quasar | hxxps://github[.]com/quasar/Quasar[.]git

Resubmissions

21/03/2025, 22:07

250321-11tpqavnz6 10

21/03/2025, 22:06

250321-1z4tasvnw8 6

21/03/2025, 22:02

250321-1x5b2s1vcx 10

Analysis

max time kernel
150s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quasar/Quasar.git

Score

10^/10

quasar discovery spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral1/files/0x0007000000024360-343.dat	family_quasar

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
33	camo.githubusercontent.com
36	raw.githubusercontent.com
23	camo.githubusercontent.com
31	camo.githubusercontent.com
32	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870681831650320"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 2884	5084	chrome.exe	86
PID 5084 wrote to memory of 2884	5084	chrome.exe	86
PID 5084 wrote to memory of 5508	5084	chrome.exe	87
PID 5084 wrote to memory of 5508	5084	chrome.exe	87
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 3092	5084	chrome.exe	88
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89
PID 5084 wrote to memory of 4236	5084	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar.git
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff4ddedcf8,0x7fff4ddedd04,0x7fff4ddedd10
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1864,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2156,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=1920,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4432 /prefetch:2
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5568,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5484,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3664,i,10745148613019849675,11926266953045426966,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:5772

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff4ddedcf8,0x7fff4ddedd04,0x7fff4ddedd10
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1956,i,10307530994859108589,9290167913671608452,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1688,i,10307530994859108589,9290167913671608452,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=1964,i,10307530994859108589,9290167913671608452,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:1096

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1e4d0563-7214-449e-85cb-85b3dc22f1bc.tmp

Filesize
90KB

MD5
c1b0f9efffe82d10f3580500104d9d26

SHA1
e9440456a012f33f20613129a53c86d2e141e5d1

SHA256
15ea129aa18a1671271c63180d57e30b83b77332e601df831c80670eac38c932

SHA512
8d6bae88a3f7d50d042f3698013e41e2bedb7c943920ed902738b65c9bf0392f63db79e568ddb420e858d93d873ac4f6ceb487d166368a362d569f81c1ca408b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
b0366599d64b0fc1adb2a712dcd02ee1

SHA1
b7a1c09ccd2846664cab5f76bd80b8e9f107acb0

SHA256
ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189

SHA512
d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbea9f3fbf579c979bc1bd5b5c2c41c5

SHA1
3ab2294a45de7633ee30cf90a8cba2b0b8be50bf

SHA256
a8a21249c0bb85754151fd3df615c3deff05c69f40e4db70a5254473bebc45b7

SHA512
6de1b7b5d8774147e5089adbb7a1fad9c60f58048d3d96a2af8a3790b2363921e60f89adaa889b02a77e6f82916bd33ec03d13ad68c5bd2eb0b9ee9fc37d6d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4d662b7ca85710523d0a2af1f7c1b26e

SHA1
685250ab84053fa286c5ddf153fad1d4860c14e9

SHA256
7e9e79f14385f01a86e8d4544ad137ae06d495718eb67cc7d4b46ae4000ac6a4

SHA512
bf7e02a588106fe446c11b61ab6cc4e62b885ecf4ee0d5d734549b17759c8608eec01cd22e466ff754e365a377ceeca9c4bd701e15dfc180cd45d4982a462fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fc46b9f599066c029555e53af4124bda

SHA1
0ef0ab6b98abbd8cbfc52cf42e9d8fffbd72581e

SHA256
9da78fd4de299efddac5102bee63223a63fa647ce416450787c34c3f94df9a1f

SHA512
a9d20c8bb86abe2102508d02dc81eaa035bfcd2f5f6afbfd317f7e683ff1951452167a4ed58328f8bb37b71864856b2cd2e434183f6564232537214fc1ea2d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6abdb1f7a568d36a7026403975b4f0c9

SHA1
04db95f30b16692825a6c1ccf2c532fd4607f36a

SHA256
823de69374a3aa8252b25359f9b5da7daed73ea57bdb4fd27db395346efc26f8

SHA512
ea71b727ce2a90006dcfa7f3697e870bc7fe947ce54762801a740ab565c30dcb625f205d34c97251a21d1cae3a7b06133a64a786a7c3aa2840b990adc86e0d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d5b087a77e8af5234899a16575017934

