Malware Analysis Report

2025-01-18 04:28

Sample ID 231214-p1p6radfek
Target dream_TradingCard (4).jpg
SHA256 244b20fc9114e2434daded7633dbdd44e625fa9cdcd326b2449e80fbe141cf5b
Tags
quasar office04 spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

244b20fc9114e2434daded7633dbdd44e625fa9cdcd326b2449e80fbe141cf5b

Threat Level: Known bad

The file dream_TradingCard (4).jpg was found to be: Known bad.

Malicious Activity Summary

quasar office04 spyware trojan

Quasar payload

Quasar RAT

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: LoadsDriver

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Gathers network information

Suspicious use of FindShellTrayWindow

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 12:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 12:47

Reported

2023-12-14 12:48

Platform

win7-20231201-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-14 12:47

Reported

2023-12-14 13:18

Platform

win10v2004-20231127-en

Max time kernel

1796s

Max time network

1800s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\dream_TradingCard (4).jpg"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000007b571c8c1100557365727300640009000400efbe874f77488e5707662e000000c70500000000010000000000000000003a00000000007106170055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "5" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000008f0dd2c15721da010fda46d26021da012f9f86ad8d2eda0114000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar.v1.4.1.zip\Quasar v1.4.1\Quasar.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2068 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2068 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\dream_TradingCard (4).jpg"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e34546f8,0x7ff8e3454708,0x7ff8e3454718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar.v1.4.1.zip\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar.v1.4.1.zip\Quasar v1.4.1\Quasar.exe"

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\ipconfig.exe

ipconfig

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c4 0x150

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 87.248.202.1:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 92.123.128.195:443 www.bing.com tcp
US 92.123.128.195:443 www.bing.com tcp
US 8.8.8.8:53 195.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 92.123.128.148:443 th.bing.com tcp
US 92.123.128.148:443 th.bing.com tcp
US 92.123.128.150:443 th.bing.com tcp
US 92.123.128.150:443 th.bing.com tcp
US 8.8.8.8:53 150.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 148.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
SE 20.190.181.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 dynupdate.no-ip.com udp
US 158.247.7.204:443 dynupdate.no-ip.com tcp
US 8.8.8.8:53 204.7.247.158.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 92.123.128.142:443 www.bing.com tcp
US 8.8.8.8:53 142.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 92.123.128.181:443 th.bing.com tcp
US 92.123.128.195:443 r.bing.com tcp
US 92.123.128.195:443 r.bing.com tcp
US 92.123.128.181:443 th.bing.com tcp
US 92.123.128.181:443 th.bing.com tcp
US 8.8.8.8:53 mega.io udp
NL 66.203.127.11:443 mega.io tcp
NL 66.203.127.11:443 mega.io tcp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 14.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 92.123.128.134:443 r.bing.com tcp
US 8.8.8.8:53 134.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 20.189.173.2:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 92.123.128.134:443 r.bing.com tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
US 8.8.8.8:53 28.125.203.66.in-addr.arpa udp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 gfs270n867.userstorage.mega.co.nz udp
LU 89.44.168.160:443 gfs270n867.userstorage.mega.co.nz tcp
US 8.8.8.8:53 160.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 blog.mega.io udp
LU 89.44.169.134:443 blog.mega.io tcp
LU 89.44.169.134:443 blog.mega.io tcp
US 8.8.8.8:53 134.169.44.89.in-addr.arpa udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.135.105:443 aefd.nelreports.net tcp
US 8.8.8.8:53 105.135.221.88.in-addr.arpa udp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
LU 66.203.125.56:443 mcd270n310.karere.mega.nz tcp
US 8.8.8.8:53 56.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 gfs270n072.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n077.userstorage.mega.co.nz udp
LU 89.44.168.239:443 gfs270n072.userstorage.mega.co.nz tcp
LU 89.44.168.218:443 gfs270n077.userstorage.mega.co.nz tcp
LU 89.44.168.218:443 gfs270n077.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs270n074.userstorage.mega.co.nz udp
LU 89.44.168.239:443 gfs270n072.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs270n080.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n078.userstorage.mega.co.nz udp
LU 89.44.168.221:443 gfs270n080.userstorage.mega.co.nz tcp
LU 89.44.168.241:443 gfs270n074.userstorage.mega.co.nz tcp
LU 89.44.168.241:443 gfs270n074.userstorage.mega.co.nz tcp
LU 89.44.168.219:443 gfs270n078.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs270n071.userstorage.mega.co.nz udp
LU 89.44.168.212:443 gfs270n071.userstorage.mega.co.nz tcp
LU 89.44.168.241:443 gfs270n074.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs270n075.userstorage.mega.co.nz udp
LU 89.44.168.242:443 gfs270n075.userstorage.mega.co.nz tcp
LU 89.44.168.241:443 gfs270n074.userstorage.mega.co.nz tcp
US 8.8.8.8:53 239.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 218.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 221.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 241.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 219.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 212.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 242.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 gfs270n161.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n140.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n181.userstorage.mega.co.nz udp
LU 89.44.168.206:443 gfs270n161.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
NL 185.206.24.134:443 gfs204n181.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs204n109.userstorage.mega.co.nz udp
NL 185.206.24.11:443 gfs204n109.userstorage.mega.co.nz tcp
NL 185.206.24.11:443 gfs204n109.userstorage.mega.co.nz tcp
US 8.8.8.8:53 206.168.44.89.in-addr.arpa udp
NL 185.206.24.11:443 gfs204n109.userstorage.mega.co.nz tcp
US 8.8.8.8:53 134.24.206.185.in-addr.arpa udp
US 8.8.8.8:53 50.27.206.185.in-addr.arpa udp
US 8.8.8.8:53 11.24.206.185.in-addr.arpa udp
NL 185.206.24.11:443 gfs204n109.userstorage.mega.co.nz tcp
NL 185.206.24.134:443 gfs204n181.userstorage.mega.co.nz tcp
NL 185.206.24.134:443 gfs204n181.userstorage.mega.co.nz tcp
NL 185.206.24.134:443 gfs204n181.userstorage.mega.co.nz tcp
NL 185.206.24.134:443 gfs204n181.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
ES 185.206.27.50:443 gfs214n140.userstorage.mega.co.nz tcp
LU 89.44.168.206:443 gfs270n161.userstorage.mega.co.nz tcp
LU 89.44.168.206:443 gfs270n161.userstorage.mega.co.nz tcp
LU 89.44.168.206:443 gfs270n161.userstorage.mega.co.nz tcp
US 8.8.8.8:53 dynupdate.no-ip.com udp
US 158.247.7.204:443 dynupdate.no-ip.com tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 208a234643c411e1b919e904ee20115e
SHA1 400b6e6860953f981bfe4716c345b797ed5b2b5b
SHA256 af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458
SHA512 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

