quasar | 1eca7997b75df9fe1c05bc5f4160da5e3ce00e1ae69ad0ca46a15ab126e9c453

Analysis

max time kernel
122s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

3.1MB
MD5

1c5623527c313f4579073dc072f66d29
SHA1

66b831c9e349c46ea4446e02db80f7e399b4e8dd
SHA256

1eca7997b75df9fe1c05bc5f4160da5e3ce00e1ae69ad0ca46a15ab126e9c453
SHA512

605a2326b86484c889e25caf69f157c454e9ba82598dd9e75238b6a45ae3f90a9a2934d241fe57f1f9ffd7e80d032dfe5d62b03b23e9643760e21fe0e4e0cb15
SSDEEP

49152:3vrI22SsaNYfdPBldt698dBcjHVxRJ6dbR3LoGdcTHHB72eh2NT:3vU22SsaNYfdPBldt6+dBcjHVxRJ6v

Score

10^/10

quasar offset discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Offset

feb-arrested.gl.at.ply.gg:17830

Mutex

6e42bdfc-2d57-4961-8fe9-d28735513d49

Attributes

encryption_key
CABE6FE0988CAB22AE614AA6065A89402DF1C513
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
conhost
subdirectory
Windows

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/3832-1-0x0000000000880000-0x0000000000BA4000-memory.dmp	family_quasar
behavioral2/files/0x0007000000023c7e-6.dat	family_quasar

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	svchost.exe

Executes dropped EXE 2 IoCs

pid	Process
388	svchost.exe
408	Gtgnkkf3b60z.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815576629878900"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1872	schtasks.exe
2296	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
864	chrome.exe
864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeDebugPrivilege	3832	Client-built.exe
Token: SeDebugPrivilege	388	svchost.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
388	svchost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3832 wrote to memory of 1872	3832	Client-built.exe	83
PID 3832 wrote to memory of 1872	3832	Client-built.exe	83
PID 3832 wrote to memory of 388	3832	Client-built.exe	85
PID 3832 wrote to memory of 388	3832	Client-built.exe	85
PID 388 wrote to memory of 2296	388	svchost.exe	86
PID 388 wrote to memory of 2296	388	svchost.exe	86
PID 388 wrote to memory of 408	388	svchost.exe	97
PID 388 wrote to memory of 408	388	svchost.exe	97
PID 864 wrote to memory of 2972	864	chrome.exe	101
PID 864 wrote to memory of 2972	864	chrome.exe	101
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 4764	864	chrome.exe	102
PID 864 wrote to memory of 1700	864	chrome.exe	103
PID 864 wrote to memory of 1700	864	chrome.exe	103
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104
PID 864 wrote to memory of 2708	864	chrome.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "conhost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows\svchost.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:1872
- C:\Users\Admin\AppData\Roaming\Windows\svchost.exe
  "C:\Users\Admin\AppData\Roaming\Windows\svchost.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "conhost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows\svchost.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Gtgnkkf3b60z.exe
    "C:\Users\Admin\AppData\Local\Temp\Gtgnkkf3b60z.exe"
    3⤵
    - Executes dropped EXE
    PID:408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe5080cc40,0x7ffe5080cc4c,0x7ffe5080cc58
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3308,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5304,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5308,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5316,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5536,i,4921427621261582332,13518155843888373990,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:2
  2⤵
  PID:1172

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
66b2fa592683d209b4f4bdb779c4994d

SHA1
cfc22ddfb46ec50e331ffa2dcdbfd35a01c94402

SHA256
699ae97526d0e1170c3ade75786a0bcf1bd22475c86ae40d9c1e8678f3bd3ba0

SHA512
5aa66fee2fce371fdb15ddb2924f74aba9aad89629cc1fe775f681416906670085f6e0adf33fa5c95f0d050ae2ce4ba23673db8dea18891f9db82a6c4be79ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bdf5bce62c5c99a90da50bbab1965369

SHA1
55cd324047ec9fc4b1be3f25d982f9ec8d25b175

SHA256
afc9e15f97965d2e16ab83b9ced3c3b03404a7a4ef44d6cba59bf0757e641d82

SHA512
097874460eb1007a385d444296e0e0d1a5fa5d69c4dbe23d04487cea36b8b411ac4f14e92aafeb82c1b3f63baee79e4632fb9827d5f2236e9b6afbcf2f0c08a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
539ad3b4f9712dcc91feef236b8bc2a8

