quasar | 7ef4d0236c81894178a6cfc6c27920217bea42a3602ad7a6002834718ba7b93c

Analysis

max time kernel
160s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2025, 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSPLOIT.V2.exe
Size

3.1MB
MD5

d4a776ea55e24d3124a6e0759fb0ac44
SHA1

f5932d234baccc992ca910ff12044e8965229852
SHA256

7ef4d0236c81894178a6cfc6c27920217bea42a3602ad7a6002834718ba7b93c
SHA512

ba9127f7f84e55a37e4eb1dc1a50d10ef044f0b24a23d451187c8d1dedec26d3a37cf78e8763b351ef1e492e26b1ef9b28fc2331591ce1b53c3d76369d100f4b
SSDEEP

49152:gvvL82kyaNnwxPlllSWxc9LpQXmrRJ6cbR3LoGdJTHHB72eh2NT:gvD82kyaNnwxPlllSWa9LpQXmrRJ6m

Score

10^/10

quasar roblox executor discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ROBLOX EXECUTOR

192.168.50.1:4782

10.0.0.113:4782

LETSQOOO-62766.portmap.host:62766

89.10.178.51:4782

Mutex

90faf922-159d-4166-b661-4ba16af8650e

Attributes

encryption_key
FFEE70B90F5EBED6085600C989F1D6D56E2DEC26
install_name
windows 3543.exe
log_directory
roblox executor
reconnect_delay
3000
startup_key
windows background updater
subdirectory
windows updater

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/1972-1-0x00000000006D0000-0x00000000009F4000-memory.dmp	family_quasar
behavioral1/files/0x000c000000023b63-5.dat	family_quasar

Downloads MZ/PE file 1 IoCs

flow	pid	Process
124	2664	chrome.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	windows 3543.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	windows 3543.exe

Executes dropped EXE 5 IoCs

pid	Process
3768	windows 3543.exe
384	windows 3543.exe
2368	windows 3543.exe
2232	JJSPLOIT.V2.exe
1728	JJSPLOIT.V2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4612	PING.EXE
3632	PING.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133830099535561320"	chrome.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
4612	PING.EXE
3632	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2496	schtasks.exe
1264	schtasks.exe
2844	schtasks.exe
4108	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
384	windows 3543.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1972	JJSPLOIT.V2.exe
Token: SeDebugPrivilege	3768	windows 3543.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3768	windows 3543.exe
384	windows 3543.exe
2368	windows 3543.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2496	1972	JJSPLOIT.V2.exe	86
PID 1972 wrote to memory of 2496	1972	JJSPLOIT.V2.exe	86
PID 1972 wrote to memory of 3768	1972	JJSPLOIT.V2.exe	88
PID 1972 wrote to memory of 3768	1972	JJSPLOIT.V2.exe	88
PID 3768 wrote to memory of 1264	3768	windows 3543.exe	90
PID 3768 wrote to memory of 1264	3768	windows 3543.exe	90
PID 4960 wrote to memory of 3452	4960	chrome.exe	97
PID 4960 wrote to memory of 3452	4960	chrome.exe	97
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 4516	4960	chrome.exe	98
PID 4960 wrote to memory of 2664	4960	chrome.exe	99
PID 4960 wrote to memory of 2664	4960	chrome.exe	99
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100
PID 4960 wrote to memory of 3772	4960	chrome.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\JJSPLOIT.V2.exe
"C:\Users\Admin\AppData\Local\Temp\JJSPLOIT.V2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2496
- C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe
  "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ovM91RpX3pVg.bat" "
    3⤵
    PID:4444
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:1472
  - - C:\Windows\system32\PING.EXE
      ping -n 10 localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:4612
  - - C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe
      "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:384
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2844
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ijtKlRO8bucw.bat" "
        5⤵
        
        PID:3716
      - C:\Windows\system32\chcp.com
        
        chcp 65001
        6⤵
        
        PID:3176
      - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3632
      - C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe
        
