Analysis

  • max time kernel
    1171s
  • max time network
    1172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-08-2024 07:42

Errors

Reason
Machine shutdown

General

  • Target

    https://github.com/quasar/Quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.127.1.209:4782

Mutex

3d0778bd-7708-430b-bcdf-f98271c696ed

Attributes
  • encryption_key

    B131A0FFB69231C11E0A80BFBD156074D44EF453

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 4 IoCs
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quasar/Quasar
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb08a746f8,0x7ffb08a74708,0x7ffb08a74718
      2⤵
        PID:2444
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:4428
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1364
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
          2⤵
            PID:4772
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:856
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:5092
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
                2⤵
                  PID:1016
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2488
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                  2⤵
                    PID:1384
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
                    2⤵
                      PID:3048
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
                      2⤵
                        PID:1776
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
                        2⤵
                          PID:1496
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5440 /prefetch:8
                          2⤵
                            PID:4348
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                            2⤵
                              PID:4928
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4220
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14134833830242596616,16317225227126915834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3812
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:668
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4596
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:2396
                                • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
                                  "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
                                  1⤵
                                  • Modifies registry class
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4832
                                  • C:\Windows\explorer.exe
                                    "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
                                    2⤵
                                      PID:3704
                                  • C:\Windows\explorer.exe
                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                    1⤵
                                    • Modifies Internet Explorer settings
                                    • Modifies registry class
                                    • Suspicious behavior: AddClipboardFormatListener
                                    • Suspicious use of SetWindowsHookEx
                                    PID:3636
                                  • C:\Windows\system32\cmd.exe
                                    "C:\Windows\system32\cmd.exe"
                                    1⤵
                                      PID:1160
                                      • C:\Windows\system32\ipconfig.exe
                                        ipconfig
                                        2⤵
                                        • Gathers network information
                                        PID:1740
                                    • C:\Users\Admin\Desktop\Client-built.exe
                                      "C:\Users\Admin\Desktop\Client-built.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:3232
                                      • C:\Windows\SYSTEM32\schtasks.exe
                                        "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                        2⤵
                                        • Scheduled Task/Job: Scheduled Task
                                        PID:5068
                                      • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                                        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SetWindowsHookEx
                                        PID:4616
                                        • C:\Windows\SYSTEM32\schtasks.exe
                                          "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                          3⤵
                                          • Scheduled Task/Job: Scheduled Task
                                          PID:2080
                                    • C:\Users\Admin\Desktop\Client-built.exe
                                      "C:\Users\Admin\Desktop\Client-built.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1572
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1338eb32h7cf9h4555h9d6dhd547edced6ac
                                      1⤵
                                        PID:3296
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb08a746f8,0x7ffb08a74708,0x7ffb08a74718
                                          2⤵
                                            PID:2736
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,5966113813541161557,7906858648738657788,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
                                            2⤵
                                              PID:2192
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,5966113813541161557,7906858648738657788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4084
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,5966113813541161557,7906858648738657788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
                                              2⤵
                                                PID:864
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:2512
                                              • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                "C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
                                                1⤵
                                                • Loads dropped DLL
                                                • Enumerates connected drives
                                                • Drops file in Windows directory
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of SetWindowsHookEx
                                                PID:1928
                                              • C:\Windows\System32\vdsldr.exe
                                                C:\Windows\System32\vdsldr.exe -Embedding
                                                1⤵
                                                  PID:1780
                                                • C:\Windows\System32\vds.exe
                                                  C:\Windows\System32\vds.exe
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  PID:4920
                                                • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                  "C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
                                                  1⤵
                                                  • Enumerates connected drives
                                                  • Drops file in System32 directory
                                                  • Drops file in Windows directory
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:4404
                                                • C:\Windows\System32\vdsldr.exe
                                                  C:\Windows\System32\vdsldr.exe -Embedding
                                                  1⤵
                                                    PID:2848
                                                  • C:\Windows\System32\vdsldr.exe
                                                    C:\Windows\System32\vdsldr.exe -Embedding
                                                    1⤵
                                                      PID:2008
                                                    • C:\Windows\system32\LogonUI.exe
                                                      "LogonUI.exe" /flags:0x4 /state0:0xa3927055 /state1:0x41c64e6d
                                                      1⤵
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1504

