quasar | 986682790878908ed3e3c43793ffc7801446c6549b04dd19f119120da80bb1fe

Analysis

max time kernel
1050s
max time network
1049s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cvi.exe
Size

3.1MB
MD5

9ef6ffefcecbe25e1faeb0803d92dba2
SHA1

c4d14eec12f72f3e11f77e90e7f04cb336618ee7
SHA256

986682790878908ed3e3c43793ffc7801446c6549b04dd19f119120da80bb1fe
SHA512

dd3e27b67555084f2c2f99e4b90e9b6decb205db4594607769e173e15bc6301bc559ce28365e71f38eca31bd61f07d1e0a8477561f0194a1f7c34ae887c0e5c8
SSDEEP

49152:Zvjt62XlaSFNWPjljiFa2RoUYI4xOEMkxk/Jx3oGdBTHHB72eh2NT:Zvx62XlaSFNWPjljiFXRoUYI4xER

Score

10^/10

quasar seroxen spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SeroXen

mr-andrea.gl.at.ply.gg:50758

Mutex

164b6496-cf32-4fdd-b70d-de29665c8286

Attributes

encryption_key
A88D7FED7F655EBDC4F99C21BAE5EC62300AADC7
install_name
$sxr-insta.exe
log_directory
$sxr-logs
reconnect_delay
1000
startup_key
$sxr-mstha
subdirectory
$sxr-start

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2260-1-0x0000000000B20000-0x0000000000E44000-memory.dmp	family_quasar

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607542006453781"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1552 chrome.exe
1552 chrome.exe
1552 chrome.exe
1552 chrome.exe
4276 chrome.exe
4276 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1552 chrome.exe
1552 chrome.exe
1552 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Cvi.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2260	Cvi.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1552 wrote to memory of 4588	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4588	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2068	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 3184	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 3184	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 4012	1552	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Cvi.exe
"C:\Users\Admin\AppData\Local\Temp\Cvi.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe0b82ab58,0x7ffe0b82ab68,0x7ffe0b82ab78
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:2
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:1
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:1
2⤵
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:1
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4536 --field-trial-handle=1968,i,6325476681010223253,7101820841755672982,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2528

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
a78040a9a98de47a811d445454914ea5

SHA1
04fd94abb79bb2f97cf5d91933d1494180c62870

SHA256
681b37f90cec96ff5a2a68e5d5ca679b8f10e1eae2df08c93eea4439e782e992

SHA512
be58b758a04cad0b1e295c8a057406efe591f9fcc616f4bf7ccf5924a13d166fbf1ce0c39c0d03a136e956e253460db7a45e2598fd060c4c61f4127e7bb3b721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
5ea3ee095077676d444580b29329756f

SHA1
18f0a42a6ccc3fe0cad3d10902ed6bd29d1ef22b

SHA256
2bf98b96b96f2aff8a3a26a8b7cec001b54b400c42ec1846a7982565601a07dd

SHA512
d6383a6825d30ebe6b75c0f869186e117377c5f70e26a762927fea7ec5c6192e2125762a7446c6c3cbb2bdf91a27f3a7356b1ce12a9054cc567c21a544daca5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3bc45f2860283c0b365a4533234f1e06

SHA1
61b9a00e7540d9e9f33a1b9e38033d2df8db6fcf

SHA256
1dde868e8318d3eb2ae86d2717ed653955c8eb783f66632f16a0bdb3aa8ae57e

SHA512
050629f2a49e630b663abfcd68c18903bd7dc093e4f4e718894d99cbb674e2a53454047a747590038d9a91b5d3f7049e7b87ad00c91f5ee76eb80fb583ec7080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
6065007685242e3407509c86dcf1e0d8

SHA1
c09fa159f0b19c1e7ef650e7ed5a1bfd6ae1113e

SHA256
6de71c229be966db37d75f20aaf4720905e196eb6b7829615ef3cc5bad3dadbb

SHA512
33c2953bc6f437916bb1c3a5d51019d3c67cfc8572be7e40b2a93c344d1c7a7ce8a9540e3327312dd518b02ef454e355d829cc57566d81c86c61ef02e1d2e1e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
bf00081a02591692c4df2554e486f182