\??\pipe\LOCAL\crashpad_2068_DHVCSIPGYSGSIWGM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5da194ef4cc37e97c796f7f2ab8ad10f
SHA1 be1d945541544afad0dd920ed2f61882bb5d7b07
SHA256 430280c83176092dadbf66ada4a4774002d2c55ab9c025d1a7d70154465ac97e
SHA512 8d756c9d54bc740668679e58d4a72b00df633e239d7bf876de970531d2f2ac1cd9a5b408475282c474bbf22b84f4d3fb2824b2f96c728e4a48a12c8fa5be47d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b464bd7d04a3239ac114f33d957abcca
SHA1 0a96c4a72213b57a6f1df10549c8fce236d232ae
SHA256 5d2de54d5df73d36c5e75c3015b5b3572f16a02b3933fdba7faee3e586273524
SHA512 a27705d6f000137ed1a92f92d0a9758448f1ac671241cd089ef8f381c0e23fd57c9acc4cb58c99c5eeaa47539c576f758660d3d093cc55b27745633352190fbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d2cdad7316eb351b120bca1e9140771
SHA1 276b9340a9f4461d898c54751035c9be87ed2b20
SHA256 fcc278f96abf5d281fbe484f5c15ae3dfe35fd36e7846ba559274679451282b5
SHA512 9921fc1c2c0b26daca0fed5f52281e496d2d69002f3277cfc8108897083d89cc8f4402be6cf5e92e57daa4014d5c0a7355e55c3b63bf9d8b972311a42ffd0800

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5a6206a3489650bf4a9c3ce44a428126
SHA1 3137a909ef8b098687ec536c57caa1bacc77224b
SHA256 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28
SHA512 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f97e446a903ceec0f4e7d1e34e571bb
SHA1 9c2b57f1e810547f002c8cd0afe5e9172837ae0f
SHA256 74914f4a68112c1a83d3ad4e8eb627f736c72b27555ae26ae18d919b09bbe9cc
SHA512 bee78a6afbc9aee73c40ba1e183929e1505b11f7bc1ad4241a49aaceab77d73fdf51c1688cd3e6a46498ce23ce7eb4bb547b6e1536977c4417ccdb1fb655c332

