69541c805302e4b1d8801bccad538aa0fac09e9aa3931287fc3c1b564873ce65cfc65678cf3a4c272742ca62e7e8c96bde70b1ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7a0c82e14281817b6ae74c8b253619a

SHA1
61cab2f821765bc9ba5f59d7a81f339b52bb9fcb

SHA256
8ce180499845330c5dcfe2e019db1416efc68b41bb5b6aa84bf0abf13121ecff

SHA512
b6d27102fbcffd11dca550592b67bf66de0b94dfb58e2e7c75e70e42fed95ae80bd6149a4dc8884016f39b8339f48905bc6fb4cd9360edf31996f910eb822ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
859f8b2f964bbe1293f2b03b7e57ab47

SHA1
2ee5de946f35f470bdb519e002d54c8fee35d7cb

SHA256
45f4eb709d7ac5d66426b7431ba98dfa462d367fa036ad10e9159754e40a36c1

SHA512
6a314c373c6cecc746636d33653c5e0fcb3b03cc40f341adc11505c87c9d924a7688a9f26905b8bcc33ca26f3bf0d47298052946c509b85e5a13052e4ed58920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4035f554bbeeb3b87fc2cc01c49971ef

SHA1
1700cd13551d5c25560fc17f728931a8bdd01dad

SHA256
f3a5a9ec7eebfa2b3e90ca8f3e9d55bab8c6ef116edd792742e5524fe32473ed

SHA512
f7670156e8a9ffc9f0a0a9172b3d1c707b974f9c900e51669d1d5303b8e132716ccea3ffc522c0f64d759fe093537f84b4323f334754eebebdda47d0599068ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb8cd3aaf3d5993c67038cd9809639b9

SHA1
4535077cc6ff9da44501c228169512c71c11884c

SHA256
d799b2ccf1ec7c667d54ba1cac9bd0cda01694bf8ff7e20937b58157fead7d27

SHA512
2045fa2fffd72d17d03dbc4b670fa4eb56aa55d8e0821f1a523795d2ef53bf7cf41f2b5c0943a1062fb9b25e18f42a9897c045c6256e7ef654ca8b690b18bd79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52d44e4841d88807db8a5fb14ce235d9

SHA1
60e284731dfe557ee4ae116c59675377c6f13ae3

SHA256
17e461595b9593ba99b9af9baac0515357aa909840007de7c5a8904eae4ffeea

SHA512
277eb826caec4849a77671a14ecd053159b151dc7c343ea3d706f959599c2807d845f4dfa377fada4f339e004be5f2d1089751f82575f60f6ce42d53f701eb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7263885f99ee0a95b6dad00d0aad9960

SHA1
9668326e2c7b13ec1953eeee1e41961af8c1b74c

SHA256
4a0679a9e5441aec6291b2168e734fc86e9c38d459ec27e676102858250fa05e

SHA512
648b7d1ad2d6615f9a387d13416b40e51707b0f6e6ecbf25ba8283dd4f1f049d79003637f538fdf3f295901d5f0f1423a10211e7f84ef7c102908c3abc87517b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8089b75ac838a07b90bdf54107de24e6

SHA1
8d4c8e8c0acea544de5575391014481a5d313aa1

SHA256
b24c172109a871d011b9fe07f922959703cc6f3f74ce6f280d8fb4978b7f0992

SHA512
2ae8c749bc32f40f2b9c6813b2985487406dd710ee0ba25c18f6aabf5c188233395cb940d1bed338ad4ced4ffd9b4978d4ac73ea71db7e442625b8c8772e0974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41a94d0f24e7dfb8a09ce6fc724d6439

SHA1
2696c9ff8919dbd3584f8e4be5a38e0f12b1299a

SHA256
d9756f7e2b8b0b25c7f2123edbbd94fdacdf5d4d3b88765951eb273a43bcfde7

SHA512
d9820b5fb3afe5b09c3190ee1446ff510d9bd88cb47194b05d457be63ccd72cf4fcca2313c35186ebd55031c6d244cd807e4b3db227e86913075d6f8f9426d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85e83ce19eb991220c9c089313dc2993

