Analysis Overview
Threat Level: Known bad
The file https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar payload
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-04 08:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-04 08:08
Reported
2024-08-04 08:11
Platform
win10v2004-20240802-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672325452136794" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Zezment/HwidChecker/blob/main/HwidChecker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9d48ccc40,0x7ff9d48ccc4c,0x7ff9d48ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5008,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5192 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe
"C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe
"C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe" /rl HIGHEST /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=960,i,15247607432974866429,16047323149104097492,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe
"C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\HwidChecker.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| N/A | 10.0.0.91:4782 | tcp | |
| N/A | 10.0.0.91:4782 | tcp |
Files
\??\pipe\crashpad_4064_BSPKSJAYGEYYOFHH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a57466f9a967cb5492685e1842f5e808 |
| SHA1 | fc104d3a34013f4321cdb5c78f53ade0883e3ce6 |
| SHA256 | 1aa9cc6db574267a6a5d17ec8c282ec5de58b4e139eea8557f6d14a86797d530 |
| SHA512 | 48b55bc617138e4254f7ed554bcb51d13213ab02520da4696efa919989342d44d87afc48de65ed19ff3d99f7e13d9166ea5329c8dc55eb507e78085d67f55788 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5928c7b4eb3a9bef07d4f5d46e8a1409 |
| SHA1 | 4f7154158425ff8164649413ac4c23edc402cffc |
| SHA256 | ddc19b7d017bee8bd69cf685a2edcf2303e386c9be68b5675da536f8afdcde18 |
| SHA512 | 6d78da176564bcbbc0de99c6c17798c82f3add0632bc4c3e3aa0e6a9fd02d787cd77ec50cb431d2c4e215d62ec6d103c44dd5b348a4ac8229e8cc567c568aa14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36a07119633605c02e66c47c5c9328ef |
| SHA1 | a3d1ec0576826ccf84fb5374f1de9c3461032934 |
| SHA256 | 126b372b762a9a2a7adb3e39f738369691fbcf230a53f659dccc74b060762fc9 |
| SHA512 | 905aaee0c6d6b5d005ab8248f0aeb07cbb8ebd766494fc5ff25de342fe00e899eb20472693a4be427feaca4d445d83430bdd620d4b837c2f0175bac03f681506 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e575e081503aaa1ae1ab10833cdcc10f |
| SHA1 | 010f9a342086d36e9624bb5df4978f0312e8737b |
| SHA256 | d4220468c0d208c0985ea24c04b953004fd19bffb671d8752c790871c78e6d47 |
| SHA512 | 08f86dce85e4380be77db3079cebe5f8b6a26c38eae95bb46b9a36e107c37d9a9c4acf6b8838b98320745b7f2ce8839f57a3f386f4ae527d9455da04daca0e39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aaf955e7040bf013414b3caaad576c95 |
| SHA1 | 3aaaa1175dc933713ce153c46da759ef26b21d14 |
| SHA256 | 5ae383d0742a8b60d2d164da3aa1d43ad7c889d1ee484e7d4c1fe72dff1c9d87 |
| SHA512 | b78209a7cbba9ca3052df313953a40929478acd350e73bfb4781ea2b4678040456551ec4c67c7d5183f4b127da0b3f32409d19f4bc2ab0ad61b31df04770b9c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | 14c460a1feda08e672355847ea03d569 |