        "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffba28dcc40,0x7ffba28dcc4c,0x7ffba28dcc58
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3332,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4768,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5368,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5376,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4648,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5788,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:1020
- C:\Users\Admin\Downloads\JJSPLOIT.V2.exe
  "C:\Users\Admin\Downloads\JJSPLOIT.V2.exe"
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5356,i,15112359043938822563,13233091278052394516,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Users\Admin\Downloads\JJSPLOIT.V2.exe
  "C:\Users\Admin\Downloads\JJSPLOIT.V2.exe"
  2⤵
  - Executes dropped EXE
  PID:1728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\14aac9f7-e3de-42d8-b2d3-fd4bfca58486.tmp

Filesize
9KB

MD5
12102e504cf3ca2b3a6eec45f2d6c3d4

SHA1
f948607144c0a8ea2dd9b89d19a8e518a6e8e2d8

SHA256
d8eebab9f4f134f9679853e702f6084bb5b500a22bb68f0b26910ebbcc73d2f9

SHA512
64ed58bd99cc0279e2aaa2f5c231fdaa26d34db702f74970b24a66960fb1744aaf4f8cb021b510d14ad9eed62f6195491abdaa44e3ebee84ae98a5d3d46e11b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
608c6ff7d96eb9ae9fe09d94a5089cb3

SHA1
f9730f403202cacdd09447c6d857b0d3fd35252f

SHA256
594fb3b8a24045f73c6e4ad2f0c952e719e1e30988d21d1ee32d24a24c40c4c4

SHA512
f810610b07c5beb11602b16c7d6c22fe3affa2208f7487c104ed2f897c05a375eca4cb3c1971c18165cef541fe578ccaa968a04b13ad664abdf2eb3898740419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
44d5937c97f730662faa837283afd53c

SHA1
a43be43c9023afbc873eb930a5eb126619eda922

SHA256
6320bcd026486d6dc6b320755d33ddce19b670cb670653148c764a3d560c9c4b

SHA512
94685d8d4f842722d9eefeb5aef9f39a8f0f9972725b6bd9b4041d5920c6b815ffd53e0bb361767cdd595d79ac1ae3699b926cc403b640b4a7ab680ba7ebd58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
614dc571fb84aae7ff9d110b74f7b060

SHA1
aad4facc7c15d1447bdbf94b417204a8caa2d1e7

SHA256
7189cfb09c8bb61acd937437f63fa6b19eb11c9288ff7058c4a87f479db60bd4

SHA512
7ad61d7f391af26f53d59f00d3e61220bf25178916209fad93d268de9f704fe958d9d1b2128aa666148ddbe54085a493887bf36a5e2ebd95832a9e6c8b727ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e901f6e36300c25272795a78984cfdbe

SHA1
88eb3cbc216e05130854615a0ee5e1045e136f0b

SHA256
a0de72f9663b56d8d39c0916f8b759bcd2afe6c2b765137bd7e0d7745a22ebb4

SHA512
6c2403ecf9bac0059475c49e2648758ac043fbe4c488f50c68f45494d8d8f8033d405202424c937c6373fc5e945eda7db849118cd08409ad2b6351ea01158782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3ccdd34e8ab7e4cdf311e2d9e0b1a56f

SHA1
569e666d767202fdbf0a6e3d0b1842c542de7c6e

SHA256
d7118efd2854e160aa59f1f0fe195c9579f6ddb30e6d38c6bff847ddbeded62f

SHA512
7f54e3677de375bf6712830620e2aefeba5d42dbddf7b679c1946cd43fdf5f92ca88c4da240087f1a5476fb1ff7cdda684edd277b5e4565ef09dfb05bcb79e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
00b1c2c332c52ec5a0ba51ea3bc5ff93

SHA1
13c8fe2611e2394fbed20673cb7cb5e1fa2dfec9

SHA256
63bf585c2d53c538b083dac545c8ac78bb0e26300dfff4cac6785fcd0ef3ae03

SHA512
08368a9283103f0b2fb1ebff3cd012806348159a16abf5f5da6a49f7841f287db21bf3265f8a4daf06c1f6d6e41b8d718cb38bfc0ba549b752d973fc86570fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1020B