SHA1
194be2cbd41bffd18adca979f5fa5dca2148e3b5

SHA256
4199c600952b3da74e8e97d28631c4b2719301d1169f5f2463aabf6965dcb136

SHA512
956ede2a93dac9e58bf46edb8701e2c4d483814dce073675dd72eb8877b2838d192d8f80389a7c8f010da21a511de62151f96cf877ed1c9b3396cd0d23903ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
039eaa3451573d41482c4cf24c75c07b

SHA1
28e5faa16a3359aac601f659074bb0851363dcbd

SHA256
b8b262466a4092a951de06656f0f8856aa2f737caec90fe12ed45b8f72607c79

SHA512
eb2cf60148a9fa4bd1c7e558102f04fc9bc1afdccec4899af9dcb3d2a129a72b64806aa600e5fb632b73402ce5b4a763d586ba16207b276f4dc239af87af5527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab49d93ac65ec488bdb59eb34a560538

SHA1
297ae73a9f0b774d452adeb7a06259eb9b630d10

SHA256
cd4f6f389ad29d6dc978ec6f2b05bb0cf1939a7d648e22a29a7868ab397f6e45

SHA512
be8f4e9228179107584418c4f310a6b138d71043c3376fb47a86609e6d88a47cdccc46daa684530c30ad41c4201d7a039e79939888ea740f2d295808d9a12da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bc1a86fb861135b9af26ce941015e91

SHA1
dc27f45ca693c67da3e8fe520d33750bb0a75de1

SHA256
8a12252cccc8af592ec2bcafef93ad8dfe6eebcee9a73d7d52cf336c8ca136d7

SHA512
48f5e96b747f9ed8751adaaebef3b1c17a014fb0d73895b9e20ef2dc087a131f64b4f70acf01540a284e694c8e2e9c69d5cde04a40a7279b787ec79a926d6968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18e9b4e2b35be541b889ed517f462e52

SHA1
bf09cbcfed8540b0178f06ad240ca1cf76b4e68d

SHA256
b7e9adbf60d2d9ef79f7d1b28969ae43db0e23c3f211cf3e467468ea833eec78

SHA512
9eb9a1a9f8e3c4b60693e39e57e19200adf9a62744fb970da4bc3c32b779b87434908260fdc07ccdff59fa43e1abce0e58184ec89514514e6e8286f3b8dffc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f11dab4a9830282cd87287633209ec9

SHA1
b7a7be99b3bacd4e37391cc3682c881a74c5a98b

SHA256
8f21a4e54e8a12b59530bef0e7fd7d7d1f65de46a543602e67dc979da2c17897

SHA512
9d2c20078388be163796887bb80cdc99d68564b2413f222b98e2bac2cfe661e8e81430d4a190784abcb959197b79e2bd67b9a42b75227ea8f9425c82add768ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0982806848e240140a8fe2a9dc629f6e

SHA1
42fa959e529d350db80deace1c23c1bc95ec05e2

SHA256
85fda27259fe38f73a7d5b3b9a4b6164aa4e0b00c8d427c2f15ee07bab5e7400

SHA512
51562db297446f96db8d05cb85c8ae0523e35c9356f8cd844b4b9d338fdffb1d596455d065f777e3402edb298ef8bb70ddd0d46eabc0f75dd578111795e4789e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df4731f6353ff426dd04117cb96c926b

SHA1
34ef2c725278b4164df48b0298fb00b097a5f6ec

SHA256
a06428b1ed883a4be628e2e2d9540a2cf5bdd46fdefa8d00a43136012266d1e5

SHA512
d4de72be43b24fbc8f57af6158319459886acdd8b2436a0a082f3ee92f46e12c79684c77e9f1a03db3ff5e85228bdddd2412cf579732b78582d39b06bb226c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5936a14aab82994a717d809babf179bf

