quasar | 9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908

Analysis

max time kernel
37s
max time network
38s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
29-12-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Panel Ejecutador MTA 3.14.zip
Size

1.1MB
MD5

d345c2eb24b0d3806865fda604ad1cc8
SHA1

6b813317f6108f2c242babda58097070503df242
SHA256

9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908
SHA512

76c941b833ffcef6da121c2e2735952ed81cbf7c6a6260a227040d37abf0adaa41461045c69710331345d52d95aac89ddf0a256ebc85fbdb2ed703106999ab74
SSDEEP

24576:ioRau4l48JTUIlfSsqFDxCs3+UgQYuX370FBZa:ioRUv5UIYsqOs3+UPY234m

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00280000000460dc-2.dat	family_quasar
behavioral1/memory/4404-5-0x0000000000F50000-0x00000000012A6000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
4404	Panel Ejecutador MTA 3.14.exe
5080	WindowsUpdate.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799834936678064"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4328	schtasks.exe
2192	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2264	chrome.exe
2264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe

Suspicious use of AdjustPrivilegeToken 61 IoCs

description	pid	Process
Token: SeRestorePrivilege	4260	7zFM.exe
Token: 35	4260	7zFM.exe
Token: SeSecurityPrivilege	4260	7zFM.exe
Token: SeDebugPrivilege	4404	Panel Ejecutador MTA 3.14.exe
Token: SeDebugPrivilege	5080	WindowsUpdate.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4260	7zFM.exe
4260	7zFM.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5080	WindowsUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 4328	4404	Panel Ejecutador MTA 3.14.exe	91
PID 4404 wrote to memory of 4328	4404	Panel Ejecutador MTA 3.14.exe	91
PID 4404 wrote to memory of 5080	4404	Panel Ejecutador MTA 3.14.exe	93
PID 4404 wrote to memory of 5080	4404	Panel Ejecutador MTA 3.14.exe	93
PID 2264 wrote to memory of 3380	2264	chrome.exe	96
PID 2264 wrote to memory of 3380	2264	chrome.exe	96
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 3844	2264	chrome.exe	97
PID 2264 wrote to memory of 4820	2264	chrome.exe	98
PID 2264 wrote to memory of 4820	2264	chrome.exe	98
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99
PID 2264 wrote to memory of 1544	2264	chrome.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Panel Ejecutador MTA 3.14.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4260

C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe
"C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4328
- C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5080
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fffa648cc40,0x7fffa648cc4c,0x7fffa648cc58
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4816,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4472,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4636,i,17830836831691088802,7083018059902835803,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1432

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\56633b14-b5a2-47f7-abb5-8b2fd8e67dae.tmp

Filesize
8KB

MD5
5d67d6c53ca3043308c88bb815f6ef64

SHA1
08fe0e7a6a6bff5ee27f1eefe62752d474775354

SHA256
af8363f85b3d0ff6fa80e561d1d6efc949a4f024d1a6180ad8d7b3a1d0efcce0

SHA512
cda9b56005d3373788a1f0374d5d5a55bb4bd503930b5191b0c5387a08adeeed1162dc914221572e37d8dd3a2dc050259f79b55b439f5a80c95c49eaacbadee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e45e722253237e1f779915b2356e52af

SHA1
e97fa257fe6f71c2167c2e049542103e3918d8fd

SHA256
074c9588419b33ee63633a4a5c29d22c642643f907b6d1b4831defe511cade9d

SHA512
1fdd7cffdfeba8665fda0515d151411557bae0a053a217e2f8e78f91cc15ab67356155d6c5f0ba720fce75db4b1d78d1cf382e9095041ec0be4d31f6b4804ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7ab0fa741acd725b3968ed0dee7d83b9

SHA1
b75e5b98d5ce93fdf89a442271e37d7448dec51b

SHA256
6eb5ffb6e3761d79b5abf3d201758e8fee208df5f60ee6904f57c360811df37a

SHA512
fe8d3a10468d858933ee86e80cff6d03650d91fb4b27fbba6a20b333f575e4baf50334c2336c9731ba353cf53fff2d85b15ff3b1120b4e0d76cfe4fc6b999c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
581bf0b5973f36aebf1b1378330b2d5d

SHA1
759b29d6e28d006fe1b7233e896f1d2dc41e5178

SHA256
ff91032bae4f6e300be07d6ce02ea02fa94492baa4e177897a931b420d3aa905

SHA512
1df3f922950be823de0ff978c1d4bf8011890fd774c5d102e70bb2c82c348c3b96ee98b3b67ebe1f4fa5858824f5016e7aa765f4f31543c982d950a9646a692c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
cd14c8dbe13d12b4d0cfdbd94337fa99

SHA1
ef9a576f8be779eb012a09bdb6f4a4dfc0c48650

SHA256
542fe5ba7cfb7bd3a047ee14c1a474663dd27677d0efab8d1ef5e05909e72e90

SHA512
238136f77bec098a56ba6d4916149158573112dd886b458f3bfc3e107f7ff63e6e537205fbda53d784677efa3e13132a4a09296969245e31360a4ac5931220e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
91c2b617e395ba25c90cb1b75d619b1a

SHA1
b3732b01501c5881cb13f90e06bd2cf760482f7d

SHA256
ca65b981433f41ca7030238e9279a70f82e4d5cfcaba5dd591056266ff35d8b1

SHA512
d55467ce8243de247dab5699a7245178d556f0bee93a9f4c11eedc30f086f67d7673cf6849c11b7e52cb4c222597ea6516e3b0013a18dc428f830db0880aa18a

Download Submit
C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe

Filesize
3.3MB

MD5
5791d405ca0a97a89eeaeb4f2be628be

SHA1
a012d40aaaa01db12a83b0e4408d012fd383dd0b

SHA256
6c67a1bf1d558b31a790e4bdcef062c9b49f00a1b3d7361dfc8308d55b87bc5d

SHA512
3971447d6a5f1ffe51bb1acc0d2525aa5bca521358c67828e6bd983d68e8c22dfa83ab49109575bc113e13de861682af563a3ed21e5ef48cce1bfcdb8f1f2afd

Download Submit
memory/4404-9-0x00007FFFABA10000-0x00007FFFAC4D2000-memory.dmp

Filesize
10.8MB

Download
memory/4404-6-0x00007FFFABA10000-0x00007FFFAC4D2000-memory.dmp

Filesize
10.8MB

Download
memory/4404-5-0x0000000000F50000-0x00000000012A6000-memory.dmp

Filesize
3.3MB

Download
memory/4404-4-0x00007FFFABA13000-0x00007FFFABA15000-memory.dmp

Filesize
8KB

Download
memory/5080-40-0x000000001C700000-0x000000001C712000-memory.dmp

Filesize
72KB

Download
memory/5080-41-0x000000001D7C0000-0x000000001D7FC000-memory.dmp

Filesize
240KB

Download
memory/5080-36-0x000000001CE50000-0x000000001D378000-memory.dmp

Filesize
5.2MB

Download
memory/5080-26-0x000000001C760000-0x000000001C812000-memory.dmp

Filesize
712KB

Download
memory/5080-24-0x000000001C650000-0x000000001C6A0000-memory.dmp

Filesize
320KB

Download