MD5
a9d3da36bcfd2418f25455d06cb08400

SHA1
2e575a8ddcab7b4d9de12d1f9082b89c5b8f3874

SHA256
e8d45b917615dff6182de1fc4056ff68e8a3ec02835e7983879a989329334439

SHA512
03b5303a0d4d631f6f0ae4a03192eee861bed6980c95dc149a8ba532ca6301b10343d08d2da7b793298b1436e6b2c932b3dbe048d0c84c89a57983a03e9d8207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1bb689d991542b4ab933c26ec9539684

SHA1
decd277472bf80ba12080bf32e262e8bd926922d

SHA256
ffc7a08868b89969b19e284c6d41ef450c29130c602caf6acf908e6448dcbccc

SHA512
f11a25f82464193e61f907b8aedc1076acfbe2bfb8d77b31be907a7e8250448bd1ace5545adb4a37813fafb3d30d02ecb5a776f676d4086e3babc8336b3a534b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f8a0b894d3eec7e0824741579f8b27f6

SHA1
4b71428b93e3059654812e8a4be0806a7cb4f3bc

SHA256
af1ec460e7d578504b0a9e2b796a622e9bc10d42f2130fe10b7b9ee769a041a8

SHA512
d840029dae61955462a931b2f83cf60015d16d0c7aaa3ed0e9c9982a965396f850a70be0d01883e09b68092ee289a92b7ce3c1a2c170d660c5e6a56f48476fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e83e8f5ab93ed13725cbbea5ebb5a361

SHA1
a9b45132935784cf465d707edd81f4ba08375ee9

SHA256
9e67238d14a819c2ceef7f97062e5a5d2bb3e06713048cd8b8c745b644e59b71

SHA512
33a1da1bf4514a9d18d64f42ff21b35c72d94d2fc8d9fbac1d7b92f7fd4618ffccde1dc449f13c1bdc583cb766b9f814ab0f73ee5ac38827181ca9c189bb82b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fad4109b5e753131e6028666df179446

SHA1
65748f707e34034595aa6547cb83e2625a418118

SHA256
22d80fdf89cac69d7af3e230e26c9bc5a8dee858cd1d18a96f6691f36b9d1f9a

SHA512
85cc5cf86e5d9876f413e4cc00cd8fd873b0161c9be4e5ae6de001428b5590d725cc3ee925568f0a343462469c2639b93a75b5858a2a98794466721c3e28fbdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a8c033784a61c55956e3278ca9ae6c3

SHA1
378fc2eab5e0cc6ec5e8db63e668e149fa58cdd9

SHA256
ce03c37666ae09f315d9eed41660695652bbcb374614c95c9cf65c155525c52d

SHA512
451a224aefd78ccef2afabd8c4c98b184d5fbe3b601e1abf2e7ecd885702ef42ae96b7024cf2536e99dd122514aac7b0ec11ba02beb823bf7893e6e1b575c1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8947297e503bbdd71b35efe18892dbfe

SHA1
f90e99480f8c802f2df319a1a162cc07c34b498a

SHA256
889c6bfb710a3c6626dfb80bbfe8872067d7c030816f487ef46ad6b43aabdea5

SHA512
14ac00e5aa8d3610e8402806d2c72d2a0600a35ad9e109af6c45ce3cf872ba05817e6a287314d5e222bfb4bdfef1bd880ba32075155ae5f0c64841371e89c6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1fb936cdce36357c8bf12c2b6b4eac8

SHA1
6a20137dfb6de784c05655a07c3b3e8413efa375

SHA256
c91e7bebd32b03d2817a3fe70b113d837faf7d85f25fa1e3e22f84a94e656678

SHA512
98938ba4da329f0c50062f6c25af2807ffa5a7b3b4cbe82856926d1685e0f34084aac1d980b932104d27979e82d8a2bf312c50c3609c4ad2fa6f220efd7f296e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2267adf7283574567081febd713f1478

SHA1
599cc03962a611069300cde9246c4f44e632998e

SHA256
4c7c69cd933ea0c0f78901a32cbf5df52fc6632092df23175e68733463263cef

SHA512
9b64b07008f46f2ed2e163651a26b697736adab9f62a664fae1a2defa14eafada247ad3166b33bd040fd75f826e6fbee736a9d2471254640f887548c03a34ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb550baca8ee41172c294327737ca03f

