Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2024 05:04

General

  • Target

    Venom.exe

  • Size

    3.1MB

  • MD5

    1348632fc2ede08cab5db1cb174ff0d3

  • SHA1

    2a1966291aa0e7aee1b039a1a75fa4879489a2be

  • SHA256

    900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf

  • SHA512

    52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

  • SSDEEP

    49152:avht62XlaSFNWPjljiFa2RoUYItFW7Bxn+oGdzTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYIrW2

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.246:4782

Mutex

1e9de725-2f46-4350-b6c8-78b3b776a085

Attributes
  • encryption_key

    ACF3D3BDCC7612495B863F26348AD4EE3B96458B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    venom

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Venom.exe
    "C:\Users\Admin\AppData\Local\Temp\Venom.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:2264
    • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5080
      • C:\Windows\SYSTEM32\schtasks.exe
        "schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1408
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffccfbdcc40,0x7ffccfbdcc4c,0x7ffccfbdcc58
      2⤵
        PID:4212
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
        2⤵
          PID:1036
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:3
          2⤵
            PID:2436
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2420 /prefetch:8
            2⤵
              PID:1172
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
              2⤵
                PID:4544
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
                2⤵
                  PID:4704
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
                  2⤵
                    PID:2284
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
                    2⤵
                      PID:568
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
                      2⤵
                        PID:2440
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5076,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3672 /prefetch:1
                        2⤵
                          PID:4788
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3296,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4380 /prefetch:1
                          2⤵
                            PID:4956
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3104,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:1
                            2⤵
                              PID:3624
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3388,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:8
                              2⤵
                                PID:2136
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5008,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1148 /prefetch:8
                                2⤵
                                • Drops file in System32 directory
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3380
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3292,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:1
                                2⤵
                                  PID:2716
                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                1⤵
                                  PID:3848
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                  1⤵
                                    PID:1292
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x3c8 0x470
                                    1⤵
                                      PID:2576

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      768B

                                      MD5

                                      b3a15c908217a7e202eb62c8fc1d20b2

                                      SHA1

                                      93990ede81a453149d55b1c9bdd200441925f8ff

                                      SHA256

                                      994a18fb24a55c81c51cbf4a54a867d59d6b857eafdf286764099f624b1244ce

                                      SHA512

                                      94cc3d566aa8e21843a27c54993f06293dfefbac724070db0c746614cde970805ed02a38f1daaa25aad0a7799f1c088c84a75b0a7a127534883dac95c1f87eb8

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

                                      Filesize

                                      23B

                                      MD5

                                      3fd11ff447c1ee23538dc4d9724427a3

                                      SHA1

                                      1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                      SHA256

                                      720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                      SHA512

                                      10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      f498bcf06d672f95d68da21b96b49e8e

                                      SHA1

                                      69482c9dec33294af256dd4c5847561bf4ccabd0

                                      SHA256

                                      d8a708d237b329db04681c20efbdadeadc164c909c53a209b44764f824fffd4f

                                      SHA512

                                      dadc23e920fb2d492bab4f0b9d22f3653ebf34f289be4be60e3c1a8e5e59fd8941a9394e52928896c74a8bd07363e6f42f2b2418a3f86129e086f880238bbd17

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      356B

                                      MD5

                                      1589524b0f4a9a24ea73fcb41bfb9aaf

                                      SHA1

                                      aca34a8128ca075d25c38a40379f3034e5b194e1

                                      SHA256

                                      db44a873bf770d0637fa088f5db8b21c928245afafaff9245a90fd8cef93a4e3

                                      SHA512

                                      95597927c853df02fb8a7bf786d17d7a8edfb390bb7481176f724d54700c818ce153bd883254bacd1d8e9b7a163965857bbca7bcf16d7f14f1d1af2ac26c6851

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      691B

                                      MD5

                                      68501d443c86fcd40e4593e6a3ed83a5

                                      SHA1

                                      1cff5c4a514db80e2c86b25a466ae8579727fce9

                                      SHA256

                                      26bbf154e4321d344642afd11f5bd8806098d032c9114d45f4327a6a412c7c0e

                                      SHA512

                                      4872a48e9cbc29180b6955c2dcf6ca3e823136003dc54180329ef554a0d0d6d7e39b717625e1f69f9c9adef12dbda9f68768781ef4e1b6fff9bf6d0123b1b15a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      691B