| SHA1 | f1e46ac6abd71ebbcdd798455483c560a1980091 |
| SHA256 | d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f |
| SHA512 | cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 6e13703b4b9b3fee9c9679caa6444f08 |
| SHA1 | eebd698908234ddf27a333105f645667e2eb7bf4 |
| SHA256 | e9c1c07f5fb1e96dc3bad0cbdaeb5503e38382e8e9c838120bb2652940d6baa6 |
| SHA512 | 873bc00f546d9811befa014c4dd9ccaea032caa559c72674429ace2c1abfd292e2556de69e2db1bcf0641625bdefcf28955905a1d5b65c620fece0df82827179 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 017975d305729c957b42440bb7cec4be |
| SHA1 | 4ecd64ae942d7994b18210b09e72b9a12c6ad7e3 |
| SHA256 | 6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668 |
| SHA512 | 216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 9ec8ba204f6c45d71c998a0ce1dd714e |
| SHA1 | e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c |
| SHA256 | a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a |
| SHA512 | d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d377d4b8da203f83f823d40bd0c99b7a |
| SHA1 | a034bdc0f752aa0e6cd1ef63d19d9bf53d987f74 |
| SHA256 | 73155d1a4041a0b6b49256d06a9771e1642d1592d5b2c0b967abdd0ae8ce0a5a |
| SHA512 | 2781098de9182b09d9535a5a35f7162b89170c2107a346f61cdf9a89150ef228f79c454207c31a399b12a670deb4da127ec9ce4d94b8c526093662f6e273e728 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dee312e3831c806cc5045fa08c6e4e66 |
| SHA1 | 7198e9036aa8c7a43ff5fd2c018b459d8eadf246 |
| SHA256 | ab3cf3b135da42a672d4b25881e441c15fd011bd2d62913403da917ec7581a8f |
| SHA512 | a1273aee8dcd3dde2dc224f25b1b6a639d0ad9fb002d8d99439d1d9f626e75beba0199cc11a2c4eabb00235ce23bfa7c477d0e770968416d32413da4fd51dcef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7a6388b7ab3037393a748d3baf00b940 |
| SHA1 | 30a6dc70a642a010c55399cfc109223fd2421ec1 |
| SHA256 | 7f966d2a36799ad436a56b4b823398285b4a32b671dc887a922c838370937a18 |
| SHA512 | bad4646cc5fd3087856cb7cf7440b43ada992f3f2726d04f3e01d90bb964aae740cbed2fb1b0f670cd8f643f6d8745e83c73045cffe112086924c53998d281fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 88593a1390f75da8b44314e4ed356569 |
| SHA1 | ed932fabc35082b9dc6848eb69b29138c2308197 |
| SHA256 | b07ebdc81a0cbc23950b92f046ff7ff04326b0a9f7f6754e12cf281ff613719b |
| SHA512 | 20d8a65f35b1ebc18a6a5dae8f6b5beb70c99f0afcada6b55f66530dae409793e3fa07cb574bf1bc094c92cffb558a04b33ea451f7749959ead0d5e663b1a4f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | a1ccbbe49b5bef1b3f7a242cc903f2b9 |
| SHA1 | e3b14b08e0035faecfdc712021e86be0a59798a5 |
| SHA256 | 568404ad5e7b128b1346e39f1ed7ad4be731d1045a69aaab83c0206261992d89 |
| SHA512 | eee9817406c9725df21607f52ad3f5bc26e34a49c6772388a420d2e13cc86edb47d5c7bc205e4aed4e7f90d255e21b1e7656371aad83e63f59a937b6c44d9456 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e12ec325ceff69cf29230676111e6011 |
| SHA1 | 93a2e2fc90d754d81ad708f027eb055dc9645e64 |
| SHA256 | dca683d7ee9f0c07a8b7ff80431941064479972391eceb409c215052716f447e |
| SHA512 | f7d8adda7c4eb17e0f09fa728d634d0c9e30ef94a6b3b22bd902c1f555d9e53ea16e0644d4bb40d86ebb007a5f81f2fbefaff5f3e08bffbe18cd147b273f85f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fd56fc866935ce74094592d80a90cea6 |
