Malware Analysis Report

2024-10-23 21:29

Sample ID 240412-gzmp8sgd33
Target Premium_Cleaner(Cracked by st).exe
SHA256 e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a
Tags
quasar office04 spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a

Threat Level: Known bad

The file Premium_Cleaner(Cracked by st).exe was found to be: Known bad.

Malicious Activity Summary

quasar office04 spyware trojan

Quasar payload

Quasar family

Quasar RAT

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of FindShellTrayWindow

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-12 06:14

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-12 06:14

Reported

2024-04-12 06:17

Platform

win11-20240221-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573761396919162" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe C:\Windows\SYSTEM32\schtasks.exe
PID 4900 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe C:\Windows\SYSTEM32\schtasks.exe
PID 4900 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 4900 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 4264 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4264 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 436 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe

"C:\Users\Admin\AppData\Local\Temp\Premium_Cleaner(Cracked by st).exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Premium_Cleaner(Cracked by st)" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Premium_Cleaner(Cracked by st)" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc8459758,0x7ffcc8459768,0x7ffcc8459778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4008 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5328 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5184 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5172 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4808 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3340 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5628 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3448 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5276 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5848 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5988 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6108 --field-trial-handle=1732,i,5133188471218467162,12617213908173350631,131072 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 Sentiax-51535.portmap.io udp
DE 193.161.193.99:51535 Sentiax-51535.portmap.io tcp
DE 195.201.57.90:443 ipwho.is tcp
US 8.8.8.8:53 99.193.161.193.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 90.57.201.195.in-addr.arpa udp
GB 2.16.34.59:443 tcp
US 20.189.173.3:443 browser.pipe.aria.microsoft.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 216.58.201.110:443 apis.google.com tcp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
GB 64.210.156.23:443 ss.phncdn.com tcp
GB 64.210.156.23:443 ss.phncdn.com tcp
GB 64.210.156.23:443 ss.phncdn.com tcp
GB 64.210.156.23:443 ss.phncdn.com tcp
GB 64.210.156.23:443 ss.phncdn.com tcp
GB 64.210.156.23:443 ss.phncdn.com tcp
GB 64.210.156.16:443 ss.phncdn.com tcp
GB 64.210.156.16:443 ss.phncdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.19:443 ss.phncdn.com tcp
US 104.17.245.203:443 unpkg.com tcp
GB 64.210.156.19:443 ss.phncdn.com tcp
GB 64.210.156.23:443 ss.phncdn.com tcp
US 104.17.245.203:443 unpkg.com tcp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 203.245.17.104.in-addr.arpa udp
US 66.230.180.98:443 camschat.net tcp
US 172.64.201.7:443 cams.gratis tcp
US 172.64.201.7:443 cams.gratis udp
US 104.18.101.40:443 chaturbate.com tcp
US 104.18.51.106:443 creative.xlirdr.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.18.51.106:443 creative.xlirdr.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.18.51.106:443 creative.xlirdr.com udp
US 104.18.53.225:443 video.ktkjmp.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.18.56.5:443 img.strpst.com tcp
US 104.18.56.5:443 img.strpst.com tcp
US 104.18.50.173:443 creative.xlirdr.com tcp
US 104.18.101.40:443 chaturbate.com udp
BE 91.237.218.86:443 www.lexozfldkklgvc.com tcp
US 104.18.50.173:443 creative.xlirdr.com tcp
US 216.127.52.250:443 as.sexad.net tcp
US 216.127.52.249:443 as.sexad.net tcp
US 104.18.50.173:443 creative.xlirdr.com tcp
US 172.67.202.245:443 embed.iluvestreaming.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
BE 23.14.90.73:80 apps.identrust.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 104.18.50.173:443 creative.xlirdr.com udp
US 205.234.175.175:443 m.2020mustang.com tcp
US 8.8.8.8:53 thumbnails.cherry.tv udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
FR 143.244.56.50:443 thumbnails.cherry.tv tcp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 104.18.53.225:443 video.ktkjmp.com udp
US 104.18.50.173:443 go.bbrdbr.com tcp
BE 91.237.218.75:443 www.dnxcloud.com tcp
BE 91.237.218.75:443 www.dnxcloud.com tcp
BE 91.237.218.75:443 www.dnxcloud.com tcp
BE 91.237.218.75:443 www.dnxcloud.com tcp
BE 91.237.218.75:443 www.dnxcloud.com tcp
BE 91.237.218.75:443 www.dnxcloud.com tcp
US 172.67.202.245:443 embed.iluvestreaming.com udp
US 205.234.175.175:443 f1cdn.nsimg.net tcp
US 104.17.118.12:443 stripchat.global tcp
US 104.17.118.12:443 stripchat.global tcp
US 205.234.175.175:443 f1cdn.nsimg.net tcp
US 104.18.56.5:443 img.strpst.com udp
US 104.17.118.12:443 stripchat.global udp
US 104.17.118.12:443 stripchat.global tcp
US 104.17.118.12:443 stripchat.global udp
GB 142.250.178.14:443 analytics.google.com tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 205.234.175.175:443 f1cdn.nsimg.net tcp
US 205.234.175.175:443 f1cdn.nsimg.net tcp
US 205.234.175.175:443 f1cdn.nsimg.net tcp
US 205.234.175.175:443 f1cdn.nsimg.net tcp
US 205.234.175.175:443 f1cdn.nsimg.net tcp
GB 142.250.187.251:443 storage.googleapis.com tcp
GB 142.250.187.251:443 storage.googleapis.com tcp
GB 142.250.178.14:443 analytics.google.com udp
BE 88.221.83.211:443 www.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
BE 88.221.83.187:443 www.bing.com tcp