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\$SysReset\CloudImage\metadata\Mitigation.dll

                                                      Filesize

                                                      273KB

                                                      MD5

                                                      6436c1e2fd21ec4fef4410167bb6ba5e

                                                      SHA1

                                                      1519316fa3b0bb01b0b05813f954bea9abcc8a03

                                                      SHA256

                                                      597ef98660bb4be7c0f09e507fb5b394b334c49db9d67e46a162d58aefb6e022

                                                      SHA512

                                                      2242e4a5c60ca467fd3fe64d097411d9452266d0253e565cba648916e3b173dd789fdc45d2be083d7b71fb4f9e997966655d9214f1813777302b038270522370

                                                    • C:\$SysReset\CloudImage\metadata\UAOneSettings.dll

                                                      Filesize

                                                      88KB

                                                      MD5

                                                      c230b6b003b3131c1972fa56aeb79fcf

                                                      SHA1

                                                      083e36a67147b031f4ccb9e6d396529789977d85

                                                      SHA256

                                                      013bec06baaa081e903fdb62a50abfce9e057955170b07edf3b92ec6c547887e

                                                      SHA512

                                                      f75f4adf6d0a6a2410cf69da0574990437b6a18f9c8e93a9dcdb9d18121ddb553f10063dc0c30fa393ec990ba0db9c68e87c7c67a95478c87144483a9844f099

                                                    • C:\$SysReset\CloudImage\metadata\UpdateAgent.dll

                                                      Filesize

                                                      2.6MB

                                                      MD5

                                                      69408426a6fe28cc42ec4e9746306316

                                                      SHA1

                                                      20cb0cda61fc86a7ee55fe29857f72d7238f11f0

                                                      SHA256

                                                      891c5381840ab53bc2a493a7f7ed004d8fa2bfc4fa2bf64a9e1f561e2579268d

                                                      SHA512

                                                      7d52243f584c3a34d434a7ae5fb85b5c9861fb965006961a13a27504c03f4635ce8d6a507986e80a8009b898d52008c0a70d65d4bc06034134362855dd178ca3

                                                    • C:\$SysReset\CloudImage\metadata\dpx.dll

                                                      Filesize

                                                      719KB

                                                      MD5

                                                      29bda3453b0cba312463c84381f373c7

                                                      SHA1

                                                      aca843cf1fc8607226a3fb32f6424ea1546eef30

                                                      SHA256

                                                      15d29a06aecd840a42f3324e2951d28995f853c12f6164b60949d16aeab1824c

                                                      SHA512

                                                      6f50d6a368eaa34021674b36938a2690bedb5008838af43029b441d2bbe2c531debfb9693a867371752e720239f03a540ff08a5cac67a51ce8eade1c435cd4b5

                                                    • C:\$SysReset\Logs\setupact.log

                                                      Filesize

                                                      110KB

                                                      MD5

                                                      77ee2f9d3eac2790fa22a8d9d14cf29a

                                                      SHA1

                                                      803a334b59edb78615d38697f6f8a4e97a7b12c0

                                                      SHA256

                                                      c382318698d96d44d1190673f04d3a099c2fdb75747606beb131e7f3f2aa3d10

                                                      SHA512

                                                      02ec8c10d986617dd680d24166b8ccacda87dd03eaab278ebe80fbbc9c6f4c7a87cdf80824628eabb8d2c0971c2d55f9a2df1ddb24a04a40512d38cfb854e3c6

