quasar | 9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908

Analysis

max time kernel
37s
max time network
38s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
15-12-2024 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Panel Ejecutador MTA 3.14.zip
Size

1.1MB
MD5

d345c2eb24b0d3806865fda604ad1cc8
SHA1

6b813317f6108f2c242babda58097070503df242
SHA256

9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908
SHA512

76c941b833ffcef6da121c2e2735952ed81cbf7c6a6260a227040d37abf0adaa41461045c69710331345d52d95aac89ddf0a256ebc85fbdb2ed703106999ab74
SSDEEP

24576:ioRau4l48JTUIlfSsqFDxCs3+UgQYuX370FBZa:ioRUv5UIYsqOs3+UPY234m

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x002600000004624b-2.dat	family_quasar
behavioral1/memory/3920-5-0x00000000009F0000-0x0000000000D46000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
3920	Panel Ejecutador MTA 3.14.exe
4588	WindowsUpdate.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787538159997736"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4992	schtasks.exe
3584	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of AdjustPrivilegeToken 53 IoCs

description	pid	Process
Token: SeRestorePrivilege	1632	7zFM.exe
Token: 35	1632	7zFM.exe
Token: SeSecurityPrivilege	1632	7zFM.exe
Token: SeDebugPrivilege	3920	Panel Ejecutador MTA 3.14.exe
Token: SeDebugPrivilege	4588	WindowsUpdate.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1632	7zFM.exe
1632	7zFM.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4588	WindowsUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 4992	3920	Panel Ejecutador MTA 3.14.exe	86
PID 3920 wrote to memory of 4992	3920	Panel Ejecutador MTA 3.14.exe	86
PID 3920 wrote to memory of 4588	3920	Panel Ejecutador MTA 3.14.exe	88
PID 3920 wrote to memory of 4588	3920	Panel Ejecutador MTA 3.14.exe	88
PID 2284 wrote to memory of 2156	2284	chrome.exe	90
PID 2284 wrote to memory of 2156	2284	chrome.exe	90
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 3040	2284	chrome.exe	91
PID 2284 wrote to memory of 5068	2284	chrome.exe	92
PID 2284 wrote to memory of 5068	2284	chrome.exe	92
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93
PID 2284 wrote to memory of 192	2284	chrome.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Panel Ejecutador MTA 3.14.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1632

C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe
"C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4992
- C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4588
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1bc,0x22c,0x7ffb987acc40,0x7ffb987acc4c,0x7ffb987acc58
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2084,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3256
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff6bdce4698,0x7ff6bdce46a4,0x7ff6bdce46b0
    3⤵
    - Drops file in Windows directory
    PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5140,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5304,i,8087506102432412273,7218079335491247966,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3720

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
73fc2194973f35b53cb00d671fce50dd

SHA1
57ed74ea2bdfd56a31b8329c4a707b68114edb71

SHA256
c8b2b382bf061fe3526804dcae66aec91b08d33cc3829ecb0cfad3af2905ba8c

SHA512
a831bea12bd6293e52a8ca969198976f3dde69f312ed4d9dd1c01edb104ca20d344c1c68ee01e0c3395eae0ff36fe4c7dd24eadd0b363ae0f2f8792285493a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
01c5c58c76823cb4b39fa960882045e5

SHA1
ac17659b71991e8bf203783e3812eb7cc76a0831

SHA256
bd74be26f84d6153474cd7d272e026bfebd477b167ae90b6cce7d0b8820e47c4

SHA512
db6915e3056c39a3fc247778a4bd1e56008782fe2ce31c4db67e90db38ef837c029ccb9184485d92149ac4c7d1f551bd30ea7abf9bd7794650259689926fbc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f85d930b319a7c2ae2261a9c6067f888

SHA1
a5127a15dfe5e80510fc1b14c38e77291f7577ce

SHA256
c29bc1f246d8156955d30273bd6a83302961dac4dbc278593d235241158f3f83

SHA512
78a0de459bc095f271aa65c42f45b23a812348f52a6d4ae4a16e8026253eed8fd4d8a499840bb049af787cece96dd5f02c265fe2ea450848ddaeb8107b5a3035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1406e87f7393ec41aa574ab06f44e17e

SHA1
5d94b4c4a8e00756a178b2c6c57ad9360f5dec6c

SHA256
2c0667304f53c181f3256dc925b53230a8357c1d5982e1c2815d7da316de2c2c

SHA512
de8384b821b080c839be97878bd0fc88b8237d4f32935eeb94251360bd35c1be137ca9d3be1a737fb5673bd4cc350f75ca9d8c6613f57247bd9b362e4cff23b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
8348e8b788d5fd630f7d599c962a4b91

SHA1
0b0ba5d8230da504fd59eb57ef2c450ed58cd1bb

SHA256
5a55bf829ed4749cfda18406bf15fe5804da60ada168b230e7f62abcfc87e288

SHA512
9e7c438b57455c64dec3f467b3cbc43b3e066fe82fe9f91d9c9b1e8719e8172079e2fb5fb009578b1437c77d030edc3b71c05f8b048b8aefe45525e3057d2999

Download Submit
C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe

Filesize
3.3MB

MD5
5791d405ca0a97a89eeaeb4f2be628be

SHA1
a012d40aaaa01db12a83b0e4408d012fd383dd0b

SHA256
6c67a1bf1d558b31a790e4bdcef062c9b49f00a1b3d7361dfc8308d55b87bc5d

SHA512
3971447d6a5f1ffe51bb1acc0d2525aa5bca521358c67828e6bd983d68e8c22dfa83ab49109575bc113e13de861682af563a3ed21e5ef48cce1bfcdb8f1f2afd

Download Submit
memory/3920-9-0x00007FFB9DC30000-0x00007FFB9E6F2000-memory.dmp

Filesize
10.8MB

Download
memory/3920-6-0x00007FFB9DC30000-0x00007FFB9E6F2000-memory.dmp

Filesize
10.8MB

Download
memory/3920-5-0x00000000009F0000-0x0000000000D46000-memory.dmp

Filesize
3.3MB

Download
memory/3920-4-0x00007FFB9DC33000-0x00007FFB9DC35000-memory.dmp

Filesize
8KB

Download
memory/4588-19-0x000000001D170000-0x000000001D1C0000-memory.dmp

Filesize
320KB

Download
memory/4588-20-0x000000001D280000-0x000000001D332000-memory.dmp

Filesize
712KB

Download
memory/4588-36-0x000000001D970000-0x000000001DE98000-memory.dmp

Filesize
5.2MB

Download
memory/4588-37-0x000000001D220000-0x000000001D232000-memory.dmp

Filesize
72KB

Download
memory/4588-38-0x000000001D680000-0x000000001D6BC000-memory.dmp

Filesize
240KB

Download
memory/4588-200-0x000000001E2A0000-0x000000001E447000-memory.dmp

Filesize
1.7MB

Download