Analysis Overview
SHA256
72f27c509e27de2edbe9d98fa9258624260d3cabd7b9932636dceb610180d7ef
Threat Level: Known bad
The file TempWoofpriv.exe was found to be: Known bad.
Malicious Activity Summary
Quasar payload
Quasar family
Quasar RAT
Executes dropped EXE
Browser Information Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-30 13:23
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-30 13:23
Reported
2024-10-30 13:26
Platform
win7-20241010-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-30 13:23
Reported
2024-10-30 13:26
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747682895861970" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe
"C:\Users\Admin\AppData\Local\Temp\TempWoofpriv.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc071bcc40,0x7ffc071bcc4c,0x7ffc071bcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4792,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4704,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4536,i,10565294674190564305,13869059269141812474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| N/A | 192.168.1.28:4782 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 192.168.1.28:4782 | tcp | |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| GB | 142.250.200.46:443 | chrome.google.com | tcp |
| N/A | 192.168.1.28:4782 | tcp | |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store5.gofile.io | udp |
| FR | 31.14.70.244:443 | store5.gofile.io | tcp |
| FR | 31.14.70.244:443 | store5.gofile.io | tcp |
| US | 8.8.8.8:53 | 244.70.14.31.in-addr.arpa | udp |
| N/A | 192.168.1.28:4782 | tcp | |
| N/A | 192.168.1.28:4782 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| N/A | 192.168.1.28:4782 | tcp | |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
Files
memory/1312-0-0x00007FFC0E973000-0x00007FFC0E975000-memory.dmp
memory/1312-1-0x0000000000070000-0x0000000000394000-memory.dmp
memory/1312-2-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | b9aee7a92f002f80a6b04c252b05bb29 |
| SHA1 | 4e186ba6d401d5e45627ac789d3cf22d19698b8c |
| SHA256 | 72f27c509e27de2edbe9d98fa9258624260d3cabd7b9932636dceb610180d7ef |
| SHA512 | b3f899e279c6f72cb8517160b747bcd44339909b61a82e4304d1e29e9e5da9506acdde8531d25ed3a3506781743c74427437dcfc6981bc992fdb5d83652cb6cd |
memory/1996-9-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp
memory/1312-8-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp
memory/1996-10-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp
memory/1996-11-0x000000001BC80000-0x000000001BCD0000-memory.dmp
memory/1996-12-0x000000001BD90000-0x000000001BE42000-memory.dmp
memory/1996-13-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp
memory/1996-14-0x00007FFC0E970000-0x00007FFC0F431000-memory.dmp
\??\pipe\crashpad_4280_NBDFFXHVHDCJCOMO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 2038347894c3143ae9c82c28cae0af52 |
| SHA1 | f998f0b2108e6839275503e125df4424a58ea829 |
| SHA256 | a71937115a253d87479324e53296e40ea0f56c25070fff0a41a86c9bbb950559 |
| SHA512 | e75792e4e48db2645273aa1049d8f80f2ff5a476a4341406fac47293c4025804dad6e457484a1176a9927975db8989497cfc73f5ed6d86bd7015c6fd2056e01e |
memory/1996-63-0x000000001C6C0000-0x000000001CBE8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\823157a8-3177-4536-88ce-72e8921ebcb5.tmp
| MD5 | c813df4ca242dac533e3f9bd675d048d |
| SHA1 | 828bb4ca5cd395a5c81866d48eb68a3121f9bbaf |
| SHA256 | d97fee35808589662efb042d9f53e1267924fa97cd9306a5bb0c9201f4286fa8 |
| SHA512 | 8a715ba97244c3c4ec74035182e84622d09f3eb26a9da4ea6cca96f6c93ca51b25e1bd86ca4fc84f964e390531129762009cd4d5401ad87833b817378c9f817c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5d2fddbaa455b6cd1ad7f13a89ccad8 |
| SHA1 | 2a85bb2182560a8a3e86f3e6ec8a4c27021779d5 |
| SHA256 | e080c0af303c77fff0e36794c398806769bd60ec3bbecda41d353883da128b31 |
| SHA512 | dc0d3c3d5983576599317ed4cdfc3907dcbe657289838ab66bef9a7e786b48d825ee1ce4b4cc20af013e6d1db06e1dfee57778e427bae8f4b4e897088870e88d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5e900a3f0693b54bdf1de919b21fa687 |
