Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31-07-2024 23:32

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    2c2744769214c1fb7dbfaab0899faa2e

  • SHA1

    891b19df40e3bd50ced307779f2770c7b82125b1

  • SHA256

    c8ebab297901040ef62bb8b91d6596bdbf59c22f9f6218a542c7c81857d0e90b

  • SHA512

    62a4baf36859aba9396f3f223f387ef7d98511dd6833cdc61bc93db68f1fe6984d2c66ad5d764bd220ef6dea36ad14763b721425ee6560bdfdcfaadc672bfcd5

  • SSDEEP

    49152:avKI22SsaNYfdPBldt698dBcjHDlT/qBxdroGdhTHHB72eh2NT:avn22SsaNYfdPBldt6+dBcjH1/w

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.2.0.2:4782

192.168.1.32:4782

Mutex

cc6f57e2-b224-4b7b-bfae-0b1e6f95f22f

Attributes
  • encryption_key

    48E15FD52A3A24CE1F767DA2AD76CB0B862CC879

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Solara

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1112
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3392
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffb95f9758,0x7fffb95f9768,0x7fffb95f9778
      2⤵
        PID:216
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:2
        2⤵
          PID:4896
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
          2⤵
            PID:3104
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
            2⤵
              PID:4596
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
              2⤵
                PID:4128
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
                2⤵
                  PID:5044
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
                  2⤵
                    PID:4188
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
                    2⤵
                      PID:3232
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
                      2⤵
                        PID:3940
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
                        2⤵
                          PID:4264
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1500 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
                          2⤵
                            PID:2772
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
                            2⤵
                              PID:4080
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5896 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
                              2⤵
                                PID:4264
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
                                2⤵
                                  PID:4060
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1600 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
                                  2⤵
                                    PID:4232
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
                                    2⤵
                                      PID:3716
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5576 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
                                      2⤵
                                        PID:1460
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
                                        2⤵
                                          PID:2308
                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                        1⤵
                                          PID:5032
                                        • C:\Windows\System32\rundll32.exe
                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                          1⤵
                                            PID:1496
                                          • C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
                                            "C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
                                            1⤵
                                              PID:1108
                                            • C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
                                              "C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
                                              1⤵
                                                PID:4496
                                              • C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
                                                "C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
                                                1⤵
                                                  PID:2452
                                                • C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
                                                  "C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
                                                  1⤵
                                                    PID:3692
                                                  • C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
                                                    "C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
                                                    1⤵
                                                      PID:364
                                                    • C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
                                                      "C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
                                                      1⤵
                                                        PID:1320

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        40B

                                                        MD5

                                                        8f3843a9da63a7c396a894b5865b2f67

                                                        SHA1

                                                        2e7f9776d1ba8b15aea00d84eff977929ed70022

                                                        SHA256

                                                        76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

                                                        SHA512

                                                        06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        816B

                                                        MD5

                                                        d8607fcf11a4bb42538407991a1f5473

                                                        SHA1

                                                        e12ca181a16ae1d3f11dc1c5e47dcc9f5af2efa4

                                                        SHA256

                                                        61e0653afc645417984140bd821b57f358ed8596f9a741ad6efe4933b60beb4a

                                                        SHA512

                                                        563606b3bdd4bf76d569ed81d51d2fa99f731682101d761dd2468387e197b45b515b267d89fa7b3cc45a593f173083179cd721697bea19175931dc206c770b70

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                        Filesize

                                                        5KB

                                                        MD5

                                                        2a21789a9d1a8add66a8ba6ebb81957c

                                                        SHA1

                                                        204fd17f69ee868b639317b33a104b16e6b093b7

                                                        SHA256

                                                        2372f46190e90c6def4865db498b8288aaeaf33167a550ce3cb61cc406406ac0

                                                        SHA512

                                                        9231c2457d43e3056b71e66041b28562bb9a1ac4f5bf5eca584169c877844af3b9b53f46bafc81fa96eb513969b5a3c64d82de8cf4ded23e15876eb4fa57fbef

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        371B

                                                        MD5

                                                        94d6b487aa57316b9ff869bcf6c96bf7

                                                        SHA1

                                                        f948273afc931a6d684a15e255e02a06bf5a8d00

                                                        SHA256

                                                        3e8843da45d783d51852928e9e2e1af4b3f9784f2203ee3283585b6ce1f36224

                                                        SHA512

                                                        446d36d610ffa54132f7fe3236faced411ccb03e47e4d23b92969288e994eef2e8fe63d73de2c28e57df9fd37fd24c79cc99c628843843cf2fea4c891e03d0cc

