Analysis Overview
SHA256
900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
Threat Level: Known bad
The file Venom.exe was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar family
Quasar payload
Executes dropped EXE
Drops file in System32 directory
Enumerates physical storage devices
Browser Information Discovery
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-03 05:04
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-03 05:04
Reported
2024-08-03 05:06
Platform
win7-20240708-en
Max time kernel
125s
Max time network
135s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Venom.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Venom.exe
"C:\Users\Admin\AppData\Local\Temp\Venom.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp |
Files
memory/2628-0-0x000007FEF5923000-0x000007FEF5924000-memory.dmp
memory/2628-1-0x0000000000BC0000-0x0000000000EE4000-memory.dmp
memory/2628-2-0x000007FEF5920000-0x000007FEF630C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | 1348632fc2ede08cab5db1cb174ff0d3 |
| SHA1 | 2a1966291aa0e7aee1b039a1a75fa4879489a2be |
| SHA256 | 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf |
| SHA512 | 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb |
memory/2628-8-0x000007FEF5920000-0x000007FEF630C000-memory.dmp
memory/1808-10-0x000007FEF5920000-0x000007FEF630C000-memory.dmp
memory/1808-11-0x000007FEF5920000-0x000007FEF630C000-memory.dmp
memory/1808-9-0x00000000010A0000-0x00000000013C4000-memory.dmp
memory/1808-12-0x000007FEF5920000-0x000007FEF630C000-memory.dmp
memory/1808-13-0x000007FEF5920000-0x000007FEF630C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-03 05:04
Reported
2024-08-03 05:06
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Venom.exe
"C:\Users\Admin\AppData\Local\Temp\Venom.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffccfbdcc40,0x7ffccfbdcc4c,0x7ffccfbdcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2420 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5076,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3296,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3104,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3388,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x470
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5008,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1148 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3292,i,14814256830759992817,649048372045922398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.27.104:443 | www.google.com | udp |
| NL | 142.250.27.104:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 95.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.139:443 | clients2.google.com | udp |
| NL | 142.250.102.139:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 139.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.io | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 89.44.169.132:443 | mega.io | tcp |
| LU | 89.44.169.132:443 | mega.io | tcp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 16.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
Files
memory/4272-0-0x00007FFCD4C53000-0x00007FFCD4C55000-memory.dmp
memory/4272-1-0x0000000000390000-0x00000000006B4000-memory.dmp
memory/4272-2-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | 1348632fc2ede08cab5db1cb174ff0d3 |
| SHA1 | 2a1966291aa0e7aee1b039a1a75fa4879489a2be |
| SHA256 | 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf |
| SHA512 | 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb |
memory/5080-10-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp
memory/4272-9-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp
memory/5080-11-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp
memory/5080-14-0x000000001BE20000-0x000000001BE70000-memory.dmp
memory/5080-17-0x000000001BF30000-0x000000001BFE2000-memory.dmp
\??\pipe\crashpad_1564_GKTPTQRAKHCRDQHI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/5080-38-0x000000001C620000-0x000000001CB48000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c1441db979e668d84826a5ddd34190af |
| SHA1 | a20e782d98195a0f50609ce34655431f01424200 |
| SHA256 | 0e896a6963ff4b8449730d43ccbdaba9a5b29e68895e09369a8613b81481aec5 |
| SHA512 | a97cc0d5726ac127b9de3fc3560d6af0da7d52e9d38b56ef73198d7aa44d383db663c0315830c21406f30e032f130f908bb7cc760b68b6bff5378b341875d360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8fb660722308101678e69fa7dffd7a7c |
| SHA1 | afa639fff23f2cfc49e4c95fb48022907526a86b |
| SHA256 | 89d2792bffa9f8129b1f577fb5dd4aef964e641e34c4605500779ee347146efe |
| SHA512 | 6a0261737c1d1a01393cab951c95cfdfd6c6d9d09f18e214db6c19bf939209101546eaec81dcdb5482ed938fa4dfd30cdf4ec6338c1215cd5c75d318f00c34a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1589524b0f4a9a24ea73fcb41bfb9aaf |
| SHA1 | aca34a8128ca075d25c38a40379f3034e5b194e1 |
| SHA256 | db44a873bf770d0637fa088f5db8b21c928245afafaff9245a90fd8cef93a4e3 |
| SHA512 | 95597927c853df02fb8a7bf786d17d7a8edfb390bb7481176f724d54700c818ce153bd883254bacd1d8e9b7a163965857bbca7bcf16d7f14f1d1af2ac26c6851 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/5080-378-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68501d443c86fcd40e4593e6a3ed83a5 |
| SHA1 | 1cff5c4a514db80e2c86b25a466ae8579727fce9 |
| SHA256 | 26bbf154e4321d344642afd11f5bd8806098d032c9114d45f4327a6a412c7c0e |
| SHA512 | 4872a48e9cbc29180b6955c2dcf6ca3e823136003dc54180329ef554a0d0d6d7e39b717625e1f69f9c9adef12dbda9f68768781ef4e1b6fff9bf6d0123b1b15a |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f65b6230925a9bce11384552a6b6d7f |
| SHA1 | f24f8052254ced7f133f2a6020994111d472a756 |
| SHA256 | 2ea559139e61c2b2b3f4c5555ff6b3e3d44c5d1a329c4654dce4a0cf3c002469 |
| SHA512 | b8a86bbb65cf2beffbbe3a9513fbfd4fa99e92c0ca97f919e38f55cdb241e0bee8e895e51fa5850c3bb1063ff5f948100e4e4e72048c56dc766aae13d6685f1b |
memory/5080-424-0x00007FFCD4C50000-0x00007FFCD5711000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d737cadaa0238a4b041eed9c701143e0 |
| SHA1 | 4c03ac15179d4593c6b0bc7985b29c5003de17a9 |
| SHA256 | a4f052014773bc0272aacea5745f2dd92295ce6c711cc1b6830cf4598de0e2f2 |
| SHA512 | b3dbf8057ea1048f51d4a50b757633da658430fc227e07c2b3b0993904e61692f62751008af8ca9bdd0d63155c83685de43dc7daf3f17e7e4fc7456c5a23e1bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b3a15c908217a7e202eb62c8fc1d20b2 |
| SHA1 | 93990ede81a453149d55b1c9bdd200441925f8ff |
| SHA256 | 994a18fb24a55c81c51cbf4a54a867d59d6b857eafdf286764099f624b1244ce |
| SHA512 | 94cc3d566aa8e21843a27c54993f06293dfefbac724070db0c746614cde970805ed02a38f1daaa25aad0a7799f1c088c84a75b0a7a127534883dac95c1f87eb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 00674178bcf69e1c107fd97da661a0b4 |
| SHA1 | dc495113a1a7d5d22e3c063c1e94998343ffa662 |
| SHA256 | ffaf596efdb838189786830a16c93e028b7831236e5b5cc7c54be8cde2b1b88e |
| SHA512 | fd4b3dba4dc67df70e77dad9efb328dae571689c0ad5591055f5a0292eb4e47bda388896882984af0583781901a9b5b500319b91862242aa139135313e421ede |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5a7392d11c96363a58789052ded75232 |