SHA1
e8769a2f240f6595d453924f2c93f5ef889b443a

SHA256
3e2ca26a6593d7d12215b13e665e60c495c98f12dd4c760ef0a81a5c010c3185

SHA512
5618bca0813095a8b4598b235d75fe87961c63d2235437e2728be0293ff9fa6e7ac7b841dff841185879279f38539893540bca60924fd257d93ee1d51167f044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b34ab7c14e8a9d2baed79f11c580f630

SHA1
17b47445808c6318e3288221d8c815102400d251

SHA256
6eff11c45bf9ce450d068089259a9ae57c1b26cc989e393ef5b2f70ba4c42f02

SHA512
e297b6e73c065539ae30581f983144f1f6d1db013344af76a5de8178a89bea2917de521309ed09bb5d321a162f036f35d57ebe445d06bee84c42e3505b1f7ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0689983e981b54d9b0067c88dc8d0f81

SHA1
864d3928aee781810b5efcbd98bca5d4de2361e6

SHA256
4a5c833dabd5c9fde35e9feb55dafe927d45924bec6184f8df28be7e6963ad6e

SHA512
d25e9ead1a86bb40f5c53c3b1fbfba3051c653f3b2bbf77b000135a96889a9bf7cbdf3a6327f50ce3f2f790e2b3c8f782b95bd8fcca1e319f0d6a0453fb48498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ae223a8acd145f4bfaffdfdd391eacdf

SHA1
2557fb0d1a2e036e98555485068270f5d4c8e98b

SHA256
d431bf4fdc403f40acbd7385f54e5bcf84ec9dbda4ee2df08078df39ab83c304

SHA512
340d285e7555b65748d1d8bbfc81042b18253fa708b0a884a188abcf41e3570a4103e188a2e658efe8f07a5a2070ac16b82fa6cdb67ae1201db3245594538c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c5a2d0dc54f301b10f569f87778874c3

SHA1
42d28d3567076a3c8dbeba986f83a8d6eb3aedad

SHA256
1c0353e4ea954b3d21cece38c38e341ec37c84f9405ec96732d1bdb2b7626752

SHA512
da302531d4a77ab1b7f81b348e7fa0ab79025363591d05ccd2ba262c5820489cb4d683fded72b4c56e10ea5568ff67b753e1ede53445139eb2c8377f3ad0b8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0b89758456aab62471f5bd54ab90822f

SHA1
85886d9115e2b39204ccc3ae9ac1e3aa5395d0c5

SHA256
f4befbb6ced859bedfcf6783d44c0262fe792e79a337f6edd126cec6c567acad

SHA512
949999ea36374b0bcd54130f25b944fc5beaa5d1222fec02865b5a0c6d02df530680b05282acb7dad4bc77ee283738f8b24e3bfef37c3d47a5c5c252cf838bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f867ff49b2f1dafd5a9edd0908b4eb39

SHA1
9d4347f824caf7a99482e35f76708a9fc5bc90f1

SHA256
5b026a79899e4fb79dd33c561b1d6527daaf87ae959a299e7c22ac3a8d04e144

SHA512
cdad2edcdf8eee9613a8dbe4ebd0ce74ac9657dac61b66817f77e29e03258ec37193bfa709595e9a8fd9e06a5766b346e4c0e46ecdaba962e1e734419b93dd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2b96d3274ee6c7575888ee8945ac200b

SHA1
a28272aa2a41227658f6aca7f03c728087483421

SHA256
584727b4a6e81ae10780ef7e565bcee1edae374c32bf05f34d3dd3842b82b3fd

SHA512
0b9b3fbf0bc5b8725c28e0bf9ba309e207c272d98748922b6c1b054077fe38c8d7b466f2441e73052a06d79e067f911aa2e999cf4e3b9cc451f21a2d3bcfeead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
328c996b51b6cd31ae0b3302686b612d

SHA1
2830f5d4e26278403aaf6b36de2c4273100265ac

SHA256
d036f2520fe83f5001b255f7008ebb03622edf5d1c4c9a89a786e31a1d321030

SHA512
abae3ccc6a0ff87b5ba8c8b5ab90f8af02ad9419a2d1f4a7259003d76fad600a81b8e953ac08ce93e00d85324041fb3a446fbe97b3b02c0a3863f2e645c31070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
99814b785daccd01b1bcbe94bdc6e2a1