Files

memory/4900-0-0x0000000000CA0000-0x0000000000FD4000-memory.dmp

memory/4900-1-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

memory/4900-2-0x000000001BBE0000-0x000000001BBF0000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

MD5 f89428aba2b28f3124d40f262710fc46
SHA1 0b9db50a873682e781b0e378004b0d7e6b415f78
SHA256 e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a
SHA512 16e576b694ed0ee9796d13504a6489ff501eb2b9cd576e442318090d46f5433afce4ce39d031e8eca92b95a4b90a6dc9926b13d04021ef48d9bf3d8698165540

memory/4264-10-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

memory/4900-9-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

memory/4264-11-0x0000000002C20000-0x0000000002C30000-memory.dmp

memory/4264-12-0x000000001B510000-0x000000001B560000-memory.dmp

memory/4264-13-0x000000001C140000-0x000000001C1F2000-memory.dmp

memory/4264-16-0x000000001C0C0000-0x000000001C0D2000-memory.dmp

memory/4264-17-0x000000001C850000-0x000000001C88C000-memory.dmp

memory/4264-18-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

memory/4264-19-0x0000000002C20000-0x0000000002C30000-memory.dmp

\??\pipe\crashpad_436_ZSDFNCICYDHIALHJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

memory/4264-50-0x000000001E230000-0x000000001E758000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 83ede1afdd7bce5a3fd7b427ba48cba9
SHA1 babdaf2cfa9052e4b305ce4ea0ab58b7a9376fc2
SHA256 b1c4c1680c54b9565b775086be6fd90437d7a180d9f2db11ce809e0c85b81ee2
SHA512 5b2135f395f002ad57c64cdda339ee0ff6657d268d1fd2b9dc05049211345312c96fedfc7daf1b92d3d6bf1256e363fd1d73b1d832ef1e5d5cbbd8126ebaf114

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7473074abad7247e6b6cbbe0a741ced
SHA1 f7f7e0469c1643a659018ee642fbf607a903e06a
SHA256 2333d65fb9d6de2abcc41e17a7ecb15036eae63385b2698c3294d8381a3aa98e
SHA512 e16f68453a75dd5629e640dd5ac63c785dcdf0859cb80762b9f274853d002192ab12e00f0fa358e44b48a7be25c8e8a72e20c9604d41fc4ffec9c4b27a2a584f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b2e0bf0a97539fee44e9cf2409817014
SHA1 bcdf37e23a08fad83332774b1f70e12e508dc36a
SHA256 030ceecfe48b3bff541fb5894987079b2ac6e7e76f674149e25382d9de5e35ac
SHA512 9745ae34cd504a47b5491c518dd849a82f6895ed700ac7ca9ec3d74df018b454d0ee1648cb7956c96368484ae33958bc7a1ea79434569f696b3bbdb16c34cc03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 82d145ee63c0c38fd569c7666a23dad1
SHA1 3c623f4ef29745f957c7b35a0acbe024659344f4
SHA256 ccde2724f01e1b7d90a34fb28cfe9dc7bc6f4c8eed54d7ac7ed975e6f605dee2
SHA512 032a0dc5111250263685986b7d591e154a80ba493c11b13b178376ab0412697774b9b7a7f68058aa73aae23fd10fee08349e7498060ecc57d4c466c3d2cdc3ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b94fed8c9d2b8fe3c68a5333e0f3bcb6
SHA1 c9d254702c6cf8d1b94bf0be83b2907026358838
SHA256 1ed09c28dbe5954520a3eb0dbfda93646b018f8e6dfa546aef3bad206df527ee
SHA512 6750381c584c31faa6722636b271fba70f7f95d158b2701ab404b831181eaf30315f87fadd88a5f4aeb785b3f5f0ced72b702f2ea733eec27c0d93c59ca49d44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 472d82ca15031902fdcbfd945f372c9b
SHA1 a29b121f575365de067f526866557c05bf5f4355
SHA256 7bf2e53126e55ee9987173e5151fa978f7e0ded13fb5ddef984ff7165552e63b
SHA512 db9a77feb598f94307c0e6ea5d3491a47389bb03f736d99ec4472e76b6bdc5e07b875211e22d48339ea9ed6f2cb1bc130fd909e3e7bbaa06f03645ec7288ea37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 edb500f549933c97d42ead38756aa692
SHA1 f1623d6fc0d16883750ae98bad91c599fea0043a
SHA256 51d14b51a69acd73560fe380786c686bdb57451d25b78e10a5459c76bb16d3cc
SHA512 844ed72ccf1443ac64af537619c6922f1967eeb3d896ed3a0a1c2f4b6d3d4423a0e69792bb256347733e1977c3b45c4e5b21cad34bb3e897e485bf07a6aab2b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582844.TMP