SHA1
43486e05399ece865961aea0a48fc449b4def1db

SHA256
56f43bac707b01729997cb24176dab7314fda5ca273bca84247a6c772dd4bc3a

SHA512
b35647e522d515bbcccb6500cb767be54fad09a2db5289027ac3eaaff60e796ea2747767a832d63f7914005e5ff9fa96f13bcaed615e7fdd4cf3b63f873c4b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ecd05c3ee8db34e717dad82db6389bae

SHA1
55eea649ebed12c8571e1237501664bfcc07b7d3

SHA256
6ac94494543b5b31da7a8e0e9fccd34f0f9706cba007aaf0bfb8ab5c9ca6062c

SHA512
2c2c91d7d4905024d970bcbae1fc55773fd93bf09becb7cb210819731b0bbd4cde976b0c1b6a9e7918aec5d97524a79aedc2b721264256770c89556059f751e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f27ff72e71be9f748ef11173e4ad7fb5

SHA1
850747da5051ded363881859ae2486513bc7ce48

SHA256
66975a05b0ddcedcff72aaf77c7f44ff3079b27ebac7b7b543782f85ff0e0ef6

SHA512
0d744c30cbc8db51455622468e699385b55655a4b5f20a2b9263722ba362c408be76591330136a387bf99baec06d6e0efac513cb60c8de578768450982c5f474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd832e003b09033a53e8bc833cc18cae

SHA1
5c91c1606f049d741a38fb32ec078bd11464f21c

SHA256
f958edf0d167fc25a946881c84d50be07d62988c800be41596ac73e7bfbc7704

SHA512
3242febffefd897867d2f9711c8adad182387ccacfc7bc8c0f99c4a44f959499b6d70d847f670f8dc427715b57d38a1f9fd86545b4d117ec813ca6e9e5c807fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d38dd4fb78633bd223280ce804a779b6

SHA1
cc343c58f103fdb680eef3b319ab6ce7fcde9cd8

SHA256
ee0ef92dc5420c2fac2251cea30e7baa4138b0a64f72ca133f74c9ac0e506d0b

SHA512
873892ebfc7c1ba0775bea5641ef984ab40c5f4cd9b6808882e19ad20c7b6a939a7f07abaff485d0f4439b5f8a6153829593f83bfdf3ddffdd46b24ef39c4b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9dff2768bce518a5753a6f02510effa

SHA1
b3d0f076a7b87ed2b82501048e79b37a83c42dfa

SHA256
4723280182ca84076827a1a45d3b518f81da8a1c5fe22ce6003d597146adcb2e

SHA512
7f81315d636da877eff28034d91f87149a6b911797fa937ad9024cd8dbbad9948d887dc4a9130860459d5ad948189b0b3275d593bfe544c8ddb4d90c45ebf16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33c9844747c9f7e0ed0a165562512208

SHA1
0e4dda9e0db5a734581df6da45e141dd7acddb9d

SHA256
ffa42afc83df33539a9431dd0e37a359e63e81d7b34a6e94bfd03e9970d8f132

SHA512
50b14f205844f7c8ce7aad55b73edbe38a3ce8cf3066168034e591fc5c8079cb0a6c2210d98b8f7784afeeab8ae38f78bc6facd37a50cde2533b8c97027664d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c02c36cd47d0be79312c0ca5e8ae6a1

SHA1
fff2fce8d89f50d3f6b4962ff91b9134f5056000

SHA256
7aaf6e72cb66a96d05dd470e5804b6518d3ca72582aa9332936d1ef50c623292

SHA512
1bbb451354de869a275a0a8bca695ee23e2dea0103888249a5c52004a2154c12f2db9a0a435a2ebd7a0f6029a035cf8edea2541ec8dd6a84fd1191dd794a3ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b95e7b48e1cd6807adef8f75d7f8ba9