| SHA1 | 69f5f69b92666facab89d02db5cb5cf4e99365ce |
| SHA256 | 4cb154b6bce3f577a8048c5cf4998c6f307c6302036448f1ce46ad0318db834b |
| SHA512 | c912aaff75c260280ce9d4de59ca11bdf0d84186708e14677d2ea178efa577fd8ad07e09774ce2fee302b4b6267699ec19be4fdace596e1e559ba1630d8344f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54403f4a5addaf1258e9290b3623b1ba |
| SHA1 | 9e0efcb45fd1381edefbaf6cf0fcde9e16baf465 |
| SHA256 | 980c23faa26a0770459994de423abee0470159b0e8e0187c4a0a633683630535 |
| SHA512 | 260a2a5c576d52e91f3dc3cd238faaac64147ede3ada7cb3e19560d7c0bc7a9262d788986955d53d6c3e0b84b03ea2b6bab2023e4008f6de64c4e8b1bb482642 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6de8c943c82138ca_0
| MD5 | 474c7c0e42a559cfdf6832c3de927b33 |
| SHA1 | af36a749baf79e6174802994b9827f6ef98a676e |
| SHA256 | 9c6b41c067971bdc48c2b603990e7537c6f0ac36a39ad5ac01df57fb89b7ac1c |
| SHA512 | 9b1a74ae3c6da16d60d0715a093b3103ec49ee83ae79e1df0aff216793ba89ac2f95b35f4a63a59cf6aa88e1979aedca2ff9cce82c845f1837442062db585df7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aa61758ad53dced9_0
| MD5 | c2004df83a91c3f1d6487344cce87979 |
| SHA1 | 70f8a89c544d696bdc8c9fb986fec3ac30697032 |
| SHA256 | b9597f0886a3764b9a4dc31982102984d64b1223d2b5b0c513002a9fcb52e706 |
| SHA512 | c42dc47f1869c485996199f1573ad2068058b378d2e5b69d77cd8447168268d44849e48bfe9f69a1b28250c57ca0a66220ad302b8b9bce9d65101af952e8c6d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\efb47464905bdfa5_0
| MD5 | 6655523c5221c532108d5a96e8dbc2bf |
| SHA1 | 8ce652160f4fb1801cea388e0f65520b6fcde2a4 |
| SHA256 | 96dc29bd4585388ece7678b52f5171cbae11da47a24b46f5cf35295aced4365a |
| SHA512 | 9fd8433b6210cd32f74576fe71cebb5b0d9c2cd5e7a759345530d374bc14b15548c34734e0b90438e852ac9a826221830b8037d107b9d9e850c9184bfcb96a29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6d2ce11d096308a_0
| MD5 | 97b979d21cf1de628b45bbe4b5def05e |
| SHA1 | b17089e6f2fa107fe070acfb9f38bde7c2fee3df |
| SHA256 | 146bc34274653eed434bc138e24201836a74e0ec7252c5fd820cbb29ed2e4c3c |
| SHA512 | 3356440685131178331439ff53a56e26a30ed9b551af277f413f8960789b3063a16d9ccd2ac04662b11b4f399b4a410a3cf1b13bd5ff6b3b3c2f754a1ee705a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0
| MD5 | ceabeea0a7891313273a3497a863794d |
| SHA1 | b3b979cefa410827d9d0bdab034f9f72e2b30046 |
| SHA256 | 626b6d7fab9467eb2931db80bb5fd4419c61b2d86ca7df095b6b73d811fe5517 |
| SHA512 | 664dbf35ba1df330d650387552dde89483eda1913e6e420806169befd6cca68a78b38351c090684d2b5ee5f4b3ff476ee987c3f04e3658462dc59f883f059c10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\529ee60a780f9229_0
| MD5 | f17639c51f613b4f0a320e37ffbdb699 |
| SHA1 | 94b2f3919c748329f5fdca7d1361c3f6eebb6556 |
| SHA256 | 75967a57839a4f2db0fd39996553c6d4dee8fcdc020a7ac73d5cd87b4c24447e |
| SHA512 | 01a3ce7f5ae805cabc710d2ed4ce10cb895ea685b3516a21109e244428cf4c67763abb49de9db4c041fcc1c4e33ff50e50adc3646e3dc5cbef5b80660e022d19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\42eb60d64783d177_0
| MD5 | c23d1eb77fa0ad131097bca3565addb0 |
| SHA1 | 1a199a5c57e78bb6cb386ff9f8f1dde707000c3c |
