Analysis

  • max time kernel
    140s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-08-2024 08:08

General

  • Target

    https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.0.0.91:4782

Mutex

9ed05a87-25fb-402e-a6a4-b613c5088d3d

Attributes
  • encryption_key

    1E317FE2D0D84B0CA0BFA596778B8CC9702863D6

  • install_name

    HwidChecker.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9d48ccc40,0x7ff9d48ccc4c,0x7ff9d48ccc58
      2⤵
        PID:3808
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
        2⤵
          PID:1372
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
          2⤵
            PID:4388
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
            2⤵
              PID:4248
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
              2⤵
                PID:1412
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
                2⤵
                  PID:1976
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8
                  2⤵
                    PID:5080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5008,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:1
                    2⤵
                      PID:1552
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5192 /prefetch:8
                      2⤵
                        PID:1828
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=960,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
                        2⤵
                        • Drops file in System32 directory
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4436
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:2412
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:4448
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          1⤵
                            PID:4124
                          • C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe
                            "C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe"
                            1⤵
                              PID:4872
                              • C:\Windows\SYSTEM32\schtasks.exe
                                "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe" /rl HIGHEST /f
                                2⤵
                                • Scheduled Task/Job: Scheduled Task
                                PID:4384
                              • C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe
                                "C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe"
                                2⤵
                                • Executes dropped EXE
                                • Suspicious use of SetWindowsHookEx
                                PID:1292
                                • C:\Windows\SYSTEM32\schtasks.exe
                                  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe" /rl HIGHEST /f
                                  3⤵
                                  • Scheduled Task/Job: Scheduled Task
                                  PID:3980
                            • C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe
                              "C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe"
                              1⤵
                                PID:3488

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

                                Filesize

                                37KB

                                MD5

                                6e13703b4b9b3fee9c9679caa6444f08

                                SHA1

                                eebd698908234ddf27a333105f645667e2eb7bf4

                                SHA256

                                e9c1c07f5fb1e96dc3bad0cbdaeb5503e38382e8e9c838120bb2652940d6baa6

                                SHA512

                                873bc00f546d9811befa014c4dd9ccaea032caa559c72674429ace2c1abfd292e2556de69e2db1bcf0641625bdefcf28955905a1d5b65c620fece0df82827179

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

                                Filesize

                                37KB

                                MD5

                                14c460a1feda08e672355847ea03d569

                                SHA1

                                f1e46ac6abd71ebbcdd798455483c560a1980091

                                SHA256

                                d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

                                SHA512

                                cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

                                Filesize

                                21KB

                                MD5

                                017975d305729c957b42440bb7cec4be

                                SHA1

                                4ecd64ae942d7994b18210b09e72b9a12c6ad7e3

                                SHA256

                                6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668

                                SHA512

                                216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

                                Filesize

                                22KB

                                MD5

                                9ec8ba204f6c45d71c998a0ce1dd714e

                                SHA1

                                e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

                                SHA256

                                a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

                                SHA512

                                d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

                                Filesize

                                19KB

                                MD5

                                a1ccbbe49b5bef1b3f7a242cc903f2b9

                                SHA1

                                e3b14b08e0035faecfdc712021e86be0a59798a5

                                SHA256

                                568404ad5e7b128b1346e39f1ed7ad4be731d1045a69aaab83c0206261992d89

                                SHA512

                                eee9817406c9725df21607f52ad3f5bc26e34a49c6772388a420d2e13cc86edb47d5c7bc205e4aed4e7f90d255e21b1e7656371aad83e63f59a937b6c44d9456

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

                                Filesize

                                31KB

                                MD5

                                9d854bdc861763ee9fcbda718c20c13c

                                SHA1

                                89567fea9fcfd0ec610213e085ca09a735188372

                                SHA256

                                e007008300a66561bd131c52df35e188240b44bce7bd88d0f24ca1bc62863dae

                                SHA512

                                0039ce93837af96f2462ebd8d140005ab1a47a4f88fa97b7f4c35ce01146756902414205c4cbda2166d84f45450ffe91cbe5e0a8894dd868118e9f374a6ddb03

