Analysis
-
max time kernel
416s -
max time network
422s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
-
submitted
31-05-2024 19:00
General
-
Target
eCEDOE.html
-
Size
518B
-
MD5
4d1663a0ae7ea388d58585f604fb83cd
-
SHA1
d5e81bc6f4913c2ccc586f573806f79833e5bf62
-
SHA256
8ff6a899594731102074028794a8fab31d38857a976a0bb90b341f7f8b8554cb
-
SHA512
a0373a4571e290123a321368c899799ddde5ecc29cf6f7863b045cde580d8390852cfec292879fa65a15f5d7a971c1bd72b43da568d15ebb4286cac4c6455663
Malware Config
Extracted
quasar
1.4.1
Office04
37.19.205.146:4782
107.203.232.8:80
107.203.232.8:3012
77.111.246.47:3012
76.11.167.128:3012
1cd14fab-fbed-4b3d-a27d-f64eca81a694
-
encryption_key
C401F5E4B21F440F2783CBEC4404C9124B18FE39
-
install_name
SASRP Token Logger.exe
-
log_directory
Logs
-
reconnect_delay
2998
-
startup_key
SASRP | CIA RAT
-
subdirectory
SASRP_Token_Logger
Signatures
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload 2 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 6 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in System32 directory 5 IoCs
-
Drops file in Windows directory 4 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 29 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\eCEDOE.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc2ff8ab58,0x7ffc2ff8ab68,0x7ffc2ff8ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4496 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4656 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4060 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4844 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2320 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4488 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4964 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
- NTFS ADS
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4280 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5064 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\SASRP Token Logger.exe"C:\Users\Admin\Downloads\SASRP Token Logger.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "SASRP | CIA RAT" /sc ONLOGON /tr "C:\Windows\system32\SASRP_Token_Logger\SASRP Token Logger.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
-
C:\Windows\system32\SASRP_Token_Logger\SASRP Token Logger.exe"C:\Windows\system32\SASRP_Token_Logger\SASRP Token Logger.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "SASRP | CIA RAT" /sc ONLOGON /tr "C:\Windows\system32\SASRP_Token_Logger\SASRP Token Logger.exe" /rl HIGHEST /f4⤵
- Creates scheduled task(s)
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3788 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2592 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1480 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5420 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4508 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3048 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 --field-trial-handle=1816,i,742778673088579217,7675325768259148289,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\SASRP Token Logger.exe"C:\Users\Admin\Downloads\SASRP Token Logger.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\SASRP Token Logger.exe"C:\Users\Admin\Downloads\SASRP Token Logger.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\SASRP Token Logger.exe"C:\Users\Admin\Downloads\SASRP Token Logger.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SASRP Token Logger.txt1⤵
-
C:\Users\Admin\Downloads\SASRP Token Logger.exe"C:\Users\Admin\Downloads\SASRP Token Logger.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\ShowRestore.gif1⤵