| SHA256 | b437705fed30d02def1cfdba0fa8ef1a3d3bf8afda86bdcf8e7ac4a3510d4e8f |
| SHA512 | 9d221e58cf59962e055ab88e9cf58e8bbad35513f79b6d50feee92fa8652da8532fd42394b98762a5f5e3cceb3e57180818974799828c0176d916bba93eddc89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92391157d458a91c_0
| MD5 | 1f032fd5294c46d510b0196e360ab888 |
| SHA1 | c7f6039a8ee6754c13a35124b330f59b628f260e |
| SHA256 | a765caf12b05e3633befd587cd1631deda27e8b8a5c6eb4f2365a0629d9a0ca0 |
| SHA512 | 76b23a5e008ac213bb9e9dd11dfa69066b829c447095ce997e6e5a696c499840f7544d1d3e33d2309948bb345847d61788fd4f77ef3e0b8825151f1adb506946 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\697f56e1ca924d2f_0
| MD5 | 25bf9c304610131a7ec099b942db8815 |
| SHA1 | d06ad227ab009958d8f6d746d4f309fbdc922b98 |
| SHA256 | c7227662de146e8c152246766a31aa664b6fea0a49f0eb13bd2768304b781a0c |
| SHA512 | ff43458d77439b22e9741b341ccbc9022b56d0cfeb5a3e77bd5854d689895dfbb19ba08e9755103c44912d193265e222e6208cbdd45a855b7bb938817fdd47cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0595c3770068210e_0
| MD5 | 4f790038ad8e9d3e5cbbd9e30ddeaec9 |
| SHA1 | 0a47cca0d76536befca497c84e691702f1b9caf4 |
| SHA256 | 21b6167adc078a8eae280700d794e6b56e43216e3b5b43e0a823448ca1dfc00e |
| SHA512 | 90fa46463afbd7c9ad9302e3a09786d64f54e8db475f04410e072a4df9bd8a04a9ec28fa79988f9320701682b214423a21d13dff718106bfc201bcc5bf0dba8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\32025df6eb1a161f_0
| MD5 | fcc5bfa9251d2de74a11030be04d0a3b |
| SHA1 | 9c506e42f2fefc7a03c89de4c83d8a6e71da2825 |
| SHA256 | 04b2b70eb9adaeb46529800d3448ddeaf650199537a0fa495c645c03d55d8161 |
| SHA512 | 03b45db95b1ed0aa332996101d7762de749e00d136531373846ea286483a943dc3bc77f3a007c77c5778071adf00bdd30a089d15543b12fdc5d061fa8d54e2f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6839bd03726db62_0
| MD5 | 636aca00041858c6fa78770955e924d0 |
| SHA1 | e280234bbf96eee0c635a06580c122f4310a7aab |
| SHA256 | bd0fc6852b6ed6f342f70fe21e2fef672b734f7a22bac7d1cbd8e8e07030d4f3 |
| SHA512 | 1896a63f22ced5e8f9f087ebf2b44d676bb727e5739153a969ea8cc3cd9d725215a769f70b88784a579d022c642e09d394a3da65ec99d7138820bd52100e80f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7270c5871bb1e51a_0
| MD5 | 838975a46e5d9bfafe4d21c54efce6b8 |
| SHA1 | 90e095397d3922abb6251fc4b7c799a0606dd04f |
| SHA256 | c63a4eeae405adac04d8f55353777a19f9c43ebc55b370d877b98324a1ea46ce |
| SHA512 | 74384992f8d2e32a55217058726787961806074b9076eafa9cb3fff1028015f879a86bfff62f67e02df2a9c365aec1255aec20005136fc031e23d65813fa3917 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\079c108c6774085f_0
| MD5 | ee440286b67a7d953823fff4159ad7cf |
| SHA1 | 0019d9cb149278b93c094d9fa1d3bd89eb6f869f |
| SHA256 | 60a7eb39db5bf41de0ac2ca46e5188d42ca2e211c3ab2ab71e6308c08cbe6ef9 |
| SHA512 | e29a0031f20eab45de9692e53e1a021e07b3f459e8a0f046818ce92aa9fec6021f3a481688ffd1c6e530770d60bf5ac1ef396e010c115ce8ebdfbe8a4bd6ff2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4225b26574bae895_0
| MD5 | 5985395f78de3a0d87e5a77cc6aa7511 |
| SHA1 | b6df9f3ffa8eb6a21664de1570f204aba5264ff4 |
| SHA256 | 483334bf241b59080f81c5c55d89637df00495a8be4d7a1485dae97ee20a8ec1 |
