quasar | 1a94dce8eb86e5a531a316491267bfba4dae6bab0e5a89b84f6ddcf8e0dd57c2

Resubmissions

05-02-2025 01:47

250205-b72apsvmaj 10

05-02-2025 01:46

250205-b689xstjct 10

Analysis

max time kernel
1049s
max time network
1011s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
05-02-2025 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

waasdfasdfa-cleaned.exe
Size

9.6MB
MD5

f7dff4ea8253c72ac87edc0fb5bad744
SHA1

0ad62cbeb4bbfe55f598d8150eb47fe11c605d18
SHA256

1a94dce8eb86e5a531a316491267bfba4dae6bab0e5a89b84f6ddcf8e0dd57c2
SHA512

01aac77f314af5650a9c9e2c4dc6033e57c83eed73b1245ff807c8740cb5e4ecd247b82c0289d8d2371a3c4eaebfcfbcf20a97ee1305562caebb4e0fc1ab5701
SSDEEP

98304:pCjJmhnQCCHMFfrblOeAlKqTkNUv6mrV4/j0azLwlEwvJzWNCOhssO0y:fVgMFfrbli5lSmZ4b0az+RiZi

Score

10^/10

quasar seroxen v15.0 | fifa23 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

v15.0 | Fifa23

private123.duckdns.org:8808

dofucks.com:8808

Mutex

c398e98c-136e-4007-ab40-e179829f338c

Attributes

encryption_key
C84CB6134701741C5122A14FACDB67C8CFA9C0AB
install_name
.exe
log_directory
Logs
reconnect_delay
3000
startup_key
$sxr-seroxen

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/2760-1-0x0000000000430000-0x0000000000DDC000-memory.dmp	family_quasar
behavioral2/files/0x001c00000002abad-15.dat	family_quasar

Seroxen family
seroxen
Seroxen, Ser0xen
Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.
trojan seroxen

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2760 created 636	2760	waasdfasdfa-cleaned.exe	5

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2760 set thread context of 1112	2760	waasdfasdfa-cleaned.exe	78

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\$sxr-seroxen.bat	waasdfasdfa-cleaned.exe
File opened for modification	C:\Windows\$sxr-seroxen.bat	waasdfasdfa-cleaned.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133831937380079943"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
252	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2760	waasdfasdfa-cleaned.exe
2760	waasdfasdfa-cleaned.exe
1112	dllhost.exe
1112	dllhost.exe
1112	dllhost.exe
1112	dllhost.exe
3164	chrome.exe
3164	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2760	waasdfasdfa-cleaned.exe
Token: SeDebugPrivilege	2760	waasdfasdfa-cleaned.exe
Token: SeDebugPrivilege	1112	dllhost.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4016	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1112	2760	waasdfasdfa-cleaned.exe	78
PID 2760 wrote to memory of 1640	2760	waasdfasdfa-cleaned.exe	79
PID 2760 wrote to memory of 1640	2760	waasdfasdfa-cleaned.exe	79
PID 3164 wrote to memory of 644	3164	chrome.exe	88
PID 3164 wrote to memory of 644	3164	chrome.exe	88
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 2208	3164	chrome.exe	89
PID 3164 wrote to memory of 1284	3164	chrome.exe	90
PID 3164 wrote to memory of 1284	3164	chrome.exe	90
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91
PID 3164 wrote to memory of 1464	3164	chrome.exe	91

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:636
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{9470bb10-9960-45b0-8b7d-9f80692e3073}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1112

C:\Users\Admin\AppData\Local\Temp\waasdfasdfa-cleaned.exe
"C:\Users\Admin\AppData\Local\Temp\waasdfasdfa-cleaned.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C cd C:\Windows\ & $sxr-seroxen.bat
  2⤵
  PID:1640

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5032

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\1181200uwuuu.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed76dcc40,0x7ffed76dcc4c,0x7ffed76dcc58
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4128,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3820 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4616,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4468,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=876,i,903040599026065908,11883227831369454272,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\1181200uwuuu.txt

