Analysis Overview
SHA256
c8ebab297901040ef62bb8b91d6596bdbf59c22f9f6218a542c7c81857d0e90b
Threat Level: Known bad
The file Client-built.exe was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar payload
Quasar family
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-31 23:32
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-31 23:32
Reported
2024-07-31 23:34
Platform
win10-20240404-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | mediafire.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133669423796519213" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffb95f9758,0x7fffb95f9768,0x7fffb95f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1500 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5896 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1600 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5576 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1580,i,11549531884651043811,9159186274216273521,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
"C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
"C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
"C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
"C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
"C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe
"C:\Users\Admin\Downloads\fakie nigga\fakie nigga\Client-built.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.2.0.2:4782 | tcp | |
| N/A | 192.168.1.32:4782 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| N/A | 10.2.0.2:4782 | tcp | |
| N/A | 192.168.1.32:4782 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mediafire.com | udp |
| US | 104.16.114.74:443 | mediafire.com | tcp |
| US | 104.16.114.74:443 | mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 18.154.84.20:443 | cdn.amplitude.com | tcp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| BE | 66.102.1.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 52.42.117.157:443 | api.amplitude.com | tcp |
| GB | 18.245.143.83:443 | tags.crwdcntrl.net | tcp |
| IE | 34.254.23.94:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.215.197.131:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.23.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.197.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.117.42.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download1072.mediafire.com | udp |
| US | 205.196.122.13:443 | download1072.mediafire.com | tcp |
| US | 205.196.122.13:443 | download1072.mediafire.com | tcp |
| US | 8.8.8.8:53 | 13.122.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.8:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 172.67.141.135:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.196.75.2:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.180.14:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 8.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.75.196.18.in-addr.arpa | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | 61.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| DE | 18.196.75.2:443 | www.opera.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| N/A | 10.2.0.2:4782 | tcp | |
| N/A | 192.168.1.32:4782 | tcp | |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
Files
memory/3404-0-0x00007FFFABA43000-0x00007FFFABA44000-memory.dmp
memory/3404-1-0x00000000005B0000-0x00000000008D4000-memory.dmp
memory/3404-2-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | 2c2744769214c1fb7dbfaab0899faa2e |
| SHA1 | 891b19df40e3bd50ced307779f2770c7b82125b1 |
| SHA256 | c8ebab297901040ef62bb8b91d6596bdbf59c22f9f6218a542c7c81857d0e90b |
| SHA512 | 62a4baf36859aba9396f3f223f387ef7d98511dd6833cdc61bc93db68f1fe6984d2c66ad5d764bd220ef6dea36ad14763b721425ee6560bdfdcfaadc672bfcd5 |
memory/3404-9-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp
memory/1112-8-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp
memory/1112-10-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp
memory/1112-11-0x000000001BB70000-0x000000001BBC0000-memory.dmp
memory/1112-12-0x000000001BEF0000-0x000000001BFA2000-memory.dmp
memory/1112-13-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp
\??\pipe\crashpad_3392_CDCYVKTDGQYAHOYI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 103978ed042d15694971620147163921 |
| SHA1 | 42c57dc5048c95635ee14334ef324ac3fcfced6d |
| SHA256 | 4c3bc1e5d7103faee80df03192e311a7e4ffddfaef97a1b62a37c0104c510862 |
| SHA512 | e64c88890080a37a7396fcc1356a2c1c5beaac1f4b67db437a5d7660fedce0504f7edb5b7463be4e930e99aa0833685c3d0308b6126966cf422a773debcc2aea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e0d193834890454cc7966ec2665a56f |
| SHA1 | ae9baf0948374d6e0740a76bb59b30b9bf8847a9 |
| SHA256 | c87875fee9d6aa355dc1d5a1af198ccbbc3edfadb6c4a85a4dace76d3a6d3964 |
| SHA512 | c7bafd7de73f7ca525a1c0a4e36bfd8f82e80f635d31163de04d9bce5db23a61628baae9501dd69b793b374878476f954e2db4bf83652b41116baedf63d97177 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94d6b487aa57316b9ff869bcf6c96bf7 |
