Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-04-2024 06:14

General

  • Target

    Premium_Cleaner(Cracked by st).exe

  • Size

    3.2MB

  • MD5

    f89428aba2b28f3124d40f262710fc46

  • SHA1

    0b9db50a873682e781b0e378004b0d7e6b415f78

  • SHA256

    e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a

  • SHA512

    16e576b694ed0ee9796d13504a6489ff501eb2b9cd576e442318090d46f5433afce4ce39d031e8eca92b95a4b90a6dc9926b13d04021ef48d9bf3d8698165540

  • SSDEEP

    49152:QvyI22SsaNYfdPBldt698dBcjHAfRJ6pbR3LoGdFkTHHB72eh2NT:Qvf22SsaNYfdPBldt6+dBcjHAfRJ6r

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Sentiax-51535.portmap.io:51535

Mutex

b16f14a5-eba8-46dc-b974-11a9193ee5c1

Attributes
  • encryption_key

    504CA536F80AA42E62457478D8A6A72CDC6CA06F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Premium_Cleaner(Cracked by st)

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe
    "C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Premium_Cleaner(Cracked by st)" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      2⤵
      • Creates scheduled task(s)
      PID:1444
    • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4264
      • C:\Windows\SYSTEM32\schtasks.exe
        "schtasks" /create /tn "Premium_Cleaner(Cracked by st)" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
        3⤵
        • Creates scheduled task(s)
        PID:2768
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc8459758,0x7ffcc8459768,0x7ffcc8459778
      2⤵
        PID:3948
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:2
        2⤵
          PID:2336
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
          2⤵
            PID:908
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
            2⤵
              PID:2148
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
              2⤵
                PID:1756
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                2⤵
                  PID:1180
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4008 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                  2⤵
                    PID:4136
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
                    2⤵
                      PID:3616
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
                      2⤵
                        PID:3512
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
                        2⤵
                          PID:4564
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
                          2⤵
                            PID:2476
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
                            2⤵
                              PID:2064
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5328 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                              2⤵
                                PID:3908
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5184 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                2⤵
                                  PID:1184
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5172 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                  2⤵
                                    PID:2488
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4808 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                    2⤵
                                      PID:1452
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3340 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                      2⤵
                                        PID:1432
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8
                                        2⤵
                                          PID:2344
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5628 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                          2⤵
                                            PID:1596
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3448 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                            2⤵
                                              PID:1460
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5276 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                              2⤵
                                                PID:4368
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5848 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                                2⤵
                                                  PID:2852
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5988 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                                  2⤵
                                                    PID:4576
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6108 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1
                                                    2⤵
                                                      PID:4520
                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                    1⤵
                                                      PID:5092
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                      1⤵
                                                        PID:5628
                                                      • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                        C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                        1⤵
                                                        • Drops file in Windows directory
                                                        PID:5900
                                                      • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                        C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                        1⤵
                                                          PID:1884

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

                                                          Filesize

                                                          20KB

                                                          MD5

                                                          87e8230a9ca3f0c5ccfa56f70276e2f2

                                                          SHA1

                                                          eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                          SHA256

                                                          e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                          SHA512

                                                          37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          c72854a9e316bab3b90aac75c6a11073

                                                          SHA1

                                                          9709e7e4df82f1010d4678e813e0a2e8450324c9

                                                          SHA256

                                                          552e504a64f290b464d7260ad091ef565418ccc9640cb2218e6410e6005b634d

                                                          SHA512

                                                          7698dcb7f7cab0b4f9f209b64160dfc9956afb45b975fe6947ba6a14f70d4dacbdcd67891c47edfac3c19cfcf4d15a62664d184e8eb186588f4622901f46d8e8

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                          Filesize

                                                          264KB

                                                          MD5

                                                          0987e9435b532566664cbe69ec16c56d

                                                          SHA1

                                                          0f4aecdeacb815bcd06b180b160adab6addc9a4d

                                                          SHA256

                                                          39e42489ba92e6392eccf271709ff445713e939d06e07a4837c0609093e97973

                                                          SHA512

                                                          1b85e1316f21065e59bfef2775d0fb964461153ba3ff7036336b8e951f656aee1ec6d8b7b12d200943b660476dcb31fdb46cea5b09e0ef7cc3feadfc83344d49

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          01809afd508ea5d8e571dce752299582

                                                          SHA1

                                                          77d94fd8899c3309213c7dd59c007bc2422e9df7

                                                          SHA256

                                                          0912eb874fe1f5df12912ad8ac78f74c5561312eb3e6401755bca189d504dda4

                                                          SHA512

                                                          f6eb843dc808715814e22760d4ea38ec05ec54c3a1ed5cb9aab6054a6b361d3e07ccadca70693f0ab2fd1f00c14723e00d11c8c48e7e3948fa2d67a6aefe28a3

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          b94fed8c9d2b8fe3c68a5333e0f3bcb6