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        fac697c70f3b605df1dca230ad78ed7d

                                                        SHA1

                                                        6b0d4189525878df308023a7907bc9d23f53a54a

                                                        SHA256

                                                        703c0b9c12464e52c3fdd2a37d0c8dce25a721c6d36d760a464a1dd5520084af

                                                        SHA512

                                                        7a98f0597ce64177dc2af64c2d60fff174dca35a869d7b43c0bf81748029a7f505850588cd6871e608ecf784f7587971b68359d9bd79d86c6f97457a98b90538

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        81fb4d391bde5121e657b91a24626543

                                                        SHA1

                                                        f723ab6d2beb05c7746e295f8f00545c99481526

                                                        SHA256

                                                        fc0b5f5c108b034a0beefec0fdbc823e92b9a4ef464f2bd6e3125bd0ddfc9919

                                                        SHA512

                                                        1e1f67bb7bee608a80cc10218d8128e6f5c30d0cae68a25ecde5af6db2c8a15b998bc5a7cd52b74b28f4b5d9fb1df099ef0a1184392d84acddb77912ee4a605a

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        5KB

                                                        MD5

                                                        c64bd3fb09ffa303de262d6774332575

                                                        SHA1

                                                        9d247f2a294ade38f868b606e11050013cf45569

                                                        SHA256

                                                        35d3c78721239cd726544caa65016ccb358a82e3804f9444f60abfc7e619412c

                                                        SHA512

                                                        10c7495c08fb04b0f53d35bd1e31f7ec2bcaa25c0ba1d4deca100851f6af260946c3d7a22ee00c663d0b5e43ae564c0530f0d04ef607f56f9e689e812ee45807

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        56f7b02a70e353ef4bbda7e7416ac505

                                                        SHA1

                                                        33a3a2982f708b118454f81b6ef43faa0810541b

                                                        SHA256

                                                        dda20aa2a8419f04e1392a24dde9428da1d9923045d0e9408371e543e1b96375

                                                        SHA512

                                                        1d18fdfac9668f8ae49ad70ddb7e35fdf7187668c1abf02fc7f47745571757793ef7e21baac39ba63e85372d71a258526785aad8d729130558a52bec2789041c

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        5KB

                                                        MD5

                                                        8e0d193834890454cc7966ec2665a56f

                                                        SHA1

                                                        ae9baf0948374d6e0740a76bb59b30b9bf8847a9

                                                        SHA256

                                                        c87875fee9d6aa355dc1d5a1af198ccbbc3edfadb6c4a85a4dace76d3a6d3964

                                                        SHA512

                                                        c7bafd7de73f7ca525a1c0a4e36bfd8f82e80f635d31163de04d9bce5db23a61628baae9501dd69b793b374878476f954e2db4bf83652b41116baedf63d97177

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        6KB

                                                        MD5

                                                        0857de0f52b310b39d9d531c21be63eb

                                                        SHA1

                                                        81ece42cdb12bc43c70536514173cba09014b389

                                                        SHA256

                                                        ce0de2ef80b88e666e4c6f9a7eaec1481488ed5acc04cec1b24677a55f0b769a

                                                        SHA512

                                                        ea565683b8a09ceb527e3e07a7d4140dc88375e300aa428cbb40c5896422bb97eccd46de66c9987e5eaa988bb232b77f5aa45d119df46510552d0cbe1a2954e5

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                        Filesize

                                                        12KB

                                                        MD5

                                                        e614656cc0aebd8f573a8ffeb4f6a280

                                                        SHA1

                                                        530b0a01ac16cc5af38c43ade3589940beca608b

                                                        SHA256

                                                        8e3b60e88fdf5e1c533253394338fa68dad1137e47c2f7ab866fe47e8e049857

                                                        SHA512

                                                        a82b3ce6cff148f9928716a8086de004d6ea839b29a2bcbdc11f3fbb9e775bdc2b7cac9114fd0e47b9406047a1884e550776ecef9f62035b874be1f00a4c8e89

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        293KB

                                                        MD5

                                                        103978ed042d15694971620147163921

                                                        SHA1

                                                        42c57dc5048c95635ee14334ef324ac3fcfced6d

                                                        SHA256

                                                        4c3bc1e5d7103faee80df03192e311a7e4ffddfaef97a1b62a37c0104c510862

                                                        SHA512

                                                        e64c88890080a37a7396fcc1356a2c1c5beaac1f4b67db437a5d7660fedce0504f7edb5b7463be4e930e99aa0833685c3d0308b6126966cf422a773debcc2aea

