quasar | 9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908

Analysis

max time kernel
98s
max time network
99s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-12-2024 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Panel Ejecutador MTA 3.14.zip
Size

1.1MB
MD5

d345c2eb24b0d3806865fda604ad1cc8
SHA1

6b813317f6108f2c242babda58097070503df242
SHA256

9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908
SHA512

76c941b833ffcef6da121c2e2735952ed81cbf7c6a6260a227040d37abf0adaa41461045c69710331345d52d95aac89ddf0a256ebc85fbdb2ed703106999ab74
SSDEEP

24576:ioRau4l48JTUIlfSsqFDxCs3+UgQYuX370FBZa:ioRUv5UIYsqOs3+UPY234m

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/files/0x0028000000045076-3.dat	family_quasar
behavioral1/memory/972-5-0x0000000000AF0000-0x0000000000E46000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

Processes:

Panel Ejecutador MTA 3.14.exeWindowsUpdate.exe

pid	Process
972	Panel Ejecutador MTA 3.14.exe
2868	WindowsUpdate.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133776892016635786"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

Processes:

schtasks.exeschtasks.exe

pid	Process
2244	schtasks.exe
4132	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid	Process
1020	chrome.exe
1020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid	Process
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exePanel Ejecutador MTA 3.14.exeWindowsUpdate.exechrome.exe

description	pid	Process
Token: SeRestorePrivilege	1180	7zFM.exe
Token: 35	1180	7zFM.exe
Token: SeSecurityPrivilege	1180	7zFM.exe
Token: SeDebugPrivilege	972	Panel Ejecutador MTA 3.14.exe
Token: SeDebugPrivilege	2868	WindowsUpdate.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

7zFM.exechrome.exe

pid	Process
1180	7zFM.exe
1180	7zFM.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

WindowsUpdate.exe

pid	Process
2868	WindowsUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Panel Ejecutador MTA 3.14.exeWindowsUpdate.exechrome.exe

description	pid	Process	procid_target
PID 972 wrote to memory of 2244	972	Panel Ejecutador MTA 3.14.exe	94
PID 972 wrote to memory of 2244	972	Panel Ejecutador MTA 3.14.exe	94
PID 972 wrote to memory of 2868	972	Panel Ejecutador MTA 3.14.exe	96
PID 972 wrote to memory of 2868	972	Panel Ejecutador MTA 3.14.exe	96
PID 2868 wrote to memory of 4132	2868	WindowsUpdate.exe	97
PID 2868 wrote to memory of 4132	2868	WindowsUpdate.exe	97
PID 1020 wrote to memory of 3468	1020	chrome.exe	103
PID 1020 wrote to memory of 3468	1020	chrome.exe	103
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 4264	1020	chrome.exe	104
PID 1020 wrote to memory of 2508	1020	chrome.exe	105
PID 1020 wrote to memory of 2508	1020	chrome.exe	105
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106
PID 1020 wrote to memory of 692	1020	chrome.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Panel Ejecutador MTA 3.14.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1180

C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe
"C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2244
- C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fffbc8fcc40,0x7fffbc8fcc4c,0x7fffbc8fcc58
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3156,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,16887879007745268596,15698436995573040868,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:4728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
71f2ecccdbe8cc1a21d13d443411c948

SHA1
3c08a9a58508543eca80e94f12ab5f8bd8fdb078

SHA256
21d4db235874290cf098c9ff28ed8ca6e22e9350373aa1bc996f405b9caccd7e

SHA512
2fcb17cc232c88e00610acba79a4c37cb31c19f8a4bb82edad12f302e9ecee5aaa291e3a1f7da925a7fe2f80ebeefe320fc1e39b93a633bdc86936a18d2fe78c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a842a0cd09fa4634f0737aa8ce668839