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0595c3770068210e_0

                                Filesize

                                366B

                                MD5

                                4f790038ad8e9d3e5cbbd9e30ddeaec9

                                SHA1

                                0a47cca0d76536befca497c84e691702f1b9caf4

                                SHA256

                                21b6167adc078a8eae280700d794e6b56e43216e3b5b43e0a823448ca1dfc00e

                                SHA512

                                90fa46463afbd7c9ad9302e3a09786d64f54e8db475f04410e072a4df9bd8a04a9ec28fa79988f9320701682b214423a21d13dff718106bfc201bcc5bf0dba8d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\079c108c6774085f_0

                                Filesize

                                8KB

                                MD5

                                ee440286b67a7d953823fff4159ad7cf

                                SHA1

                                0019d9cb149278b93c094d9fa1d3bd89eb6f869f

                                SHA256

                                60a7eb39db5bf41de0ac2ca46e5188d42ca2e211c3ab2ab71e6308c08cbe6ef9

                                SHA512

                                e29a0031f20eab45de9692e53e1a021e07b3f459e8a0f046818ce92aa9fec6021f3a481688ffd1c6e530770d60bf5ac1ef396e010c115ce8ebdfbe8a4bd6ff2c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\32025df6eb1a161f_0

                                Filesize

                                9KB

                                MD5

                                fcc5bfa9251d2de74a11030be04d0a3b

                                SHA1

                                9c506e42f2fefc7a03c89de4c83d8a6e71da2825

                                SHA256

                                04b2b70eb9adaeb46529800d3448ddeaf650199537a0fa495c645c03d55d8161

                                SHA512

                                03b45db95b1ed0aa332996101d7762de749e00d136531373846ea286483a943dc3bc77f3a007c77c5778071adf00bdd30a089d15543b12fdc5d061fa8d54e2f9

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4225b26574bae895_0

                                Filesize

                                3KB

                                MD5

                                5985395f78de3a0d87e5a77cc6aa7511

                                SHA1

                                b6df9f3ffa8eb6a21664de1570f204aba5264ff4

                                SHA256

                                483334bf241b59080f81c5c55d89637df00495a8be4d7a1485dae97ee20a8ec1

                                SHA512

                                d451a17ab3419030b472c26d7b089f28e6004f3cd8ec08c5fc8c64c6684a6bdc7361b27f2f7224af14753b6cedcad8c34f3d48d598e54d4ff4869bf9f117265b

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\423ce8329728b76e_0

                                Filesize

                                2KB

                                MD5

                                5f2127f045ebb173eb781ded214eeb1c

                                SHA1

                                728bb52e7f06f33c6bbd2b5a825885a4faaf9699

                                SHA256

                                e12cb59f63eea82b0f7e5f134dcd73cb1bd01889d42c5ba41f599446a061d6f2

                                SHA512

                                59ac2b0d53e7c2d51ad2be1ecef7d32dd176fe5db90e838e0ecad45205f51a5785c99c36f95cfcb072574de20c013fe05b8378d3c78e2a6a4732ecb9e709e8c4

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\42eb60d64783d177_0

                                Filesize

                                14KB

                                MD5

                                c23d1eb77fa0ad131097bca3565addb0

                                SHA1

                                1a199a5c57e78bb6cb386ff9f8f1dde707000c3c

                                SHA256

                                b437705fed30d02def1cfdba0fa8ef1a3d3bf8afda86bdcf8e7ac4a3510d4e8f

                                SHA512

                                9d221e58cf59962e055ab88e9cf58e8bbad35513f79b6d50feee92fa8652da8532fd42394b98762a5f5e3cceb3e57180818974799828c0176d916bba93eddc89

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\529ee60a780f9229_0

                                Filesize

                                4KB

                                MD5

                                f17639c51f613b4f0a320e37ffbdb699

                                SHA1

                                94b2f3919c748329f5fdca7d1361c3f6eebb6556

                                SHA256

                                75967a57839a4f2db0fd39996553c6d4dee8fcdc020a7ac73d5cd87b4c24447e

                                SHA512

                                01a3ce7f5ae805cabc710d2ed4ce10cb895ea685b3516a21109e244428cf4c67763abb49de9db4c041fcc1c4e33ff50e50adc3646e3dc5cbef5b80660e022d19