| SHA1 | 4cd5f7d260bb8818f7d17065e174ff1e3c10b5ea |
| SHA256 | ae2fda05674468a076272d4948525f7dee17a4fb6fa1ec03b66bb59735edc11a |
| SHA512 | 4fa5b5ff0c6af0563f9fa2c36ec9ca94e92c80d8b1af28878ea1613a61ea6cbf0ae47c87647f9a6b945d12e76fb324e703216eff74284f039b4c2c091fe93bd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7dc62176696f8db54ece9527507d1da |
| SHA1 | 4baad830da35fe01bf5b97fff437fdb7fe1598ea |
| SHA256 | f15b9f64852e8b88980055ebd2a5e3d3cf2a4e32304151fa46733d3d0d221295 |
| SHA512 | e1c05ecfbab507273c7bf6ac34dce0bf6b90dc3308aa1a5fc790c95ab45b965d8fb61f78c8f7ad703889497e3762923726fd3bca2c29fb6228f70924f05d1ade |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86f4d1144007c64094977f8df168bb02 |
| SHA1 | ff04782e7ced238819f9e667e01a391b189dc39d |
| SHA256 | a321eee6af6a21d1a79bb9d6553e24372aad5f4dcec9572522ee8ce4bdc56880 |
| SHA512 | 1ad33e98e661cdea850a24fa47edbd9d70b2b323ace875b14310ebfa92360ec42c589415b45817c293870afc141328172aaf22d8c5c80cfa284cba836d7a858d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f498bcf06d672f95d68da21b96b49e8e |
| SHA1 | 69482c9dec33294af256dd4c5847561bf4ccabd0 |
| SHA256 | d8a708d237b329db04681c20efbdadeadc164c909c53a209b44764f824fffd4f |
| SHA512 | dadc23e920fb2d492bab4f0b9d22f3653ebf34f289be4be60e3c1a8e5e59fd8941a9394e52928896c74a8bd07363e6f42f2b2418a3f86129e086f880238bbd17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2ca4f79c3cdb1149ce5a395d1815d20 |
| SHA1 | 8a838e5c65504c468caad4191737af35f4c46e53 |
| SHA256 | b19375778e459a025f6835e72904defba83689605a7e86e2eb78b00be4ca89be |
| SHA512 | ed87091c18ee426da32f555d6cf22ed9669fa3a55f0df7452f12580843083f7bb19877bb3d1276ffbea94781a89cead1a9e678a45b0322aac557397f9c92463e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 074a483c070f09a94dd2a3d394cee801 |
| SHA1 | 789fcb6e45b0cde084d4adcdf5281858bc594c1c |
| SHA256 | 50c189a9211eb7d3725dddd899f0754c5d279dbbb0c8dcc07580477650c9b824 |
| SHA512 | a7d77dbd9acf7e1e39e4650b115464ed17d0c92a2b850e94ca2ad7f0a7c405a0575a55d44350996ca178b30a181fcf534a58708973998d2da6a81c44fe7fbb8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2e248ac82653dc62c1e8c935a3082f3 |
| SHA1 | dbc82bd26d06a1a4f2fc4cbdf14f0b6a86609162 |
| SHA256 | cacdb8d2ab27850b83de0e905368f934fa121ab07543e44c17685f6bee146dea |
| SHA512 | bdb37c0564b3360ca08949efa0fe10c9852ef461a5f500c2018ec070100a46b8642ad01ac6dff324c0f3fce707f4d82bed5d983e7e3e31f4cbd452a2e5c78491 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19962cb5bf2ac813efd5f042bc9e84ac |
| SHA1 | 37fb8a613760f82e2f8656da590872a283df3529 |
| SHA256 | e50ce657d48e0bcc260a2401701426f74d2801ac77fae992b607ea1306b96ffb |
| SHA512 | 01245f7d6897f28f69e53da9b0d0dbc8c55fc6603d011773708cc54a9178cc32aaae1ce6b42e274ef47742213f3c4931c5442a451180cc8ac8742517623055be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 180f88a324b8dbe51c63e180e8520a6b |
| SHA1 | 3093b2d814ee50e6d907ef5e214b32dd513a8d52 |
| SHA256 | af37fee3594815d501bf4387cddbfc21c9a1063875e86b0b8b7af8e4dce109b8 |
| SHA512 | 1a83bb74c8833a5338937f6de06e0261bb997023930fff047d08d54e2f0c2b597a8a6f1f1d951b590b10971de858253b13f275005f30b9e5d94b49887b4c59e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20a91c1ea8a1783cfaa5589296fcb245 |
| SHA1 | 5622cc5572656102ade8df91c62e86474ac092b6 |
| SHA256 | 8dab78cc73472833e5ec9b3447c1fc6b8b1b0b8180ff375a92172dc1746d88f7 |
| SHA512 | 0630311458f03e2f8cefc4ada0b182e8b534fbc1b7389604dcad990cae79d01cc1b1d0e62efa8eedae04908877ee532e90cd21658b02497b7b01ecb6b26661d0 |