Malware Analysis Report

2025-01-18 04:12

Sample ID 241030-qm5vqavanj
Target TempWoofpriv.exe
SHA256 72f27c509e27de2edbe9d98fa9258624260d3cabd7b9932636dceb610180d7ef
Tags
office04 quasar discovery spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

72f27c509e27de2edbe9d98fa9258624260d3cabd7b9932636dceb610180d7ef

Threat Level: Known bad

The file TempWoofpriv.exe was found to be: Known bad.

Malicious Activity Summary

office04 quasar discovery spyware trojan

Quasar payload

Quasar family

Quasar RAT

Executes dropped EXE

Browser Information Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 13:23

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 13:23

Reported

2024-10-30 13:26

Platform

win7-20241010-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-30 13:23

Reported

2024-10-30 13:26

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747682895861970" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1312 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe C:\Windows\SYSTEM32\schtasks.exe
PID 1312 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe C:\Windows\SYSTEM32\schtasks.exe
PID 1312 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 1312 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
PID 1996 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 1996 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4280 wrote to memory of 4816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 3220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4280 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe

"C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc071bcc40,0x7ffc071bcc4c,0x7ffc071bcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4792,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4704,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4536,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
N/A 192.168.1.28:4782 tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
N/A 192.168.1.28:4782 tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 chrome.google.com udp
GB 142.250.200.46:443 chrome.google.com tcp
N/A 192.168.1.28:4782 tcp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 store5.gofile.io udp
FR 31.14.70.244:443 store5.gofile.io tcp
FR 31.14.70.244:443 store5.gofile.io tcp
US 8.8.8.8:53 244.70.14.31.in-addr.arpa udp
N/A 192.168.1.28:4782 tcp
N/A 192.168.1.28:4782 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
N/A 192.168.1.28:4782 tcp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp

Files

memory/1312-0-0x00007FFC0E973000-0x00007FFC0E975000-memory.dmp

memory/1312-1-0x0000000000070000-0x0000000000394000-memory.dmp

memory/1312-2-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

MD5 b9aee7a92f002f80a6b04c252b05bb29
SHA1 4e186ba6d401d5e45627ac789d3cf22d19698b8c
SHA256 72f27c509e27de2edbe9d98fa9258624260d3cabd7b9932636dceb610180d7ef
SHA512 b3f899e279c6f72cb8517160b747bcd44339909b61a82e4304d1e29e9e5da9506acdde8531d25ed3a3506781743c74427437dcfc6981bc992fdb5d83652cb6cd

memory/1996-9-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp

memory/1312-8-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp

memory/1996-10-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp

memory/1996-11-0x000000001BC80000-0x000000001BCD0000-memory.dmp

memory/1996-12-0x000000001BD90000-0x000000001BE42000-memory.dmp

memory/1996-13-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp

memory/1996-14-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp

\??\pipe\crashpad_4280_NBDFFXHVHDCJCOMO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 2038347894c3143ae9c82c28cae0af52
SHA1 f998f0b2108e6839275503e125df4424a58ea829
SHA256 a71937115a253d87479324e53296e40ea0f56c25070fff0a41a86c9bbb950559
SHA512 e75792e4e48db2645273aa1049d8f80f2ff5a476a4341406fac47293c4025804dad6e457484a1176a9927975db8989497cfc73f5ed6d86bd7015c6fd2056e01e

memory/1996-63-0x000000001C6C0000-0x000000001CBE8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\823157a8-3177-4536-88ce-72e8921ebcb5.tmp

MD5 c813df4ca242dac533e3f9bd675d048d
SHA1 828bb4ca5cd395a5c81866d48eb68a3121f9bbaf
SHA256 d97fee35808589662efb042d9f53e1267924fa97cd9306a5bb0c9201f4286fa8
SHA512 8a715ba97244c3c4ec74035182e84622d09f3eb26a9da4ea6cca96f6c93ca51b25e1bd86ca4fc84f964e390531129762009cd4d5401ad87833b817378c9f817c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5d2fddbaa455b6cd1ad7f13a89ccad8
SHA1 2a85bb2182560a8a3e86f3e6ec8a4c27021779d5
SHA256 e080c0af303c77fff0e36794c398806769bd60ec3bbecda41d353883da128b31
SHA512 dc0d3c3d5983576599317ed4cdfc3907dcbe657289838ab66bef9a7e786b48d825ee1ce4b4cc20af013e6d1db06e1dfee57778e427bae8f4b4e897088870e88d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e900a3f0693b54bdf1de919b21fa687
SHA1 bc319e729a5c46494286a4aaa44f6c8043c781f0
SHA256 b8710233688b5c0f2aaa43507a73ad73cd47c592709d640d8969e7e6a94b8902
SHA512 0ce56a03d5dca777d8c080523841e5c054333b1c551463645135803cc8590dbc70a0515859fd977879854a7744858584fa57bee7d025ba0b9441a0f9475ba09d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 966748dca6119cc3023a735c4e73d83c
SHA1 7834b3827a4f8b236266cd20da77339754aa4a34
SHA256 ad9f18c02521a4700935a36ed909ea07e42d1148e3f3048e74cff0ea50551e3d
SHA512 b288d17264636d59c2a2b94c3a70c8f7e63a0791064f30a7dcdd295ec56a64d51e2b8c346bc7530858774d1e980c9de0a7c6c67a8fe00f405bdeb3f5d17ac324