SHA1
7d720e0adb729a6938650511611c3035f3c3aa72

SHA256
0f76173f92dc595008f05a3fe0601b49e34c96f5f2ca32d77afad9caeedc4d7e

SHA512
9bdaaac3fa9c312c921edc99b8c223135f623b6ca2ab8031ebfaffccaba5aeb09b2ed18301eccbc4e406f7994dc2cb0c53b00e4fa82c39a17be872a6b2c0b485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e733.TMP

Filesize
48B

MD5
582f40b3adb7ff9dc703d788ccaeab28

SHA1
8c17bfddf8f51c0a73fd2cf20f513b474f776020

SHA256
ef793bcdac34dc912c6135a1b8c3c13668bbf6e0a56b91883e323bcd33c17716

SHA512
c0f42cc669ddf7c634d8cc7b43060bda14e58620f632c67ea4297bea5ad5539118e46081ade5043125f6c71267d0804b1b0ae9115b54302fe757b53a57150fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
a944b8782902977368f2df069dfb0c24

SHA1
48b8eae7016627c5ea3bc44d126d220f0d2f85b8

SHA256
f59920e09d5e9c3418a5a1471da48348e4b94a5b0c3e0cec444e600de642d102

SHA512
bdf9d34fd268bea1d8442590b4e488cc4f14109569ed6ef144b8673eef16094d664c3095080e4e1b00e0fa304f34a40210c54cf6a3ceeb3bf4b6808afa7f3d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4d30f8c0ab7f64c003c0c2ef1519986d

SHA1
b43fbd450a04e4ba98e7e13db937e17c0d8a644b

SHA256
be9af460eea4d6a03d24595e470c73f4189ba900bccaaf5a23f32ee17fe7dce2

SHA512
7b8b425178dcf9c91ff75d7d4dc079c8a28972c99fae0fb635e8509285eeeabeadf32c723c6eea4de1e4ac9bd15ac2ebf9a73a90422a0b731d8c50b4df1c9dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
5e3f8f7fba502ec1f1272fcf0f16bad2

SHA1
20c6e315458796700184821f67bb90abd079ee80

SHA256
687da8229eb02ecbb62c4d0fb74e34b323ba8a140e48e4ff9e50242aee8ae053

SHA512
5b2e6af0b833dd83ccb6f2278a7d55b0c6792ffe46485f4606219c3dd45e5e5bd6fc472e924fc6609cf35eebc3fee7e5ff071af81af6a937db189ac0b4d7d628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f44ea6f5ebfa9d364f7edb8482a005d8

SHA1
f8644f83e812d419787f7452b5a9813d405252ae

SHA256
38eb904af0d2b660f443b505495ec77854cf337f74008e56a0066b03cec39158

SHA512
1c038a4857cc3fdf431cd86c39895076e2badb8a4d5445bd0c6fa0367c6e581b3c1e0fbc13a9baf67dee7804b407133648c62fb5e6d88158181a2db8568599e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-wal

Filesize
92KB

MD5
0b7ae44de49909bf2ff345f7452f652e

SHA1
f18cbacc96d04605d059aa44f51a6cecc30b9316

SHA256
8cb3720476782a9b2c8f3fc7c2421f161ef9dadd36eea65e2f97ad06e1a4d135

SHA512
2f34ea219e54baa682b98b3fdef70483778cc006b1d1f19542bdfc247ea32e016eb2c1bb2ce21fe4d49ec6dbd8508dd4b7c2042ef41bcd3de2074b363bd21508

Download Submit
C:\Users\Admin\Downloads\Quasar-master.zip.crdownload

Filesize
1.4MB

MD5
10e9e98b1e34511ed934908890a5a6e5

SHA1
0b82ffca06d2b9e4c20747eb14497b76bd5ea939

SHA256
4fd29e393c3b38ec8a90ff126bc692ead3a4b56e1269fc0d242a8cbbf25fa7fd

SHA512
70d4e11719eb39f949022f6740c8ef9862ac47769cec3f077856dc66179094b3d5d5922a471b2427251551f5e61cafe6c3548f3ebcff65765077c4c9b4147883

Download Submit