Malware Analysis Report

2024-10-23 21:24

Sample ID 240804-j1xmyazhlp
Target https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe
Tags
quasar office04 discovery spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe was found to be: Known bad.

Malicious Activity Summary

quasar office04 discovery spyware trojan

Quasar RAT

Quasar payload

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Scheduled Task/Job: Scheduled Task

Enumerates system info in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-04 08:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-04 08:08

Reported

2024-08-04 08:11

Platform

win10v2004-20240802-en

Max time kernel

140s

Max time network

144s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672325452136794" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4064 wrote to memory of 3808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 3808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4064 wrote to memory of 4248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9d48ccc40,0x7ff9d48ccc4c,0x7ff9d48ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5008,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5192 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe

"C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe

"C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe" /rl HIGHEST /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=960,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8

C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe

"C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
NL 142.250.179.170:443 content-autofill.googleapis.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
N/A 10.0.0.91:4782 tcp
N/A 10.0.0.91:4782 tcp

Files

\??\pipe\crashpad_4064_BSPKSJAYGEYYOFHH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a57466f9a967cb5492685e1842f5e808
SHA1 fc104d3a34013f4321cdb5c78f53ade0883e3ce6
SHA256 1aa9cc6db574267a6a5d17ec8c282ec5de58b4e139eea8557f6d14a86797d530
SHA512 48b55bc617138e4254f7ed554bcb51d13213ab02520da4696efa919989342d44d87afc48de65ed19ff3d99f7e13d9166ea5329c8dc55eb507e78085d67f55788

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5928c7b4eb3a9bef07d4f5d46e8a1409
SHA1 4f7154158425ff8164649413ac4c23edc402cffc
SHA256 ddc19b7d017bee8bd69cf685a2edcf2303e386c9be68b5675da536f8afdcde18
SHA512 6d78da176564bcbbc0de99c6c17798c82f3add0632bc4c3e3aa0e6a9fd02d787cd77ec50cb431d2c4e215d62ec6d103c44dd5b348a4ac8229e8cc567c568aa14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36a07119633605c02e66c47c5c9328ef
SHA1 a3d1ec0576826ccf84fb5374f1de9c3461032934
SHA256 126b372b762a9a2a7adb3e39f738369691fbcf230a53f659dccc74b060762fc9
SHA512 905aaee0c6d6b5d005ab8248f0aeb07cbb8ebd766494fc5ff25de342fe00e899eb20472693a4be427feaca4d445d83430bdd620d4b837c2f0175bac03f681506