SHA1
52ba23ca52316a5cec71a001cde9bf3a1283d16e

SHA256
4236dff305f091504600d90201bca1f0d81473e9941562a375d26b99b77c5f73

SHA512
76f6c3c0fbb94105f3574424a9bb485b8e20e81d81baf2658c386a97fa719810fdd456b8ce4b8ca0f262402f57c4731bdc9389c68ca9612579bf3ab4243d9b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4955b9880d9faa13ec62f33a6402692d

SHA1
c0bda23b603889353abcebde2054f352099177ad

SHA256
7e7a0b378475e43876a692dc64def7c3b1d6abf8c611a825b71433c5d5910d0a

SHA512
d1944cb10510f184cb2fc2ffc1302b6886ccf1fd2520f45674acd5f556e8f8ebdb07d54fdd750d212ee87e92c84a251a0c19f91a63468c2561d706393b4a3217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
42769d69f21e5ba9ee36fd7db973f63b

SHA1
860ad9d2dcf4c8de450eb06b74af4871252dd77e

SHA256
8f7c7f55a77cda93b5ef6fd10c0d3ce61f28f3d9ccd2863031235bb41b0f84cd

SHA512
881dce4615773494108477e926d5ec6c683baeddafc8e96fff867ab4fb09e9ebdad6505d21568ba999223d348eceeeacf37e68df16de4189dbaa0766f4cc39fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gtgnkkf3b60z.exe

Filesize
1.7MB

MD5
8fd53b74b0521e5c3ecbc43a6430ba00

SHA1
e6c4635df680f3209281e8b69951ba1e6efbb647

SHA256
74a9734c5d0353429f167097fbe523c045d576df30c9b97ea2424cca7bf9b4a7

SHA512
a7f76349e4e9511003d627ebf92bd404d4977463998385df875e26f6e14da30cb7ef20276c5b7eb037f2b8aa34fb8798288bd2416433c8ad559f658e45d4b1d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir864_2101235016\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir864_2101235016\e33cd465-7074-42b1-8815-5b303a70ee59.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Roaming\Windows\svchost.exe

Filesize
3.1MB

MD5
1c5623527c313f4579073dc072f66d29

SHA1
66b831c9e349c46ea4446e02db80f7e399b4e8dd

SHA256
1eca7997b75df9fe1c05bc5f4160da5e3ce00e1ae69ad0ca46a15ab126e9c453

SHA512
605a2326b86484c889e25caf69f157c454e9ba82598dd9e75238b6a45ae3f90a9a2934d241fe57f1f9ffd7e80d032dfe5d62b03b23e9643760e21fe0e4e0cb15

Download Submit
memory/388-11-0x000000001EAC0000-0x000000001EB10000-memory.dmp

Filesize
320KB

Download
memory/388-15-0x000000001EB30000-0x000000001EB42000-memory.dmp

Filesize
72KB

Download
memory/388-18-0x000000001FE30000-0x0000000020358000-memory.dmp

Filesize
5.2MB

Download
memory/388-12-0x000000001EBD0000-0x000000001EC82000-memory.dmp

Filesize
712KB

Download
memory/388-16-0x000000001EB90000-0x000000001EBCC000-memory.dmp

Filesize
240KB

Download
memory/388-10-0x00007FFE57050000-0x00007FFE57B11000-memory.dmp

Filesize
10.8MB

Download
memory/388-17-0x00007FFE57050000-0x00007FFE57B11000-memory.dmp

Filesize
10.8MB

Download
memory/3832-0-0x00007FFE57053000-0x00007FFE57055000-memory.dmp

Filesize
8KB

Download
memory/3832-9-0x00007FFE57050000-0x00007FFE57B11000-memory.dmp

Filesize
10.8MB

Download
memory/3832-2-0x00007FFE57050000-0x00007FFE57B11000-memory.dmp

Filesize
10.8MB

Download
memory/3832-1-0x0000000000880000-0x0000000000BA4000-memory.dmp

Filesize
3.1MB

Download