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6c291faddb8ad3a5d55d946186a7549
SHA1 3ecf4e9aa12823e2582afe5c872a4d89d6782879
SHA256 ac4e0fcce5b8f4a3f26bf555ff5bfc57c2dbd2f646a127b9a4ba3d1b796dd197
SHA512 a706a3ed088e9a6f6fba30b0c1a8689185203e0b38a5b8812502913376fbe58e972ac33a873788e76de5419397234e48d6cfccaa5b09197c853e50fe7dbd71b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d26e28f5135a5332b1781043faae931e
SHA1 78878abf55b096bb4afc8a8d282f40ec1d2482fd
SHA256 60aa006d156e32a258187e17e477ce35c76020740400ef9d235ac3b1d94d3d0d
SHA512 b17b42fe237fac205bdfa3adb304954c0afd73a9a0b0eba2b430868ac1df488f4e76f974cdec0745acf8256c8363df9d9ef0a88a23ad16620c3a6cd420624cbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597267.TMP

MD5 2e1ba1a0d548715a52968f7baa7abdba
SHA1 fef3d74039accac273a5d3ee97c28a7184d11554
SHA256 d6eb90ece800a7dd3a9dca0b09d33879195c5c218a2582581ca0a7f81c2cb7c1
SHA512 eaf41129409e91cf01952c2e55d55bc73b042340600b109078cfc6d70b6acc2c5a969e58b18683b4e773127cef6fc13e95a7de3e16be294eeb362e8577eb6abf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84ab08e47bbd096343e0bccd2bc37989
SHA1 f116ea165cdbe32a807eadda5efcda36eb2ebe20
SHA256 4353b5b6964119327447ded7206b3bab68a976b649fb74f2957ebe3d145b92d0
SHA512 0ce26fdc711413c4317c5e3efb4a953f1d8b15adc834b1fa4b6c95a128a4b7db5a027ca9084d45db8f213c3a7317f7d309dc140e2e51db1d2a89c7a4d9210cd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e9d4c04e17bc98d96516738d7ef5f3d2
SHA1 9bc295259cfdc43ec5549b93af07ad596d291701
SHA256 eb08bb06bf7172c2e54152feb3c82dc6d7fbdd19f4015bc2397bd5ad64594fab
SHA512 1c7a718f815fc0c2a554095c1e9b12a1965dbcf4b4c9855e06b911ab764b14a208e2770ddf146172b7b0c4f014cf1fe6efa27b60f4e7e719dfba274728a0201f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3335dd2d-d988-431f-853d-c09e5b1ecfba.tmp

MD5 5ba4cae0b9c6e73ca177bce011643461
SHA1 760bc5cbaad5fe0b9e2c9c6b6e5cc504f325610d
SHA256 e9c64cbb2fb7cf4b1262f0cae76cec0c74aad63ed9ea281c5877c3b9e2c7fbb7
SHA512 88684e8f9611f3138afaffdef5857e59d2eeaa0af11fe568c5c036d242bec75f30bc0745d630852177e5935c4e8fa4ea3577d5bcc2c150969c32fd383b4b9425

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16e0c70b539f6b0986b7a5a131988711
SHA1 238fb5fae382b9f7eebfd22df7c7c7a00a1c7664
SHA256 094720d0311afdd159872331b907fc4f5f8bd2e3d0e6700d60b02014fccd5573
SHA512 0ca89a836c63b624d13b52f10c51abe93b9a032fc1a5ee47053a9b7aa76906bb01c5db9c74d2e8366339bf6c4a48f74722f4de2c7bb39f4867258c9e056b87f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62d54d2881d4caaa14ea0e0b5fe586ea
SHA1 1ec5ed6d776abfcace81f80dac112acefd51aeb3
SHA256 85fb7287cec606c61512724f1b71e52a357fca208360475e585500eb1011c659
SHA512 e34988c7d4d770d9df44f96913aeecb8d2d31ae97f71664e310e22cc68a8fe938e14d0f57ff82c79a1630d85fe7ac9fc3067ff653bebb3c2a4199cce9e2fd689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4eb4ffa6e32d39d12a3c1fb4bd4c72fd
SHA1 5e870d70f6c35d4d5afe7ed6d2dbf0d043134ef9
SHA256 9f16071ae6f10194e29eabd950af6c942411de41c2d85a3d5175f44548531a03
SHA512 670a72b57c8c905c66d08631b1041a272d95de51e81c7eda1e686dfd64eac52d27040a424323714fa9ba81c981ddd216f78afbb3b38ae0ace07b58ae89777458