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\697f56e1ca924d2f_0

                                Filesize

                                95KB

                                MD5

                                25bf9c304610131a7ec099b942db8815

                                SHA1

                                d06ad227ab009958d8f6d746d4f309fbdc922b98

                                SHA256

                                c7227662de146e8c152246766a31aa664b6fea0a49f0eb13bd2768304b781a0c

                                SHA512

                                ff43458d77439b22e9741b341ccbc9022b56d0cfeb5a3e77bd5854d689895dfbb19ba08e9755103c44912d193265e222e6208cbdd45a855b7bb938817fdd47cd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6de8c943c82138ca_0

                                Filesize

                                12KB

                                MD5

                                474c7c0e42a559cfdf6832c3de927b33

                                SHA1

                                af36a749baf79e6174802994b9827f6ef98a676e

                                SHA256

                                9c6b41c067971bdc48c2b603990e7537c6f0ac36a39ad5ac01df57fb89b7ac1c

                                SHA512

                                9b1a74ae3c6da16d60d0715a093b3103ec49ee83ae79e1df0aff216793ba89ac2f95b35f4a63a59cf6aa88e1979aedca2ff9cce82c845f1837442062db585df7

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7270c5871bb1e51a_0

                                Filesize

                                359B

                                MD5

                                838975a46e5d9bfafe4d21c54efce6b8

                                SHA1

                                90e095397d3922abb6251fc4b7c799a0606dd04f

                                SHA256

                                c63a4eeae405adac04d8f55353777a19f9c43ebc55b370d877b98324a1ea46ce

                                SHA512

                                74384992f8d2e32a55217058726787961806074b9076eafa9cb3fff1028015f879a86bfff62f67e02df2a9c365aec1255aec20005136fc031e23d65813fa3917

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92391157d458a91c_0

                                Filesize

                                12KB

                                MD5

                                1f032fd5294c46d510b0196e360ab888

                                SHA1

                                c7f6039a8ee6754c13a35124b330f59b628f260e

                                SHA256

                                a765caf12b05e3633befd587cd1631deda27e8b8a5c6eb4f2365a0629d9a0ca0

                                SHA512

                                76b23a5e008ac213bb9e9dd11dfa69066b829c447095ce997e6e5a696c499840f7544d1d3e33d2309948bb345847d61788fd4f77ef3e0b8825151f1adb506946

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aa61758ad53dced9_0

                                Filesize

                                1KB

                                MD5

                                c2004df83a91c3f1d6487344cce87979

                                SHA1

                                70f8a89c544d696bdc8c9fb986fec3ac30697032

                                SHA256

                                b9597f0886a3764b9a4dc31982102984d64b1223d2b5b0c513002a9fcb52e706

                                SHA512

                                c42dc47f1869c485996199f1573ad2068058b378d2e5b69d77cd8447168268d44849e48bfe9f69a1b28250c57ca0a66220ad302b8b9bce9d65101af952e8c6d0

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6d2ce11d096308a_0

                                Filesize

                                36KB

                                MD5

                                97b979d21cf1de628b45bbe4b5def05e

                                SHA1

                                b17089e6f2fa107fe070acfb9f38bde7c2fee3df

                                SHA256

                                146bc34274653eed434bc138e24201836a74e0ec7252c5fd820cbb29ed2e4c3c

                                SHA512

                                3356440685131178331439ff53a56e26a30ed9b551af277f413f8960789b3063a16d9ccd2ac04662b11b4f399b4a410a3cf1b13bd5ff6b3b3c2f754a1ee705a3

