quasar | hxxps://www[.]shorturl[.]at/CRDfY

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.shorturl.at/CRDfY

Score

10^/10

quasar discovery spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral2/files/0x001f00000002aac5-37.dat	family_quasar

Downloads MZ/PE file

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133807444586070505"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1620	1636	chrome.exe	77
PID 1636 wrote to memory of 1620	1636	chrome.exe	77
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 2352	1636	chrome.exe	78
PID 1636 wrote to memory of 1464	1636	chrome.exe	79
PID 1636 wrote to memory of 1464	1636	chrome.exe	79
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80
PID 1636 wrote to memory of 2080	1636	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.shorturl.at/CRDfY
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffc8923cc40,0x7ffc8923cc4c,0x7ffc8923cc58
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4816,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4812,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4252,i,11430695345128801497,441989589002051858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5251a469431b2ad9835b5b7a5b761d92

SHA1
d25755bd4f08aa29f400c5948196d617fa4ef3bb

SHA256
6cccdda37f4736d565cb20acfa723df4d5ab6910032b20c2874902fb0b24633b

SHA512
bb51ce3035a55ffdaaeb72f3625e602c697b9a76f1cae9d96c476e7c63ebc56e463a52ddb587a6b99b8cffe665e89bb71b94addef3ec5b904fae14ad92745af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e71b31d3ec98fa5d94e2bf8fea6734b2

SHA1
b6d62a2264ce7f64092297d7eadb41eb9842d882

SHA256
e3239997a681a6c7339a84dd4870ba452d8122167015884c08c667965b21b4b6

SHA512
0a131d17b4d8df27f00447f85e06fae26dcbf35fc5eabf56db86aa2bb2310a623e4b9bbca757fdf6a14ef162d0f53f8ac370e1543f64b03597187bb5af104831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0d244a4c1f73f2a22a1e2450ad2bce3c

SHA1
8fb48a653da50e2b27b391a7e7e9cb49f9d17b92

SHA256
51b5840ebd625625e4133f55359761c1f48d5673203e72c463e3ac2377a17247

SHA512
f4ce051e6718ffcca2f7ddf746d3accec13df321946b218bb8ec0d6a177748324547707045c9e9bfbb568bb1f4d567020214f23631124dbcb8ef51f376e46551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7827b7cb589354358d4a4b1f1857b95a

SHA1
5aca27a15df32961f8f05a48e01f6ca1d9fae0f7

SHA256
88da4aee537688fa17a98f366908808f28384ed348106a695ae2e82a75a52fbf

SHA512
4af0b43936dd374186709a8b7d2d70f6f8929cb67c97554d1779d4a5561cbddf2e1027ded6dbeab66ebe0f039dd4eea0cf7ad76ac2a6bc66974433c9a7814a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de1cb94d1680538a48fcfaa4d21302f0

SHA1
9b4a632b740f77742013ffec57bbdf11c6a2ae3a

SHA256
0c23092398d2cecb0861f2215f347b49841e515e762bce3a509fc354f657b1e4

SHA512
86ac7105a8a62ea91dddde9d4736cf916e59156ce65a684ea1561472bcbbbfc8a0d6207171eb1ed38c5680969ef044100381209cb3966cefacaf4357a3fadb0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3a8638c04c35b697bec571ace1087e3

SHA1
74b1d78ddba55a736a26546db570871a70885743

SHA256
762daeb5390ce99ce4e36000394b936ef1d8f238c4509b7eed38f146628dcbaa

SHA512
1dd6b08ae97b54707c725f6b880692299914ba98df527619d8992ffdacadb3e925de1f0045baa61731a69bc4111565513eddde6b7c913f52886e57f741152d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c5716cc0bcc8704a8855dc6bb05ecb4

SHA1
6106fe0ab0b70750495375b2c45b6f9c9adc42c9

SHA256
a1681c26cfb2ef7107d4451c4754dea5d534c735d36611be8ab84740b91404cd

SHA512
01fe8950e1345757dc4c9c27d654903770a1d01a82a4b2233ed9a9692a1970d3f995e8ec83e5c53d3077323d130d16d71c747ebca4a2fde8fa498a4d69da0440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9153003fa71d910c5af8a4516f1a8c4

SHA1
9def2720322bbcb9edd682055d75020a3c3e0641

SHA256
0622b2ac193d392a8aea957b61c39d6ae846733ab861792488cd4cf1c7b94e20

SHA512
db3422dd5c9e3c525fb681b1e7d61d90ce8d65a6dbce395a9748a88187af895f5aee44d64cbfd00ff3f6447078c584177a8d76c21a2e466e2e80c38e0976765e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9aee421de2cc11b0fd37bebea654cf1c

SHA1
11bf18d3730a3abe4a3e633c59dfefcb4ef18344

SHA256
8409ec0ed42e816ed59ec1f8ffa834085c7c86cdcb080358d56901c77dceb873

SHA512
d23d93f321e89499ba614382d6cc9add91464f5ef0d152ca2f05ff3dc293ace1efdbcda95f810899e9d10a68de3549126ed6e9551201740c0b90dfe2606ed83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ff3b77c2a56aa4d098d1f2f1d4d4527d

SHA1
10d2bff38639ff946636083c94680139a15640bc

SHA256
06dd44edcb79830b24781d442e8af877f286ac60fe830279e533c92afde67a31

SHA512
4b54d30a9e0e159f206339b5943592b6e70b37222d10504f635f1de2ee3bebbd786ee42b64ee872556819c1e7c2756b44029157a540657da54552aaf944140c2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 93213.crdownload

Filesize
3.5MB

MD5
1e0a2e8cc5ce58715fc43c44004f637c

SHA1
f85ba3c4bd766e12ac11840939f5773ecc2f90f3

SHA256
4fb412dc8e1f77e2b47b1a677ca0475e5d25361d68e9e486c8aaf5148d635dfd

SHA512
75852941b8033d7f58e3819d5c7117f0f0cad5bb9b95aefef2e24eee63d2237c98072e823905e0d084659324bb54f020e163fd3310f3ee344a245051ac214859

Download Submit