SHA1
ca883e383b1aaade3c7db6623fc479d6f4ea0dae

SHA256
1dbfd57447fa23f85f2a7302ddbc6fb70b3ce02b1d3df11f78424f2bc6cae93e

SHA512
ea66bcff27e441e024426b51ec257a45c44e988d7783e647d353ec4f9536b09e7490582c0474f9a4177945affcda46bd1aa6084bc966151dd2a205ff72554cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
dc756047b37ca95cdfcf1a889c9f7036

SHA1
5d50e9f5b8f5e939f8171344350b3c1a3eedf6b8

SHA256
d0dc7252c7d3f792a29409ddff448941a3aca245b3402948be5f5f43b2a16f62

SHA512
0523f92ca4d98cf26a829e68d7ded3596aae864e38994de891c823ec29197f3f1fe55d95b5392616261b1188a35113d95e926c2442380528524f61ae00820632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
f4934a38b3aee0a9a32de2e7eb814000

SHA1
b25837d2c5b9db98254685ff15f941a23ce0176c

SHA256
c66691b90c826de585829d41f7d83bde30b15840e23edf86703d3de8bd74c171

SHA512
a0157172e5ab63e3dca6811286d43c8bbd20b14c135866219664e047d700329fdfd891c5447ec631f548f95b30039dac5dbbd034e05a0ea0c342e8361860a5f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
9979955e11a94dfee04b04df051e6a2b

SHA1
b4ebd2991eb9a2695fd5608c94a21e3a5852327e

SHA256
81ee93d4af3a54f0fe5756295dc0d1294c3fb2d512f405d8409861466853fa99

SHA512
0cc9b3b01ff279f340896d8ba4ce4748f1e760e52794cb191a0e7eea90e4a82cfe8fd76d29b27e50070a5fc5b6c2bae985652b1efd4b3737cce18d3ba390e742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584a81.TMP
Filesize
89KB

MD5
121e6dfe5cc29c02dd7786072587c6a7

SHA1
d1d23f1569602c24934145ab98e1e19ea3321b0f

SHA256
78470665bdc305c82ee95fb943b95f8624ff71523f069f4c34904b09fc5a2d62

SHA512
172c9a3c2b657471a6db79a52ef79a41a488dbdb487701cb5f3a3c59070a96336100031a00d63d825e30ce5b1c09ae5cab10db04cf9c72d6fd901268e05134e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f738abae-9a8d-4944-95ed-2a53c28acac8.tmp
Filesize
281KB

MD5
19b0dd4e1b62b0df8afce840edde616f

SHA1
a4e4bc95add072bdbcf09e3f3e59e79684fa7da2

SHA256
2488642242604f6743ab0c85b017682a4b3233b5211d981a2378c08741923a09

SHA512
2a69caa65745e40de2e92c511f2479f3873152f560163cd795054a9e6408d3162397e1efd55e9db849767569296a4ee6518b76800076a6df67c1d084381d5037

Download Submit
\??\pipe\crashpad_1552_BGZHJQFSDTGRDHNH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2260-0-0x00007FFE14C73000-0x00007FFE14C75000-memory.dmp

Filesize
8KB

Download
memory/2260-10-0x00007FFE14C70000-0x00007FFE15731000-memory.dmp

Filesize
10.8MB

Download
memory/2260-9-0x00007FFE14C73000-0x00007FFE14C75000-memory.dmp

Filesize
8KB

Download
memory/2260-8-0x000000001E040000-0x000000001E07C000-memory.dmp

Filesize
240KB

Download
memory/2260-7-0x000000001D6B0000-0x000000001D6C2000-memory.dmp

Filesize
72KB

Download
memory/2260-4-0x000000001D740000-0x000000001D7F2000-memory.dmp

Filesize
712KB

Download
memory/2260-3-0x000000001D630000-0x000000001D680000-memory.dmp

Filesize
320KB

Download
memory/2260-2-0x00007FFE14C70000-0x00007FFE15731000-memory.dmp

Filesize
10.8MB

Download
memory/2260-1-0x0000000000B20000-0x0000000000E44000-memory.dmp

Filesize
3.1MB

Download