SHA1
a1704017f9332b4192eed9157d8a99ccafb42b39

SHA256
2568c5bcb4e718ad2a887c5b87852eb6db95ea235d8daa805e64a2ccc6e47c82

SHA512
737d286511a965f1483cddd11296712ea0f2c224da63984ef85ab39a9af20021cd53e4877b99bd4df7446a15ab156b47b93facfff3ea76e57fe7da4327c24db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d8367738a14d5ae0faaef502e728962

SHA1
380a5dcf2c5e2a8cd28a4dfc43135a1787522212

SHA256
21b942e8e6009a6ef9443c833ea29f273f711bb6f68c1cffedf8971066ccf3b9

SHA512
6c431cdab38e3edd5db56b3813c773cdeea5729aa4e1bb209880f270214481239bb90513d4e4e7e6923dbe2829d80b327a2efd83d559d84a2f93920c27a9d1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1febb7850f83a823caf9c6a1711b37fa

SHA1
de3012bb5afbebbe53058306f1e98dfdd707734c

SHA256
6289988639228c6beb21eb19de518c468b2e35b531ce8096c86e43072f877438

SHA512
bec3d1f4fc36cfddae32bc2ae94111cafe6cf3e44c4c709982bbc5a18d1f924b43b7b9f617ee6f10b88787d5dddb563466b3e64f36dc8b301233c37d096e6ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b706786c-7971-4fdb-b905-ddbfd2950e51.tmp

Filesize
9KB

MD5
b3d6145f576bfff0a3b95db0ea166ca5

SHA1
5beb095269dd5f5ebbd280d461b245569d3009e9

SHA256
1954f2c627d4bc215f2a224d9ef7e7df426eaa01b349de996c1201fa3be8ca76

SHA512
06a718cf32a2f02dcf0960350f2f653b8ad044f5345d2339b70220a79d6c861c646e319f5bae754dbd1b13f4ce47635393af1effeb0223811b9578e054a9c969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
92010f3d2d301ab1798e28ae66e51d27

SHA1
9ad4009f68aececedb2f746b3b4c576b1d2bf191

SHA256
cea75144d91166e4d5272da00b7e4baa2e90e94a6d1e9a7fdd5a58cc7568c997

SHA512
1d8dc5cec46922a5efc8065aab28dbe2bcfe25b2ba8e10b76a3b4554b062a47189754dec9ee71f8e6967cb990aa96e88e9f171f2ae40da2c3d9517cb78844b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
951f3ea3898aaa9d228a55b1b4c3ad6b

SHA1
149dc31ca79d9e135e33e1b6b96643cfda18ba76

SHA256
cc3df7330b28c5cab6deb70c2ff55603a95fbf2d31125b4d4f504a60f4bc6265

SHA512
14381af551abe4d6ea36b61e1153e39f75f5fffd6ec317f7307fbe2b4978782465be7efbbe6e90077b4adf32665fa356ffc902fb4bbbd3d4e0af20655ba2190e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\JJSPLOIT.V2.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\windows 3543.exe.log

Filesize
2KB

MD5
cbd62ac578f8415f956d03b5af28cb54

SHA1
7c7c99787d9ef476fc9ddeeeb936e3bb4e535315

SHA256
d8ca0e4e94df1104b245fdd678a42a057dcb3464925f52b720d1af04c23a80af

SHA512
dd57450155aa802ea942372088a34452bb6c2a51db142bccfe807857ce673ed117a54f99e855760afe210df9369296a3a77bbacfa5829cfe15742729b091311f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ijtKlRO8bucw.bat

Filesize
222B

MD5
12133b7fe7b375a4e0321cc71a0f43f9

SHA1
1c450203bbee117f847588332d707548dd69ea3e

SHA256
6af61d2a77d20fecda0d829e5943c36c2c8d53770dcdc37f5a99dd2849e05e16

SHA512
bc5f592e99ffae4a3a468a5085574ef22c8b1eaebea38218df7b7a73432e00172715bc30c118215c485c3c1391f48a5fb07f8e2f462b88dd64ca024912381a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ovM91RpX3pVg.bat

