quasar | 129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de

Analysis

max time kernel
67s
max time network
69s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01-01-2025 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aimbot MTA.zip
Size

1.1MB
MD5

daa57cdeeab30823f89e5349b832a817
SHA1

feb679856d7a4a04d5e1a26e741dd6deb5ee0e88
SHA256

129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de
SHA512

1403f94c54374a91e8d9e29b594b490ff49c16b4bd404148157e7b2a7eb57beced3459e612045433e3b4a0f78aca93d34fe2f4c198fc5669dee85c139273f376
SSDEEP

24576:3bPC4RI32t9KyRPCKNJrYjWj1JkpsnWvWjI7mBPJiOMSeFAPNuHWE:rKsIm3K8voCApsnBnFJirjSU2E

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00280000000461c4-2.dat	family_quasar
behavioral1/memory/3068-5-0x0000000000490000-0x00000000007E6000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
3068	Aimbot MTA.exe
4972	WindowsUpdate.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133801801311805471"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5000	schtasks.exe
3592	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
224	chrome.exe
224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4468	7zFM.exe
Token: 35	4468	7zFM.exe
Token: SeSecurityPrivilege	4468	7zFM.exe
Token: SeDebugPrivilege	3068	Aimbot MTA.exe
Token: SeDebugPrivilege	4972	WindowsUpdate.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4468	7zFM.exe
4468	7zFM.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4972	WindowsUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 5000	3068	Aimbot MTA.exe	88
PID 3068 wrote to memory of 5000	3068	Aimbot MTA.exe	88
PID 3068 wrote to memory of 4972	3068	Aimbot MTA.exe	90
PID 3068 wrote to memory of 4972	3068	Aimbot MTA.exe	90
PID 4972 wrote to memory of 3592	4972	WindowsUpdate.exe	91
PID 4972 wrote to memory of 3592	4972	WindowsUpdate.exe	91
PID 224 wrote to memory of 1156	224	chrome.exe	94
PID 224 wrote to memory of 1156	224	chrome.exe	94
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 5036	224	chrome.exe	96
PID 224 wrote to memory of 3464	224	chrome.exe	97
PID 224 wrote to memory of 3464	224	chrome.exe	97
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98
PID 224 wrote to memory of 1180	224	chrome.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Aimbot MTA.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4468

C:\Users\Admin\Desktop\Aimbot MTA.exe
"C:\Users\Admin\Desktop\Aimbot MTA.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:5000
- C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4972
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffe68bbcc40,0x7ffe68bbcc4c,0x7ffe68bbcc58
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3076,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4620,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5100,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4424,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4848,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4952,i,1668796663174656150,3786237190038276856,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1892

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
07e6dd61c483bf061420d5162483ee6d

SHA1
f47e49a60ae49f530a6c837a6d6d3bb25fe1f3ea

SHA256
027202ef1bc91d84c84599a22670c091633cd7100dae55c70ebc21d4791ab2c2

SHA512
68f7badace226d305f07194042b1d0c1a745cfa3b93b5c9761171879d992a328bc67186b911db653d936df7ee8dd5fed2cf8de95489a6493be9a53eb1c39fadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
09900a6230528b389bc915ec6b29bfe4

SHA1
c83a341831e2fe8e02083d341aa2490742a08a5a

SHA256
591b2abd580676b36158077b2d7b24afd2e236c1f33f7d8a6ffb2fad0f8b93a0

SHA512
e81afed056893b4e940167a7062ba83fffefe9ca0a8f8dc0d68fa5362f2a9c4b7e38afd01025c035c84c4e664a95a5b0b947ae38e51e5d2557ed2a558ac25e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1c82c3b23c27993700de2a31c747907e

SHA1
19ac11087aab51ee552751308b3189ade0a74fb4

SHA256
3d6908f263f7ec81ebfab6a2ea1711ec414c9961354dbbecf6cdd5a4638a5df4

SHA512
10e85449de4b4dab1c3aef14ad1f08f70ddef160973d7a38c6a91608397c7b160fd408fbfd0b0b592c92cdd2defff72d90ec604c57585da7adfe8c7546b40def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8c3ba3d81cfce16a744308e58c1ecfc7

SHA1
5376d48e91a03048a4b64848ace804655529a1fd

SHA256
f2fb2c453eaf5fa80e8752c71101218a2a3179fbb5d2137053f63bf5962068d8

SHA512
4c4e7774f74b628663e4fab9ce3f5f8fb77b6ca573b54c8055d8b024ae522033b66838b7daee66a950d1fe4872addfa9108ce24a781c958af37f59e8182e2d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
438cc962d7b6bc76e9c3b4be10f2c141

SHA1
9da2e3c71edc9a3c632ac2ed2ef7587189e6bb37

SHA256
ec54c7af9c681a681fe501eef6029319f328996236648ec51e639b143aeb7650

SHA512
855cac4759b891ab17eefeb173fef6ac27ce3d01d185f89076ec7d18708c0d8dc4e27d73b97072ea246021a81de5a3b435cca6f1e9ee98dcd5d98aeeb3db3e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
1a5864f5fc41f9a526b1212f4b0862bd