- Modifies Internet Explorer settings
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ResetConfirm.wav"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000fFilesize
206KB
MD5f998b8f6765b4c57936ada0bb2eb4a5a
SHA113fb29dc0968838653b8414a125c124023c001df
SHA256374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
408B
MD5e143e370dc6456254bbcd84e02124882
SHA1b2803b944b8ba5684e4e8dcf10731e809097da07
SHA256aa9fb6f82ebeb77fa5ee4340af02d572df2fb221157ff097b5cb17e88fc5ac7a
SHA51205a979ef567418037a6f9278c8b1ddc49a091cfded929006ef13a0c3fb3f401b098f041681eaa1b3e2add627d4c1c7159a4fcefb564f12fca6f16a6e78d60b35
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD5ef6c5cb1e5bb364cd178e3550c7934cc
SHA174e5daa896590e8f63af3b545a7a18ece93bcb62
SHA256c7e8062347c6e79b1bbf249297b682ed82b81cf026c84cc0b51338226a2146ea
SHA512db6a3a50e71f3b7e2b61d3445bac260ff04cdf0223d553b95d85d8193f39b15bc7135597c43aa20b87b3e765fde2113cda5c03984f50fd7beeddc4bce6f57aaf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5634c4d07564f144299fbbad6e9dcebc8
SHA1e4fe119874f8492b94d990b05f60d0a511b52763
SHA256771b03d8cde640a1a6d19a5c5da3c8fbd832eaf587b82650e979cf9d873a0aec
SHA5129c470260ae6e2a1f5854b3b24874d5995c4f5b6c0dc2b995a00bec6d51f5e95c4ddd9a3e9f529dadd9808cdca84380a837b880cad9393714fb53e65f34299c8b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5e5b67a0f024eccc2e6139bf18f1f91b2
SHA19034742ad6c6c371c451010ee4305b1394124636
SHA256dce9ce50c1bd54294921b25549df0c43ef4edc1aa03d906a8c69e629570d5ce4
SHA5121dc96b68549da7493259d7ff4f59ab5ece0c41554990343e1340d669db6d40237592f5318227a2bcc60a0c3e5c62eda12ca0184ed02a5987f832e754b1cc16c7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD534e48759daa4edee79e95a7465c41b2d
SHA11464f4af19823e763561cea15e2c3e6adbdb5cbb
SHA2564207017088ce16105aa55a43352792ad35cb200abfbadc299ecc33b10de2a08e
SHA51202162022bacd74d82acb203895e4eda9254d083bb910694a060185010ac46e7f1f2608ab10a20a94de15297eb8ead1f531c4e26479acc096a5272401e71e1765
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5d665eeb4cb61c78592e84a5dcaddb41d
SHA12608680db0740d8837ee34a25c3980347990fe27
SHA256984ccad7b122798bb3b5c7aac83206210f9e606bd53564b043f656d84620976c
SHA5127ea432e4b57f65198d9895093851efc94baaaa983869c4e0fcac49a937a42bf3ffe73478624bce8a958b7a7866ba95365e0c3998f003f1cb3f06fd9f3927aae8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD525e85c111cc09e3fcd8d15ad2b8f16d7
SHA14828427b07d795b83d392a81f62c2a3257bf0896
SHA256e5586ab08fac13f847207c2f7f24c3fca8b95544b3877e6de369ac2337204265
SHA5122018dcc507d047b673baace013e8d647646f424a9bdc03ddbf64fa0dcab5f43553ab06ef1fc498731b3ec6141325446edaf8f17282d3424189142020dff6c27b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD539495c27f3ebea220e2895d73b5b51e3
SHA16a921b735ab2d9be567ec497f36669c86d8d7093
SHA2563ef22ab1a27559b93b204b157cbaf92320620bc2760f7310a30e2825f7e40c64
SHA5128fff0a855bf3e6d9b65f7936ac9063a9baa035f1d302ed61608fe80131a5d01925cb4bc5b07df3ffe575dbff9c4c26418c746982158d9131dc544f10ee440eaf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
690B
MD5cf1da5f4671de13d6c534ef5f56fc74f
SHA18556a4d1d7d3c5619b7d401f099a7f332ceba17f
SHA2566fe1b61aa53cec6bfdec5be7a3874a4ac40c5bebc2df8ca735f9437aad586e39
SHA512bfc5013c01116da6f3dd212c660d9837c13fbb384997a70980a6d22c0daf68f71b24ac6f13a71583e43cfcc56cf8929012ce7df6066c5603b453f5c5c6c4b798
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
690B
MD5eaca0a43980815f426671230f8197db4
SHA1ebefcea8240bd12097019474a16f07d7aca19c1d
SHA256c9d3642bfa2388d8c067e8024f8b30a2f708ec39eb45aae3bad21b278bab896e