                                                    • C:\$SysReset\Logs\setuperr.log

                                                      Filesize

                                                      749B

                                                      MD5

                                                      09efd6578f801457a55f8663fa8d09b2

                                                      SHA1

                                                      81dee466080d81484adca57dc2a0b6f18acb3a20

                                                      SHA256

                                                      08130b319e06fb8ad9e27768e219942e725de81f3895ceb0c7b81fae2a54acdd

                                                      SHA512

                                                      c053d1198448bb6df7978e8a3c5c7b65de7d79c4167c33b2631b8a717ce72c07b83a621288bf6318d39f65e3e1ecfb1f9132c6a43e54a68087316c1a62b2478e

                                                    • C:\$SysReset\Scratch\csrss.exe

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      a976339058116fcf346437d797c7eec1

                                                      SHA1

                                                      69a1dcf6a41bc750cacec3185c99839c079275bd

                                                      SHA256

                                                      8ebf4096d28a78e8ab36e5084784acc90464eb4a74d972c942f147ea59e5134b

                                                      SHA512

                                                      72bac6ea896d9b7f817ef5644adbdea80bc7f852be124f08487507a4507fb0c0aec167ec03b9dfb8c4ede7f0dbcbdc8343bd3c114eea62bb1b842160fce324a4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      baf55b95da4a601229647f25dad12878

                                                      SHA1

                                                      abc16954ebfd213733c4493fc1910164d825cac8

                                                      SHA256

                                                      ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                                                      SHA512

                                                      24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      ff63763eedb406987ced076e36ec9acf

                                                      SHA1

                                                      16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                                                      SHA256

                                                      8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                                                      SHA512

                                                      ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      2783c40400a8912a79cfd383da731086

                                                      SHA1

                                                      001a131fe399c30973089e18358818090ca81789

                                                      SHA256

                                                      331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                                                      SHA512

                                                      b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      174677ca5072735570c983bc1b4b9a65

                                                      SHA1

                                                      68efff4c84b32f794ac50fc1b59f315e7b5c5ca0

                                                      SHA256

                                                      c55a7b95513a69964f9ace2f3db3df1da88e220ac9ccbdc7b050b70cf1ad0834

                                                      SHA512

                                                      e2570b1efb85449f4ae12ce1867c437404d90193cb50e3820ee19f9c1aa234fc27b008ae05e324da13d9be985fdfbb2823a09c1c802e90444ffb71c3bb20d5b2

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\68907989-342b-4a98-87d1-a8516813779c.tmp

                                                      Filesize

                                                      580B

                                                      MD5

                                                      feb394813b1384e547c557a1bbda0210

                                                      SHA1

                                                      e405e916c445867569ac8d8674312d4182cde006

                                                      SHA256

                                                      31a3b0527dc567f289dd006914bbeab93ff77e3603f41d54297f0d7dabb42e1c

                                                      SHA512

                                                      9323c3b09ac487c509ea1d1982d8b295c2dcf26729a377420f6323a0d813bd19dea54e5eb4b0168ea2da2b36d76b50d73def7668255fc1337da71f2f5487ef5a

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      f1322ffed9cc7abc3be3fc5189c4e02c

                                                      SHA1

                                                      c14c26c4964da5dd3301f6e3afef06406753dd23

                                                      SHA256

                                                      d6a09d7bfe543bd6d1932a74a8b5516be1409e2bc4e25ec51204287c2bedd3ab

                                                      SHA512

                                                      61f8be47b29ffdcf1612d8cdcfca1bfaf95fe6bebca18b3360053ad96f5223462dfe68b786ba5742a19ecf3b2f779e9603816f4cce162a4a589d3e46aaeaf578

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                      Filesize