| SHA512 | d451a17ab3419030b472c26d7b089f28e6004f3cd8ec08c5fc8c64c6684a6bdc7361b27f2f7224af14753b6cedcad8c34f3d48d598e54d4ff4869bf9f117265b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\423ce8329728b76e_0
| MD5 | 5f2127f045ebb173eb781ded214eeb1c |
| SHA1 | 728bb52e7f06f33c6bbd2b5a825885a4faaf9699 |
| SHA256 | e12cb59f63eea82b0f7e5f134dcd73cb1bd01889d42c5ba41f599446a061d6f2 |
| SHA512 | 59ac2b0d53e7c2d51ad2be1ecef7d32dd176fe5db90e838e0ecad45205f51a5785c99c36f95cfcb072574de20c013fe05b8378d3c78e2a6a4732ecb9e709e8c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 9d854bdc861763ee9fcbda718c20c13c |
| SHA1 | 89567fea9fcfd0ec610213e085ca09a735188372 |
| SHA256 | e007008300a66561bd131c52df35e188240b44bce7bd88d0f24ca1bc62863dae |
| SHA512 | 0039ce93837af96f2462ebd8d140005ab1a47a4f88fa97b7f4c35ce01146756902414205c4cbda2166d84f45450ffe91cbe5e0a8894dd868118e9f374a6ddb03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f873d1bcc5ecde8c45c6b5490b24597f |
| SHA1 | 279973b37dba0598e32032ada40edc674c79750a |
| SHA256 | fd96b7195739be3b71eb17054fa51dea9d9c7947ada5aedc5ff4a1d4bb2d468e |
| SHA512 | 3166bd9aeaf42e6d249fa6299f090f41dc1090136d1583e88b8672948ca31bbe382aacfbc1d6420b63b74b3609bf82c79f68ff873b2c7dea2e06db47fab70007 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55334c513544b5b1b90f6732f5e86bf5 |
| SHA1 | c5a0ec9a732dc31bcc53e2d45399510270d9a5c9 |
| SHA256 | 7e72cc1127d503dbd6c1a4cab1552b16f26463f61f0528be9ce77c8d59d9aa17 |
| SHA512 | 39da60ad9d78d1178f759d1d7825bc30718b6b346c023739151899d6b700641d2bb969d23b735302275393dc534be95d468b3350f3109f6d9bae0c4659226e1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f4ee8219bb36cb51d8eb0682247509f9 |
| SHA1 | f20d61ab27539b624ab949e7756b9585be953585 |
| SHA256 | 45aa276d884d14beadfedcbb1c54cfe09754c22c87c89f18a4fa05a839f236e6 |
| SHA512 | ee4b1c97ba4d6f08d89365e84c989bcd14f5d3339dd4c8fcdae097b07f0d1121b452ebe7691bbca8039176827a1318a8ad3294b7c14a536a8f979b3fffa2066f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0545ae2540cddc86812a8a3c90545219 |
| SHA1 | 931d283e5bba9c5c9c596b5c254265bd16274947 |
| SHA256 | 7fdc6b7bc3be8a547e616383aef63a0ee762e2ddb3b7bd9e800411116ce6b3ad |
| SHA512 | 0caa6f0a15f6c44a91493bb6b240a18046ab11203cca204200def9a1848efa05e05df4d033558e3f53cf5304252cf3095af91019b98b583f229aa330259dee81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e7cf3da96b15f805f6f8420995d775e9 |
| SHA1 | a81cb809619f5810d2df105f0eaab1a70400b787 |
| SHA256 | 3852981b80021c9c32a2ee92f7f097d597136030029d0c2a6fdeedefdd5301f9 |
| SHA512 | 4032b2aa667927d2e4d127b11ef9e75f5607b8527926f063b6eec48c857a36532ec9815ac84474891e5fe468588424c41cf2185d1eaee57fff992ad3ebe74d47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 2ad53ca42250bac8f8833d9471c4fc1f |
| SHA1 | 2cd5b076895fc36ecdbcde464d8b98bbf0b75d10 |
| SHA256 | a8b9f7cd62e3906a1a23950698a9f3657146b1cb11a789deaf97c6796a53f301 |
| SHA512 | 71c311de1a7e9312f371a961989e2933008437397763c6d9806ce721728e7fb00b0fc8d8dadc3cb75b6d4d6caa75ca295181c3c0c0d1b92ddf143282f22224cd |
C:\Users\Admin\Downloads\HwidChecker-main.zip.crdownload
| MD5 | 56e8327d7854a0a1237cdda713299773 |