SHA1
90d1c90c24a9740d42f8921bc3fd419d2904d177

SHA256
ea4cd44cc85a95b87283a7d858bd85d692ff6a2a72daa558899f2bc3f627f26c

SHA512
8ac67c3d6b0aea2b4fe1a68db709d5021c094569f6793aa1bc5dafd767e557cf1ac50d115dc440837196cfd97cd63a286199886d3f317a3ad6d3af6a35443025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd0b5fd5e9cd72ce068b8a29504f5efc

SHA1
8148af3e9e228c2fa2bf9d825266e59ff124a534

SHA256
7cadfafbb7a777416665bac7af3c82d0b6e750048a4b032645dbf70e3852d752

SHA512
6de98e7d9aefc5b18f06d0ee9ef4c6b86b90deb3cb04accbd0df16d0285bc3628636415dddeb92642c906b79fd70ec6e66a45080b4b5777651716ba87dcabc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
579b693fa6c6e710e3e3c754ef19e315

SHA1
b33babd23d534a4b4b6b2d3b96b582e0bb8997c0

SHA256
25bdbca6c5ccaf755afcd362b7c943c28aabe6be3138a85e3f7bb4a4d047cb31

SHA512
9130b3fab1e393798286ea6f80f7f20a0c3870daa95e1cef983b1709f2f6d85d913de975951d603ef057ba5a3c0ddb726a311450efb4f8d8a70f0e04dfd0a58e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2de381b551380dd57acfbbe04de0053

SHA1
3d8353fe7c63651e53ef310dbfeb47abe9127688

SHA256
4950d95753020e8ca4f228a870092ed2cf74ae25947f4a57b57c3fe1049514be

SHA512
69c16eab1bb9db6021d4311fb53e2d7e1bb09452edd8f6895cd312a6a95ace4e9054ffade1634659db32f534da7a89677d1a453080b01f745c8aa36e80bdcbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d09abae5aa2a3b30cf5fd6055c94bc22

SHA1
743ffbda34d170e7120e82457806bf9d5d8f1620

SHA256
eced7c28905d33952c1f7250dc0c4192d9d1a33f0c837eaf1bd5c4dad6386168

SHA512
09f8ab649a4f3e2db82b7d20b6e23912025c7469d7e5ab7ec04ee1c40c667e2f9d62930472e65eb336f9b49a276f36cd8f02881a5eb1c9fdc277f201a8a51507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7b0983de999085a8993adb71f03c839

SHA1
952b03bc32a356ad479b8ece5b51c511f906f539

SHA256
a13d79568520f14206f657ca178f1cb5011b4099b8738a36c6c229a3c72aa3d4

SHA512
5f589d3febbcecd76eafaacd239ae01392c8608bea523bf0102cffd6af719f7910a77fa673d6addcbe308dc448a3c9c73d72aaaa645f605aee1a7cf039b90ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dd41ff3444eb3a91dffef7cd66b9e9d

SHA1
f5c84c4d3a354af712f5e2c5474d505ed8ec211a

SHA256
087e1202733808baaff8622db36f216b4543be9cdbb50556394c51611c37cdb5

SHA512
6c891c4485d310e9564e5184f1e5fb0a171870c7ea6378eb12d8979604aaf8537503cfc9d28efbf39ac7fab05e3cd6152f152a8e31b799077c367860aa3d012a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b31d0d3a6278c0acfbe67b16fc59da4

SHA1
4df613eb9408b17c4bc2fe167210192912a93bed

SHA256
ee17782bf549d771a80b06dad81ede477b01bedfb1af35e462f6fb9e4c5d93fd

SHA512
777ac1e98638093832aa75d8adba2e66a9b152e15aa93c58e0f59928a34c659e51160ca0ab29948d49b0544742b7a2d2d8fe75028fa11f5f18248ac7c2e7f668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9505f40a09c65a29d297440bd36de7b

