quasar | e815640357032206eb40f35f30804f4bb0cb14addf9858cdc36297b583b3cbfa

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

3.1MB
MD5

2c55c3ba3aa93887c266436bcaaae5c4
SHA1

0e20e8a15bbf5efd0bf927e49ffc8237e691951c
SHA256

e815640357032206eb40f35f30804f4bb0cb14addf9858cdc36297b583b3cbfa
SHA512

ffe786d730e8de697a41ac89e449de7717d2aee09e4ef5653268d8d584d798a89c132ca5f32051c07a99378cf0ff6b45a8fc2ab99c53bab0fc3b4a74cd4b5968
SSDEEP

49152:6vbI22SsaNYfdPBldt698dBcjHgk/LWmzAwoGdu8THHB72eh2NT:6vk22SsaNYfdPBldt6+dBcjHp/Lx+

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.100.244:443

Mutex

e4b3274f-fb75-4407-9316-141c32c7c7ca

Attributes

encryption_key
53FC47CB30FD7835477E4751610AF9D6FC6D5AFB
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral2/memory/3380-1-0x00000000004F0000-0x0000000000814000-memory.dmp	family_quasar

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802515263194653"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3380	Client-built.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3380	Client-built.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
3380	Client-built.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 228	2328	chrome.exe	87
PID 2328 wrote to memory of 228	2328	chrome.exe	87
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 4680	2328	chrome.exe	88
PID 2328 wrote to memory of 1536	2328	chrome.exe	89
PID 2328 wrote to memory of 1536	2328	chrome.exe	89
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90
PID 2328 wrote to memory of 1100	2328	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe0494cc40,0x7ffe0494cc4c,0x7ffe0494cc58
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5568,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5552 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5532,i,12828578887746400918,13200755534771758352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5f0b60372d91922b025064d66732f8e6

SHA1
60d7d378ccb974a89954708b19444be6f937bc8e

SHA256
af3e073571ae206bf02b2e3785018eae8e73e6df2562372fa47056177d343a8a

SHA512
ad3dcf12df56af0f31eb4e77929ee58be59f0728bf373e6c8a8b034ea4c46496aee78eee585356b4098d99731e1feb1e32893734f4fcbedd3958b62edd4e32d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f3e576a46c50dab000c4cbd5e9c0c9a9

SHA1
5a91be089ec9ba969f653287db9e9c9ff98de70e

SHA256
0c65e8ddad9828d4596f7bfe911efda4c8f6ec5d9afa649a4d4983b1b14f38a1

SHA512
ad1cfa5a2452900c05844fc14b9be3648e54d13b7ba8d8e6f7acc9f448cda5bd0cb38d897765eaea82087acb27f3200a5362270f928f46df963fcb6e9688a39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8b0edfbd24f1df8125db135e70d05d9f

SHA1
0bef7b0994ef48b64617762b5fc14a2d7e8436e6

SHA256
8e1626f3ad92e816a4478e2dec01bc00d4cf501785b85248cbc736cb08686c2a

SHA512
8267bc1dd741ad61679f883222bb03c8cfb1eff1a6d9a36969a38d3cceb7d9267cc18819276555668d20a6a5e1eed16ff210ba47c345e3c3aafa9232b33cb01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3415b7e46baf7b6bde9b78986c9392a7

SHA1
1cb91c988e13a10a2ac73e58247a7d9afba33400

SHA256
f8b72e3248684cd64849964e657f02b671b4603517787b7255ea496c010baccf

SHA512
cd17f4320d14d33f8ca55242ad386fe1fe69a24ecb5921bd2980c2ac283bd52225ed08cc91fc18d726a2ab7509977c96cbd23451684678bc615bb49a079d215e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
323eac46b715fbb6e544220a265f4028

SHA1
13acc045c72ec08715323c1fee22d2609b437930

SHA256
54aabfeb5a9fc97d329185a100fd0cd4262215109a17b2208a8eed364ea1febc

SHA512
dd885146b4c6308bf79940b99e07c2ba35453a7d373f9faa3b7abe26027a12c78c5dc65afaa8d9f82bc5a65168a8f1a91e8e71348cdb05c93c7b376c0f0f2196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83347886f188e856f1538f37301a364d

SHA1
f7f1f378443c042dbc137cee3608068a12b953c3

SHA256
fdfa6903b432ec3a8725c1405e96955b762c843ea061f789bf697244d77898af

SHA512
37ae2b8d6628e0950d7b19756a0473cfc9049615c047ce6be4516740be3e9edd638456c44e09e35e30f9eb51229cd34a0597e51d318e459c2636b1b901d37598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a31dbcfc0d753abe4089f69eb6247bc

SHA1
e0da34d4e2c741ef66923fdf1bee503c8f818f6f

SHA256
22e734074dacb368a4ee37c2c272abc048be26c3858a2bb3383328397611a2f4

SHA512
ab2ff47c30cd798f2d1864f5f877793429d96f582fbea6639ee86fc3210b4dd7e8e0e5a8390aa8307ab0b33c379f33f632f17313f31b031d9997504040cec7d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61fc07677615a308dfa7ee6e5fee162e