Filesize
1.1MB

MD5
124c5a4ba84d963e20ab9f7d77b85954

SHA1
23391012b43695618478749093aedea4c4df2fb3

SHA256
5426c6dc3b7684762498bac5da60162d2b847943506ee2f7b80affa8f4aacfeb

SHA512
4142c5eae2e0af730e635778bd2d7346a88cb87608430872b8ba66314da7dbf0ef6f6fa51e547743f0cee7d04150671c647bcec836f50dde467cbc870ca3c0bd

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5024b89a-6952-4ede-aefe-d23d942595c7.tmp

Filesize
9KB

MD5
ca7ad262c80e98cee94627190394c839

SHA1
c6fc953768bcd2cccfc3682ef5da257cded2e586

SHA256
186944b7ab985dac858403bdd0111e9506eee573cc4e0bdf97e12df97e9266b0

SHA512
2cd4033520559c74a16d6878d9c4953469eb0f0800aba5a81e4ac16a0fb7218b9af61de1765cd5c23614710bd2df656e80a22a3a390bccbc3dba00d13d80bf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
684010a54d7f8cbb3aa6587828858d55

SHA1
c399a696cb045dacf22aa90f131147710fdf0dbb

SHA256
30509886bbdf28c66408e8e41e652c847852b90cb7feafff397a2f6c62740ba1

SHA512
0e5e375805cc2148473d97fff976a3c8535cde0efe72c907b5d4bfe6063993634e5cd116c9330257cd77fd1b8900613028d4334729a43d559d5cecd765cde549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5d048c1eec609e4af48bde781f631163

SHA1
7a0810ae721c27a8dc3e88b9e749961c1be0033b

SHA256
a29ea936e7e4085c7f4cf5f5d41083413246e6dfaeeec48d72e148414d6d18b8

SHA512
5cd7746f479c5fdc3da43501baefbb0b91dcf81994ca47d9c0a366d1cf86d3bd6c2a02ce8c6f40720e3d9888556c6349928080ac4c157fb3a7578eb66ab77a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
eb181c6088571f29366f030eab36ef63

SHA1
b8140fb71d658b2a6a0bfbbec90d172bb8750e47

SHA256
61b7d570455b39dee5a7f264f8b0de0f82b87fd4cde1d2c67d408475327febe7

SHA512
213d3cd80d2527a68c0af995d3d35126405db85cab87b83e085dde74e2005c882305abb5a5f6d7415ec43a80cb6f2d02c01e8d427420f61f31b840af0b57eafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c5764578d256f03b9c1f062044c4a924

SHA1
3e59294044ebda7b0501a39fb3a0b520c1d9537f

SHA256
dbcb0c73f5bb3a3ca67dd4b879370fbb3d112f8ff8d73b0113997126d6798251

SHA512
e38a5c3f743e6464cba602cbc7feb7c7a4825ff4a643d126d636da2f26e0a7b7ccafc667fb20363fcb8bdb2b616c9c6559fea6f62b4780d1d8372a4d68a7a8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
a3472d41d96d8709a1ade6dacbb7a75f

SHA1
8c93275c3e86df7eee37dd07ff283f6f74953664

SHA256
bdd89f55b479c6191ca8eed30c67fab418386cda5a402f0b73a5f9ff5aa1fa96

SHA512
8619374c4d99397bab183f65c6d2e84c0fb074c2f2aedb85f5e4d6a917693931488c7809780bcd4a9afce61e93f0a41618b4bec383ef97bd101808ffba90910e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
5638d6fec8eef54c6b1fc340abbc80ca

SHA1
af27f7c30f25fea9fa06c09a0f5b1dd349a03f3c

SHA256
822cbbe7d68bb5d91820a674bc3095a608877703d2a235bb02026236a9d9919b

SHA512
a5807620b2daa59974beb4435449fc58f9f64ea61e96d9b632095fbf1ec1b003d5cf68445317f57b2538dd2a33c34a9ed7d38a3952b7444e49eee1f3fd7bd26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b65c2ed6-cb8d-4260-b54f-042f486e19fa.tmp