| SHA1 | 228ec634250a41884cb0633d7c2983e51b14b82f |
| SHA256 | 0c9fa005f4e94bf7572c9e2e4fd98cbbe508d7a9ca4092705f37ba0204c910cd |
| SHA512 | 8cfb21f5434e889bc5fdcef333c42e708dc57aa7f4b11264dd28548598ba9d86f40986e13122f9bb57fe75b828de442acac0c40e98b8d001183a1b10a4d3b43a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1e426446277fc9157e65ddc73c7df759 |
| SHA1 | d06a69fe58df939e370184282f30add28c7c77ff |
| SHA256 | 732e84afd119ec29836c50813e6e4f073e4c85907f6ee46497191101b47de4a0 |
| SHA512 | 41dc44a8c5003aca79705f1f236af2eb104e6c6c71d89eabc5c54221b98c7fea12c5d2fa9096b2c673e4c48d4f27a66f46f3340a80421221e21da185c96347dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80c22a2350ff600fa3749388095c3031 |
| SHA1 | 4d4249973d16097cc1007e23018cd9531ceab996 |
| SHA256 | 3145edbe5da65585a2a1d43ff052312dc449b4ac02b231b3b10f475d254a1998 |
| SHA512 | 8ac099cd4efb28019906ad2f4fc2e82432e2a0884a07d297c9df9a5e6cc54332a5270fc05c8662dfc3dd323a6721811c868073309c7707910dbca1d8287b103b |
memory/4872-659-0x00007FF9C0CF3000-0x00007FF9C0CF5000-memory.dmp
memory/4872-660-0x0000000000B10000-0x0000000000E34000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f7e5c95b7d5ef8df647d295f2d2f2a13 |
| SHA1 | 99bc0eabc19c4030dbc6df3494b5596d30807f4d |
| SHA256 | 5049f81d269650f603d4b5f9f6dae236a461444cadbf232fa67417a7d554d3c3 |
| SHA512 | 480bc556e7d30d82ce709e56db6b63937d94fe40d74589ad301d5e191e3073bb6dc5c9edbdc3739bef5e1560bb5fe16e225f6b7c7f9634056a41cff85da49c3e |
memory/4872-670-0x00007FF9C0CF0000-0x00007FF9C17B1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a6dc5f39d8577e4e6ab258880c40e3f |
| SHA1 | dcc731d0a146633f8ff19c4694e64bb6a6e85ac4 |
| SHA256 | 113bdbf626bfe2ee44e26e7c6ff691b130cf9f6f8e6a2d006cd7345a17f727a9 |
| SHA512 | 2e72d509ddf75d1460bf595427f005a22a793d5948c72b5fcbb3e107181c13f535e9724ce7eeefc1b28b4d713e0558bfe5ec6d5e585aef5a5e5cf52e6b1749cd |
C:\Users\Admin\AppData\Roaming\SubDir\HwidChecker.exe
| MD5 | b6f7686e5d162b9ad7fc3c829c98f2e8 |
| SHA1 | 9262f36af2986a6c8459b91a76064b1a86f66550 |
| SHA256 | 3aad476bc33ebbca38d7def91669e379a3563aaa7f5beddf9cfa0994946a2294 |
| SHA512 | 506691916a3fd10b0470069e1afaaf18473cfd9025fd3c2b3359bb780ac36250142bc02237778bb2a58d534f31b97c7423d2b98797565a275e3ccc1fb14f57ad |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HwidChecker.exe.log
| MD5 | baf55b95da4a601229647f25dad12878 |
| SHA1 | abc16954ebfd213733c4493fc1910164d825cac8 |
| SHA256 | ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924 |
| SHA512 | 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545 |
memory/4872-687-0x00007FF9C0CF0000-0x00007FF9C17B1000-memory.dmp
memory/1292-688-0x000000001C400000-0x000000001C450000-memory.dmp
memory/1292-689-0x000000001C510000-0x000000001C5C2000-memory.dmp
memory/1292-690-0x000000001CC00000-0x000000001D128000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2c8e1bf4d928397ba9e1182cb9dc597 |
| SHA1 | c39539526440920ad231a1259c1fea540836e66b |
| SHA256 | 20f520d2beb56078f191cc4bc50d22868b9d833cfd2f28ff1527c4a0eb6c54a2 |
| SHA512 | 0ecd506c062e82efb3cb53ca3a380f4fa7be14cdc9926adfe8263f0b7d58c4071aae15b167968516491e1b0cdca88ef78a7615c7d5280252676f5777d56a4ab7 |