| SHA1 | f948273afc931a6d684a15e255e02a06bf5a8d00 |
| SHA256 | 3e8843da45d783d51852928e9e2e1af4b3f9784f2203ee3283585b6ce1f36224 |
| SHA512 | 446d36d610ffa54132f7fe3236faced411ccb03e47e4d23b92969288e994eef2e8fe63d73de2c28e57df9fd37fd24c79cc99c628843843cf2fea4c891e03d0cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e614656cc0aebd8f573a8ffeb4f6a280 |
| SHA1 | 530b0a01ac16cc5af38c43ade3589940beca608b |
| SHA256 | 8e3b60e88fdf5e1c533253394338fa68dad1137e47c2f7ab866fe47e8e049857 |
| SHA512 | a82b3ce6cff148f9928716a8086de004d6ea839b29a2bcbdc11f3fbb9e775bdc2b7cac9114fd0e47b9406047a1884e550776ecef9f62035b874be1f00a4c8e89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c64bd3fb09ffa303de262d6774332575 |
| SHA1 | 9d247f2a294ade38f868b606e11050013cf45569 |
| SHA256 | 35d3c78721239cd726544caa65016ccb358a82e3804f9444f60abfc7e619412c |
| SHA512 | 10c7495c08fb04b0f53d35bd1e31f7ec2bcaa25c0ba1d4deca100851f6af260946c3d7a22ee00c663d0b5e43ae564c0530f0d04ef607f56f9e689e812ee45807 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 81fb4d391bde5121e657b91a24626543 |
| SHA1 | f723ab6d2beb05c7746e295f8f00545c99481526 |
| SHA256 | fc0b5f5c108b034a0beefec0fdbc823e92b9a4ef464f2bd6e3125bd0ddfc9919 |
| SHA512 | 1e1f67bb7bee608a80cc10218d8128e6f5c30d0cae68a25ecde5af6db2c8a15b998bc5a7cd52b74b28f4b5d9fb1df099ef0a1184392d84acddb77912ee4a605a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0857de0f52b310b39d9d531c21be63eb |
| SHA1 | 81ece42cdb12bc43c70536514173cba09014b389 |
| SHA256 | ce0de2ef80b88e666e4c6f9a7eaec1481488ed5acc04cec1b24677a55f0b769a |
| SHA512 | ea565683b8a09ceb527e3e07a7d4140dc88375e300aa428cbb40c5896422bb97eccd46de66c9987e5eaa988bb232b77f5aa45d119df46510552d0cbe1a2954e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 8f3843a9da63a7c396a894b5865b2f67 |
| SHA1 | 2e7f9776d1ba8b15aea00d84eff977929ed70022 |
| SHA256 | 76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a |
| SHA512 | 06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a060a1a21d128828f23b6288a47830dd |
| SHA1 | 2e5963ef9b8164c2feebaff03a5e876447d3569f |
| SHA256 | 896a4cae5dd0e20597664b8e1f78efacc5ac27011515901ee00669042e8ea31c |
| SHA512 | 629d2851ca2c69b52a7ee8501a3244086249bcf49d6df62c9b618c64ce44131ead94194e6cdd01003b023994367aff99154741819e4b807311008cb3b09bb2e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fac697c70f3b605df1dca230ad78ed7d |
| SHA1 | 6b0d4189525878df308023a7907bc9d23f53a54a |
| SHA256 | 703c0b9c12464e52c3fdd2a37d0c8dce25a721c6d36d760a464a1dd5520084af |
| SHA512 | 7a98f0597ce64177dc2af64c2d60fff174dca35a869d7b43c0bf81748029a7f505850588cd6871e608ecf784f7587971b68359d9bd79d86c6f97457a98b90538 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56f7b02a70e353ef4bbda7e7416ac505 |
| SHA1 | 33a3a2982f708b118454f81b6ef43faa0810541b |
| SHA256 | dda20aa2a8419f04e1392a24dde9428da1d9923045d0e9408371e543e1b96375 |
| SHA512 | 1d18fdfac9668f8ae49ad70ddb7e35fdf7187668c1abf02fc7f47745571757793ef7e21baac39ba63e85372d71a258526785aad8d729130558a52bec2789041c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c8ac0500-4667-4411-889d-a1fe06a27076.tmp
| MD5 | 22ea3fba7d29e9ce08f16c7b238a993c |
| SHA1 | 0601bf9902b9a527a363df64633a26a2e0145c2e |
| SHA256 | 3efbe761ed0e8b2ec92193001680ca0e89389d36b9f381ea314e67beb1097df8 |
| SHA512 | fe907d7cbc81f7d2247bff130405a3594e08c68ae164cc36bc4ed012d2861e035d150cb64a64fa9a11539b9a7572f250b9d7708befd0e8b7a53072aac67b56cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ffe7.TMP
| MD5 | 4f0a78f0a9522c700c25ded889f3a246 |
| SHA1 | 9a74785ee7d89c3bcd40171a4b5c8007121ac91a |
| SHA256 | a9c05a65d41229de09ad158f8baa5c370c345c5e452cbfca1a6ef00988811444 |
| SHA512 | bad16a63ff48d58b6c258103a745f68e45b9941d94dd86edb4db005711f266ce22e86cf27a5cdbfe57eab3399ee2442b0132a187bb652b3aac66115b22c282e3 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log
| MD5 | d63ff49d7c92016feb39812e4db10419 |
| SHA1 | 2307d5e35ca9864ffefc93acf8573ea995ba189b |
| SHA256 | 375076241775962f3edc08a8c72832a00920b427a4f3332528d91d21e909fa12 |
| SHA512 | 00f8c8d0336d6575b956876183199624d6f4d2056f2c0aa633a6f17c516f22ee648062d9bc419254d84c459323e9424f0da8aed9dd4e16c2926e5ba30e797d8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2a21789a9d1a8add66a8ba6ebb81957c |
| SHA1 | 204fd17f69ee868b639317b33a104b16e6b093b7 |
| SHA256 | 2372f46190e90c6def4865db498b8288aaeaf33167a550ce3cb61cc406406ac0 |
| SHA512 | 9231c2457d43e3056b71e66041b28562bb9a1ac4f5bf5eca584169c877844af3b9b53f46bafc81fa96eb513969b5a3c64d82de8cf4ded23e15876eb4fa57fbef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d8607fcf11a4bb42538407991a1f5473 |
| SHA1 | e12ca181a16ae1d3f11dc1c5e47dcc9f5af2efa4 |
| SHA256 | 61e0653afc645417984140bd821b57f358ed8596f9a741ad6efe4933b60beb4a |
| SHA512 | 563606b3bdd4bf76d569ed81d51d2fa99f731682101d761dd2468387e197b45b515b267d89fa7b3cc45a593f173083179cd721697bea19175931dc206c770b70 |