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e575e081503aaa1ae1ab10833cdcc10f
SHA1 010f9a342086d36e9624bb5df4978f0312e8737b
SHA256 d4220468c0d208c0985ea24c04b953004fd19bffb671d8752c790871c78e6d47
SHA512 08f86dce85e4380be77db3079cebe5f8b6a26c38eae95bb46b9a36e107c37d9a9c4acf6b8838b98320745b7f2ce8839f57a3f386f4ae527d9455da04daca0e39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aaf955e7040bf013414b3caaad576c95
SHA1 3aaaa1175dc933713ce153c46da759ef26b21d14
SHA256 5ae383d0742a8b60d2d164da3aa1d43ad7c889d1ee484e7d4c1fe72dff1c9d87
SHA512 b78209a7cbba9ca3052df313953a40929478acd350e73bfb4781ea2b4678040456551ec4c67c7d5183f4b127da0b3f32409d19f4bc2ab0ad61b31df04770b9c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 14c460a1feda08e672355847ea03d569
SHA1 f1e46ac6abd71ebbcdd798455483c560a1980091
SHA256 d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f
SHA512 cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 6e13703b4b9b3fee9c9679caa6444f08
SHA1 eebd698908234ddf27a333105f645667e2eb7bf4
SHA256 e9c1c07f5fb1e96dc3bad0cbdaeb5503e38382e8e9c838120bb2652940d6baa6
SHA512 873bc00f546d9811befa014c4dd9ccaea032caa559c72674429ace2c1abfd292e2556de69e2db1bcf0641625bdefcf28955905a1d5b65c620fece0df82827179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 017975d305729c957b42440bb7cec4be
SHA1 4ecd64ae942d7994b18210b09e72b9a12c6ad7e3
SHA256 6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668
SHA512 216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 9ec8ba204f6c45d71c998a0ce1dd714e
SHA1 e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c
SHA256 a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a
SHA512 d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d377d4b8da203f83f823d40bd0c99b7a
SHA1 a034bdc0f752aa0e6cd1ef63d19d9bf53d987f74
SHA256 73155d1a4041a0b6b49256d06a9771e1642d1592d5b2c0b967abdd0ae8ce0a5a
SHA512 2781098de9182b09d9535a5a35f7162b89170c2107a346f61cdf9a89150ef228f79c454207c31a399b12a670deb4da127ec9ce4d94b8c526093662f6e273e728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dee312e3831c806cc5045fa08c6e4e66
SHA1 7198e9036aa8c7a43ff5fd2c018b459d8eadf246
SHA256 ab3cf3b135da42a672d4b25881e441c15fd011bd2d62913403da917ec7581a8f
SHA512 a1273aee8dcd3dde2dc224f25b1b6a639d0ad9fb002d8d99439d1d9f626e75beba0199cc11a2c4eabb00235ce23bfa7c477d0e770968416d32413da4fd51dcef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7a6388b7ab3037393a748d3baf00b940
SHA1 30a6dc70a642a010c55399cfc109223fd2421ec1
SHA256 7f966d2a36799ad436a56b4b823398285b4a32b671dc887a922c838370937a18
SHA512 bad4646cc5fd3087856cb7cf7440b43ada992f3f2726d04f3e01d90bb964aae740cbed2fb1b0f670cd8f643f6d8745e83c73045cffe112086924c53998d281fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88593a1390f75da8b44314e4ed356569
SHA1 ed932fabc35082b9dc6848eb69b29138c2308197
SHA256 b07ebdc81a0cbc23950b92f046ff7ff04326b0a9f7f6754e12cf281ff613719b
SHA512 20d8a65f35b1ebc18a6a5dae8f6b5beb70c99f0afcada6b55f66530dae409793e3fa07cb574bf1bc094c92cffb558a04b33ea451f7749959ead0d5e663b1a4f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 a1ccbbe49b5bef1b3f7a242cc903f2b9
SHA1 e3b14b08e0035faecfdc712021e86be0a59798a5
SHA256 568404ad5e7b128b1346e39f1ed7ad4be731d1045a69aaab83c0206261992d89
SHA512 eee9817406c9725df21607f52ad3f5bc26e34a49c6772388a420d2e13cc86edb47d5c7bc205e4aed4e7f90d255e21b1e7656371aad83e63f59a937b6c44d9456

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e12ec325ceff69cf29230676111e6011
SHA1 93a2e2fc90d754d81ad708f027eb055dc9645e64
SHA256 dca683d7ee9f0c07a8b7ff80431941064479972391eceb409c215052716f447e
SHA512 f7d8adda7c4eb17e0f09fa728d634d0c9e30ef94a6b3b22bd902c1f555d9e53ea16e0644d4bb40d86ebb007a5f81f2fbefaff5f3e08bffbe18cd147b273f85f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fd56fc866935ce74094592d80a90cea6
SHA1 69f5f69b92666facab89d02db5cb5cf4e99365ce
SHA256 4cb154b6bce3f577a8048c5cf4998c6f307c6302036448f1ce46ad0318db834b
SHA512 c912aaff75c260280ce9d4de59ca11bdf0d84186708e14677d2ea178efa577fd8ad07e09774ce2fee302b4b6267699ec19be4fdace596e1e559ba1630d8344f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54403f4a5addaf1258e9290b3623b1ba
SHA1 9e0efcb45fd1381edefbaf6cf0fcde9e16baf465
SHA256 980c23faa26a0770459994de423abee0470159b0e8e0187c4a0a633683630535
SHA512 260a2a5c576d52e91f3dc3cd238faaac64147ede3ada7cb3e19560d7c0bc7a9262d788986955d53d6c3e0b84b03ea2b6bab2023e4008f6de64c4e8b1bb482642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6de8c943c82138ca_0