SHA1
9a5c50f7bb20c4cb43db8ff72b4e01966df57326

SHA256
0f96119a2d99294a0da21f0d3a64e28422b6b6c6bc2d383d759f7c6b14e7e0d3

SHA512
7e398b46968709c1452b328698071af9b0ec8156dfca5865438b47fe5bb6fc120a231269d1ba4ed4be9445d5c4502265ca9752197eb5ca28dbbb5985443e447c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
509c3f7942f979061f59830ddd9f8cf1

SHA1
7c31af7fde6b8f9d675477684ab19d63a1f2d1b3

SHA256
987d9caecc17b1454247d1db259e5476d06de22098b86a3b03386793e30daf38

SHA512
525aec3d32af277c865d38985b3b3217e9dd08daf6dfe174eb102d22fd439510d9e3b7a90a91be9bbb3ad464096d4db553aae0081d7177c959cdc29ae70e7621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f925d8d2ff6b6a56df065711286e0f4

SHA1
396aa30f4a8fc8910cc44475995d92117b6b8eda

SHA256
f31f958fae44abb9b0cd0b2657d89a265d330f66a95d28204d16945ccccb9d26

SHA512
3ad9602bc3c16fdf70d23a25101cbc3368d2cf514ac37e332264c38ddc1b53d01e98f82d6d53ec9334588ec7cd48c6e06108c7e09152378f7db3cdd53bb30cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9213c16e0c95da811116acd1685ec786

SHA1
e87155ae5d846ec2d7596ed30d734c39c0cea731

SHA256
2e78bc58fa805cc76b1452e7e56c10a752dd9b711d196eac7ca262653bc76a45

SHA512
493999c2b4797d134a96965fe25ac45bdcaaef502e018308d6a800ff2fb5817c1825f0be89f4d8fe67c8435485cd24c7811681fc73b4528a4056c316f27c36ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5349f238765681573bd383f2f25af15

SHA1
3c523dfcde03db60025a28e8312a1dbc131080e6

SHA256
976d178fbab8bafc3c755d4d109c1dd0f2bf368725cfb766e5f0d55162a78076

SHA512
083ba4a8eb54d091a4db0cb8879814eef87c75f91f34598f551c1703dbdad91a799577900155889bc8fd53876842c2bc70be90ecfc6f57b192e4e0d1165cfc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
459095cc0e17c6ad7d9ec9160a2079b7

SHA1
50f8fa5e513811cb4edeaa2cb14c33903ceb1f9c

SHA256
1ff490b80b9c1639fe67841291a1775a5d7ec960976d02489e1cd7a835cbaded

SHA512
be713dd4d66565aa1471acf3f1529bd3765c04cf73b060eefadc4b6601a35fee664484eb064b4d10268f84631a7c91cb582702d846e14170aa8f65d2f5f82a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d27ac43574071a0f1f47c8f75e24cc4

SHA1
1e1c338e43c88b9a8827de007c3fa55512c8ef4b

SHA256
27142813e66570bf72a3d4e03d5c2e3376ab2baf3390c8d5d0384a1b29a8ff6c

SHA512
5acb52ff2681e4d6769cd4a7bc1a35acef037cd52a59b8bee4396d3754212a7502ec904a44fe14405c811d6d4aa1d3d1667c8e9260184733ae633b57d717c79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c1389d466e02bd15c4dbbe9031c8f2d3

SHA1
d13d4589e0d62e16b9f9171dd6d42bad7588b459

SHA256
65cf1978b7f9b085769fefae381c0f16cf235fbe1908201e020fe266d5b3f830

SHA512
d4044144f9b754977c71a48786c0e701c370a5859fa1816dbe7819d97f1ff07f070f042d0ba42330743d362d145df4072b6ee585be8f0b37478d28ba5db1df8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a9df21d7-b3ac-40a3-950f-eee8f090401e.tmp