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

MD5 13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1 c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4f72d042b0613ad5980db15d0116d53
SHA1 8e4a8b945b025f75050a9e77db985d2a33920ddc
SHA256 af3d7cd9fba3ceee3cdc4d0969b5efa3601858e1beda8a2f52ea4f4c60bf1c7e
SHA512 014aef69d66b81c33cf0c8bc3610d1a4e71ca92fb33456d1c23a00ef6fa84a7e443181fddc6c8c5c5a02ec125e01c244e3649d4f61536716e1ae6fa476b38fc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8ac79ae572103e495a5730541fc145b5
SHA1 58e7a69943012f29b15f587707836e24ad7a3d7d
SHA256 7b413919ee449112e8e3a64fd89037b1eee9165ecffe98787e50b7a33c4cd974
SHA512 4736a7104b06e94fd5f9bc9c16caba2ebb02dfb601b2a9d17a90dd1bccff19c617534a6fc04a82e07f287c3fd99285e41e67eb0080d762de8fe53e6e199400df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03ae0f4cf07e3eaadd9235664b9c7924
SHA1 7a53489e22ce7566c81083e4809b120d3e5ea03b
SHA256 75a9999150448c39063df781b5bf76bddabbc349c2527003dd86dc5c261b9b45
SHA512 c1a8810f40b18387d5ab8f6165af17c81981200abc00e1b96f76490d6da6ace64b0513bfcfddb31e753cd2ca1a888794830930d8e5cddcc6fed6c4186fa6ed9d

memory/1300-525-0x0000017891C10000-0x0000017891D48000-memory.dmp

memory/1300-526-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

memory/1300-527-0x00000178AC2B0000-0x00000178AC2C0000-memory.dmp

memory/1300-528-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

memory/2308-529-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

memory/2308-530-0x0000028F55060000-0x0000028F55076000-memory.dmp

memory/2308-531-0x0000028F56920000-0x0000028F56930000-memory.dmp

memory/2308-532-0x0000028F723C0000-0x0000028F726EE000-memory.dmp

memory/2308-536-0x0000028F56920000-0x0000028F56930000-memory.dmp

memory/2308-537-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

memory/2308-538-0x0000028F56920000-0x0000028F56930000-memory.dmp

memory/2308-539-0x0000028F56920000-0x0000028F56930000-memory.dmp

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

MD5 9378cd79b79e9a4b7837de6dcd17fdc2
SHA1 289bc3436d716f870b2c1747f68aab4dbaaf04e0
SHA256 5ba1ce9c90f00e9d82ca4aa5dde823468d328b4296a46295fd49bb6aa4521adf
SHA512 c36818f8be54eb4e6f4a0ec3106aee8046cda9543c4cea7a2183fd9917a97c2ef0122f9b2897c32d8cccd600e2278d5a188d01654883b2debb5c2e96b6976bb4

memory/2308-558-0x0000028F6FC20000-0x0000028F6FC38000-memory.dmp

memory/2308-559-0x0000028F6FC90000-0x0000028F6FCE0000-memory.dmp

memory/2308-560-0x0000028F6FDA0000-0x0000028F6FE52000-memory.dmp

memory/2308-561-0x0000028F6FCE0000-0x0000028F6FD2C000-memory.dmp

memory/2308-562-0x0000028F56920000-0x0000028F56930000-memory.dmp

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

MD5 ae71d9794df809c967f77780f694e058
SHA1 afc1a3a73f90dd007161280c07a0f89e53353cfe
SHA256 2c76071cfe0d27bc18328b177cd3a386d14f400d3b9f1674a05e9d2dfc75938c
SHA512 86a609defaa46f045697d38f2ddfd734857efb4f77fd8ef51ba7218521284eafc572f4a8faeca6f6b28abddfa463f9c0a6d746c090503334129b399dd8247fea

memory/2308-586-0x0000028F56920000-0x0000028F56930000-memory.dmp

memory/2308-587-0x0000028F56920000-0x0000028F56930000-memory.dmp

memory/2308-588-0x0000028F73730000-0x0000028F7378E000-memory.dmp

memory/2308-589-0x0000028F715E0000-0x0000028F715FA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3635043082-2972811465-3176142135-1000\c3406d884f1bba8f5083b58be7655f69_05362cec-23e5-40b6-89f7-968588d97615

MD5 45ce87e0470f9cbb9d843f1e8dc1f91d
SHA1 97002b52955271d9bbfb3692ce7f9ca158917108
SHA256 f2b3b3345fac2031493822a9eb2e44091febe774a18d7394cc08e2645c746dae
SHA512 c9903c92815a9574d5db8b19fed5fbb9b9a931b87fd8126f7a4898114e1f7b64e228751464f97db7208a22898231d451c34bf3bbeb45a150cde2eda66ce1c997