                                      MD5

                                      180f88a324b8dbe51c63e180e8520a6b

                                      SHA1

                                      3093b2d814ee50e6d907ef5e214b32dd513a8d52

                                      SHA256

                                      af37fee3594815d501bf4387cddbfc21c9a1063875e86b0b8b7af8e4dce109b8

                                      SHA512

                                      1a83bb74c8833a5338937f6de06e0261bb997023930fff047d08d54e2f0c2b597a8a6f1f1d951b590b10971de858253b13f275005f30b9e5d94b49887b4c59e7

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      8KB

                                      MD5

                                      00674178bcf69e1c107fd97da661a0b4

                                      SHA1

                                      dc495113a1a7d5d22e3c063c1e94998343ffa662

                                      SHA256

                                      ffaf596efdb838189786830a16c93e028b7831236e5b5cc7c54be8cde2b1b88e

                                      SHA512

                                      fd4b3dba4dc67df70e77dad9efb328dae571689c0ad5591055f5a0292eb4e47bda388896882984af0583781901a9b5b500319b91862242aa139135313e421ede

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      8fb660722308101678e69fa7dffd7a7c

                                      SHA1

                                      afa639fff23f2cfc49e4c95fb48022907526a86b

                                      SHA256

                                      89d2792bffa9f8129b1f577fb5dd4aef964e641e34c4605500779ee347146efe

                                      SHA512

                                      6a0261737c1d1a01393cab951c95cfdfd6c6d9d09f18e214db6c19bf939209101546eaec81dcdb5482ed938fa4dfd30cdf4ec6338c1215cd5c75d318f00c34a0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      8KB

                                      MD5

                                      3f65b6230925a9bce11384552a6b6d7f

                                      SHA1

                                      f24f8052254ced7f133f2a6020994111d472a756

                                      SHA256

                                      2ea559139e61c2b2b3f4c5555ff6b3e3d44c5d1a329c4654dce4a0cf3c002469

                                      SHA512

                                      b8a86bbb65cf2beffbbe3a9513fbfd4fa99e92c0ca97f919e38f55cdb241e0bee8e895e51fa5850c3bb1063ff5f948100e4e4e72048c56dc766aae13d6685f1b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      8KB

                                      MD5

                                      a7dc62176696f8db54ece9527507d1da

                                      SHA1

                                      4baad830da35fe01bf5b97fff437fdb7fe1598ea

                                      SHA256

                                      f15b9f64852e8b88980055ebd2a5e3d3cf2a4e32304151fa46733d3d0d221295

                                      SHA512

                                      e1c05ecfbab507273c7bf6ac34dce0bf6b90dc3308aa1a5fc790c95ab45b965d8fb61f78c8f7ad703889497e3762923726fd3bca2c29fb6228f70924f05d1ade

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      19962cb5bf2ac813efd5f042bc9e84ac

                                      SHA1

                                      37fb8a613760f82e2f8656da590872a283df3529

                                      SHA256

                                      e50ce657d48e0bcc260a2401701426f74d2801ac77fae992b607ea1306b96ffb

                                      SHA512

                                      01245f7d6897f28f69e53da9b0d0dbc8c55fc6603d011773708cc54a9178cc32aaae1ce6b42e274ef47742213f3c4931c5442a451180cc8ac8742517623055be

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      20a91c1ea8a1783cfaa5589296fcb245

                                      SHA1

                                      5622cc5572656102ade8df91c62e86474ac092b6

                                      SHA256

                                      8dab78cc73472833e5ec9b3447c1fc6b8b1b0b8180ff375a92172dc1746d88f7

                                      SHA512

                                      0630311458f03e2f8cefc4ada0b182e8b534fbc1b7389604dcad990cae79d01cc1b1d0e62efa8eedae04908877ee532e90cd21658b02497b7b01ecb6b26661d0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      d2ca4f79c3cdb1149ce5a395d1815d20

                                      SHA1

                                      8a838e5c65504c468caad4191737af35f4c46e53

                                      SHA256

                                      b19375778e459a025f6835e72904defba83689605a7e86e2eb78b00be4ca89be

                                      SHA512

                                      ed87091c18ee426da32f555d6cf22ed9669fa3a55f0df7452f12580843083f7bb19877bb3d1276ffbea94781a89cead1a9e678a45b0322aac557397f9c92463e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      d2e248ac82653dc62c1e8c935a3082f3

                                      SHA1

                                      dbc82bd26d06a1a4f2fc4cbdf14f0b6a86609162

                                      SHA256

                                      cacdb8d2ab27850b83de0e905368f934fa121ab07543e44c17685f6bee146dea

                                      SHA512

                                      bdb37c0564b3360ca08949efa0fe10c9852ef461a5f500c2018ec070100a46b8642ad01ac6dff324c0f3fce707f4d82bed5d983e7e3e31f4cbd452a2e5c78491