SHA51253a5e12816045d27273b55761449216c34c723ce61bb65733711eb0a48778c0d1a7b7ee94b0c43b1253e7644115f122d0002d620e8c808c7af642a3b931d1ed4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5a2c64f0dde1f1e55fb6147266c0cd2bf
SHA189ef7274001a568996334bdf6533632176ea65bf
SHA256aaefc3e3dabdc6adbca77aa4a602a0997efabf752da7b2d1255fe7da8b472cee
SHA512133b91a7145263b9074e02b5c19194e763503d8a70794d8326367cd64ff28f3cbde16f9a883c9aa9f7d1cb227a1222f457f423786b27e6f75864b1c3dba65036
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD56b53d8fd5a864eea660840f203a25b40
SHA1892703e0a095bf83b1a12cd1351f36fd42ad2f7c
SHA2566b0fd5cafaeea973163dc4994211b4727c0030fb6af628a119c8a7a1f27d75d0
SHA5125fda62b8e4c7d803df601af473c08065c0f1d55c5bcc888d74f7d8d50166796e83b944b0b9fcd19a7fdb740dc266d95d2195a38dc06cacdf377408dde3fc173e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5fa962e539643c90b8f445cc0796aa42a
SHA151a34fd399483b18fe5c8cabf1014c4f4c3aa1b9
SHA2560ed238e3ab0966580557363769014b3c01b4cf9d67a04178ec39b8eb9c40a1a3
SHA51204afea72117ac5851ac68db0ef3adcc104f273a839f460de6a19ecddb1cb364d161bd144d38e15b8871f28d0e2ddaa11d5892d1e15052c25e681cb13ec7ad2f3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5de81f93b31d326d959b7bd1ebac40130
SHA1c8e520ace4e74493c070de6d17490a60ad6137c1
SHA256e95d0243099e0626a82744f349b92e8ec2bcb3ef2b79ebd7533ebc1b8abfa9e0
SHA5121406834f161e6aa0d14907a02d7abb12e7b7dc89cad86bfa98724d6e3c9b181d1111f55bb78f91df6ca55a6eafc7b0f40a93b6a99d37cc8fdd2d74a54099cf7a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD534523faafb559f1d929038588677a5fa
SHA10d203be168485a51d710969092d497249b783b77
SHA256a7c8ef1079f0eee0d04f57c1b7958e2be5a2af147bd68d9fd3cc4f52b0294d1a
SHA51213acbdb56614ebf65060cbf746c2ca447e0095e3e898a4da574422dd6a35623523b1374cc648c934ccb50660731027dde9de9450de09620a5c9794775f1d0336
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD535ee36bc6b030d2ccd43340466b9110d
SHA1f4a326f25a33fae85e6c80c3e4e6a672d6c42626
SHA256808787af301e91d59f4ce4b441bc927829f66f9ba005a7f835f35c87d76f8555
SHA5128cbbd7474b8063e67934ee20947603e0d3500c6e4d903c3f0749e9d3c4771daba33176bb5aeef07df8add01852ff9d6c962829f35528ae6b82e44a46eebce9e6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
130KB
MD57d2f1886e52f3cb688b10c94e0f2447d
SHA1501653b2dd5c05facf098fea33a70febe41d6ad9
SHA2565a426df423898bca17a1b2eb9925534fddc1982fa751a4f405b8cb1e35b143c8
SHA512a1e6406831d7623c8ee0aeb34b6457b164b0b1cd62c7339ba0dba1c2a86c9d17487b77c7fce876ce9902bb2bc39f7d7eb2925428ce479e8f39c9fbaf2774ab26
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
130KB
MD5062941b5c1975148ac545a3c1f6ff465
SHA10100b011373a0ccb7791aa3e029b97ee0884248a
SHA256c34e66f1e2206344e6eb8e3a95a8c82a4667b8d4ae8aed8f371d9d37e5233ea6
SHA5127b081059a23f7f32147eaf83c5cd624db7b1cfda6684aa3b1d2634ff335f5c72465450d515b529dc6cbb473c8b6bc040fd32fd034262e61320d9b46426212f3f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
130KB
MD5ecaa2be3874c15cc97b605dd97466773
SHA13964726fb33eeee2ae0ec8189841dab3e56e6615
SHA2561a04f2d48dbc790cc48eb5b982a36b5d84ffcc4f8bb75ea473995411ced72597
SHA5120d009c93c97bebb7f951ef48afe90ad90dd670b951ea769388ffcc0bfc9d40cb039653059623703480e87d72a724b461b14c60965edaeb325991f2bf89d53643
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
87KB
MD5177eb1affd5595da113382f7c7a84154
SHA1aa38bd7bbccfb8414e6ecb57753d6259ab8fe5f3
SHA256d74a9e7ad7c8301bebee34b586f68a471fdbfc624f98f8cc09b21459f3b25517
SHA512433f9c7d70e7bb7512dc571972d309502ae8134a49bd002ffc3c1803c5be86848d840cddceb7ab56ddf10979014e023a36de6342be936c9b564965a52cd48677
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
98KB
MD525bfb9badd02243acc9e09c33e213186