                                                          SHA1

                                                          c9d254702c6cf8d1b94bf0be83b2907026358838

                                                          SHA256

                                                          1ed09c28dbe5954520a3eb0dbfda93646b018f8e6dfa546aef3bad206df527ee

                                                          SHA512

                                                          6750381c584c31faa6722636b271fba70f7f95d158b2701ab404b831181eaf30315f87fadd88a5f4aeb785b3f5f0ced72b702f2ea733eec27c0d93c59ca49d44

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          f608319569d869943c708f80edbf312d

                                                          SHA1

                                                          0a788b9aa13c8dc9ab950e471fa10ac643012d4e

                                                          SHA256

                                                          ac6f7aca70e6eacbdc5ef81b0e9c2bc42bd4b4cd517dc0e7bf14798b6b369d25

                                                          SHA512

                                                          61b490db1933f45a4d9f5905153f46db99f4a711210a6f6eed2d983023ae042a079852666c73b9ecce3d8def16343dd50ac4bc671f59b302fadf442f5d96c732

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          369B

                                                          MD5

                                                          b2e0bf0a97539fee44e9cf2409817014

                                                          SHA1

                                                          bcdf37e23a08fad83332774b1f70e12e508dc36a

                                                          SHA256

                                                          030ceecfe48b3bff541fb5894987079b2ac6e7e76f674149e25382d9de5e35ac

                                                          SHA512

                                                          9745ae34cd504a47b5491c518dd849a82f6895ed700ac7ca9ec3d74df018b454d0ee1648cb7956c96368484ae33958bc7a1ea79434569f696b3bbdb16c34cc03

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          472d82ca15031902fdcbfd945f372c9b

                                                          SHA1

                                                          a29b121f575365de067f526866557c05bf5f4355

                                                          SHA256

                                                          7bf2e53126e55ee9987173e5151fa978f7e0ded13fb5ddef984ff7165552e63b

                                                          SHA512

                                                          db9a77feb598f94307c0e6ea5d3491a47389bb03f736d99ec4472e76b6bdc5e07b875211e22d48339ea9ed6f2cb1bc130fd909e3e7bbaa06f03645ec7288ea37

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          b0df50294f12fe2197d1d40702999652

                                                          SHA1

                                                          10df0dce7a43f8c5cdf3e716a9e12c62cf30d1fc

                                                          SHA256

                                                          f9cf99249765b7629fba00cd487a8f0d9b4effcfb27b7ceabd8588751cdcce19

                                                          SHA512

                                                          c370d81914f264a67cdbd833eed5017d95210d2f3789d35d10ec3dd0598691a286e4f2a283289d14807a523e9f96ea49894242bfbd4e077b19b12e6127f98757

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          b7473074abad7247e6b6cbbe0a741ced

                                                          SHA1

                                                          f7f7e0469c1643a659018ee642fbf607a903e06a

                                                          SHA256

                                                          2333d65fb9d6de2abcc41e17a7ecb15036eae63385b2698c3294d8381a3aa98e

                                                          SHA512

                                                          e16f68453a75dd5629e640dd5ac63c785dcdf0859cb80762b9f274853d002192ab12e00f0fa358e44b48a7be25c8e8a72e20c9604d41fc4ffec9c4b27a2a584f

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                          Filesize

                                                          15KB

                                                          MD5

                                                          82d145ee63c0c38fd569c7666a23dad1

                                                          SHA1

                                                          3c623f4ef29745f957c7b35a0acbe024659344f4

                                                          SHA256

                                                          ccde2724f01e1b7d90a34fb28cfe9dc7bc6f4c8eed54d7ac7ed975e6f605dee2

                                                          SHA512

                                                          032a0dc5111250263685986b7d591e154a80ba493c11b13b178376ab0412697774b9b7a7f68058aa73aae23fd10fee08349e7498060ecc57d4c466c3d2cdc3ac

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                          Filesize

                                                          41B

                                                          MD5

                                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                                          SHA1

                                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                                          SHA256

                                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                          SHA512

                                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                          Filesize

                                                          96B

                                                          MD5

                                                          974f80acae74537227d5a2fa912aa01f

                                                          SHA1

                                                          642c9faf7ac4cd0ddbc16bc00bdb9449566d574b

                                                          SHA256

                                                          5e8312d3331e93896f12b4088cdffacc6e1fa891a6be0c0d6c51acad5d3978bf

                                                          SHA512

                                                          414a3b3bf374cded1b0fe37745a2cbafa98ebbfbbe6547d1668ff4cb421096f1b3c5e9d236a975a673dc51ac6966b36a4db4f2d897363af373e42ace634d3c78

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585196.TMP

                                                          Filesize

                                                          48B

                                                          MD5

                                                          90389c2e7de92cdbbc4c4912cd9bcdaa

                                                          SHA1

                                                          6529940e77eaace3a1b9a3f018bd9662f97006b0

                                                          SHA256

                                                          1a96a09b5877a959672a4c631aa22b93a8e34fa220dd2e0b22c1784865761ce0

                                                          SHA512

                                                          ba71e2e68030b1a2a4be2938c8516c11958e899f1feb284486c7dd99fae3c405282ce7ebb547420d445448f2218f8bdb87e365f83bd0a92d365298be142db325