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

                                Filesize

                                324B

                                MD5

                                ceabeea0a7891313273a3497a863794d

                                SHA1

                                b3b979cefa410827d9d0bdab034f9f72e2b30046

                                SHA256

                                626b6d7fab9467eb2931db80bb5fd4419c61b2d86ca7df095b6b73d811fe5517

                                SHA512

                                664dbf35ba1df330d650387552dde89483eda1913e6e420806169befd6cca68a78b38351c090684d2b5ee5f4b3ff476ee987c3f04e3658462dc59f883f059c10

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6839bd03726db62_0

                                Filesize

                                34KB

                                MD5

                                636aca00041858c6fa78770955e924d0

                                SHA1

                                e280234bbf96eee0c635a06580c122f4310a7aab

                                SHA256

                                bd0fc6852b6ed6f342f70fe21e2fef672b734f7a22bac7d1cbd8e8e07030d4f3

                                SHA512

                                1896a63f22ced5e8f9f087ebf2b44d676bb727e5739153a969ea8cc3cd9d725215a769f70b88784a579d022c642e09d394a3da65ec99d7138820bd52100e80f3

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\efb47464905bdfa5_0

                                Filesize

                                1KB

                                MD5

                                6655523c5221c532108d5a96e8dbc2bf

                                SHA1

                                8ce652160f4fb1801cea388e0f65520b6fcde2a4

                                SHA256

                                96dc29bd4585388ece7678b52f5171cbae11da47a24b46f5cf35295aced4365a

                                SHA512

                                9fd8433b6210cd32f74576fe71cebb5b0d9c2cd5e7a759345530d374bc14b15548c34734e0b90438e852ac9a826221830b8037d107b9d9e850c9184bfcb96a29

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                                Filesize

                                3KB

                                MD5

                                2ad53ca42250bac8f8833d9471c4fc1f

                                SHA1

                                2cd5b076895fc36ecdbcde464d8b98bbf0b75d10

                                SHA256

                                a8b9f7cd62e3906a1a23950698a9f3657146b1cb11a789deaf97c6796a53f301

                                SHA512

                                71c311de1a7e9312f371a961989e2933008437397763c6d9806ce721728e7fb00b0fc8d8dadc3cb75b6d4d6caa75ca295181c3c0c0d1b92ddf143282f22224cd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                3KB

                                MD5

                                f7e5c95b7d5ef8df647d295f2d2f2a13

                                SHA1

                                99bc0eabc19c4030dbc6df3494b5596d30807f4d

                                SHA256

                                5049f81d269650f603d4b5f9f6dae236a461444cadbf232fa67417a7d554d3c3

                                SHA512

                                480bc556e7d30d82ce709e56db6b63937d94fe40d74589ad301d5e191e3073bb6dc5c9edbdc3739bef5e1560bb5fe16e225f6b7c7f9634056a41cff85da49c3e

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                f4ee8219bb36cb51d8eb0682247509f9

                                SHA1

                                f20d61ab27539b624ab949e7756b9585be953585

                                SHA256

                                45aa276d884d14beadfedcbb1c54cfe09754c22c87c89f18a4fa05a839f236e6

                                SHA512

                                ee4b1c97ba4d6f08d89365e84c989bcd14f5d3339dd4c8fcdae097b07f0d1121b452ebe7691bbca8039176827a1318a8ad3294b7c14a536a8f979b3fffa2066f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                36a07119633605c02e66c47c5c9328ef

                                SHA1

                                a3d1ec0576826ccf84fb5374f1de9c3461032934

                                SHA256

                                126b372b762a9a2a7adb3e39f738369691fbcf230a53f659dccc74b060762fc9

                                SHA512

                                905aaee0c6d6b5d005ab8248f0aeb07cbb8ebd766494fc5ff25de342fe00e899eb20472693a4be427feaca4d445d83430bdd620d4b837c2f0175bac03f681506

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                e575e081503aaa1ae1ab10833cdcc10f

                                SHA1

                                010f9a342086d36e9624bb5df4978f0312e8737b

                                SHA256

                                d4220468c0d208c0985ea24c04b953004fd19bffb671d8752c790871c78e6d47

                                SHA512

                                08f86dce85e4380be77db3079cebe5f8b6a26c38eae95bb46b9a36e107c37d9a9c4acf6b8838b98320745b7f2ce8839f57a3f386f4ae527d9455da04daca0e39