Filesize
2KB

MD5
fe15f759b650f7d3eba364e95cc8144a

SHA1
efc325022d8864c0320f03bca42a7d2fbe41317a

SHA256
d9610a109c8c9f339e8f8fec6fa1ebebe917383ac110ef8c0b2f2a75cc5f261a

SHA512
6a3dba1951e0c0bafcfa6bd155bf83cd75a440828acee69108b478b1b8727b908929222d8c5159b7ca90689431fafc077e1741f1b4e52fa571b2c16c5c88cca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8281bfdaa1564dffab55659db48b9ca3

SHA1
a32d2377b092c1335fc6a5452d8f063471337649

SHA256
4965f54de76ca2a6b93f73d2a2c570432af318332ae1fbc50ca7dd86f78c9011

SHA512
aeccc84ee2635c27a9455514a4099baa47bd39f92ba7dac81e5a395ab01e8cf057bbc0c135040530cdbb8e772a4daf7aa720935c158806e228d7bce81e3eac55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3506ba2652e2143b85510c77c741856a

SHA1
cc63167d84f2a712d818daa297b2858885d8aeab

SHA256
acd3bc94ae969bb90ba36d2a7ceb9a4b9a0047d4a18c0f040d92560176573237

SHA512
f5e240c06ef5de80cc23262cf8567edf1d52519ecc78890e991e838efb4076806a973ad79fa07a6fd4b2b058f37b2be78ff41972e4b5f9d755a3ac2ab36d47e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a225ede0ee37a0f532b9e39e85ca5d7

SHA1
8b0b4b27a90047e6d8a3a0aa1f6cd265394450a1

SHA256
e366900e153c5d4c1c69039cf0e2234b875f1c369eee48fb9743e5e19c2760f7

SHA512
0909a5121977b2993d40411c22dd92afc0d6a7b19202abaff05da487fc5ba892d49e9164cf0f63148d36f419460e4890b1af4c0d03076585ea27b46fad960177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73f05795c25316784514c0256c7129ea

SHA1
22bfaf4f78a2f92d86e085f0cbd5375b170f7fee

SHA256
9a1aacdf6e9ee43410ea566b3884daca093a7c12f57ce01184cd7cf7ba42bb3f

SHA512
fff45a3c5e71c2e6f70bbc6748600c0cc94cd202f4966dd9e48838bdf6d061041a005b51746549ff27e998706767e307c72aed29bedcac2cb1ec468b3895463d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f1de3ebf0f5c395676aec78ac3cbd8c

SHA1
655e9a8e6d86dd0dc02251da280ad4c4df5d29c3

SHA256
f34fef0ca320567f755c9e3415dd3279e908be54cc1c4cf1bd3a9fa7fa6966a9

SHA512
f40c473a00d12f6d111409f5d1974192ce80775adc0afe3bd5f2ff7361bafc0b803aea3f5149808b96d1be19d85cea3b496b738c2df698dfd3285122cdcdbca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ae4d54a2cff9fb8def827cd895b2002

SHA1
c7e9986bd2af4e8b91258104b8d3c8c9094c9126

SHA256
3d3fc9dd9aa5697ced4dc3c13355ee7dacde1f9c2eecbd6d5c76d0bd5a6b992d

SHA512
8df876e1ccb63547fff2fdcb3148d5017cce6876a16264368b017dfbad6e972cbac7ca8873984bc9a812287712f36cd56c8ef8d8ce1b43bd4dd1cec372639cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68bb81cf40aa04b0bf9df90d70c050fa

SHA1
7848b7773a3873996cdd132a6349f397a5991a31

SHA256
3474569a18e38a409df536ba780a4477f6115b59e299121070fe6f33c402a5f1

SHA512
97798947cc804b6c1130e220ff67815f687666cd45364bd4847c6e8d2e00c5cd1c606da6e0efe8d55c001761d1905c27147c156a63ae4b0893ffb7af1997cb14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cf828564d599a5abcb343ea98886a6b