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

MD5 fd0263b30dc5b5490f9b51f58a3dd869
SHA1 0b67eef6960b370e18fe1ccd0bd718ab4c0a4b64
SHA256 1ef2c4cd5254ea17bd487c6358239cd0cd5a4661c51c01eefbda40471037230d
SHA512 df2b4bcb4543680670c2aa8417cde1575d9697cdac4172a282652c5f402c7dd4f45a2051b19f4da348045d4aafb86a599d970baa5ae1952a539d223079e57aed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 bf86b7a75a970559d077f790895a5ecd
SHA1 2a35495fdbdadffef16b9b294b7f49351c959ba9
SHA256 21ecfcf1b74f0c3cdeb145b9298bb2873bc6ea15b1d52b34820f1627fe6fd962
SHA512 7fb648967ea6e5980264b6764a6311dfde889be6a6003d978d1303b22389d7b7869c204af6c01ee8965aefdcb2a8cd6b1ff189fec85015caa9100cd1aee0c15e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 bea64c447b0f2a1012d0ede8e09e700d
SHA1 03c4e014a1ed074ed2611b5889ed79b6f1ed8aa6
SHA256 34dcdd7a5b57897d1eb1a2620ae5bc31d4b5d80e761e62fb8cd3c2a3b907241f
SHA512 ac1c4b495b990d8fad333f54d3e61d5573efb7a0c7c584659cea48be8d4857461bb011b1f2a4966cd714bb9252cc1750e8e53f2203418ca19fcc8143fdea6b76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 45a177b92bc3dac4f6955a68b5b21745
SHA1 eac969dc4f81a857fdd380b3e9c0963d8d5b87d1
SHA256 2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb
SHA512 f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 4b77f157ee1310b028d1f77ba272246b
SHA1 4cacf231df184a1665e39d2144d5e9faa2be214f
SHA256 a5ef992b8569715a2286814188efe11f2aa9232b9c53d8f60981956c94e3b5e9
SHA512 378afdd65a471687ecbb785fef2d05c9b4bf77c74506fadcae917d636f97ef8309215114d7b22e2054162e233882674482391b03e9ca877ed6e728a2e106a52c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28c238b3cdba839737f820025198671b
SHA1 41000c04abb91788feeaddadb1680078f895365d
SHA256 22823e5d1d8f1b996eb452dc258cbb807b0a61423b9b718dd49cf3aff1f33801
SHA512 a7a3e64d188c5779ee0d207adcd032c47a72b3bd049d4a56d11a83890448918b86b51331aea686231b95bf136c49306838b4ec115fd0d8b45ec10dcbfb1ecdb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e0c5c28d32664bcc0dbd02a3fb34b0a
SHA1 081777caad22197f09d2bb78da0b69e13fcbc20b
SHA256 c925e1512060d37707a42158593f63c1527d48cd847e0f63363ad16e1634b78e
SHA512 3609dce59c45c2892fa850cca8b96cbb35a1da3ddb6e4e11d854f6e0110327d9f1da953ba780e875f092d7bcd7a089cd0523a75e5aa94363f33dc2cfc756c4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1f4f5050be852a018083f64b97d4fbb
SHA1 de9776bc97334281f4438a50416ef890127f0e6d
SHA256 35d5a86b2997f220ec4a70b622ece51e4ea7c1719f094f66d8bcc47e57889643
SHA512 3195a380af9b92dfc8c7dc470e119ea7d378765681f4c1b8b60e763b0830fea186dbf60480593ad6daf6314f05075fc60038241af7093ab874038d15d4b1d6bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b11a42f948e5edf08c31a2ef88125164
SHA1 4d554ea4de60d62c1e959b7ade8905daab689986
SHA256 879925674f1eb67a9262f45cb87fbc7d38f4fe2ea7fa0396244e9f127e8f557e
SHA512 9ef0fe4c267f819f59402736be4385088269b6d15558acfd5e7ffbf5ea1db539f18e47745bd60cf92bcb545fee3910cba0611892b322de428ffef66cd32f6655

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f4402b6742e82a4923ce5c109aea489
SHA1 9c0106b63c40da4fa1475268c2c12bb3bbaaeded
SHA256 9be7cff556ead54741ec03264fa15f81abcdcaba7dce8df8429d0848a806fa73
SHA512 278e7052d6642729a396a06259780815fbff425ee38b0d4e0be5d36e05807be291329958b0482256235d66de39a9af693b6518f013acd41acfd457dfd43f05d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1cd6d8306a61ba282360d1eb27f869c
SHA1 7bd07e2ec3d70947b9f14f8b2d1f11008ce5572d
SHA256 164f4c18ff876c798b4455a237fdb3a85987db71aafed367f7dde170d858da0e
SHA512 3bb300b2b8cca72926ab20574ab26df8da683f0bb6c2b5ad63e6e46379d802622b48001d7483a487946a5188c6895ee927e4655cbb914bdfd18dea7f08523700

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99eb4c181349b1db19a0949957917f55
SHA1 94c50a0c6cc77700126cfc2c5916f559cc2d4399
SHA256 2423851515af97b4779b047373162c3d0507f4981f565f6c915c816232834ff8
SHA512 2e4093c1c563d7a302d66f464892c4ebe4fe4999c3f03448c7aa1a926a43020b5e1a8684a39267a381f32b77680fadf1806491028478fadf4b0220b4b2207c7e

