quasar | 8a31693ddf8924f144ba19a8802766188bd13f1ed7eea7c226eb0e01a9e47685

Analysis

max time kernel
198s
max time network
199s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-11-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PORQUEPUTASYANOSIRVE.7z
Size

923KB
MD5

d757d40193d311216967491e36fc2ba4
SHA1

2dd90fa74c489da4f85bdf301053230b480a31fa
SHA256

8a31693ddf8924f144ba19a8802766188bd13f1ed7eea7c226eb0e01a9e47685
SHA512

9be26ab222457605eea0c42a4dbcfa80154cb384e6abf0db6a010fcca172a0eda8792b9e3fff9d67717f095f67448d9310c7e049f7fea8dd5907afe8bd462921
SSDEEP

24576:q9gl2kNvEE7GFdGqXsShFTAkBojKLUI56eGk:46vbIGqXscAkW+h1

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0028000000045060-2.dat	family_quasar
behavioral1/memory/5104-5-0x0000000000420000-0x0000000000744000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
5104	PORQUEPUTASYANOSIRVE.exe
1976	Client.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768007437143401"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4116	schtasks.exe
4160	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1556	chrome.exe
1556	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3224	7zFM.exe
Token: 35	3224	7zFM.exe
Token: SeSecurityPrivilege	3224	7zFM.exe
Token: SeDebugPrivilege	5104	PORQUEPUTASYANOSIRVE.exe
Token: SeDebugPrivilege	1976	Client.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3224	7zFM.exe
3224	7zFM.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1976	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4116	5104	PORQUEPUTASYANOSIRVE.exe	93
PID 5104 wrote to memory of 4116	5104	PORQUEPUTASYANOSIRVE.exe	93
PID 5104 wrote to memory of 1976	5104	PORQUEPUTASYANOSIRVE.exe	95
PID 5104 wrote to memory of 1976	5104	PORQUEPUTASYANOSIRVE.exe	95
PID 1976 wrote to memory of 4160	1976	Client.exe	98
PID 1976 wrote to memory of 4160	1976	Client.exe	98
PID 1556 wrote to memory of 4112	1556	chrome.exe	102
PID 1556 wrote to memory of 4112	1556	chrome.exe	102
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4640	1556	chrome.exe	103
PID 1556 wrote to memory of 4488	1556	chrome.exe	104
PID 1556 wrote to memory of 4488	1556	chrome.exe	104
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105
PID 1556 wrote to memory of 4776	1556	chrome.exe	105

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\PORQUEPUTASYANOSIRVE.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3224

C:\Users\Admin\Desktop\PORQUEPUTASYANOSIRVE.exe
"C:\Users\Admin\Desktop\PORQUEPUTASYANOSIRVE.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4116
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffd7f94cc40,0x7ffd7f94cc4c,0x7ffd7f94cc58
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:528
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff7ffa54698,0x7ff7ffa546a4,0x7ff7ffa546b0
    3⤵
    - Drops file in Windows directory
    PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4852,i,8564090336992190212,17593775205681710487,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4504

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ae74aa4569d37a7247730da9291ce6ea

SHA1
285cbb427c196314f7acc6354be81178c3188672

SHA256
c99bd438d1fd3e17ceeb1a57aebe9c189c64283b2185b978ed6ad2b615e95c92

SHA512
8f021bbcf46a47d18f88c1a16b8250fd27f156297ff7c94d9d0238ee23793d26e3ec156b7a4a91df2c9e4f1d2efcf2a7f17b810b7d71a759652f922fb3bb61ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0a6aab60eb93abbccd4b303bc0affaa1

SHA1
a1c4521d506f8e3a30fe0b6282abe2195ae99604

SHA256
1384568e6f6603dea31a47d91facb9101923ae4df746a049ff7288fb1df1eeea

SHA512
c34be4e4340a2799f1db2d4d9bc4b91f0f1d6fba0d644cc23c1793c950b8c72b77efeddc3c2575bbf54ae43e7d1de7c4aaa913ee3083143801c09176e985e827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
56c2db0d02a05e580ddf4804d91bc19d

SHA1
a450b3ad4115cde63250cd3b245ec0bc8a110b1f

SHA256
efaac79a26451c291fa9d3782bb826bdd2fdd6f423eb9278467bf0ab1d2fc768

SHA512
8cd795f4a4f307473ed2c64204f470c1c84428bc2d321d32d6cff54ad87b8dd4fec05f10a960e88abcb46ae5964acf15f7c6b46336ea71112cbb2c9392644b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2c92b01e7ce8e53b2baefc574b7136f6

SHA1
c2e4265cbee2a7f80f850036ad52bea8853c7fe0

SHA256
d44ed8e6dc775467560b4f3fe3c7ecfd810bcfd53eedac1deb6b74a4de392d53

SHA512
583574c518c427175b4874042809702c28d6de05256862662edf03430ab11cd3e1ab6c00c2cf6bdc1e293aa03e716fc67d3b0e8b6e5d7dde1e807cf2e2a299fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
85f86f89368845932c82641b3bbd48dd

SHA1
cc7bd65d6908b2f4b8e788490ea01d447f1482ef

SHA256
0f6384617049b151b77b6025373fa9533e56c6d8f4975f74edb2a37acbaaf94c

SHA512
fbe69a8acfd3ed7e3ad766d76380de4a15c5b673d78da60c4d1c366315030ca14856a743519846ea6c90e27b0aaf563545fc2d04868d8b6597e930edcd1dba23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
f023015893d9471d4855dcf785067c84