SHA1
ec6f971d706362e6213978216d14e6260d733c4a

SHA256
1e1a2fc790b4a17ccd869794fde3bbcbadddb1326ae8ecb220c7c1e91f5f06e6

SHA512
5073211dfc4eea7512c59a372e756e6c961a7c5ce26c8ce953d042b769e40d95550dff485afd9c2163f88e84ed3811a04ca7e7b6c3b3508f217b51a817313f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75072edb10fe5c4af5a734a37359879b

SHA1
d49d685fcebe44f41d5f2fcf450cfa0b6c9b6059

SHA256
88ccc04a156cf4e3592ec01691c30e6d077cdc6aa6282a7ca3dea0ae4a8ffe8b

SHA512
1c35c012d8f81996218c841639083b37d17f9452d51f994a713b8d5770647efa5bb0ad7c0b231458f7bee9374c98c0a29103a640f3f8a785ada2c5e0b28ca31e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46897f6c57b6abf05f7cdb1d9070c31b

SHA1
831c05f22d969ef84cb98ba4e0066d894ac4e132

SHA256
0988a4e49641f0a98e1d797c251f0a04115af30949f58ee6f16647a4b0f15996

SHA512
856ea574f58bbbb72b1e06591e914b62130ee3ce746a16b0b6e88186aa486578e104989acfa9f1e4774ee1931596b3fca85dece2172a69879897114d5379bbfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71bc89091c88250a4e2ce81590f9880c

SHA1
4b9b35af3cfd3567f06a7b17a54dcff3d996d88e

SHA256
61a33801674aed4d676ffc64158b9780665c26cfaa962e1b393de298929530e8

SHA512
725c3e320553e058fe88cc2a0aa6b0403a4ff6e033fd100601f32c3c9ad541f4c9100a4e0d5aaa69f7d98a1208a414f9358ef718e3b3edc4ca75614625261eaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b21c677a278adbaa2d77aacf72f44c7

SHA1
e207d21a3cdfca91514fc3db8a7367ffe937e4e9

SHA256
c15cdab3617b03ea879c878ff078e6cda1ac6aba8ae964f6ac60af1a9a272a36

SHA512
0445331e94205ff9e4f94fc3bf68e2674653d647264fb3fb7caafee0102fd36c9114bcfeff287d33e274f2e32e3ea78ed3a57494989aeec322c65def9268c999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbd31a2d4034751e122094ff843cfd50

SHA1
3047b1dca87136c3d4ee4e2658f9c30417395a8c

SHA256
0cc20d0490cc1694aa9c5b57c90d798e9c03dbfbd43b3a4b7d1d48103d6332d3

SHA512
b57fb5bb76d0dbeb7fa456b044b536c360a9440695ebbc342fb50766a76a19d0c422334107f25abfa84d4dddf8f98bac8a0ba4e40e58dd0130404024e73b29b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d8ead6c9a90093680ebeaa2f10ceb58f

SHA1
10277a396037d99cf1e8fc62d6a8160502aba590

SHA256
91bd569ce3188b17fe55b88a2ea1a33d12e5bf71eaff2412f6a2f78ef1345293

SHA512
5e4b34bf1c032dd570d12945559e39cfbd5bc2bbb8a3a35667cf3ccc18ff3a74a50913ea702c80bb00af233b9b75708ba81269b2a3b5a4ee4aea374d23fe050a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b501044a4cf7211948296513b9c3d4d

SHA1
6f2c852efdd15e9bcf2569c212b2a8a5319b64e4

SHA256
d1df4bd12ec9be1ded2432176250dc821d4a41bc1f42a04a22dc1ff90c8cb0c7

SHA512
f8e2161335ae8c7027f6b3ff06a389190011e87c6c419195fe755df8434cfcd084b61c816cdf7d92cdca5355b6c35adef5c79d5c4aaa48cbb9ccbe5c3f6a8107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af0207aef4e955ba744a35df752e7bac

SHA1
142a15a009c1c7435c4983d3879936dfba72992b

SHA256
150d2758f43a86a2454bebbef47cece7d8a94ee67061299ce8c5c7a8e4509799

SHA512
313bcfc521364df13c000a0fda37acb120d28940abdc2fa192386396c5b4a1f8810a51925693223006d5557ca77013a385d170c04e98f38c45e2db0e27090141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ce5e954f9252bfae8b9a6c341dbce6d