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c8b397121a3ae77292569d6d8d7d954
SHA1 e2b9c104c51a5208eb05658701f5001a05c3d727
SHA256 7555ce1fa3342f8dc3df3582a9c30bcc79aa330cfadee63237f4d741636c60ab
SHA512 a5b5e060039d721b2f58448951c5873ad62b4d2ef185ff443c6a4838d3ee5193970e167394c4ef316e3ff419d5bdf3ba8276559592eb348e95fb5bd9177fdd95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b07f6978932687888ce767b0f4012c21
SHA1 9f509021ff28537affc7dd019e5f68158b43fa15
SHA256 b0cb34438871ddfa26854db40de6ce14fb2d93386d98f20c156212877e3f3431
SHA512 ef4de3d302ea404d0bac200a2f2fbf170a1502cedb2f122242c2f9e463b397955e699a6b2e731323b01dfd29e3698a9b37fe8f33d02806851a261dc8d28f56e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe635f0d.TMP

MD5 6765de382d691c39321b0e05cfe5fd88
SHA1 a63781508589b221830f98f800b6e940f3265646
SHA256 9fede2967fae9a3f25e6f6f0ae47598885a48522ae32fedca6a7656238d723f9
SHA512 101839c15e05f5654c0e6d1d8a3f19197867d7a8570d71c42d1a07750605685f1bfc7db23f652726bf9e233ac8cbb6095a19bdb57fd243c2e3fd6dfa05e8a084

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 f0d11cde238eb54a334858a3b0432a3f
SHA1 7c764fe6f00cab8058caeba38eb7482088a378f4
SHA256 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96
SHA512 b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 c60fc26f87ddbef308737edf34ef65c6
SHA1 cac72a52856bd8696a66563883198d9d1e685410
SHA256 23e360f2d680bac47c218b199d688c80f72ff2f829a5150c74993f1fdfce1bf5
SHA512 ef2ad3901b32d3ff817afba6718ac6a5ca600546662b2543473bc32238a3b61c601f7803078f48020658fca8e2bca9bf8bbcca8fbbf52b503f30fa2b13758956

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 873c4764c2a7befb6d4d78650fffa6cb
SHA1 3052199d1a09e6aa9a48667267a1a65e01925785
SHA256 c6396cfb3b709128efd82810adebff888f1af62d634f882abf05b09cde839b15
SHA512 385d88634055001bcb3526b0878f2a9adbc02b77e60d0c72a3cc9d81c0c8e59aa7ec04f15e7d80e34ec416c876631288171c8924ea91482b12f7b8ddf37bb2fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bd833175906724acd02ef55ae620b2a
SHA1 828fd6cbbd0bc7099ddeaff6ecfff3495640a3ea
SHA256 ec943c6e81f6d7e030751489bc1a5199572099e0d14bc5cbe57a4dc7e2193bff
SHA512 7086b7f7f59ed9aa68d5286dc30d02d2ba6a81f81a8db607ca7fb473bd7323ced13db14573849165aea1e19c9130f7784a00c0f0689353f35e283d33b4d577f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 b7ba0a4aa6a32e2cc52c5c6c56c0e77b
SHA1 27ab63b16aaf8cd3806d9066f79ab4fe1ec329a4
SHA256 d52ebf72521d811bb1241160c3b589eb06cfb31a246e8b25b849401aef6b5a7b
SHA512 bcbc454280cce4607fd7fcc32328c4094c02727acda702b807d61948c21ff0d4b48f734f77298547ea4ef9b146761d54f0668790d3fb1ba67fbb198ea1c018e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c86d364b81e3ffdb2d08107738b0dad4
SHA1 f0c7bebb75dd0bc60ce0d00078a0fefd7fce7e87
SHA256 7e1261c26270472dda6ba161726ded7674b751e8bc4d80c8ffda01c0f2440cc2
SHA512 2f8b40d428be85756ef8f69a4046cf1fb367c9b28d246933a66c00d9a1a81ded090dbd010268ec1251a908aba4aebbf18c0a1a646ec87d38582c56f611fd9867

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 aad5ebb5294b0174c0115d25b4a05bdd
SHA1 d2cb37bf6cc4383c61d86d50a21d9d252d2dd0e3
SHA256 9a1557d4a1a660dc5f77b89b44892b13e1a20b0688021b5bcd8c27d4bffbf220
SHA512 5a0f7fb64ae030b0f11afb901b954f9c2e9958eb1a9d1a5c8fbadd27f8f2cc59fbdf2af8a5883bded58a63b906e8d4c9928eb188f968800ff61d495eba9438c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fe54dbdc0f8a910_0