MD5 474c7c0e42a559cfdf6832c3de927b33
SHA1 af36a749baf79e6174802994b9827f6ef98a676e
SHA256 9c6b41c067971bdc48c2b603990e7537c6f0ac36a39ad5ac01df57fb89b7ac1c
SHA512 9b1a74ae3c6da16d60d0715a093b3103ec49ee83ae79e1df0aff216793ba89ac2f95b35f4a63a59cf6aa88e1979aedca2ff9cce82c845f1837442062db585df7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aa61758ad53dced9_0

MD5 c2004df83a91c3f1d6487344cce87979
SHA1 70f8a89c544d696bdc8c9fb986fec3ac30697032
SHA256 b9597f0886a3764b9a4dc31982102984d64b1223d2b5b0c513002a9fcb52e706
SHA512 c42dc47f1869c485996199f1573ad2068058b378d2e5b69d77cd8447168268d44849e48bfe9f69a1b28250c57ca0a66220ad302b8b9bce9d65101af952e8c6d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\efb47464905bdfa5_0

MD5 6655523c5221c532108d5a96e8dbc2bf
SHA1 8ce652160f4fb1801cea388e0f65520b6fcde2a4
SHA256 96dc29bd4585388ece7678b52f5171cbae11da47a24b46f5cf35295aced4365a
SHA512 9fd8433b6210cd32f74576fe71cebb5b0d9c2cd5e7a759345530d374bc14b15548c34734e0b90438e852ac9a826221830b8037d107b9d9e850c9184bfcb96a29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6d2ce11d096308a_0

MD5 97b979d21cf1de628b45bbe4b5def05e
SHA1 b17089e6f2fa107fe070acfb9f38bde7c2fee3df
SHA256 146bc34274653eed434bc138e24201836a74e0ec7252c5fd820cbb29ed2e4c3c
SHA512 3356440685131178331439ff53a56e26a30ed9b551af277f413f8960789b3063a16d9ccd2ac04662b11b4f399b4a410a3cf1b13bd5ff6b3b3c2f754a1ee705a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

MD5 ceabeea0a7891313273a3497a863794d
SHA1 b3b979cefa410827d9d0bdab034f9f72e2b30046
SHA256 626b6d7fab9467eb2931db80bb5fd4419c61b2d86ca7df095b6b73d811fe5517
SHA512 664dbf35ba1df330d650387552dde89483eda1913e6e420806169befd6cca68a78b38351c090684d2b5ee5f4b3ff476ee987c3f04e3658462dc59f883f059c10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\529ee60a780f9229_0

MD5 f17639c51f613b4f0a320e37ffbdb699
SHA1 94b2f3919c748329f5fdca7d1361c3f6eebb6556
SHA256 75967a57839a4f2db0fd39996553c6d4dee8fcdc020a7ac73d5cd87b4c24447e
SHA512 01a3ce7f5ae805cabc710d2ed4ce10cb895ea685b3516a21109e244428cf4c67763abb49de9db4c041fcc1c4e33ff50e50adc3646e3dc5cbef5b80660e022d19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\42eb60d64783d177_0

MD5 c23d1eb77fa0ad131097bca3565addb0
SHA1 1a199a5c57e78bb6cb386ff9f8f1dde707000c3c
SHA256 b437705fed30d02def1cfdba0fa8ef1a3d3bf8afda86bdcf8e7ac4a3510d4e8f
SHA512 9d221e58cf59962e055ab88e9cf58e8bbad35513f79b6d50feee92fa8652da8532fd42394b98762a5f5e3cceb3e57180818974799828c0176d916bba93eddc89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92391157d458a91c_0