MD5 371b762b655ab269b2c59a3644df0be1
SHA1 9cc4a654a4556a4c4286da8d6a9fb0d63953b5b8
SHA256 529738a6d4a12dd59b08f9cd702fb29ae733caea5bc961b8e343fb877d7aa59e
SHA512 a5f5d1627013c5152684d7115a18137d7e3bfb3ed97b6d57beeaf0c7a6b46b624b3bbc21d7e502a3ca4c4dc7cb013309f540e17e5b3d8b0f240696dba3e2796e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f608319569d869943c708f80edbf312d
SHA1 0a788b9aa13c8dc9ab950e471fa10ac643012d4e
SHA256 ac6f7aca70e6eacbdc5ef81b0e9c2bc42bd4b4cd517dc0e7bf14798b6b369d25
SHA512 61b490db1933f45a4d9f5905153f46db99f4a711210a6f6eed2d983023ae042a079852666c73b9ecce3d8def16343dd50ac4bc671f59b302fadf442f5d96c732

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585196.TMP

MD5 90389c2e7de92cdbbc4c4912cd9bcdaa
SHA1 6529940e77eaace3a1b9a3f018bd9662f97006b0
SHA256 1a96a09b5877a959672a4c631aa22b93a8e34fa220dd2e0b22c1784865761ce0
SHA512 ba71e2e68030b1a2a4be2938c8516c11958e899f1feb284486c7dd99fae3c405282ce7ebb547420d445448f2218f8bdb87e365f83bd0a92d365298be142db325

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 974f80acae74537227d5a2fa912aa01f
SHA1 642c9faf7ac4cd0ddbc16bc00bdb9449566d574b
SHA256 5e8312d3331e93896f12b4088cdffacc6e1fa891a6be0c0d6c51acad5d3978bf
SHA512 414a3b3bf374cded1b0fe37745a2cbafa98ebbfbbe6547d1668ff4cb421096f1b3c5e9d236a975a673dc51ac6966b36a4db4f2d897363af373e42ace634d3c78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2be9525a698aa2721c578a5341de7e1a
SHA1 4010c60aec9d592f104c5f4d77896a0df3b4124b
SHA256 0fe655c5791ba52681d14bbf59e362b8f12c45c2322c92fb51366f6ad15f03d8
SHA512 bbd99609c915f50f999199eeb655dd3583782b677f4df109af6617c542b64fc0c0cb4340de7f295d4208e94727ee7c28f6707f0aff76c0e6650f2ca280ee8f7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0df50294f12fe2197d1d40702999652
SHA1 10df0dce7a43f8c5cdf3e716a9e12c62cf30d1fc
SHA256 f9cf99249765b7629fba00cd487a8f0d9b4effcfb27b7ceabd8588751cdcce19
SHA512 c370d81914f264a67cdbd833eed5017d95210d2f3789d35d10ec3dd0598691a286e4f2a283289d14807a523e9f96ea49894242bfbd4e077b19b12e6127f98757

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c72854a9e316bab3b90aac75c6a11073
SHA1 9709e7e4df82f1010d4678e813e0a2e8450324c9
SHA256 552e504a64f290b464d7260ad091ef565418ccc9640cb2218e6410e6005b634d
SHA512 7698dcb7f7cab0b4f9f209b64160dfc9956afb45b975fe6947ba6a14f70d4dacbdcd67891c47edfac3c19cfcf4d15a62664d184e8eb186588f4622901f46d8e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 01809afd508ea5d8e571dce752299582
SHA1 77d94fd8899c3309213c7dd59c007bc2422e9df7
SHA256 0912eb874fe1f5df12912ad8ac78f74c5561312eb3e6401755bca189d504dda4
SHA512 f6eb843dc808715814e22760d4ea38ec05ec54c3a1ed5cb9aab6054a6b361d3e07ccadca70693f0ab2fd1f00c14723e00d11c8c48e7e3948fa2d67a6aefe28a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 0987e9435b532566664cbe69ec16c56d
SHA1 0f4aecdeacb815bcd06b180b160adab6addc9a4d
SHA256 39e42489ba92e6392eccf271709ff445713e939d06e07a4837c0609093e97973
SHA512 1b85e1316f21065e59bfef2775d0fb964461153ba3ff7036336b8e951f656aee1ec6d8b7b12d200943b660476dcb31fdb46cea5b09e0ef7cc3feadfc83344d49