SHA1
b3567251f9641d863bfea26b64e23fcde5f4750f

SHA256
9f1682a37523d7a78f89cf3bb1afe6312ad188901e5f3d8dfeb835c85f75ab28

SHA512
a82b8b993b497729735f524a5038e7cfc47fc9ae96b41e69efabd09bcb7ec66cddafc6bf88ad98dcecbd98b6388a4d78e824ea3ecd25c7df483ee148915dffbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b05365ea201c06d08b699a0aa21ce0f8

SHA1
faefe45fb8b7dfbf7ab0b0a671c1fca6a2e1edb2

SHA256
9d83944e1dda48bcb99644781417e9ff519e94c3a134a1cad4fc29f0f70b396f

SHA512
8c160e7de7720c17eba708d7290c7395c8ef5e7863a4aeddb2c37e3341891638911361c1d527ae91711cf9083f46e22d93910a3303f6ae0cf9a7f4aae0e157bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5bea3746a7847a9ee64c333c019d6cc2

SHA1
a7da5992b846a761b33790f4dda280ecb76204f2

SHA256
015bf00a15787ddae3536f6ef6e7fa73ee86832ed65161bd2f3a802a3b4c4ac7

SHA512
8af5bb0545299c8199e64ffd22f8b414f0cedb55811542750c0b3b089200721790da6ba52370a4a6c4409115ef9e43f4aa5f0ff2a0bc29e9141a102df381bb60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b9c5e3f645b1260394df58882a59a60b

SHA1
7e0364eb2c5288ef513f833eda53feab66ff0d42

SHA256
7a3314c42ee146f02d19d8a1d1527d585e824c92a59adf93cb19d1bbeeb45e80

SHA512
34d866ed279a79f9018644a11a2a873c102afaae9874bb2eb3c5ea404931cc08b8249bbe2d57749509c0ec08765bb35cd180b2916df0ea52b4cbda60a8b1be79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59af78c60897b030ad06f2575e130178

SHA1
aec2bac625308d32df8488fe358901815ca035c4

SHA256
89e70aa8b485e1475812526f7fff900cbd99c9cc4aaf3e5ec9c6f4c8ad2e47f5

SHA512
e34def586ce8bd759d49606c0bb4021ceda901dcd8a139b11a04f201b8e6a42dadf7951090c04ab8b8eee7f56b2519108dd35aae68b9d77f26af84d87535d8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
57169c1720d337575f737ad10f21a3c2

SHA1
b65fd016bce05eb491b625871e38b7fede8f6162

SHA256
23709fe033bcae2c0d7bf30151035f9f6fb93431468f8c80393e9fe59b6f3087

SHA512
6fda1ec7beb11cc6f14b6d1181731d6ed572a7bcc4c9f1236060bc50a930488ee0fb6ad6e9fd69d6450324c319aeadc0ddc2ab6494834b4c42ae4cb1ed172b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
f9bb8e1360fbbe10c75a7562cb95e382

SHA1
19dd2bcf95e22f16990df733c6eaaede06266b3c

SHA256
edc61d2edc6f381bd647b2518441d6e26a97385cd01986d7d026b6ccd823658a

SHA512
7193285d116128392d6bd4774720558c04b7106ea7fa6667948f2dbc11c8339ce6a82641fb5fdf8688cdcfaf80d016fe6f1fcd64489e5f2aecdcca8503c35291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
8b4112e8bc7d8081a1d0923d9cbb62eb

SHA1
b49fd97556734d669e5f8021b4f01bfb455093cf

SHA256
4bb050bff15bf8573aec0d3bcec8a61c1970f38602563741f53bbc93ddbcf414

SHA512
f749bf9805d748bcf3ee7117e3dc723439e635df60f3707a2d77337731f8bed1fb31876f715a6430408d0f8ce4f7ee881da68ee8320c5af643d9e31ae2b5ab2c

Download Submit
C:\Users\Admin\Desktop\Aimbot MTA.exe

Filesize
3.3MB

MD5
232fbce8fc20397039e7115d6736c5f4

SHA1
ec3f9e41474a0e2597c5aec4be25158ccd2d4c68

SHA256
f9a036faaf0d8069cad71070e3327f2b6318e7026338c32eb46dc23c18ab1291

SHA512
b00d44a3fc0685b917a50008d66efd44c697692a7f02b2bc18f3c325642a8bb94d5966bd66d21fa045aa24d02a88600b3b66122e3a3f6309b3854f6820bc41de

Download Submit
memory/3068-9-0x00007FFE6E260000-0x00007FFE6ED22000-memory.dmp

Filesize
10.8MB

Download
memory/3068-6-0x00007FFE6E260000-0x00007FFE6ED22000-memory.dmp

Filesize
10.8MB

Download
memory/3068-5-0x0000000000490000-0x00000000007E6000-memory.dmp

Filesize
3.3MB

Download
memory/3068-4-0x00007FFE6E263000-0x00007FFE6E265000-memory.dmp

Filesize
8KB

Download
memory/4972-10-0x000000001B1D0000-0x000000001B220000-memory.dmp

Filesize
320KB

Download
memory/4972-11-0x000000001C710000-0x000000001C7C2000-memory.dmp

Filesize
712KB

Download
memory/4972-15-0x000000001CE10000-0x000000001CE4C000-memory.dmp

Filesize
240KB

Download
memory/4972-25-0x000000001D380000-0x000000001D8A8000-memory.dmp

Filesize
5.2MB

Download
memory/4972-14-0x000000001C6B0000-0x000000001C6C2000-memory.dmp

Filesize
72KB

Download