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      86f4d1144007c64094977f8df168bb02

                                      SHA1

                                      ff04782e7ced238819f9e667e01a391b189dc39d

                                      SHA256

                                      a321eee6af6a21d1a79bb9d6553e24372aad5f4dcec9572522ee8ce4bdc56880

                                      SHA512

                                      1ad33e98e661cdea850a24fa47edbd9d70b2b323ace875b14310ebfa92360ec42c589415b45817c293870afc141328172aaf22d8c5c80cfa284cba836d7a858d

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      074a483c070f09a94dd2a3d394cee801

                                      SHA1

                                      789fcb6e45b0cde084d4adcdf5281858bc594c1c

                                      SHA256

                                      50c189a9211eb7d3725dddd899f0754c5d279dbbb0c8dcc07580477650c9b824

                                      SHA512

                                      a7d77dbd9acf7e1e39e4650b115464ed17d0c92a2b850e94ca2ad7f0a7c405a0575a55d44350996ca178b30a181fcf534a58708973998d2da6a81c44fe7fbb8b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                      Filesize

                                      96B

                                      MD5

                                      5a7392d11c96363a58789052ded75232

                                      SHA1

                                      4cd5f7d260bb8818f7d17065e174ff1e3c10b5ea

                                      SHA256

                                      ae2fda05674468a076272d4948525f7dee17a4fb6fa1ec03b66bb59735edc11a

                                      SHA512

                                      4fa5b5ff0c6af0563f9fa2c36ec9ca94e92c80d8b1af28878ea1613a61ea6cbf0ae47c87647f9a6b945d12e76fb324e703216eff74284f039b4c2c091fe93bd1

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      195KB

                                      MD5

                                      d737cadaa0238a4b041eed9c701143e0

                                      SHA1

                                      4c03ac15179d4593c6b0bc7985b29c5003de17a9

                                      SHA256

                                      a4f052014773bc0272aacea5745f2dd92295ce6c711cc1b6830cf4598de0e2f2

                                      SHA512

                                      b3dbf8057ea1048f51d4a50b757633da658430fc227e07c2b3b0993904e61692f62751008af8ca9bdd0d63155c83685de43dc7daf3f17e7e4fc7456c5a23e1bf

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      195KB

                                      MD5

                                      c1441db979e668d84826a5ddd34190af

                                      SHA1

                                      a20e782d98195a0f50609ce34655431f01424200

                                      SHA256

                                      0e896a6963ff4b8449730d43ccbdaba9a5b29e68895e09369a8613b81481aec5

                                      SHA512

                                      a97cc0d5726ac127b9de3fc3560d6af0da7d52e9d38b56ef73198d7aa44d383db663c0315830c21406f30e032f130f908bb7cc760b68b6bff5378b341875d360

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                      Filesize

                                      2B

                                      MD5

                                      f3b25701fe362ec84616a93a45ce9998

                                      SHA1

                                      d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                      SHA256

                                      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                      SHA512

                                      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                    • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

                                      Filesize

                                      3.1MB

                                      MD5

                                      1348632fc2ede08cab5db1cb174ff0d3

                                      SHA1

                                      2a1966291aa0e7aee1b039a1a75fa4879489a2be

                                      SHA256

                                      900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf

                                      SHA512

                                      52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb

                                    • \??\pipe\crashpad_1564_GKTPTQRAKHCRDQHI

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    • memory/4272-0-0x00007FFCD4C53000-0x00007FFCD4C55000-memory.dmp

                                      Filesize

                                      8KB

                                    • memory/4272-9-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

                                      Filesize

                                      10.8MB

                                    • memory/4272-2-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

                                      Filesize

                                      10.8MB

                                    • memory/4272-1-0x0000000000390000-0x00000000006B4000-memory.dmp

                                      Filesize

                                      3.1MB

                                    • memory/5080-424-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

                                      Filesize

                                      10.8MB

                                    • memory/5080-17-0x000000001BF30000-0x000000001BFE2000-memory.dmp

                                      Filesize

                                      712KB

                                    • memory/5080-14-0x000000001BE20000-0x000000001BE70000-memory.dmp

                                      Filesize

                                      320KB

                                    • memory/5080-11-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

                                      Filesize

                                      10.8MB

                                    • memory/5080-38-0x000000001C620000-0x000000001CB48000-memory.dmp

                                      Filesize

                                      5.2MB

                                    • memory/5080-10-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

                                      Filesize

                                      10.8MB

                                    • memory/5080-378-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp

                                      Filesize

                                      10.8MB