quasar | 6bf803ef550f4b654fe417656aa42d4a9bf467d96d99813deba7bd5bc6edb6f9

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-02-2025 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

waasdfasdfa-cleaned.exe
Size

9.6MB
MD5

7a08b3d3a74cd47bdcb3de677069cc0e
SHA1

303280734566b299afa135056cce5576b5c48310
SHA256

6bf803ef550f4b654fe417656aa42d4a9bf467d96d99813deba7bd5bc6edb6f9
SHA512

19f1ebddaebe51c5cb71be9e1e0dd3edd403e973bd2ad171f96fa3ab08bc555896ab115e29d7ad794a6606cd18401e1b9ccf9eb2475b80b1ebc82ae1aae2008d
SSDEEP

98304:5+rEWXvUvUlSJSbWlOeAlKqTkNUv6mrV4/j0azLwlEwvJzWNCOhssO00:2/xSJSbWli5lSmZ4b0az+RiZi

Score

10^/10

quasar seroxen v15.0 | fifa23 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

v15.0 | Fifa23

private123.duckdns.org:8808

dofucks.com:8808

Mutex

c398e98c-136e-4007-ab40-e179829f338c

Attributes

encryption_key
C84CB6134701741C5122A14FACDB67C8CFA9C0AB
install_name
.exe
log_directory
Logs
reconnect_delay
3000
startup_key
$sxr-seroxen

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/5076-1-0x0000000000A30000-0x00000000013DC000-memory.dmp	family_quasar
behavioral2/files/0x001d00000002aaef-15.dat	family_quasar

Seroxen family
seroxen
Seroxen, Ser0xen
Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.
trojan seroxen

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 5076 created 632	5076	waasdfasdfa-cleaned.exe	5

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5076 set thread context of 4408	5076	waasdfasdfa-cleaned.exe	77

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\$sxr-seroxen.bat	waasdfasdfa-cleaned.exe
File opened for modification	C:\Windows\$sxr-seroxen.bat	waasdfasdfa-cleaned.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133831927074603163"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5076	waasdfasdfa-cleaned.exe
5076	waasdfasdfa-cleaned.exe
4408	dllhost.exe
4408	dllhost.exe
4408	dllhost.exe
4408	dllhost.exe
964	chrome.exe
964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5076	waasdfasdfa-cleaned.exe
Token: SeDebugPrivilege	5076	waasdfasdfa-cleaned.exe
Token: SeDebugPrivilege	4408	dllhost.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe
Token: SeCreatePagefilePrivilege	964	chrome.exe
Token: SeShutdownPrivilege	964	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe
964	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3592	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 4408	5076	waasdfasdfa-cleaned.exe	77
PID 5076 wrote to memory of 3376	5076	waasdfasdfa-cleaned.exe	78
PID 5076 wrote to memory of 3376	5076	waasdfasdfa-cleaned.exe	78
PID 964 wrote to memory of 4828	964	chrome.exe	87
PID 964 wrote to memory of 4828	964	chrome.exe	87
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 4752	964	chrome.exe	88
PID 964 wrote to memory of 2180	964	chrome.exe	89
PID 964 wrote to memory of 2180	964	chrome.exe	89
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90
PID 964 wrote to memory of 3160	964	chrome.exe	90

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:632
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{16c30f5c-66e5-4939-90c9-5deedfb6502e}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4408

C:\Users\Admin\AppData\Local\Temp\waasdfasdfa-cleaned.exe
"C:\Users\Admin\AppData\Local\Temp\waasdfasdfa-cleaned.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C cd C:\Windows\ & $sxr-seroxen.bat
  2⤵
  PID:3376

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3592

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffaff8dcc40,0x7ffaff8dcc4c,0x7ffaff8dcc58
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3580,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4432,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4828,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3592,i,10066971031464321321,6578382069661221478,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\1181200uwuuu.exe

Filesize
1.1MB

MD5
8d7323d418c9c2c18385d965e09f554a

SHA1
3a91fd90de0890c7dda5a810887990e955bed28d

SHA256
ea3872b8d9cc0bca01503a0cceced3dca59477b6aab73f4b7a5b0eb3fffacc03

SHA512
e953137038ad5cf114c5e891a33857998d1a654793df2c51fa62fccedc75991d19e3950b4fbaede6b8bfe55613d1d9589e0d26bdd1b1d673b4b4d325f4ba7d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7eccbb73cd4ceca65a549cebba12798e