SHA1
e0aca83c39ed21206c616e55e2c7ce634baa6241

SHA256
a7152369dbb102823ac06cf3a3e096b47e00fbff3ee63c05e8a67844c3a60545

SHA512
14d995a0b7d44ffaa02cc535a0e1f5b68a57612e49c0f6d89010827373f721a11c68e69a388b526a66d91aa368d791b7ee7b060607227dcdc2509f7922add64b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00bfc968ae6a6694ba11baae3484ae0c

SHA1
af0f6cef0e5c1b6cb569a2f48a0617328ca9b010

SHA256
432b0672048a158d3839e8963889ef40f8d2cfbe43a9015ac973d9cbaaf1d10e

SHA512
20012a1579111633031c9c866c49b68d9da8bc863969b21c7c214b91957e31ce306cf50fb80bc7a9c3dffd305c1f2a2e172a6a7cf2f6f0aa37ddd90493dfd277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
013bdc36071ec1851d7159477953055e

SHA1
fbd061bc8560ff0ea906b14e558847f435662e7e

SHA256
38c8e539dd8f88abec11d592e8f8e17733f5c9a82acd82fa6f83c4368b7a264a

SHA512
70fd1f86172ad4a727a73e6becc09b4e4f6168dd3e5d8588881e12babd4087c4df33ff48ee46f72dca2c75ff9f1cbd81e9bc3fd08616ac8621bd34a9429f698b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18c6a2c882f1e80ab02f65211fb8e850

SHA1
302d4a0587c804102c9e032c1c06a3492745753f

SHA256
547a5f957ebb241b0c784c83fbe8c7e4bdd49aba6b413e9df2e646bf441f8027

SHA512
6667ce1ae0a78c6be63cec41ccf471f42d9cd11bf25584e74c1982d072be30c8172880179911cb5b745439c8ab3ab71de445831628575c4ed90cbf4d1be0a484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af73c0121b25f8faf7a33af0b4ceb598

SHA1
010780809918ce9b12acea2e72cdf846c6a6c03e

SHA256
ab1116f07c1b92c8f3522fd9802e098e2d7f036735ae36af037bfbecbbecf3d1

SHA512
016166773a39899e40cc9e00df18cff70e9ee55703400f36a704e6411fad8068baf82aa178683dd6274a50b929b4407b02278f0ee9c0d31ea0b26001aa1d3a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8ebac8f840843cf7ec324fc728323d6

SHA1
b417e9908d567476c9fd1e71635534d6db610ef9

SHA256
eb7d68bca6faf65cdb5d9a23b46d09c080dffd32d1ab09d5c5726257a738b7cf

SHA512
77edf601794a657dc9bb05da0ad8c3ebc82cb8da0ac70f7a60b216838136dbf7cc9ac6eb273cc8d49472ac6ceb40247c962fb6525cebabc0954474f4399877aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33fd7431a0d5ae35f69aa4fb56aeb921

SHA1
60354ec45e1114673fbf45fe3f5e72fe795000d1

SHA256
c0286e032f9f6072b2f364eae41b7eed1152939b27c4256a6919f45e91a3281c

SHA512
68305c6dc6aee4341d30cabc1bd5b4e10737903b1311e721cd38f625d66bae5f0c647269366d2436432a577f0262020f8e3e24d72ec025914d465948c0415bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82e39101aa646616dfb7f135b24c78c7

SHA1
6c121e6313817ac1116534ed2485796c1db03d4c

SHA256
efb365ac611d2f203053283c6c9b297ec3d73c7f0c4d755782a52faf40764678

SHA512
4dd44a17620f7877009a585ae876a05c971d9aed8239718b6208c12ad7dc9393fe861761f65df28a82281aebbf3429c42eeb11666e8f6b8da28a2b1187234c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d63851285e9b50e2448f014895ed4267