MD5 1f032fd5294c46d510b0196e360ab888
SHA1 c7f6039a8ee6754c13a35124b330f59b628f260e
SHA256 a765caf12b05e3633befd587cd1631deda27e8b8a5c6eb4f2365a0629d9a0ca0
SHA512 76b23a5e008ac213bb9e9dd11dfa69066b829c447095ce997e6e5a696c499840f7544d1d3e33d2309948bb345847d61788fd4f77ef3e0b8825151f1adb506946

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\697f56e1ca924d2f_0

MD5 25bf9c304610131a7ec099b942db8815
SHA1 d06ad227ab009958d8f6d746d4f309fbdc922b98
SHA256 c7227662de146e8c152246766a31aa664b6fea0a49f0eb13bd2768304b781a0c
SHA512 ff43458d77439b22e9741b341ccbc9022b56d0cfeb5a3e77bd5854d689895dfbb19ba08e9755103c44912d193265e222e6208cbdd45a855b7bb938817fdd47cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0595c3770068210e_0

MD5 4f790038ad8e9d3e5cbbd9e30ddeaec9
SHA1 0a47cca0d76536befca497c84e691702f1b9caf4
SHA256 21b6167adc078a8eae280700d794e6b56e43216e3b5b43e0a823448ca1dfc00e
SHA512 90fa46463afbd7c9ad9302e3a09786d64f54e8db475f04410e072a4df9bd8a04a9ec28fa79988f9320701682b214423a21d13dff718106bfc201bcc5bf0dba8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\32025df6eb1a161f_0

MD5 fcc5bfa9251d2de74a11030be04d0a3b
SHA1 9c506e42f2fefc7a03c89de4c83d8a6e71da2825
SHA256 04b2b70eb9adaeb46529800d3448ddeaf650199537a0fa495c645c03d55d8161
SHA512 03b45db95b1ed0aa332996101d7762de749e00d136531373846ea286483a943dc3bc77f3a007c77c5778071adf00bdd30a089d15543b12fdc5d061fa8d54e2f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6839bd03726db62_0

MD5 636aca00041858c6fa78770955e924d0
SHA1 e280234bbf96eee0c635a06580c122f4310a7aab
SHA256 bd0fc6852b6ed6f342f70fe21e2fef672b734f7a22bac7d1cbd8e8e07030d4f3
SHA512 1896a63f22ced5e8f9f087ebf2b44d676bb727e5739153a969ea8cc3cd9d725215a769f70b88784a579d022c642e09d394a3da65ec99d7138820bd52100e80f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7270c5871bb1e51a_0

MD5 838975a46e5d9bfafe4d21c54efce6b8
SHA1 90e095397d3922abb6251fc4b7c799a0606dd04f
SHA256 c63a4eeae405adac04d8f55353777a19f9c43ebc55b370d877b98324a1ea46ce
SHA512 74384992f8d2e32a55217058726787961806074b9076eafa9cb3fff1028015f879a86bfff62f67e02df2a9c365aec1255aec20005136fc031e23d65813fa3917

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\079c108c6774085f_0

MD5 ee440286b67a7d953823fff4159ad7cf
SHA1 0019d9cb149278b93c094d9fa1d3bd89eb6f869f
SHA256 60a7eb39db5bf41de0ac2ca46e5188d42ca2e211c3ab2ab71e6308c08cbe6ef9
SHA512 e29a0031f20eab45de9692e53e1a021e07b3f459e8a0f046818ce92aa9fec6021f3a481688ffd1c6e530770d60bf5ac1ef396e010c115ce8ebdfbe8a4bd6ff2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4225b26574bae895_0

MD5 5985395f78de3a0d87e5a77cc6aa7511
SHA1 b6df9f3ffa8eb6a21664de1570f204aba5264ff4
SHA256 483334bf241b59080f81c5c55d89637df00495a8be4d7a1485dae97ee20a8ec1
SHA512 d451a17ab3419030b472c26d7b089f28e6004f3cd8ec08c5fc8c64c6684a6bdc7361b27f2f7224af14753b6cedcad8c34f3d48d598e54d4ff4869bf9f117265b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\423ce8329728b76e_0