MD5 5224005f0b193c599ff86faeec8c3f56
SHA1 d0daa91e01fe3279528cccbdedbcf73a6c733630
SHA256 925fdb7679d9c959df1fc4218711d520bbfbcc803d1c3ddb20cc981b6d7e3a39
SHA512 b86b707a72a3f231adbe3e5639b543009b272e47b8beaea0bb8b2a220dd515679bd2f0dc617c94e9b3d1965413b24150cd78e22f89522630caca4a6054a05a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4798d771a430414b_0

MD5 f6616fba0443b83a6308343ba59b02e1
SHA1 44927085519b657bd110dfd51b07b83211609a17
SHA256 88b0e3ed9debeac1750d91b4ede5eda6637e94bbec1645f0e77329ef4fa59aaa
SHA512 81534d1e7ef4c0eab7587f75c397ddfe2322badb57cb3d42f24f2c878807daadf24a15f7cfd3ba3352623ed24e6bdfc4a8e1bdef010e7d7d60eb73c5897353a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 e9a446b077bd643e1852a085c439bf93
SHA1 b1e8cc3e1de58f2680b0715ad5e2b62770b645bb
SHA256 5e1af50025345831842b59d97b580cbc67e5b524f3144ef813c297b46135c28e
SHA512 69977455e0af6fe8665c31467f71e2b0302cd8bfd47dadc0f1034bf90afdc199cadbed1d727c62dbc7375d971da2f9dabac60d0a375bb71d8f63cef5d976b796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\186a34ab13c00db2_0

MD5 ed37fffce5a06e9433073c17bb503f9a
SHA1 be8fc939d4737459c750c4798ba5b9661249abef
SHA256 c727fe9a24433119007b3abc99c87def6dba0b73300e6b624366e9414b4aec3a
SHA512 c1bc89004dbf0baaece137567d00cd97915fdd77c64ceecbecd18f38baf24a3506050313984283e8dea45471be568522015d7f8a70115ee972c57a7101004d3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

MD5 814a283d5cebc94a848474ba6dda9d8a
SHA1 11ef165c7fd1af88dc49842a78f2dc82e3bd70ad
SHA256 a36ed7f853fbfd35fc3e839ef37d5631a4491b4f2bd8f46701269d5722a10bf8
SHA512 60697bcefda9474b912c3353f08ae66247be1ef38433c984a9737cac52f090addc3ce1ed5cd8dadd6be0ddd2a3810933e25cf957315839e81ebcf05429aa71ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 469b324926c2a7b444d05505578d7389
SHA1 db9c7cc3fecbf0f88caedf2257cf8abcb655ee06
SHA256 9469057c20782f4381a01df70d28ba60bc07732ae8fdcd3eecd0dd9be81282ab
SHA512 b96e790db6072c4066df9931c40dd76bc0d4e0efdd8d143f920d03b9947f34c9f782f3ab6ab34922e549c61378cec2541b3458ba9d7183c5b3b1c5bb6b97c62a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fb8025ebdde641158c313398e7a192d
SHA1 9213e705b00693c868da260c11ee09181423d9c4
SHA256 1ea89352c84930af98c4b0c4583a2bedbf0c415b63363474baa9220d0f4300b7
SHA512 8460c8d8eca8b4ba39b6217adc7799d820f54d472f10d24e1603f5239c56cc99fc3706dc7ea820301588b001c7e35dc6af34b6829f312dc4b8dadee4949b8c09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ca147e58df918c35dff22c4dafbaf0b2
SHA1 6f5cc95807f4e266c8bfed16c3e0a43506e42261
SHA256 fb395b3b2ccc240bc161f09b970e593d11786bebc2ccdea629824aa240503a64
SHA512 50c9791d291a5d08bc771a796aa1d38eca48f43a3da73ac63a2d1bdb24b7c7f4f7563fa665ac343ab768aa396e8e791aca195d77b73fad6d8bfaeb60a7ab7a3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd5df8f578bf4101b743634ea3d4180e
SHA1 168c4eb0d9cd885c9018bbb7933c6ff9e426845f
SHA256 7b23c5a7f13d2538799ed3812c25c9c54bc7af1f17a6063eff745ac3b12edf28
SHA512 a4031605c4a0849caa45501712c2d6c00431c05fb427e0dd52a5dd4a0017a19afab89412e151216174f31949e2aeedb80c694a18be524cbf18bb619658219c92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 d98336ab70692f230db3cfde25667dc5
SHA1 16be0095120ff97d020ee1e1b75bb7bf6d53782f
SHA256 6f0067c1169af975b85fc0e9af839824fac20e2a473c09ef2336c16804dde2a7
SHA512 dcc276777b21af73d4fff66b537032752a3fd0eb85efda2197f4559cfae35147275a6d3b0022921250ac80d5d33b02e2d23a217d6d72c4aefa3df11bf0278583