SHA1
6a7a2be35945dc77865a5d5f8d8f8b18efd08f53

SHA256
0e16717bfcbf9e48508db3d4fce0e67814d3fa4fa0c6b3c9b077f5b8ca137eba

SHA512
18810eacdb1d5d4426f505d088922b9b8f0d3506ab4e9603d4768a8399d6ab83f418337f4faac07021066662b93f8c57f05d29f836bba8bb11a654504bf1239b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0164bb9ebb0c58ca08e06b33c52c6bb2

SHA1
2b8deaaa1020b9806e85d5607e6535baf103af44

SHA256
8ccf93c509fb48afa8e998fa70ddb97384d9029224934a4e884470b540f20f50

SHA512
5a73b3f089bcba1196f40a40fe746a4dda9f01a722cf7e00bca53db190a1211660a0bf6415680dd91ab02bff99358fb634d9af49f45b84d170bc4ff70a5f697a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c62f41d20e14fb86802100740c5635c

SHA1
d3ef2b79714151321013e690b99738737e2712f0

SHA256
a266cd9d908b4608f1318077a10d4bed0c570a392a97339cd2594fe8adb61b42

SHA512
5b00f05fefdfb98408355ee08bbfbc9ce7c86756bc9251987386ce01e4eae622eb0e720f4ab192e6b5d809d9ca237cee60da7e22507f6d1be3316afc9d21fe8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
670acecf8ed4599ac95a2892e7216b04

SHA1
02d6e37fd346ff715bde8745614dd97b103affeb

SHA256
6d791975e2b49976f4121fcb3882a8d1ff5cf58d7ac54c88f21973630981eb04

SHA512
3142b38a84abc7f363df9157fb95891eac208780a0dce7cf6a1758c08b32ce9c8fc1310492741d8e8655e243d762a6b586874ff45327cf69e977b892db3cdb07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adb258847331e5b77a14b9891a7afafc

SHA1
90aa9ee5ce900f0c3a9ee3684c6e5d2baafea73b

SHA256
edea4bc7e8d3b63ea15ee67f87d6f3e193df8f119228817e9848e60bc525bcc8

SHA512
e979da396a7bc6162560169d371ee0505e6cc030ebc06f555f3bfb5cb5adde60289d1fa26472cf54eb0e5c3abffe8b5b4a9c8c7ce845975a11ba95bf4493f39e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99f9a84d4ca466a332fa8169e9fb95e9

SHA1
50bbd994207f1ac9a3d4de3874b2b3a7106d1aeb

SHA256
f4a8c27025fd0b31e230a6086e22e54c8c29ee72331222a866bfa994301ea54c

SHA512
121fe930132626c9755c5eddcbf1bbf16b82b5f26a006c5941bda946d15c7c9f1e7783a3dcc2a72ad93913b200d492bf3b02c5e5db1725a4b52a8b46ec57b902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6afecf7512fbcc7c0531cf56989123b5

SHA1
1e27208078f3da0ce52f1cff4980808db9a1e31a

SHA256
be0199e2941181f357668a1a9f133c532dc4bacb4a7e22ed252d0d04e73a96f8

SHA512
c459e7bb944b7c44e9d8a351b35b78df550d9964e54ac0c9a0aef35cbb54a0ab2ee0534c910c2905b9fb1c77ee5b25239f9c71b3a3e513aba9693ca444eeb5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb163047861c6a935be8b7f7e5a82d85

SHA1
1f491618532f9d80086ae8c5846223d168984279

SHA256
289958e6dd2b61665d58bb0a68f116c37c74e985d4bb7d9195797282918eff30

SHA512
0773244575f8fcff0bd396e63ee83e8d065b15ec370e9c17c0d5f3c6cdc7027ee3be43897adfb07fae7028566a87be0989ed604f51190123c69aef8639c7c2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08accde9af92aaeb167b3146ca29d840

SHA1
b4d93b9042868bc6973d1d1b096028555ce5b464

SHA256
fa0e583fa7ce9d6587f62e16da95dc607bfd4f70fbd679453d01e68088996d23

SHA512
8fd45a639d9b94fb9fa608a6da71218a477d22190059398c387577f3d0ed7ddb62e31f30a3634056ed0f4636482443e366d05f5530d10d8b4802e39d397ed5e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b5de932d7a775d94736b4126d27192f