MD5 5f2127f045ebb173eb781ded214eeb1c
SHA1 728bb52e7f06f33c6bbd2b5a825885a4faaf9699
SHA256 e12cb59f63eea82b0f7e5f134dcd73cb1bd01889d42c5ba41f599446a061d6f2
SHA512 59ac2b0d53e7c2d51ad2be1ecef7d32dd176fe5db90e838e0ecad45205f51a5785c99c36f95cfcb072574de20c013fe05b8378d3c78e2a6a4732ecb9e709e8c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 9d854bdc861763ee9fcbda718c20c13c
SHA1 89567fea9fcfd0ec610213e085ca09a735188372
SHA256 e007008300a66561bd131c52df35e188240b44bce7bd88d0f24ca1bc62863dae
SHA512 0039ce93837af96f2462ebd8d140005ab1a47a4f88fa97b7f4c35ce01146756902414205c4cbda2166d84f45450ffe91cbe5e0a8894dd868118e9f374a6ddb03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f873d1bcc5ecde8c45c6b5490b24597f
SHA1 279973b37dba0598e32032ada40edc674c79750a
SHA256 fd96b7195739be3b71eb17054fa51dea9d9c7947ada5aedc5ff4a1d4bb2d468e
SHA512 3166bd9aeaf42e6d249fa6299f090f41dc1090136d1583e88b8672948ca31bbe382aacfbc1d6420b63b74b3609bf82c79f68ff873b2c7dea2e06db47fab70007

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55334c513544b5b1b90f6732f5e86bf5
SHA1 c5a0ec9a732dc31bcc53e2d45399510270d9a5c9
SHA256 7e72cc1127d503dbd6c1a4cab1552b16f26463f61f0528be9ce77c8d59d9aa17
SHA512 39da60ad9d78d1178f759d1d7825bc30718b6b346c023739151899d6b700641d2bb969d23b735302275393dc534be95d468b3350f3109f6d9bae0c4659226e1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f4ee8219bb36cb51d8eb0682247509f9
SHA1 f20d61ab27539b624ab949e7756b9585be953585
SHA256 45aa276d884d14beadfedcbb1c54cfe09754c22c87c89f18a4fa05a839f236e6
SHA512 ee4b1c97ba4d6f08d89365e84c989bcd14f5d3339dd4c8fcdae097b07f0d1121b452ebe7691bbca8039176827a1318a8ad3294b7c14a536a8f979b3fffa2066f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0545ae2540cddc86812a8a3c90545219
SHA1 931d283e5bba9c5c9c596b5c254265bd16274947
SHA256 7fdc6b7bc3be8a547e616383aef63a0ee762e2ddb3b7bd9e800411116ce6b3ad
SHA512 0caa6f0a15f6c44a91493bb6b240a18046ab11203cca204200def9a1848efa05e05df4d033558e3f53cf5304252cf3095af91019b98b583f229aa330259dee81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7cf3da96b15f805f6f8420995d775e9
SHA1 a81cb809619f5810d2df105f0eaab1a70400b787
SHA256 3852981b80021c9c32a2ee92f7f097d597136030029d0c2a6fdeedefdd5301f9
SHA512 4032b2aa667927d2e4d127b11ef9e75f5607b8527926f063b6eec48c857a36532ec9815ac84474891e5fe468588424c41cf2185d1eaee57fff992ad3ebe74d47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 2ad53ca42250bac8f8833d9471c4fc1f
SHA1 2cd5b076895fc36ecdbcde464d8b98bbf0b75d10
SHA256 a8b9f7cd62e3906a1a23950698a9f3657146b1cb11a789deaf97c6796a53f301
SHA512 71c311de1a7e9312f371a961989e2933008437397763c6d9806ce721728e7fb00b0fc8d8dadc3cb75b6d4d6caa75ca295181c3c0c0d1b92ddf143282f22224cd