SHA1
b2f8c4c38b2c269d5ad903459f60e024986ae354

SHA256
636d8284c6e25b7decb16cd6899eb23c293a12b300706ec59577e3631445b27f

SHA512
c7a6a294256d1a1c73aecee21b6be037e9f5296e375d9cdaac586f89a9f7958249b2a200f1d7097d96e48ec913ce063735225b006fe0e65eaae337d17a7fce18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
83f4d56ea3ed5b0a4e949ee168746c53

SHA1
4d01fde26298d2570901032febd85d51e4c5c671

SHA256
05c1eabf5933f9924680c131c2083720dacfda4adea5da8a14e4d15fd984466b

SHA512
add06f880996bdc971f5e2da7c2e9d428f56927d54c51fa9890da7a245846bf31d16633a9f8f80992bec225f85ca1882439d1a5bc158c0ea59cccf700f54d757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5002365d2ee68a6043b42da80a18eb44

SHA1
5e2df7c60577f2c00e5edb9ac6bc9e05e971cc42

SHA256
a8224b4e20fe6665330a67181fe3fb509b22013971aaecc3d02d0a30cefdad81

SHA512
40c091b18e758b597691b0e6a87e551ad7a3ab652cbd8ab5d52e8c6fc866e00aed3d5032c3cbfd769e15925c8db403ae7d040d2af165cca216216a81b4529717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
9622586595f7a34fb10c3ed1bc8ac771

SHA1
c683cb1b8150baaafdd924d3bb7ecb56e8823c69

SHA256
4d172ba3e386dcc88c363a03c3a77c4a68c30c0309479fa2d6dbaa633a171178

SHA512
68bc0ca0b77358e39fc5ac4c620c7466728ad6ee60892a3b4e8e28514953f1cf9f1541ae068c5895bc6f9b783babf00739f3a7725c31fe28f3a5dd934fcd1d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
48842ed42a5b3eb2dc89793cca8a2b36

SHA1
d7b406e621408ff040cbc3d9ee2f9f4adab22189

SHA256
e537ea3767c10c5cc6b3ecd11a9e6e763ab50ef09819ba612bf71aeafac28b79

SHA512
fe29995eee4b24c55d2c867cb8dc170758265b13849e28eedbb73607fdd799fdda578ce2ec8415b73825dc33c4e5745f53866de0eb40bdf9e4fc60b87fac7c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8152a9c82b891e29425ad5a5e4fb929

SHA1
61e40516b9a4d6154701bddb675080d66343bee1

SHA256
2a1f9263abc7549434193d7123b6cda895330aef36994ef3c5ed9c2b91dedb3b

SHA512
9bee946a79806790fb34836cd77d24cc6be5015a62a759f02c1e28b8df1cbef67dafe79a050854c446760b27481a1f3a62ff04e015f21c80a57adc4e36d03b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a90576e543569c45754001e49e5747b

SHA1
30d98c3b8230e97e1c0d1ce96a12c063fd408039

SHA256
9da7d0866b747b0b66a5eb3681d07ef0803266dd4fb5240a677b630e460b204a

SHA512
a4407c817f279c307129cd68914f917a42f22cbc3ab4a771fbc5206550cb68083ec3b0047fa49adb37a214bf64aa842db1b2c142b0f23a2c5cd09bc1032b2c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2e5a8d901811cda62f9503d261662ac

SHA1
10a7880d57756534d301f9964dae281cf84ce148

SHA256
bcf81301b76a6e31075c8b824f047e1aac8940c22573bace58446e139404314f

SHA512
6319820d3368dd7c306ea539983c00a8fdcf1fca506b638c3937d9514db4fe7fd205a93b8a7f7489c3813daecf57661ed5d8233cf0022c7dd2c12da964355215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea770ed19ad9af32b225d94c5db4381e

SHA1
94cf1e3531f8f90e9883a70e01094a4235e795b3

SHA256
8b86b3e4a3094a36b48267fcbe1a2a31ba2532beeed426c9674c74e7764c0875

SHA512
a0d47966391052b1f2f5fb18ccc15a02f4ff0dc971d2c5d08093e4e95ee2fa2b2cc0403d93cfe26ed0e5a4326cdd458a7c46d60be006525069977f01e6c5fe91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd9f38cf62b9033d6866382c30800cda

SHA1
b087f7c5c0b6b4944fef4c04de68598486b095a5

SHA256
f172a514837f7d012c305c2e0786ec6520a03fe0af47785b4f1c009f4fbd3a15

SHA512
e0544266ce0f9f837ac7971de467bd56b080e4514fa800bbe0501db96f5ccf6df6ef706af345d6c4ba15309ca8356178c607835938043c310d84c4a43d0c3ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56e85694be7f805cf2000d6689b27f10