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                1e426446277fc9157e65ddc73c7df759

                                SHA1

                                d06a69fe58df939e370184282f30add28c7c77ff

                                SHA256

                                732e84afd119ec29836c50813e6e4f073e4c85907f6ee46497191101b47de4a0

                                SHA512

                                41dc44a8c5003aca79705f1f236af2eb104e6c6c71d89eabc5c54221b98c7fea12c5d2fa9096b2c673e4c48d4f27a66f46f3340a80421221e21da185c96347dd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                d377d4b8da203f83f823d40bd0c99b7a

                                SHA1

                                a034bdc0f752aa0e6cd1ef63d19d9bf53d987f74

                                SHA256

                                73155d1a4041a0b6b49256d06a9771e1642d1592d5b2c0b967abdd0ae8ce0a5a

                                SHA512

                                2781098de9182b09d9535a5a35f7162b89170c2107a346f61cdf9a89150ef228f79c454207c31a399b12a670deb4da127ec9ce4d94b8c526093662f6e273e728

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                88593a1390f75da8b44314e4ed356569

                                SHA1

                                ed932fabc35082b9dc6848eb69b29138c2308197

                                SHA256

                                b07ebdc81a0cbc23950b92f046ff7ff04326b0a9f7f6754e12cf281ff613719b

                                SHA512

                                20d8a65f35b1ebc18a6a5dae8f6b5beb70c99f0afcada6b55f66530dae409793e3fa07cb574bf1bc094c92cffb558a04b33ea451f7749959ead0d5e663b1a4f4

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                0545ae2540cddc86812a8a3c90545219

                                SHA1

                                931d283e5bba9c5c9c596b5c254265bd16274947

                                SHA256

                                7fdc6b7bc3be8a547e616383aef63a0ee762e2ddb3b7bd9e800411116ce6b3ad

                                SHA512

                                0caa6f0a15f6c44a91493bb6b240a18046ab11203cca204200def9a1848efa05e05df4d033558e3f53cf5304252cf3095af91019b98b583f229aa330259dee81

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                fd56fc866935ce74094592d80a90cea6

                                SHA1

                                69f5f69b92666facab89d02db5cb5cf4e99365ce

                                SHA256

                                4cb154b6bce3f577a8048c5cf4998c6f307c6302036448f1ce46ad0318db834b

                                SHA512

                                c912aaff75c260280ce9d4de59ca11bdf0d84186708e14677d2ea178efa577fd8ad07e09774ce2fee302b4b6267699ec19be4fdace596e1e559ba1630d8344f6

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                f873d1bcc5ecde8c45c6b5490b24597f

                                SHA1

                                279973b37dba0598e32032ada40edc674c79750a

                                SHA256

                                fd96b7195739be3b71eb17054fa51dea9d9c7947ada5aedc5ff4a1d4bb2d468e

                                SHA512

                                3166bd9aeaf42e6d249fa6299f090f41dc1090136d1583e88b8672948ca31bbe382aacfbc1d6420b63b74b3609bf82c79f68ff873b2c7dea2e06db47fab70007

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                5928c7b4eb3a9bef07d4f5d46e8a1409

                                SHA1

                                4f7154158425ff8164649413ac4c23edc402cffc

                                SHA256

                                ddc19b7d017bee8bd69cf685a2edcf2303e386c9be68b5675da536f8afdcde18

                                SHA512

                                6d78da176564bcbbc0de99c6c17798c82f3add0632bc4c3e3aa0e6a9fd02d787cd77ec50cb431d2c4e215d62ec6d103c44dd5b348a4ac8229e8cc567c568aa14

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                10KB

                                MD5

                                e2c8e1bf4d928397ba9e1182cb9dc597

                                SHA1

                                c39539526440920ad231a1259c1fea540836e66b

                                SHA256

                                20f520d2beb56078f191cc4bc50d22868b9d833cfd2f28ff1527c4a0eb6c54a2

                                SHA512

                                0ecd506c062e82efb3cb53ca3a380f4fa7be14cdc9926adfe8263f0b7d58c4071aae15b167968516491e1b0cdca88ef78a7615c7d5280252676f5777d56a4ab7