Filesize
222B

MD5
675251b439dbd3324c6735920ae98232

SHA1
9c5f9dff28b4611de9dffe4af40a8452eaf96d78

SHA256
d2af57bcad0c866c59bce791623b73fc04ffcceade0ebdcc426a00d044431eaa

SHA512
08f875c14a88c6e2c7af2e7896caeb4c5795eb8b21c9c7f39106173ef858c979fc320d04a737a722ffb2c2e55c916c37ce8f19d145db756129da5c2b673d1143

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\roblox executor\2025-02-02

Filesize
928B

MD5
54b469a98c375c6be76c5ae060ce289b

SHA1
3e0c334582fe05570c38e277056ca9a4f31122fd

SHA256
cb7d8a3022178aad599bb00aee696e5777df6dc023d4781bbd66c6fbb4b319de

SHA512
a469d59235a4731b82cc4cab88d112ea3bb17548ed5c2e3cde6a51936aba2feff4b2a2710386df789af6a4ef19f388a38591a0bce7ba56aad9a6c6e4a4bc8aba

Download Submit
C:\Users\Admin\AppData\Roaming\roblox executor\2025-02-02

Filesize
1KB

MD5
cbd8785000ef3a202471a2759e8fa30b

SHA1
5c32ffcdfd75042fd91082b49bdc055c023651f4

SHA256
10265ba75d29fb4fdef1cfc97d21236ea9d20794f57a52250de5c7261f6e147d

SHA512
f871614373311b5bc694199f350ee9db27d871d25bc7fe4f0207614c007f7d0827c528a2b5339267a74b9511e7ee2d2d7110236d67d07e9959f843560251bf73

Download Submit
C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe

Filesize
3.1MB

MD5
d4a776ea55e24d3124a6e0759fb0ac44

SHA1
f5932d234baccc992ca910ff12044e8965229852

SHA256
7ef4d0236c81894178a6cfc6c27920217bea42a3602ad7a6002834718ba7b93c

SHA512
ba9127f7f84e55a37e4eb1dc1a50d10ef044f0b24a23d451187c8d1dedec26d3a37cf78e8763b351ef1e492e26b1ef9b28fc2331591ce1b53c3d76369d100f4b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 797279.crdownload

Filesize
36KB

MD5
f0c4f65c7ecff17ecf51a6dce0934b41

SHA1
cb4f7eab0480c531ac34cb68e554f84542dacdc6

SHA256
4da35f66cc5d4ce847b1e6e0fd2d579a7bebcf7bc3f098053197170ea4628d72

SHA512
42520798059ded9fec6dc3c26a0c1533d01346bfd177dfb56ba4fa5f781a6ffde660d475e0180bafd1a8406e192622dcb0766f33c4f693d0f9b8f846b1f2e82e

Download Submit
memory/1972-10-0x00007FFBA9D20000-0x00007FFBAA7E1000-memory.dmp

Filesize
10.8MB

Download
memory/1972-1-0x00000000006D0000-0x00000000009F4000-memory.dmp

Filesize
3.1MB

Download
memory/1972-2-0x00007FFBA9D20000-0x00007FFBAA7E1000-memory.dmp

Filesize
10.8MB

Download
memory/1972-0-0x00007FFBA9D23000-0x00007FFBA9D25000-memory.dmp

Filesize
8KB

Download
memory/3768-12-0x000000001B3C0000-0x000000001B410000-memory.dmp

Filesize
320KB

Download
memory/3768-9-0x00007FFBA9D20000-0x00007FFBAA7E1000-memory.dmp

Filesize
10.8MB

Download
memory/3768-11-0x00007FFBA9D20000-0x00007FFBAA7E1000-memory.dmp

Filesize
10.8MB

Download
memory/3768-115-0x00007FFBA9D20000-0x00007FFBAA7E1000-memory.dmp

Filesize
10.8MB

Download
memory/3768-13-0x000000001BB80000-0x000000001BC32000-memory.dmp

Filesize
712KB

Download
memory/3768-39-0x000000001C370000-0x000000001C898000-memory.dmp

Filesize
5.2MB

Download
memory/3768-14-0x00007FFBA9D20000-0x00007FFBAA7E1000-memory.dmp

Filesize
10.8MB

Download