SHA1
8cf3513d257b300d3940342c6b50aa066eb4624d

SHA256
48f79e1ac9512768f2b11e885cf3b2e63b41cf283c39a5a5ae56091aa804c83d

SHA512
f20a8997c97c79f67a0fa7b8bca38ed90b16329bc58f6f905571962b45fcb780665d56628567e3780d05bafeeedfbb8dddd2886f4f761558a133487906f08c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e7a0daeea87f7a769138d8283e98dcdd

SHA1
ee3037915b3f5b43802b6555be41dd3853ce99f7

SHA256
8eaa1e0b31807238c75021a06bcc145aef0d1c1b114acd8d4f2fc08c688ee44c

SHA512
aba75fa99327ea07f7cc5fa70171bc92c6681e5b14722a9488adf61c0d86aa75cd1143f371f1ca06f36475bde037e8cc919ff5cad3dc388c339d7b9ee71cbd70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
e84b5b8d90b40a650cad5f6062708d4d

SHA1
aa62f08f2aba73df047b27fee38192a610cdc00a

SHA256
e54f3352e1c50a2268b776fddb71c9ad40c1c1b4b5d986009279e2ba2fd5e0f1

SHA512
190b3388626030797091f6d4078c574eb9a31cf6c9628ae2f173ceb7ca3ba6e501a7f5a439087c3dafe2d31f6b4672e524a50c7a6fcce5913b4b05fb134446b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
2f411e476bcd7aca772aab6c79a95dd4

SHA1
fc8182c5129edd6ba1dace95e58c3f53634b03d6

SHA256
d792e6c03a514543011639064f8b300e36b94077a81db70c43b00068d3ef53cf

SHA512
757096fc9d76918c4a80b289d6d247ee7c913269e097787eec11356970616d25ae41b1738c0c02d3394bf858d33dcb320e4c7b68689f433ff271d21caa923d9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1e7dd00b69af4d51fb747a9f42c6cffa

SHA1
496cdb3187d75b73c0cd72c69cd8d42d3b97bca2

SHA256
bc7aec43a9afb0d07ef7e3b84b5d23a907b6baff367ecd4235a15432748f1771

SHA512
d5227d3df5513d7d0d7fb196eef014e54094c5ed8c5d31207b319e12480433f1424d49df759a7a2aefc6a69cef6bf2a0cc45d05660e618dc2ec9a2b082b7b5f7

Download Submit
C:\Windows\$sxr-seroxen.bat

Filesize
9.6MB

MD5
7a08b3d3a74cd47bdcb3de677069cc0e

SHA1
303280734566b299afa135056cce5576b5c48310

SHA256
6bf803ef550f4b654fe417656aa42d4a9bf467d96d99813deba7bd5bc6edb6f9

SHA512
19f1ebddaebe51c5cb71be9e1e0dd3edd403e973bd2ad171f96fa3ab08bc555896ab115e29d7ad794a6606cd18401e1b9ccf9eb2475b80b1ebc82ae1aae2008d

Download Submit
memory/4408-6-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/4408-7-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/4408-14-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/4408-8-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/5076-16-0x00007FFAFF0E0000-0x00007FFAFFBA2000-memory.dmp

Filesize
10.8MB

Download
memory/5076-0-0x00007FFAFF0E3000-0x00007FFAFF0E5000-memory.dmp

Filesize
8KB

Download
memory/5076-3-0x000000001C680000-0x000000001C7A6000-memory.dmp

Filesize
1.1MB

Download
memory/5076-4-0x00007FFB200E0000-0x00007FFB202E9000-memory.dmp

Filesize
2.0MB

Download
memory/5076-5-0x00007FFB1FF70000-0x00007FFB2002D000-memory.dmp

Filesize
756KB

Download
memory/5076-9-0x00007FFAFF0E0000-0x00007FFAFFBA2000-memory.dmp

Filesize
10.8MB

Download
memory/5076-13-0x00007FFAFF0E0000-0x00007FFAFFBA2000-memory.dmp

Filesize
10.8MB

Download
memory/5076-1-0x0000000000A30000-0x00000000013DC000-memory.dmp

Filesize
9.7MB

Download
memory/5076-12-0x00007FFB200E1000-0x00007FFB2020A000-memory.dmp

Filesize
1.2MB

Download