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          264KB

                                                          MD5

                                                          83ede1afdd7bce5a3fd7b427ba48cba9

                                                          SHA1

                                                          babdaf2cfa9052e4b305ce4ea0ab58b7a9376fc2

                                                          SHA256

                                                          b1c4c1680c54b9565b775086be6fd90437d7a180d9f2db11ce809e0c85b81ee2

                                                          SHA512

                                                          5b2135f395f002ad57c64cdda339ee0ff6657d268d1fd2b9dc05049211345312c96fedfc7daf1b92d3d6bf1256e363fd1d73b1d832ef1e5d5cbbd8126ebaf114

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          263KB

                                                          MD5

                                                          2be9525a698aa2721c578a5341de7e1a

                                                          SHA1

                                                          4010c60aec9d592f104c5f4d77896a0df3b4124b

                                                          SHA256

                                                          0fe655c5791ba52681d14bbf59e362b8f12c45c2322c92fb51366f6ad15f03d8

                                                          SHA512

                                                          bbd99609c915f50f999199eeb655dd3583782b677f4df109af6617c542b64fc0c0cb4340de7f295d4208e94727ee7c28f6707f0aff76c0e6650f2ca280ee8f7c

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                          Filesize

                                                          92KB

                                                          MD5

                                                          edb500f549933c97d42ead38756aa692

                                                          SHA1

                                                          f1623d6fc0d16883750ae98bad91c599fea0043a

                                                          SHA256

                                                          51d14b51a69acd73560fe380786c686bdb57451d25b78e10a5459c76bb16d3cc

                                                          SHA512

                                                          844ed72ccf1443ac64af537619c6922f1967eeb3d896ed3a0a1c2f4b6d3d4423a0e69792bb256347733e1977c3b45c4e5b21cad34bb3e897e485bf07a6aab2b9

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582844.TMP

                                                          Filesize

                                                          89KB

                                                          MD5

                                                          371b762b655ab269b2c59a3644df0be1

                                                          SHA1

                                                          9cc4a654a4556a4c4286da8d6a9fb0d63953b5b8

                                                          SHA256

                                                          529738a6d4a12dd59b08f9cd702fb29ae733caea5bc961b8e343fb877d7aa59e

                                                          SHA512

                                                          a5f5d1627013c5152684d7115a18137d7e3bfb3ed97b6d57beeaf0c7a6b46b624b3bbc21d7e502a3ca4c4dc7cb013309f540e17e5b3d8b0f240696dba3e2796e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                          Filesize

                                                          2B

                                                          MD5

                                                          99914b932bd37a50b983c5e7c90ae93b

                                                          SHA1

                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                          SHA256

                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                          SHA512

                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                        • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

                                                          Filesize

                                                          3.2MB

                                                          MD5

                                                          f89428aba2b28f3124d40f262710fc46

                                                          SHA1

                                                          0b9db50a873682e781b0e378004b0d7e6b415f78

                                                          SHA256

                                                          e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a

                                                          SHA512

                                                          16e576b694ed0ee9796d13504a6489ff501eb2b9cd576e442318090d46f5433afce4ce39d031e8eca92b95a4b90a6dc9926b13d04021ef48d9bf3d8698165540

                                                        • \??\pipe\crashpad_436_ZSDFNCICYDHIALHJ

                                                          MD5

                                                          d41d8cd98f00b204e9800998ecf8427e

                                                          SHA1

                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                          SHA256

                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                          SHA512

                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                        • memory/4264-13-0x000000001C140000-0x000000001C1F2000-memory.dmp

                                                          Filesize

                                                          712KB

                                                        • memory/4264-16-0x000000001C0C0000-0x000000001C0D2000-memory.dmp

                                                          Filesize

                                                          72KB

                                                        • memory/4264-17-0x000000001C850000-0x000000001C88C000-memory.dmp

                                                          Filesize

                                                          240KB

                                                        • memory/4264-18-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

                                                          Filesize

                                                          10.8MB

                                                        • memory/4264-12-0x000000001B510000-0x000000001B560000-memory.dmp

                                                          Filesize

                                                          320KB

                                                        • memory/4264-11-0x0000000002C20000-0x0000000002C30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                        • memory/4264-19-0x0000000002C20000-0x0000000002C30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                        • memory/4264-10-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

                                                          Filesize

                                                          10.8MB

                                                        • memory/4264-50-0x000000001E230000-0x000000001E758000-memory.dmp

                                                          Filesize

                                                          5.2MB

                                                        • memory/4900-0-0x0000000000CA0000-0x0000000000FD4000-memory.dmp

                                                          Filesize

                                                          3.2MB

                                                        • memory/4900-9-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

                                                          Filesize

                                                          10.8MB

                                                        • memory/4900-2-0x000000001BBE0000-0x000000001BBF0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                        • memory/4900-1-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

                                                          Filesize

                                                          10.8MB