                                                      20KB

                                                      MD5

                                                      9c1d6433c46676a24eb11560eee42452

                                                      SHA1

                                                      6212a0c82bb8bb1856737e215f857a503916e9f7

                                                      SHA256

                                                      cb8b235ec62f55f02000ed6e279a71ee36e483a8a454f14cb9eda6934b4d9470

                                                      SHA512

                                                      8a21dfb6acce7c36a451208e6be795a2c510213e4ebfeff75491238d11445cbed7b9fbae0b2825b565887edbac3895e4ed2610b914629f81ad61ef1b563e6329

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                      Filesize

                                                      124KB

                                                      MD5

                                                      fd9256d5a984f4a4c174d1edd57dca89

                                                      SHA1

                                                      92a67cb64e845308aad49b583e8c0b748c6a12d6

                                                      SHA256

                                                      71b99603a64823d064421d16957424d52d395369aa48fe82f37cec796bb312a3

                                                      SHA512

                                                      8087791ceafd17ea656fdc6327ea1925f66da216f2cb4a76ec3254b285d3eb97ad8517486d3306904cacee946b51aa077bf498cc0166828f03abef72e0e910cc

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      580B

                                                      MD5

                                                      23a3063148f7bce8c648463ed5fedb7d

                                                      SHA1

                                                      22e6e98e0947f954982ab280f7a77f1d240cb682

                                                      SHA256

                                                      0fba30c8186933174b2c395cb7aa254873cfc4d814fde1b4501ed2120fac7f7d

                                                      SHA512

                                                      dc9a3e0d734c56032198cb3c25ab0dc903e24c6d2261f6aa17d408a4d6b91e1a5ab2c55f98210e9fb3c46c8d441b7ab8c7b9ec5f1b6e1b69d1657a2ac1079ddd

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      61B

                                                      MD5

                                                      4df4574bfbb7e0b0bc56c2c9b12b6c47

                                                      SHA1

                                                      81efcbd3e3da8221444a21f45305af6fa4b71907

                                                      SHA256

                                                      e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                                                      SHA512

                                                      78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      f126701d56226f1c9a3f97779d207acd

                                                      SHA1

                                                      3d0421bc3902f41dac5be410b0048d2b2af33aca

                                                      SHA256

                                                      7a6fc03e58dc94fb2591fcc5bb7851d4063d66a0fc0160de697cb906d96d69df

                                                      SHA512

                                                      f6a263b918136c3209508b081cf58b6f632394d67c34310bdee6ac1df2d6ee3fc91132455208d4fdc86187d24432ae3cbb07a9e9ccec26185e8ef261bfb544c9

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      ce7e25801f253f669196183b28c675b8

                                                      SHA1

                                                      0ca97c5d01f94d953209d496af2c089b5e60af5a

                                                      SHA256

                                                      751a087cdd898e07523a85bbe6cccc72de56901afa814188795c7a9c70bab28d

                                                      SHA512

                                                      6fee1953b2a8ef418d8da3659267cf8b3e905c9ff4555a371366858390290d381610daa4a0654de338d933bffe2bc268e93cf2d42262d8f85555386ce440e81f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      02ac2de942e0765034a1e439dec8e081

                                                      SHA1

                                                      f63f10cdd8a86cf49fb0eb919ff5e53aa6057860

                                                      SHA256

                                                      a0ca738d905339c182d849e6fd166bfe12b489492391a6f965307d48fa14e090

                                                      SHA512

                                                      d5c99b138305b89053398c5b67bba91ca4a2761e1ede60d596e67f84c054d65ee9d1fa0b3066e2be856da247195f3d69b51ccc836810692c15873e41d1fda5dd

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      f5dd606494ad735c89492c2d6bc47973

                                                      SHA1

                                                      a1cf426d6a43476bf64cdec9b90deb9845995594

                                                      SHA256

                                                      fa34fb688d94ce3d9dee7f8b001e61c4225ba40664b8d1439d7303a02cbe6e6d

                                                      SHA512

                                                      2aea3f6749cca1b9bbb20391725af67a3b695dc588cc8a9ac73f7ad58840f25fe4e2f34fdb670896a4a416eaa86ad264c56aec5c177124f689a0d00696664bee