SHA1
3c3043e130789509069ea411bd197ab925ecce3c

SHA256
ea0f1502648cbd7448bfa0366ee348f9aa1667eaaf88be37b7731f2b004f2ce1

SHA512
9289bde19b6a7c3b5f435400e952e3ec879d8d637b8d2bdc66f9876c12cd6943e52a8ed08306f6cf8bc3c7f34ec43b931c52509167475c0c9f6ca2b52f3f5189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdda2e7d62f2b1fa2f0c2bd2943cdbb3

SHA1
30de7a2cfad17943f0a1abcde0e21ad9eaaf9eba

SHA256
b62c113205a4748ec1aede16d81dc070198c78753a4ecc33af43ff513ee7a39c

SHA512
1c917445e76b047bbe417d7bad46b945bb208f26f77c41769d26d5994fd361091d1403df7e181d65a5e74985c1dab3e99a18ec626ae027c7efc90886cc0d8fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a37ba42d71ff10ad96d96520d009c6f

SHA1
c5c9848b02a9513ed90be4de1918bbd75ce06448

SHA256
41567926be570214d26d8558df49966c77a254728d079cce0cb88c3994b25569

SHA512
7009cc2e08c549c537541aa5d526e1a0f0be08ba492885a1458e452fa74bee6666214f2784b3cf14e946a4d1d9204529a312f03d732db6521034276e1729e4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc03203b5f60d6c49a1a6b7b12c20785

SHA1
164968326c68c460bf8459f54fff3fdf032e14f6

SHA256
47e49a6f39a87d4000a27dcf8fdc9c786c7bbd177edec7bb7e827d4fc28161c4

SHA512
6a149afa189cdc0e682538b434146bda412a09e415923480bd28bf4538394b16a6b343a6b04e216f7df961b58b726ee54621d3cb7f2af1bf22320f07ae0dc236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c266d8f34d6e0383ec97d13543528bed

SHA1
93626bb1e3359e66817364abc89471625d6a204d

SHA256
f07c2326db282780552b27375b218eacb0ba35baa1819052cd10cef194ce1b0b

SHA512
c11116b789e84ffd22628ac1f1be44ec35657dc3d0da022cd7b52305be1ed78d8187eb40ca95287bcf39b8d674e9819fda9ef188c172e3e04b67ac414e851f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
46d06d218d14d19bd65db0d703295aa0

SHA1
67b25eba649b68576429a1df0f7c6f90cadf7885

SHA256
cce12795b75f7f78bc1a5f11ae8f4cb82f09f55626b8790eca709c969908536a

SHA512
f16e37c29441535a712b93b86e0b19982cfab83df2cdf493ed0461924c49ed5a10e1a00ae03106a9f2f3255a47410a68249db389dd3650694e08e9abf33f7d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1eefbc28ed4f7a49e1aa075e4a2b7b0e

SHA1
222b673415de39980404422f60186a64bca9dff5

SHA256
97ab158b5f46d3a2bfa0b34d8116208d6f8c0a437b0c532eb16ea96737ad1282

SHA512
5a38bd6ea255d4f70254f14c198ef27ec170375254d68c931647e1af47f43afa069e761c57d47088283de21bc0de26da2322ba50d53f63fb71ddedbc0ab53448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1216a0cfd8090edf09dad6e7af76b69e

SHA1
ac6d2c2316619287b657cea1df73b1f31a3cc6b6

SHA256
8ccd5f6055e3289660ef8df71643f4a9bcd15074d4743d0d75514d9f1efad819

SHA512
86c762f7742ff2818ff8031d68f522db2147ebf211d54ee7346cfd43f9956978ea3837de16ecea4cf07d62323bf43f2018fe5ed79fadaab19cd606cbbf53e19e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f6ca25ef-490b-435a-a290-e81ce8893fe2.tmp

Filesize
231KB

MD5
63f6e7b8392bb32b08dff8abf621add1

SHA1
d3dbbefebefb67da7f06da2509ba3dab2caab274

SHA256
5a42623b5537af9515eb6fd6049f0ad84ef73a3cde02efaf601d79fe0aac80a1

SHA512
a0c8c4b5e43fe033e729853b27bfe0078a958b0b758c730039ee382eb24c8ae8b9dc67c1cdeeb73bf69199717b6bfd585b4d426e2777d6f3bd89adbe68e6a6eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2328_1725371951\1d7ebfc2-70b3-4371-8c1b-1414101e8a75.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2328_1725371951\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/3380-0-0x00007FFE0B013000-0x00007FFE0B015000-memory.dmp

Filesize
8KB

Download
memory/3380-428-0x00007FFE0B010000-0x00007FFE0BAD1000-memory.dmp

Filesize
10.8MB

Download
memory/3380-422-0x00007FFE0B013000-0x00007FFE0B015000-memory.dmp

Filesize
8KB

Download
memory/3380-4-0x000000001D890000-0x000000001D942000-memory.dmp

Filesize
712KB

Download
memory/3380-3-0x000000001D780000-0x000000001D7D0000-memory.dmp

Filesize
320KB

Download
memory/3380-2-0x00007FFE0B010000-0x00007FFE0BAD1000-memory.dmp

Filesize
10.8MB

Download
memory/3380-1-0x00000000004F0000-0x0000000000814000-memory.dmp

Filesize
3.1MB

Download