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe6425d8.TMP

MD5 771a571de2850b7b88a15aeb38027214
SHA1 4b6e91b912f0861003e68611329cd23970983060
SHA256 731ed634348a4e06f57f5d34a5245b0dd2130a8f7319ad3f9b0048ef59beaae7
SHA512 af09a0ed9942aeaf46bf252fa0aa1aa9601b395009d3bf249a4806370987e3aa33ee0d302bcebb2d2beb6badf357b204cb00659136f58be212b18e8806703fff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

MD5 425b6feb9fd7574b0d8492482d0dbf6e
SHA1 1b19197209361189837c21059e3212fde95a4964
SHA256 70923d26813d4266526aa5653d548a1a5d25faf563428f1ddba136a2f21cf8ef
SHA512 4d385a64e754282ea59ed0d08396e87faf6c1a9f28908047c31fc2e00ba438569725ac23728938980c9d29baba5f8f5295f3cc48bed17cbb07d6d0d2f9130f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

MD5 f90ac636cd679507433ab8e543c25de5
SHA1 3a8fe361c68f13c01b09453b8b359722df659b84
SHA256 5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce
SHA512 7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

MD5 b1dfa46eee24480e9211c9ef246bbb93
SHA1 80437c519fac962873a5768f958c1c350766da15
SHA256 fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398
SHA512 44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f1467ca1b3d9c22fb860733f80413ba
SHA1 c56eb361510608f54b6e9cd96fe0e145c12827b3
SHA256 2900a4eb5ce92a3fedcfb0f9c48720315dc7b7c8702cc04a9a6cc96050898f48
SHA512 12e6454380fc320d3b6bdf58d5363984b9ae70087363fa2176c4da1f51ff9bb6a1db7d440f1abfbeeafde82bf8a1afc42ced0bc8ebe649cd7c4bbd5b9ef4b933

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a2c56017997393e8298f68946d54b24
SHA1 45a9ad51ac4ff270b082369a07b3835f3cfceacc
SHA256 8bc096045b231e8a9c7d404abfb4ffb4b1455de449ec4f82ecccf49bd2d0c7fe
SHA512 63ac1c9635c24ad9e9c16a7ae9b1680863ef3f7ec0df38da0ce7301aafd9efe37070075bec57a01ed90fdd11ab91930891c71e691fa5324bc2f23c10b8438fcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44ac45bf20e15a21407166e5a524d5fd
SHA1 187b9ab0c6d4bebdc0bee46c625dfb30ddeedcd0
SHA256 405941eb15dff030d4e7d9282e7743f688724637651750fb1a7485e8127040e5
SHA512 ec54a105bd2099c7397370737ed834d06d9533e5051df93ee5ff3f491a0a458a94bbd91482038a338057ac9c9942679dd936d1cde9ca5cd5c6d91ae6ad5c033d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8c0e569a5f6b444ba765b3c9c7d613d0
SHA1 53d65678a2fcb290f608197ab01f3bec6da9ac7d
SHA256 276c0f52142067d977b6a65fca443d68d77ea84ebcff9eb4271a7aea88a61d7b
SHA512 67d2a82812da9bb139d865af8acf4e9b73c5e8659f0e145bd3e9fe63dbba0e8793ba483f0474025a45e3384ade8ed21ae0531d189a65d3a9d5e28e589b09a46a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe

MD5 902c60209cc856b9280463e5480e6534
SHA1 ac09b1aa98586dca2ecea674d80f2d26d8b38a6f
SHA256 3b7311aa805e7984d3bd3ac1b86f9f2fd94acbca689bda7b793bd4d894daad76
SHA512 dc016d226aac5e2ef709b6c59546c6b4b129f79faf6234751e5692392dc865709645fc4278ae8c42715bc05b93c4098950964967249fb8615d26b865720b85b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 213b4be572fb352b4c720a9d0e8757f8
SHA1 b40e4d6b3758bf8694e54d431b254a9a5c605de6
SHA256 37e72a211eb3bb90e2eb8da150e8a66940cb40e8204d92a2d38647313809794d
SHA512 6cc707a5a2f1df0bb9ff7cacb1af633b5bd799371b30219bbf2a2a2dbe028a7a90a8246d557b3fe43b849ca62b14a81436dccbc3320389cade3f9736efc76b21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 290ed9da9301e67c50aa85420f0e2419
SHA1 18392d6c731416897a691e239a1ff360c72618c8
SHA256 6894333f0f4a31676c5c7e2b53f20fa668fdac29a14e16be921dbf36e7bdbdd9
SHA512 71abe9fae00b750559b317616eba39250882b59d6d294ba56ce29142a997870d8a5f387183bbb781451714e209dc8a24298f1e61d48a2d53e92359fd708837d1