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      c5c4e2038dfc22fb6322b78c2bfbc7bf

                                                      SHA1

                                                      2a1c789198ad08c398a1a02991926c8a000cb466

                                                      SHA256

                                                      c3dec648ecb66f142d5c776dcecf37d7721109b8bbba046e20ec69c8b45c8e59

                                                      SHA512

                                                      031c915b3776b0f58d8c27d689f7ac91948bfc72b4d49b5c9f95bf40ec0b6c481f25a2d9dbfb41859a6aa7b6be9a46670273dc41e012613a8506e0963a50e03d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                      Filesize

                                                      112B

                                                      MD5

                                                      8b695313591c7438b2be4f2fdf243a46

                                                      SHA1

                                                      6ec7632f958e518b156b4277453a643ae6a03d3a

                                                      SHA256

                                                      11eefc60df7e831756bcc5daa9b6a5d3736303d984e30c27bbf46c8d16b5195f

                                                      SHA512

                                                      fb5567540f787e3cb1fe33248bb740b888411fe54e8c9f5697c87cc0960e8e1619ec1527466d05fef3cba08c5279b88fdb15eb8863b6a77357c78f7768fe6442

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                      Filesize

                                                      347B

                                                      MD5

                                                      0f633d7f01c7d66663f3b9e241dc2309

                                                      SHA1

                                                      414f9c83833857d788724f2228bb41984171ff92

                                                      SHA256

                                                      c25b6eb116df6c8023a63e31e9974eada4320fdb062494d6ca55f5e33c6af91d

                                                      SHA512

                                                      2db01e39811535d3d0c82f8a76be5bcf8f12e544fe5251360b80cf055f5e86b62746a67baf1b07662cc43e5cb4374fc1d063251cd05900911c401b45ab96838d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                      Filesize

                                                      323B

                                                      MD5

                                                      9be5544a90bc459bfcc598092cdf7eb3

                                                      SHA1

                                                      9f89f65786141ac8dd13bf2b32f7f79fb5d1aed6

                                                      SHA256

                                                      1a161192ceb6dd3733419b845a17ad1cd1aa8a8198cda9b32669a9a7737bdc0d

                                                      SHA512

                                                      f5c2ee0feac601c449299a96d19ac5b6716411260fa692120b92d2cae3bff54b66ced27ca01fc33af3a46cbe487f205ba948b81e8756e12e6dad9ef31cdaa4a5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      d877629c179cd80bbac5ff71d58de502

                                                      SHA1

                                                      bb7276ce5a6735636fbae2aba4bb653ca7b69103

                                                      SHA256

                                                      26bd1a48cac4ca11607321280e360d77d90d3dc31f970640f4c7ec16c12bfe83

                                                      SHA512

                                                      ca9ee9f24d8ef7576684e5475d82edd2597462f19cbdd5ac3871486f3079f16ae819392fcb9ba23ad343f49411a4b1019db9229229faa9634c1ab49e929446a5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      33afee3b1d53045400b8a78c26a12b60

                                                      SHA1

                                                      b4d01e5e0230f100e392d4042163d92de2b83098

                                                      SHA256

                                                      5be532af968d06c101dcad7b5064ab1d3b061fb1cf9e088d874a0cd9db4db8cd

                                                      SHA512

                                                      eb26dbc14a72ea6e2b6faf0b5782fb465074ccfae361b87b8656d12d51c0f9673876a58d59914a46ce75e5127a9dee0241380e880606f14120a2fae315ada35d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58410b.TMP

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      b5b315881de4f0acb4bb40286de4f9e9