SHA1
964ad57584c0d126cc514eaa480891c68e43de8d

SHA256
7fc0259a88dbac1bce1d0180fdf5e31d584ba305b0a62a1978013500d1c856eb

SHA512
713a47b3b8d3c8c361b569de7f12abd04bd8971e056d53d7f4acf79c629f14fac75c771396044ccafce029ef59cf5682800f94c08ddf1c824758e37fc803a07b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdd8ddeb757c1fcadbd3cd3e3f91c168

SHA1
0b572dc15d6e7cf8d42e60defa906bbc57411ee2

SHA256
6f1bec35abefb99dd182788f4a7ab6032f2c2db23e283a6a6242392bc4af9781

SHA512
13c44bb29f66ad5fa33d1366949515f57b3dadded3d6ee532d64dc279a2fc7f8d0b8cdaeb2cfe1633e1867f2a9edc91986598a0cbab15fd822bf677f533c3ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c860408860a4316d5aaf81c9887e2356

SHA1
b5adb49257f7e24f7fca0a7bbaa5067ac86e6638

SHA256
fb29ac0992252304a9dbdf53fb709777908e03480d9bbec9b569f913485296b8

SHA512
e821f183364f43a0f87715b74d6a49973551aa3c8d00514c40ed5ab496757dcbb0fbcc636524bb7516f87a510260916ed7e32f554ac6c2f56264daff4fcafd97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
30ba8863faf25978c85a60c075cae795

SHA1
d9500eb1500a05beeaa0ba5d3f74e4baaf949fe8

SHA256
8ca7d4a25e513ca395d3e44e0902780e6a3f90231ad59daca6a0e3fa8b7bbab7

SHA512
b4d9fd795b8cfec04c298d5d6b9f21cf99096b70c4c3d3338c96216c3bda2a6302153f1fe0699d3c697696ad017c4872e0024277253723272d21a2c7498b909d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
11d3a419bc1b522cd09d8c2e64364313

SHA1
8dcc3e60ab6a5eae237b06292e41d627ad477bd6

SHA256
7ce6b4b2c858006a527a2341ea20b14aaf34e711ec3fc4bb400b0f9bb72374b9

SHA512
9677e0553c1b11f504e8cbbe063c714dd374c4539f0132acd66b47cff60ede845992ca681246f22785f5e01adc85f9e85e7fd17685e728b1428d8d97b78ad02f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1301a13a0b62ba61652cdbf2d61f80fa

SHA1
1911d1f0d097e8f5275a29e17b0bcef305df1d9e

SHA256
7e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716

SHA512
66aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b

Download Submit
C:\Windows\$sxr-seroxen.bat

Filesize
9.6MB

MD5
f7dff4ea8253c72ac87edc0fb5bad744

SHA1
0ad62cbeb4bbfe55f598d8150eb47fe11c605d18

SHA256
1a94dce8eb86e5a531a316491267bfba4dae6bab0e5a89b84f6ddcf8e0dd57c2

SHA512
01aac77f314af5650a9c9e2c4dc6033e57c83eed73b1245ff807c8740cb5e4ecd247b82c0289d8d2371a3c4eaebfcfbcf20a97ee1305562caebb4e0fc1ab5701

Download Submit
memory/1112-14-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1112-12-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1112-11-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1112-16-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1112-8-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/2760-7-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/2760-0-0x00007FFED75B3000-0x00007FFED75B5000-memory.dmp

Filesize
8KB

Download
memory/2760-3-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/2760-6-0x00007FFEE6250000-0x00007FFEE630D000-memory.dmp

Filesize
756KB

Download
memory/2760-13-0x00007FFED75B0000-0x00007FFED8072000-memory.dmp

Filesize
10.8MB

Download
memory/2760-5-0x00007FFEE71E0000-0x00007FFEE73E9000-memory.dmp

Filesize
2.0MB

Download
memory/2760-1-0x0000000000430000-0x0000000000DDC000-memory.dmp

Filesize
9.7MB

Download
memory/2760-4-0x000000001C050000-0x000000001C176000-memory.dmp

Filesize
1.1MB

Download