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        293KB

                                                        MD5

                                                        a060a1a21d128828f23b6288a47830dd

                                                        SHA1

                                                        2e5963ef9b8164c2feebaff03a5e876447d3569f

                                                        SHA256

                                                        896a4cae5dd0e20597664b8e1f78efacc5ac27011515901ee00669042e8ea31c

                                                        SHA512

                                                        629d2851ca2c69b52a7ee8501a3244086249bcf49d6df62c9b618c64ce44131ead94194e6cdd01003b023994367aff99154741819e4b807311008cb3b09bb2e8

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ffe7.TMP

                                                        Filesize

                                                        93KB

                                                        MD5

                                                        4f0a78f0a9522c700c25ded889f3a246

                                                        SHA1

                                                        9a74785ee7d89c3bcd40171a4b5c8007121ac91a

                                                        SHA256

                                                        a9c05a65d41229de09ad158f8baa5c370c345c5e452cbfca1a6ef00988811444

                                                        SHA512

                                                        bad16a63ff48d58b6c258103a745f68e45b9941d94dd86edb4db005711f266ce22e86cf27a5cdbfe57eab3399ee2442b0132a187bb652b3aac66115b22c282e3

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c8ac0500-4667-4411-889d-a1fe06a27076.tmp

                                                        Filesize

                                                        111KB

                                                        MD5

                                                        22ea3fba7d29e9ce08f16c7b238a993c

                                                        SHA1

                                                        0601bf9902b9a527a363df64633a26a2e0145c2e

                                                        SHA256

                                                        3efbe761ed0e8b2ec92193001680ca0e89389d36b9f381ea314e67beb1097df8

                                                        SHA512

                                                        fe907d7cbc81f7d2247bff130405a3594e08c68ae164cc36bc4ed012d2861e035d150cb64a64fa9a11539b9a7572f250b9d7708befd0e8b7a53072aac67b56cc

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                        Filesize

                                                        2B

                                                        MD5

                                                        99914b932bd37a50b983c5e7c90ae93b

                                                        SHA1

                                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                        SHA256

                                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                        SHA512

                                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        d63ff49d7c92016feb39812e4db10419

                                                        SHA1

                                                        2307d5e35ca9864ffefc93acf8573ea995ba189b

                                                        SHA256

                                                        375076241775962f3edc08a8c72832a00920b427a4f3332528d91d21e909fa12

                                                        SHA512

                                                        00f8c8d0336d6575b956876183199624d6f4d2056f2c0aa633a6f17c516f22ee648062d9bc419254d84c459323e9424f0da8aed9dd4e16c2926e5ba30e797d8a

                                                      • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

                                                        Filesize

                                                        3.1MB

                                                        MD5

                                                        2c2744769214c1fb7dbfaab0899faa2e

                                                        SHA1

                                                        891b19df40e3bd50ced307779f2770c7b82125b1

                                                        SHA256

                                                        c8ebab297901040ef62bb8b91d6596bdbf59c22f9f6218a542c7c81857d0e90b

                                                        SHA512

                                                        62a4baf36859aba9396f3f223f387ef7d98511dd6833cdc61bc93db68f1fe6984d2c66ad5d764bd220ef6dea36ad14763b721425ee6560bdfdcfaadc672bfcd5

                                                      • \??\pipe\crashpad_3392_CDCYVKTDGQYAHOYI

                                                        MD5

                                                        d41d8cd98f00b204e9800998ecf8427e

                                                        SHA1

                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                        SHA256

                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                        SHA512

                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                      • memory/1112-13-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

                                                        Filesize

                                                        9.9MB

                                                      • memory/1112-8-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

                                                        Filesize

                                                        9.9MB

                                                      • memory/1112-10-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

                                                        Filesize

                                                        9.9MB

                                                      • memory/1112-11-0x000000001BB70000-0x000000001BBC0000-memory.dmp

                                                        Filesize

                                                        320KB

                                                      • memory/1112-12-0x000000001BEF0000-0x000000001BFA2000-memory.dmp

                                                        Filesize

                                                        712KB

                                                      • memory/3404-0-0x00007FFFABA43000-0x00007FFFABA44000-memory.dmp

                                                        Filesize

                                                        4KB

                                                      • memory/3404-9-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

                                                        Filesize

                                                        9.9MB

                                                      • memory/3404-2-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

                                                        Filesize

                                                        9.9MB

                                                      • memory/3404-1-0x00000000005B0000-0x00000000008D4000-memory.dmp

                                                        Filesize

                                                        3.1MB