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                aaf955e7040bf013414b3caaad576c95

                                SHA1

                                3aaaa1175dc933713ce153c46da759ef26b21d14

                                SHA256

                                5ae383d0742a8b60d2d164da3aa1d43ad7c889d1ee484e7d4c1fe72dff1c9d87

                                SHA512

                                b78209a7cbba9ca3052df313953a40929478acd350e73bfb4781ea2b4678040456551ec4c67c7d5183f4b127da0b3f32409d19f4bc2ab0ad61b31df04770b9c9

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                dee312e3831c806cc5045fa08c6e4e66

                                SHA1

                                7198e9036aa8c7a43ff5fd2c018b459d8eadf246

                                SHA256

                                ab3cf3b135da42a672d4b25881e441c15fd011bd2d62913403da917ec7581a8f

                                SHA512

                                a1273aee8dcd3dde2dc224f25b1b6a639d0ad9fb002d8d99439d1d9f626e75beba0199cc11a2c4eabb00235ce23bfa7c477d0e770968416d32413da4fd51dcef

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                e12ec325ceff69cf29230676111e6011

                                SHA1

                                93a2e2fc90d754d81ad708f027eb055dc9645e64

                                SHA256

                                dca683d7ee9f0c07a8b7ff80431941064479972391eceb409c215052716f447e

                                SHA512

                                f7d8adda7c4eb17e0f09fa728d634d0c9e30ef94a6b3b22bd902c1f555d9e53ea16e0644d4bb40d86ebb007a5f81f2fbefaff5f3e08bffbe18cd147b273f85f3

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                54403f4a5addaf1258e9290b3623b1ba

                                SHA1

                                9e0efcb45fd1381edefbaf6cf0fcde9e16baf465

                                SHA256

                                980c23faa26a0770459994de423abee0470159b0e8e0187c4a0a633683630535

                                SHA512

                                260a2a5c576d52e91f3dc3cd238faaac64147ede3ada7cb3e19560d7c0bc7a9262d788986955d53d6c3e0b84b03ea2b6bab2023e4008f6de64c4e8b1bb482642

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                10KB

                                MD5

                                80c22a2350ff600fa3749388095c3031

                                SHA1

                                4d4249973d16097cc1007e23018cd9531ceab996

                                SHA256

                                3145edbe5da65585a2a1d43ff052312dc449b4ac02b231b3b10f475d254a1998

                                SHA512

                                8ac099cd4efb28019906ad2f4fc2e82432e2a0884a07d297c9df9a5e6cc54332a5270fc05c8662dfc3dd323a6721811c868073309c7707910dbca1d8287b103b

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                10KB

                                MD5

                                55334c513544b5b1b90f6732f5e86bf5

                                SHA1

                                c5a0ec9a732dc31bcc53e2d45399510270d9a5c9

                                SHA256

                                7e72cc1127d503dbd6c1a4cab1552b16f26463f61f0528be9ce77c8d59d9aa17

                                SHA512

                                39da60ad9d78d1178f759d1d7825bc30718b6b346c023739151899d6b700641d2bb969d23b735302275393dc534be95d468b3350f3109f6d9bae0c4659226e1f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                10KB

                                MD5

                                e7cf3da96b15f805f6f8420995d775e9

                                SHA1

                                a81cb809619f5810d2df105f0eaab1a70400b787

                                SHA256

                                3852981b80021c9c32a2ee92f7f097d597136030029d0c2a6fdeedefdd5301f9

                                SHA512

                                4032b2aa667927d2e4d127b11ef9e75f5607b8527926f063b6eec48c857a36532ec9815ac84474891e5fe468588424c41cf2185d1eaee57fff992ad3ebe74d47