| SHA1 | bc319e729a5c46494286a4aaa44f6c8043c781f0 |
| SHA256 | b8710233688b5c0f2aaa43507a73ad73cd47c592709d640d8969e7e6a94b8902 |
| SHA512 | 0ce56a03d5dca777d8c080523841e5c054333b1c551463645135803cc8590dbc70a0515859fd977879854a7744858584fa57bee7d025ba0b9441a0f9475ba09d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 966748dca6119cc3023a735c4e73d83c |
| SHA1 | 7834b3827a4f8b236266cd20da77339754aa4a34 |
| SHA256 | ad9f18c02521a4700935a36ed909ea07e42d1148e3f3048e74cff0ea50551e3d |
| SHA512 | b288d17264636d59c2a2b94c3a70c8f7e63a0791064f30a7dcdd295ec56a64d51e2b8c346bc7530858774d1e980c9de0a7c6c67a8fe00f405bdeb3f5d17ac324 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a55f0a9d8545d494550766cf529773e8 |
| SHA1 | 78c79595e7aae1a7b1bdf7bbaba7566364ccc578 |
| SHA256 | e47eca06ff21ba1ce32fa217bcbf5192353b053e5e08a701439285c31559a737 |
| SHA512 | c87167b0f0ba1f88c45238feeaefbe523ae475e777e0c0186d0a9922d4acddc1bbbc3f1073a6c3b7f4bc5da0d08e18bf3c3ecddce69128e0f33669e8f26d3c20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d8aaf7d5102cc23a0fc90a454e9269d |
| SHA1 | ab996107e41df3fa0dd102fcfb4ece7df73669bd |
| SHA256 | d1a2ce7c8804770bf5ed476f25ba52ccfedce60d1fdb59a7991cc10015ab8693 |
| SHA512 | d9f8ed96bc829e3475b5a05e7ee70b73cd8067d6e745953fb3cb83446f9926fdd8eb069b05c35e39baa1db2be375b7635088009128435553fdb7b69159790d46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0fc9d026bcbe7efc7850d2ac0f7e6694 |
| SHA1 | 5d58f98c47d7661a57a5fd7869373a222a6ffa47 |
| SHA256 | c5b28828e5993912ea3720caf68d4492470831d0ac28c3d2cfb5e6748aebc902 |
| SHA512 | 6362284df166a438af2a7dfb91f82629802691d38ede6acb57f3957ce9347e25c216d4a1a4322b849f95881c02653828cb8aebedaa06666b44e07bd227736800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d564f05bda2f8e851700a557196223b |
| SHA1 | 51df69026300d75f39adf969fc64d7109abaeb89 |
| SHA256 | 0265da7cf0d58ada39f6bd21cf2e449fe9cef8395f8f18e453433818e72d7bd1 |
| SHA512 | 95c43b34ded605a9eefc824ffebded1d1cd484b4468496caa2ea636ce318c2d7c712314378183dd19a71cede6ad7b89d862293bdeaad1e87b05608d374c1112e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ed09d997e91dfb320fc7b068105783f0 |
| SHA1 | 6b91159c90bb6aee575cae126384ff4e2dc99fb1 |
| SHA256 | 116ef76b3088572ebed4e5ba8083fc789472866665f9610b3fbd34da33b6448c |
| SHA512 | 2120fe08dde252a885a957867c3486fa9b8a5e795c2dfce211331c3b193a38a9c92c800a93b095df77c1310e1a5b80bfb88e67e5b4ed418eddd5e5d1462227e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0e6d9664b988f11dd8be8a70d3619a35 |
| SHA1 | cbc79bf6addcf5c520356371826e42c188feecc7 |
| SHA256 | 8fff9341a65990d869160eb208ac6fb64dab1f97591920048fef05051df634c6 |
| SHA512 | 6deb4420ecf5fb0bad421fc161698a93b9d8f667fde28f8dd2bce97a9475e5920f2a58adc675ca8fa7d082ec5d0f0593337e42495313d51a7687a0586b71f107 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b00cef043729defd9ae0da6c2072f067 |
| SHA1 | 9b64fec158a0c457dc9afc65ac806d142edb0c80 |
| SHA256 | b9853f3d03364ccde9d767d786ea0193ef2035f66ceb59fe152b3bb6c45af8ab |
| SHA512 | a1cc2347800131cf5b5a2830ff2d6aa7736da43317950bb96b7c8db403c800299ac73ce79952e2fbe5a0f868e8205c50c31a24c6e426392a5390d6da8856069b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d0989cb584fef70557e66c936e2e2e44 |
| SHA1 | 06660e1586dd106b773a688ad9367fa14d33dfc5 |
| SHA256 | 23487a81aaceccebbf115715d27b030b84f232a641a752284fd66e67b58808d8 |
| SHA512 | 9ff0952a8b2a04962e4e3d89cfc9f8aaf9689ee3725f36a713c762ce221404230b41bc007ca745d9563174a396fdb38918dbe9e3972e6efff5125e8b4d008763 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 57530b1498cdc380f63f1b0da187311e |
| SHA1 | d84ebbefc9e1ba9f47deca7831b488d3f51704d7 |
| SHA256 | c0207e8072b0f0de778952e2bbf661e1f7f0e3a19ebff56435a643a7ab0b1a6f |
| SHA512 | b750e45823b0f57c8e8a5bd10b909bc896264bffd876d10670ecfa70d4406706e33be5dd0483977ace91e09c1a2b37021e0db5c92e6c343b1b529719c5092931 |