quasar | 129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de

Analysis

max time kernel
34s
max time network
36s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-01-2025 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aimbot MTA.zip
Size

1.1MB
MD5

daa57cdeeab30823f89e5349b832a817
SHA1

feb679856d7a4a04d5e1a26e741dd6deb5ee0e88
SHA256

129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de
SHA512

1403f94c54374a91e8d9e29b594b490ff49c16b4bd404148157e7b2a7eb57beced3459e612045433e3b4a0f78aca93d34fe2f4c198fc5669dee85c139273f376
SSDEEP

24576:3bPC4RI32t9KyRPCKNJrYjWj1JkpsnWvWjI7mBPJiOMSeFAPNuHWE:rKsIm3K8voCApsnBnFJirjSU2E

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x002800000004618d-2.dat	family_quasar
behavioral1/memory/2612-5-0x0000000000DB0000-0x0000000001106000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
2612	Aimbot MTA.exe
3712	WindowsUpdate.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806141685361245"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4268	schtasks.exe
3488	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of AdjustPrivilegeToken 51 IoCs

description	pid	Process
Token: SeRestorePrivilege	4592	7zFM.exe
Token: 35	4592	7zFM.exe
Token: SeSecurityPrivilege	4592	7zFM.exe
Token: SeDebugPrivilege	2612	Aimbot MTA.exe
Token: SeDebugPrivilege	3712	WindowsUpdate.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4592	7zFM.exe
4592	7zFM.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3712	WindowsUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 4268	2612	Aimbot MTA.exe	96
PID 2612 wrote to memory of 4268	2612	Aimbot MTA.exe	96
PID 2612 wrote to memory of 3712	2612	Aimbot MTA.exe	98
PID 2612 wrote to memory of 3712	2612	Aimbot MTA.exe	98
PID 1000 wrote to memory of 1448	1000	chrome.exe	100
PID 1000 wrote to memory of 1448	1000	chrome.exe	100
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2076	1000	chrome.exe	101
PID 1000 wrote to memory of 2876	1000	chrome.exe	102
PID 1000 wrote to memory of 2876	1000	chrome.exe	102
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103
PID 1000 wrote to memory of 3800	1000	chrome.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Aimbot MTA.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4592

C:\Users\Admin\Desktop\Aimbot MTA.exe
"C:\Users\Admin\Desktop\Aimbot MTA.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4268
- C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3712
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff82063cc40,0x7ff82063cc4c,0x7ff82063cc58
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4356,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4344,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3368,i,3705195760550845619,7776833973202423875,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4468

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
40b5ae4d469e2a62c42d9d795b33cbec

SHA1
0f42f947faeb8d7b0b20c4163f5b2528d1ad7cab

SHA256
60b0d45dcb4b59ca98e7fee6c291e7a8fbc41c5bcd3e51ef26201c0ec4bb4ffe

SHA512
3c571e04bd979c2f159bc10cf864eb547b6132b84a1c33bf5c68bf798918c387bd348a4ba1772e0e0818f0b4a40ecf2156b7cc9e8c8b7fa9dc8de9cfc0796056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
10526e27de41021385c0305a52e32d7d

SHA1
2540c7f5222cc03ae9b09af1276cbe792fe52c83

SHA256
4a828ad4911487cfa1aee5211974229d20c6cc102fc05990a81c70a6df2fc937

SHA512
b2ae2f2a85013e05172a8f176af1b4d46a8d986056f73707f289146e61f9aac2b34fe3ff13ddbac260de49642ba478acb03958be45264841f309ca572e398096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
acebc2e122fd5eafe9678763e99c3a47

SHA1
bd07b131a5119118b74691cfe62e7a2182bc0ecb

SHA256
a48a660ed21b050127560b95b920a0240a4461696ef34c621ef03c1c5a73b727

SHA512
45f4a7f3948ea00cd26229ebf0649b3559afbe8bb4bdc54fa0fb90f4cc974e84f3693938193d84507eefd62b5cfd45b124b25575947b756fb8a50eb66f299136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c88df5da48083060e7cf4256b7d9f4e0