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a55f0a9d8545d494550766cf529773e8
SHA1 78c79595e7aae1a7b1bdf7bbaba7566364ccc578
SHA256 e47eca06ff21ba1ce32fa217bcbf5192353b053e5e08a701439285c31559a737
SHA512 c87167b0f0ba1f88c45238feeaefbe523ae475e777e0c0186d0a9922d4acddc1bbbc3f1073a6c3b7f4bc5da0d08e18bf3c3ecddce69128e0f33669e8f26d3c20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d8aaf7d5102cc23a0fc90a454e9269d
SHA1 ab996107e41df3fa0dd102fcfb4ece7df73669bd
SHA256 d1a2ce7c8804770bf5ed476f25ba52ccfedce60d1fdb59a7991cc10015ab8693
SHA512 d9f8ed96bc829e3475b5a05e7ee70b73cd8067d6e745953fb3cb83446f9926fdd8eb069b05c35e39baa1db2be375b7635088009128435553fdb7b69159790d46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0fc9d026bcbe7efc7850d2ac0f7e6694
SHA1 5d58f98c47d7661a57a5fd7869373a222a6ffa47
SHA256 c5b28828e5993912ea3720caf68d4492470831d0ac28c3d2cfb5e6748aebc902
SHA512 6362284df166a438af2a7dfb91f82629802691d38ede6acb57f3957ce9347e25c216d4a1a4322b849f95881c02653828cb8aebedaa06666b44e07bd227736800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d564f05bda2f8e851700a557196223b
SHA1 51df69026300d75f39adf969fc64d7109abaeb89
SHA256 0265da7cf0d58ada39f6bd21cf2e449fe9cef8395f8f18e453433818e72d7bd1
SHA512 95c43b34ded605a9eefc824ffebded1d1cd484b4468496caa2ea636ce318c2d7c712314378183dd19a71cede6ad7b89d862293bdeaad1e87b05608d374c1112e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ed09d997e91dfb320fc7b068105783f0
SHA1 6b91159c90bb6aee575cae126384ff4e2dc99fb1
SHA256 116ef76b3088572ebed4e5ba8083fc789472866665f9610b3fbd34da33b6448c
SHA512 2120fe08dde252a885a957867c3486fa9b8a5e795c2dfce211331c3b193a38a9c92c800a93b095df77c1310e1a5b80bfb88e67e5b4ed418eddd5e5d1462227e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e6d9664b988f11dd8be8a70d3619a35
SHA1 cbc79bf6addcf5c520356371826e42c188feecc7
SHA256 8fff9341a65990d869160eb208ac6fb64dab1f97591920048fef05051df634c6
SHA512 6deb4420ecf5fb0bad421fc161698a93b9d8f667fde28f8dd2bce97a9475e5920f2a58adc675ca8fa7d082ec5d0f0593337e42495313d51a7687a0586b71f107

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b00cef043729defd9ae0da6c2072f067
SHA1 9b64fec158a0c457dc9afc65ac806d142edb0c80
SHA256 b9853f3d03364ccde9d767d786ea0193ef2035f66ceb59fe152b3bb6c45af8ab
SHA512 a1cc2347800131cf5b5a2830ff2d6aa7736da43317950bb96b7c8db403c800299ac73ce79952e2fbe5a0f868e8205c50c31a24c6e426392a5390d6da8856069b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0989cb584fef70557e66c936e2e2e44
SHA1 06660e1586dd106b773a688ad9367fa14d33dfc5
SHA256 23487a81aaceccebbf115715d27b030b84f232a641a752284fd66e67b58808d8
SHA512 9ff0952a8b2a04962e4e3d89cfc9f8aaf9689ee3725f36a713c762ce221404230b41bc007ca745d9563174a396fdb38918dbe9e3972e6efff5125e8b4d008763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 57530b1498cdc380f63f1b0da187311e
SHA1 d84ebbefc9e1ba9f47deca7831b488d3f51704d7
SHA256 c0207e8072b0f0de778952e2bbf661e1f7f0e3a19ebff56435a643a7ab0b1a6f
SHA512 b750e45823b0f57c8e8a5bd10b909bc896264bffd876d10670ecfa70d4406706e33be5dd0483977ace91e09c1a2b37021e0db5c92e6c343b1b529719c5092931