SHA1
be0c0c7d17e97064fa4f44fcb72e9a493299b816

SHA256
096f357d85869c97e941b0a0b63cb5c271584fd2c031f451c1bd19bffc823e5d

SHA512
1a12b495f7bebed5025c9cfde054f713c24bf5975c575552f7328fb33e98fdb3c220884952ba02c34242e9ae1bfc02dda232e692f14d46f17e72328e7602d675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67546b3ab7f3af700328571d5dd969e2

SHA1
9196c922ffbad169114eb13371cd72461dd40e82

SHA256
3622c3b6c97faa1563a60b9c15169ce0319625c68a0ef8737e337d4d0786059f

SHA512
0a8956c1f1cf7e1aa72ded14090a2483a28f60c40fe5f8d12089fa92fad980c12240fa585dacaed839f336d5be1919dfaa4d616476dfcb829243123a106e458d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07771138ca1a5c5c5051d14af925d9f5

SHA1
996f35b8802fb100f8ebd0e7521ca6d50533bd65

SHA256
9ae7951c2a2bd62512fe1bf098f5ec7a6a7997b880d51e074d4668336d5041b8

SHA512
3d7a6c62ea28c7d97bd960b4c1f332a02f7aedb46dfd0b71d64709892966616192cbc7337106fc0f5b1408bb13315228d55888579b1b19fc0e077c2a71e537be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f232139d7284bf75a1431d5c50352cf3

SHA1
6c3179b1ee53077dddc433638822cd7d6672df0a

SHA256
ec7fba7df19c9aca76228e3d84dfeccd3669a4f06b929aad84f6c2c0ec2b96a3

SHA512
059203d140e5af1627b72153cf397fb4a05b0a5e712d7e539dd3a89a7acb362a67be2f26562a1dcf856e05922b90d64273e30f1e18449d955e8cbd574c75c820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
4df150a2f100902ee7635beac00db906

SHA1
69b08ce47513f04b9438f6094f4132b00b3c8709

SHA256
013bc7f9598fdb7020dd1d308cfb070dbeabc7b392b42100428401ec1a99626e

SHA512
b4f4ebf5dc972213a8a4268a4a3de248b2b0c9a403a28af7aa5db6e67ba5d5e7a4cb8036be1e3e9e4af0b225efef655112b6d693364744fa5b2d0a8acf7ed515

Download Submit
C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe

Filesize
3.3MB

MD5
5791d405ca0a97a89eeaeb4f2be628be

SHA1
a012d40aaaa01db12a83b0e4408d012fd383dd0b

SHA256
6c67a1bf1d558b31a790e4bdcef062c9b49f00a1b3d7361dfc8308d55b87bc5d

SHA512
3971447d6a5f1ffe51bb1acc0d2525aa5bca521358c67828e6bd983d68e8c22dfa83ab49109575bc113e13de861682af563a3ed21e5ef48cce1bfcdb8f1f2afd

Download Submit
\??\pipe\crashpad_1020_XVQWIMHYNOVWXXSR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/972-9-0x00007FFFC29A0000-0x00007FFFC3462000-memory.dmp

Filesize
10.8MB

Download
memory/972-6-0x00007FFFC29A0000-0x00007FFFC3462000-memory.dmp

Filesize
10.8MB

Download
memory/972-5-0x0000000000AF0000-0x0000000000E46000-memory.dmp

Filesize
3.3MB

Download
memory/972-4-0x00007FFFC29A3000-0x00007FFFC29A5000-memory.dmp

Filesize
8KB

Download
memory/2868-16-0x000000001E7D0000-0x000000001ECF8000-memory.dmp

Filesize
5.2MB

Download
memory/2868-15-0x000000001CAF0000-0x000000001CB2C000-memory.dmp

Filesize
240KB

Download
memory/2868-14-0x000000001CA90000-0x000000001CAA2000-memory.dmp

Filesize
72KB

Download
memory/2868-11-0x000000001CB50000-0x000000001CC02000-memory.dmp

Filesize
712KB

Download
memory/2868-10-0x000000001B9F0000-0x000000001BA40000-memory.dmp

Filesize
320KB

Download