SHA117322ee9a30ac596bc6a67cc4fc6448b7d43f746
SHA256e953806210f3e617cc64993d23becaf5a870c90deab3dfa2ccbf3efea29ad1b8
SHA512acd95946b116004070241dc40be89d665f2b5049232c586df877b9b1fe4c8005e310486f5030d511a44ad32f65151060630991ea9c6c6ab05415a26d0adacb6d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
82KB
MD520921a55b6446f89925f8711e99307bb
SHA151d22166f3d896fe3906e9d6b4b7f289e34cbced
SHA2560540ecbefe411bf3c8d74715980939de9f9c84f232da77d8d6661ad746a9bf44
SHA5129d1611543b1ff07c152623c341cd5be96730af1fcd771cccf65b3b5d4a3937da80af78d359d56b103971b9d4c530e8c89d7c087bb65e63ccc462a37e657e502b
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SASRP Token Logger.exe.logFilesize
1KB
MD5b4e91d2e5f40d5e2586a86cf3bb4df24
SHA131920b3a41aa4400d4a0230a7622848789b38672
SHA2565d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210
SHA512968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.dbFilesize
14KB
MD56bba111e1e815a90559143e0ae91e9b4
SHA173d6e39bcda0a0333abe45194d20d893a6a9c3de
SHA2567f7099be98d2dc3a1deea298b54da3cd653c914678933250a890bf57a4ab4778
SHA512f2b3353571c631f9ef6da0b877f181b8a1638934f85f7f21e3e97df840c910b31dbd16944c1f12646574f76c4c3f2d252c12122e93d82b6f308856b0684c4574
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD52b4dd1474237a4dc70e20f421915ac73
SHA1d584be2833b590e89e2de69626463c89f6637baf
SHA256f3d1b90af58e98b943ee01c3ced5d13c6bdbc5f0c2eaeca9a204aff10c2d3b9d
SHA512f7b5470b68bc07270f01cd0032b61e60803406bb5f1fc06093dde8fc00ea7c309a9d1c467853c7af5521adf8bacc2257649a4c65d97023357950353707f31c1e
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD5e91ba7113b9ee73bf73cfbf795374b4f
SHA1beef122500329c4babf0903b183e7ecc933a234a
SHA25671d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98
SHA5127c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7
-
C:\Users\Admin\Downloads\SASRP Token Logger.exeFilesize
3.1MB
MD515bf7c1dda8d343fa62074122a926c07
SHA1a60dbed9cf358a3ff7de932a6014ffa169c011b3
SHA256f28cdfb2c036dfbfe29d85a628f453afa0e16be12c8e7ae99e914855e9cb6f46
SHA512bff7655164bfde0fde3afc83278e5a809a6bc4ea32ef1e8369a9789d018244c8005d09639f8732c612c07200473020644320b63dc6c393c176eb618308b25102
-
C:\Users\Admin\Downloads\SASRP Token Logger.exe:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
\??\pipe\crashpad_1164_SMYZMINSXDKANLZTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1572-273-0x00007FF6CFEC0000-0x00007FF6CFFB8000-memory.dmpFilesize
992KB
-
memory/1572-274-0x00007FFC38730000-0x00007FFC38764000-memory.dmpFilesize
208KB
-
memory/1572-275-0x00007FFC15D30000-0x00007FFC15FE6000-memory.dmpFilesize
2.7MB
-
memory/1572-276-0x00007FFC0FE80000-0x00007FFC10F30000-memory.dmpFilesize
16.7MB
-
memory/1836-196-0x000000001BA30000-0x000000001BAE2000-memory.dmpFilesize
712KB
-
memory/1836-239-0x000000001C220000-0x000000001C748000-memory.dmpFilesize
5.2MB
-
memory/1836-195-0x000000001B920000-0x000000001B970000-memory.dmpFilesize
320KB
-
memory/3800-187-0x0000000000A10000-0x0000000000D34000-memory.dmpFilesize
3.1MB
-
memory/4548-216-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-221-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-217-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-215-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-211-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-210-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-209-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-218-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-220-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB
-
memory/4548-219-0x0000026FDE3E0000-0x0000026FDE3E1000-memory.dmpFilesize
4KB