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                10KB

                                MD5

                                9a6dc5f39d8577e4e6ab258880c40e3f

                                SHA1

                                dcc731d0a146633f8ff19c4694e64bb6a6e85ac4

                                SHA256

                                113bdbf626bfe2ee44e26e7c6ff691b130cf9f6f8e6a2d006cd7345a17f727a9

                                SHA512

                                2e72d509ddf75d1460bf595427f005a22a793d5948c72b5fcbb3e107181c13f535e9724ce7eeefc1b28b4d713e0558bfe5ec6d5e585aef5a5e5cf52e6b1749cd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                99KB

                                MD5

                                7a6388b7ab3037393a748d3baf00b940

                                SHA1

                                30a6dc70a642a010c55399cfc109223fd2421ec1

                                SHA256

                                7f966d2a36799ad436a56b4b823398285b4a32b671dc887a922c838370937a18

                                SHA512

                                bad4646cc5fd3087856cb7cf7440b43ada992f3f2726d04f3e01d90bb964aae740cbed2fb1b0f670cd8f643f6d8745e83c73045cffe112086924c53998d281fa

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                99KB

                                MD5

                                a57466f9a967cb5492685e1842f5e808

                                SHA1

                                fc104d3a34013f4321cdb5c78f53ade0883e3ce6

                                SHA256

                                1aa9cc6db574267a6a5d17ec8c282ec5de58b4e139eea8557f6d14a86797d530

                                SHA512

                                48b55bc617138e4254f7ed554bcb51d13213ab02520da4696efa919989342d44d87afc48de65ed19ff3d99f7e13d9166ea5329c8dc55eb507e78085d67f55788

                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HwidChecker.exe.log

                                Filesize

                                1KB

                                MD5

                                baf55b95da4a601229647f25dad12878

                                SHA1

                                abc16954ebfd213733c4493fc1910164d825cac8

                                SHA256

                                ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                                SHA512

                                24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                              • C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe

                                Filesize

                                3.1MB

                                MD5

                                b6f7686e5d162b9ad7fc3c829c98f2e8

                                SHA1

                                9262f36af2986a6c8459b91a76064b1a86f66550

                                SHA256

                                3aad476bc33ebbca38d7def91669e379a3563aaa7f5beddf9cfa0994946a2294

                                SHA512

                                506691916a3fd10b0470069e1afaaf18473cfd9025fd3c2b3359bb780ac36250142bc02237778bb2a58d534f31b97c7423d2b98797565a275e3ccc1fb14f57ad

                              • C:\Users\Admin\Downloads\HwidChecker-main.zip.crdownload

                                Filesize

                                1.2MB

                                MD5

                                56e8327d7854a0a1237cdda713299773

                                SHA1

                                228ec634250a41884cb0633d7c2983e51b14b82f

                                SHA256

                                0c9fa005f4e94bf7572c9e2e4fd98cbbe508d7a9ca4092705f37ba0204c910cd

                                SHA512

                                8cfb21f5434e889bc5fdcef333c42e708dc57aa7f4b11264dd28548598ba9d86f40986e13122f9bb57fe75b828de442acac0c40e98b8d001183a1b10a4d3b43a

                              • \??\pipe\crashpad_4064_BSPKSJAYGEYYOFHH

                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              • memory/1292-688-0x000000001C400000-0x000000001C450000-memory.dmp

                                Filesize

                                320KB

                              • memory/1292-689-0x000000001C510000-0x000000001C5C2000-memory.dmp

                                Filesize

                                712KB

                              • memory/1292-690-0x000000001CC00000-0x000000001D128000-memory.dmp

                                Filesize

                                5.2MB

                              • memory/4872-670-0x00007FF9C0CF0000-0x00007FF9C17B1000-memory.dmp

                                Filesize

                                10.8MB

                              • memory/4872-660-0x0000000000B10000-0x0000000000E34000-memory.dmp

                                Filesize

                                3.1MB

                              • memory/4872-659-0x00007FF9C0CF3000-0x00007FF9C0CF5000-memory.dmp

                                Filesize

                                8KB

                              • memory/4872-687-0x00007FF9C0CF0000-0x00007FF9C17B1000-memory.dmp

                                Filesize

                                10.8MB