C:\Users\Admin\Downloads\HwidChecker-main.zip.crdownload

MD5 56e8327d7854a0a1237cdda713299773
SHA1 228ec634250a41884cb0633d7c2983e51b14b82f
SHA256 0c9fa005f4e94bf7572c9e2e4fd98cbbe508d7a9ca4092705f37ba0204c910cd
SHA512 8cfb21f5434e889bc5fdcef333c42e708dc57aa7f4b11264dd28548598ba9d86f40986e13122f9bb57fe75b828de442acac0c40e98b8d001183a1b10a4d3b43a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e426446277fc9157e65ddc73c7df759
SHA1 d06a69fe58df939e370184282f30add28c7c77ff
SHA256 732e84afd119ec29836c50813e6e4f073e4c85907f6ee46497191101b47de4a0
SHA512 41dc44a8c5003aca79705f1f236af2eb104e6c6c71d89eabc5c54221b98c7fea12c5d2fa9096b2c673e4c48d4f27a66f46f3340a80421221e21da185c96347dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80c22a2350ff600fa3749388095c3031
SHA1 4d4249973d16097cc1007e23018cd9531ceab996
SHA256 3145edbe5da65585a2a1d43ff052312dc449b4ac02b231b3b10f475d254a1998
SHA512 8ac099cd4efb28019906ad2f4fc2e82432e2a0884a07d297c9df9a5e6cc54332a5270fc05c8662dfc3dd323a6721811c868073309c7707910dbca1d8287b103b

memory/4872-659-0x00007FF9C0CF3000-0x00007FF9C0CF5000-memory.dmp

memory/4872-660-0x0000000000B10000-0x0000000000E34000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f7e5c95b7d5ef8df647d295f2d2f2a13
SHA1 99bc0eabc19c4030dbc6df3494b5596d30807f4d
SHA256 5049f81d269650f603d4b5f9f6dae236a461444cadbf232fa67417a7d554d3c3
SHA512 480bc556e7d30d82ce709e56db6b63937d94fe40d74589ad301d5e191e3073bb6dc5c9edbdc3739bef5e1560bb5fe16e225f6b7c7f9634056a41cff85da49c3e

memory/4872-670-0x00007FF9C0CF0000-0x00007FF9C17B1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a6dc5f39d8577e4e6ab258880c40e3f
SHA1 dcc731d0a146633f8ff19c4694e64bb6a6e85ac4
SHA256 113bdbf626bfe2ee44e26e7c6ff691b130cf9f6f8e6a2d006cd7345a17f727a9
SHA512 2e72d509ddf75d1460bf595427f005a22a793d5948c72b5fcbb3e107181c13f535e9724ce7eeefc1b28b4d713e0558bfe5ec6d5e585aef5a5e5cf52e6b1749cd

C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe

MD5 b6f7686e5d162b9ad7fc3c829c98f2e8
SHA1 9262f36af2986a6c8459b91a76064b1a86f66550
SHA256 3aad476bc33ebbca38d7def91669e379a3563aaa7f5beddf9cfa0994946a2294
SHA512 506691916a3fd10b0470069e1afaaf18473cfd9025fd3c2b3359bb780ac36250142bc02237778bb2a58d534f31b97c7423d2b98797565a275e3ccc1fb14f57ad

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HwidChecker.exe.log

MD5 baf55b95da4a601229647f25dad12878
SHA1 abc16954ebfd213733c4493fc1910164d825cac8
SHA256 ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA512 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

memory/4872-687-0x00007FF9C0CF0000-0x00007FF9C17B1000-memory.dmp

memory/1292-688-0x000000001C400000-0x000000001C450000-memory.dmp

memory/1292-689-0x000000001C510000-0x000000001C5C2000-memory.dmp

memory/1292-690-0x000000001CC00000-0x000000001D128000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2c8e1bf4d928397ba9e1182cb9dc597
SHA1 c39539526440920ad231a1259c1fea540836e66b
SHA256 20f520d2beb56078f191cc4bc50d22868b9d833cfd2f28ff1527c4a0eb6c54a2
SHA512 0ecd506c062e82efb3cb53ca3a380f4fa7be14cdc9926adfe8263f0b7d58c4071aae15b167968516491e1b0cdca88ef78a7615c7d5280252676f5777d56a4ab7