Filesize
9KB

MD5
342cae18a5428b48ea77d9ed104d68cd

SHA1
5a1a47de21a93b1ebe1cf76dafbb13edb4d69af4

SHA256
99b198fe0045716beb394c24ba4fda2497f74e89fede7dec7fe41bc85400f8fd

SHA512
9e2371280a56225e312c992e45cda6221fda732095c80b6680e03e5dfde33de248e142279f6e232ee5f90ae42d4b673498e05dab41a4abe6623a4e173c8bfc78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
3335a8a8813455d87cd87148001a5f7b

SHA1
91db3ac3dad40cdd5ac99753685c4d091c1003ee

SHA256
714af5cfcaedff19007427d7620299449c9fb32d3ef1fb9c0a4afb346410bc04

SHA512
c91335b6f815e9bb08cd79078b29b1a5410f7adbf571b2b7c5c65dd6c69e10d44fdcd62083842d5f429532b4779ee246ba79d07a8707600c93fea86e7edafcba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
fcdb419abc3001d926b68ee80ecd09a3

SHA1
3e4fcacc912f016f11d609956155d71bcbca3cdb

SHA256
6a93e03a02ed9b424a52c2048024064bda19e3a7ab7e94ec9449c2944627508b

SHA512
b0e9962a359925e8a4a6a72c11f08310f838fdec881b6d7c2f83ee60995c6f30f3ddad4e585517a7eba15b00e0f2667d044a6d9bd6dd9374d6e04367c5b96d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
3d3a2ebd852e1d75d648d59a6fa95a9c

SHA1
d333cb62d25cc57128c2c0854ad473ffdbeafc97

SHA256
b1d41bfc2586bf743df76b4a499b634e4d9433c03ea8f00fd1a30200508ff7da

SHA512
3e1018707bedc2008aaa4655102e3c206d59e0ee4e671d0aaa3d090614e572d264a7613536e873c2110a62203fcd8fac41f1a55c63ca190119155b47e524b710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
5dbe466059d105bf51280eb1d7749dbf

SHA1
0977676d8f9f689137d8ca62e48e0039687ab9c0

SHA256
e60151ac28b6eb80701ec36aba62af6d42de9ee3935498571cd38931ea13d1c3

SHA512
6fb25bbd278768bfb237d5c4c9f14df866ec30286a7e737a3725281d9f62d3c6fdf7892a533ef567e0cd3649fadfddb0ad70f1a1c1ffd3b9180e7fc24c10f6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
1c05b874fe563bac0f49fbc06a51606b

SHA1
513163c871d220743eb80e9a55d63325d8ae9463

SHA256
351358dfb41be7c4ac75d7378aecd42b42a6797535a25f67ea4bb9b6da1d3862

SHA512
b8176043242efce5d57391ecd821c032c9313d9021c2c714445bf1aa9cdda703e9446b2130f8c1973a03f573baf13247a2e40b7c00653db0f054e773a03a82cc

Download Submit
C:\Users\Admin\Downloads\Client-built.exe

Filesize
3.1MB

MD5
5ff1c7a31e2aeb8f5e998884bd5bcdd3

SHA1
f02a220ced830d2ac29d42a3cc4c72a68b9f4068

SHA256
45a7baa72cc53ffec5c9c7c8f4bef8ca6323f24a43c6f0baec29c70f3bbfce35

SHA512
47ab416e032b917745acb7720411280803676ba63ef195a58786b3a0cba4803d88816e8ae740181e0af8ee1e7bd9dfe3aecfc26a806d19a6efc5e2c1ed4a38d2

Download Submit
memory/5916-273-0x0000000000BB0000-0x0000000000ED4000-memory.dmp

Filesize
3.1MB

Download
memory/6076-277-0x000000001CDA0000-0x000000001CE52000-memory.dmp

Filesize
712KB

Download
memory/6076-276-0x0000000003230000-0x0000000003280000-memory.dmp

Filesize
320KB

Download