SHA1
5f6ef86634ab8c52d5562b86ccf7a16ad35ec901

SHA256
433caf1adec2a447961f3b71aaa1acb99731b63b9270dabbcb4fdecb0c9db4d4

SHA512
cd2f730453f48c7f98322c0dd5d96efb7423c5ce5310459cc9cbf46a92034435f543db23b2c0629335c7daeecd59675b21924482f2c3bad0ce1c384d8bbbb7e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5286ae4fd6325a767fabc599e638ccd1

SHA1
0b6821f09c23f0401b45dc29c7f9e55afbb97024

SHA256
d10866cfa542acd852b04b8a12f3ba426537bacc9a95e1f120cc8339e7a4ec38

SHA512
a5281a8fa6f091fd0ee0efeee1505ed969ece927aaf1155ca4fa83cc390945d711c4ffd49c206bf2452d0a804efd8ed3ba47bc53b17ba1891cf252a37e69af39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
168f9d8e226b52704875ba123d8a40c5

SHA1
8c00472396052a02100ba88f8f0bfb8c69f1e8cf

SHA256
e089bf862b972f35f8e5884dc8f052b93fc010d8c65848cfebee089fe232c968

SHA512
7a51f6fdb7f8b6bc15492b11509150e66a12288cfa9166a6785ef6291423af86ed5f2953d15e2f5e2228294390f53b7ec04c30b52284999be785a77da78c42f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1a9a67d344beff4bdea894d58362595

SHA1
43136bbbf3e7ddb94db8fc12f4ac5872f6c472a2

SHA256
c51dce791bd122941e20e9debd76c371855749bb1e8ad676c11fa7ffcb3389dd

SHA512
0e24cffb909fc9d93abd0e5885125eec4451d25169e4158a0d9193892fef27084a0d29de042544530514cbdf7a17c0bedce5c5a6a7b675db79e71d27e3485dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a627cbea3bee4418fe00c02c0fd25c40

SHA1
fb9b4e836e0ff5aa458145aaeb5d54a451eb6e69

SHA256
374a1be7ed98671197540431f8cf1fa5f75ad4ea6b89242bb58bb26ff82d83dc

SHA512
99dd6293900b323e2cf2f70555104861e758844c953c16bccd630482ae62580dfeff341ca2e767dcb62f073077d19faed33be39e38ca37ceaf55e7f1627f5785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c21c4b90f2ce3da452472e28e471ccc

SHA1
88e2d4da2da557f01db1ec76dccaa910954615d8

SHA256
67544f7fc5dfb33e8f28691a1bacc8cccb87d5a188e3463bad9b1e7898c44eb7

SHA512
a3fe4679f89ea7b3469d641f3f1aaa91085aa73d3d7e12c274b3e857c12d1265d3269ea203376875dd61777b546b9dddb2a892889e28a806570cc8f878581247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a95fe58b516ffe1f0511111b58b98830

SHA1
7ec2f608c0c97625faaf5c86aa0b092fe7d2e26e

SHA256
6a04ea4ae8dcd6b487da9e2d31afcdb73b94aaf419192144353ca4fb2dfec53f

SHA512
2906fbbcf12a4bb459cc77444a7926d3ac70ed2275dc0a99675258134acf57d36d0aa5126ee09cc36ba76f16ebdc016a27362199d4da49b20590fea216233703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
d710badea6e04fb766d455682b320940

SHA1
18b301a4014ff7fb5a6a7eefa0a57ebca69bcd38

SHA256
1ac2e911d46e3df5296a67f8fec143936f77278c04604240b041ac093ce4f4ea

SHA512
c8b2f8520562487349b01f5d3972ff882d37f0fc98f9464eb13fa8e7587f80ce4708763e9d8032cbdc19c791fcab8dcc918125538d6ade8083179b8f4bdfbfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
4f5dbd8eaa3e3bf65a3601da12f44d13

SHA1
86164fa84be2b90e95cbcef962f3bad9a2062f77

SHA256
929c9fc033163edf3c028355ae533231af205823657ad778265105e2b0c48ba1

SHA512
34bed516f39b9734f313a0e6975bab3502761094c75b05109c0aa84b160901bef0d84ef5f286d42b7d98a1e3b1f9ea1186a6ba8a87403f9988be60cb53bb6882

Download Submit
C:\Users\Admin\Desktop\PORQUEPUTASYANOSIRVE.exe

Filesize
3.1MB

MD5
73565f33ed4d8741291cbb30409f1727

SHA1
4d3a54b28f3ea80f884a25905e27165bdc353109

SHA256
aafe953e627f9e733e101d7211f0c9594dbdf82ec4019b2c9aa361cbc478f0de

SHA512
d897b098ddcdc94ac9177bc9a90b700c8b9a7cfafa74f729beebf74a094f76a7bd69e764711bdfedcdd231465daef16e937676e391ca2c010df03fecc863b583

Download Submit
memory/1976-40-0x000000001DF80000-0x000000001E4A8000-memory.dmp

Filesize
5.2MB

Download
memory/1976-15-0x000000001D540000-0x000000001D57C000-memory.dmp

Filesize
240KB

Download
memory/1976-10-0x000000001C830000-0x000000001C880000-memory.dmp

Filesize
320KB

Download
memory/1976-14-0x000000001C8C0000-0x000000001C8D2000-memory.dmp

Filesize
72KB

Download
memory/1976-11-0x000000001C940000-0x000000001C9F2000-memory.dmp

Filesize
712KB

Download
memory/5104-5-0x0000000000420000-0x0000000000744000-memory.dmp

Filesize
3.1MB

Download
memory/5104-4-0x00007FFD6EDA3000-0x00007FFD6EDA5000-memory.dmp

Filesize
8KB

Download
memory/5104-9-0x00007FFD6EDA0000-0x00007FFD6F862000-memory.dmp

Filesize
10.8MB

Download
memory/5104-6-0x00007FFD6EDA0000-0x00007FFD6F862000-memory.dmp

Filesize
10.8MB

Download