SHA1
aaa0d5481963c72ca4a9b2531811faf9081128c0

SHA256
1e071fd1baa27e05bdb8a8edf05257be481a5da389385a6cc490380d90af1588

SHA512
8f790ebdb9c3cb032b7ab88e238476debd16d1bb9a530e4447df5b424f133b1c05a30b8c29d5318224dffeced9a8c037f669c60733abe456f0961c12ed2ead15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3cbdaa2f8fabf70178895a5d436068e3

SHA1
fa82a677a4c761fa58830641cfc1e1c9545bdea4

SHA256
ad375670bcb17a6f9cbae287a19b0b598609c14890fc8751260480348a72510d

SHA512
57e609eb59e6917df0457155c94a27b74cf2c7ce5320bb082bc561dbe3f4240a28e83e30d531347e55a2022eafb90c77d70028d87a29546bf2e12ea350ae2d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ffb87b98774464ec44b3d9627402e727

SHA1
5e29f59b13fd29cee30ab41f5c6bcf9a55ddef5a

SHA256
e010a2a1a1dc9656d800eda8848645f5b3db0f9a619d5e6c2228b67595997308

SHA512
db73b4bbcf30edba297a29ced33dbc06ed985ca887254eedc9c1c42448d4c74dab3c90ab480a6e4a3fd9d900997181d13026447c6757c114f8df5783dc54abe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
d897665da53310eaa3f4c5fdb4963005

SHA1
10d23ed43dc22c78b75d465a55322c9cc38bb8fd

SHA256
16438302b527c2762384a81d131afafd7b0ddb303329684388698556b428b246

SHA512
d1c358b609ae6ef253ad09215c46d7591b5c9a20f8f8b9bc35c22e301a1e1c931a177168ab66bf60418837fea60ac1bd9ab50c7bfa77afbe140c2e1e8d12d137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ec024680f5dcedc4412ec1b8400c2c8e

SHA1
78833cd923b6dac051dfef86d764b02fd2475128

SHA256
35923921ae42885447d8c2dfa3a88bb570b4f55b5fad4c63963b844beeac2755

SHA512
85c92ce63c50bdab3019fe5d0926ee0080f56a3dce3d3b8aa126e051ef79e9f96d7d7fcd2b7249cd67e3e7ac0f5602b8904e3b2945bef9341a8ccab58cea2ecf

Download Submit
C:\Users\Admin\Desktop\Aimbot MTA.exe

Filesize
3.3MB

MD5
232fbce8fc20397039e7115d6736c5f4

SHA1
ec3f9e41474a0e2597c5aec4be25158ccd2d4c68

SHA256
f9a036faaf0d8069cad71070e3327f2b6318e7026338c32eb46dc23c18ab1291

SHA512
b00d44a3fc0685b917a50008d66efd44c697692a7f02b2bc18f3c325642a8bb94d5966bd66d21fa045aa24d02a88600b3b66122e3a3f6309b3854f6820bc41de

Download Submit
memory/2612-9-0x00007FF825770000-0x00007FF826232000-memory.dmp

Filesize
10.8MB

Download
memory/2612-6-0x00007FF825770000-0x00007FF826232000-memory.dmp

Filesize
10.8MB

Download
memory/2612-5-0x0000000000DB0000-0x0000000001106000-memory.dmp

Filesize
3.3MB

Download
memory/2612-4-0x00007FF825773000-0x00007FF825775000-memory.dmp

Filesize
8KB

Download
memory/3712-39-0x000000001D1A0000-0x000000001D1DC000-memory.dmp

Filesize
240KB

Download
memory/3712-48-0x000000001DA10000-0x000000001DF38000-memory.dmp

Filesize
5.2MB

Download
memory/3712-38-0x000000001C520000-0x000000001C532000-memory.dmp

Filesize
72KB

Download
memory/3712-25-0x000000001C5A0000-0x000000001C652000-memory.dmp

Filesize
712KB

Download
memory/3712-24-0x0000000002A90000-0x0000000002AE0000-memory.dmp

Filesize
320KB

Download