                                                      SHA1

                                                      6e0967dfb4a3919acc70aa1fd8cfa8b2beed8440

                                                      SHA256

                                                      ad6d553bce7e392ce06ea74d7b24947f7abacd4d9ce7ae45f30d3cad691a615c

                                                      SHA512

                                                      9f732a7d4a1916eac005ac7448a2a8c797d77546b5bd547483fe4300bf6d082572eb5177d8af501c008f07c930f27e0a823d72941295fce8d150e087507cf084

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                      Filesize

                                                      128KB

                                                      MD5

                                                      8dab8aa8585ab99acc3f766b919a23db

                                                      SHA1

                                                      a3e39aabf5a8313a3567ed1bac62d03da5ebd1f1

                                                      SHA256

                                                      00a3d2dca669c1be4ca3094746e8a7734b64de107561eff011e8dc5c15ea91b1

                                                      SHA512

                                                      d6baa2ebe90952c09bdcb82e87a09874abf2b1099726f7aeb2aa21a50c05254567466dc7e68eb110b097adb922cdf4cacf1d3d62a9bb2c318cac66ce9ed23abc

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                      Filesize

                                                      11B

                                                      MD5

                                                      838a7b32aefb618130392bc7d006aa2e

                                                      SHA1

                                                      5159e0f18c9e68f0e75e2239875aa994847b8290

                                                      SHA256

                                                      ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                      SHA512

                                                      9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      1cabdde96b5c96ae6c248a8e9d70daf0

                                                      SHA1

                                                      d9a3da99a677d71864ed06d111c799562dfc087a

                                                      SHA256

                                                      c5f160d35f94c1f6ffe051a3de7e083f9b0a31c14d9d47c5f72423cb108f1e30

                                                      SHA512

                                                      62a286ce96527f876537e8be23cab6a9d44b4fcac1cfe5726f6be5eff83e71e52c477123b3436a6902067ece4889d9aaca4e2b8078c5cc8fecce65833d5e575c

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      29687cc36ed46cb8f1c12ecf363eaf53

                                                      SHA1

                                                      398468ae8f6606c973a2eccc478c726bfaf0371b

                                                      SHA256

                                                      b8ec7641b64c6ddb3978acf5ea928188640a06ebf1a668805b56d271583e5116

                                                      SHA512

                                                      ef79741233966709ee8a0d52daad86ab072c9e5a810b243fb23f8b0490b364a20d400b847c967127dc2370dc05022705b8b7c5f2067c718861f7f979b05ac286

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      0607fc3e10c176c10a7e41bee935bcb8

                                                      SHA1

                                                      bdef608a5ac402363e736ed001f9892ae2f65187

                                                      SHA256

                                                      9b8c46871449717ecf4d21460a8e0322846fcf4595eaea28e528b169e4879e0b

                                                      SHA512

                                                      8e3059fb044a9f6609eb69f5cfb1577d123a6e4f904d1928e09859ff227bc8393147ce18232594ba5609a150cf5587fae2f239a9f5e12b2f3bc10a353d6dcfa2

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      9adfc712ca60ba42d375e0bdfae96685

                                                      SHA1

                                                      65d18f4b081384abe450ce6caa6cb07ddd49af5a

                                                      SHA256

                                                      0589cb2345357d1a28e18225e45cf533d1d3a0c0bc82f81a8e1bd492bf3f5539

                                                      SHA512

                                                      0645fb6190e71511eea77a2fcb69c290056b244c1c2798f3de7088773574ff60bbe07fa13adb7fc24f8a45455208f6b9cfe990972ab9fd1ae5e73e6e2ad8b2a1

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

                                                      Filesize

                                                      4B

                                                      MD5

                                                      3dfbb3cafa28956a504083259b00df86

                                                      SHA1

                                                      93f0e8c2f5fd77bf11c259d9c7e0487fd0e5c7a6

                                                      SHA256

                                                      41f74efb97057eb5ba8b96fca994e63f27f1f5cc2a3da985be1d59175e9d0fc0

                                                      SHA512

                                                      f7598599aa29138f5ee85f4cb62def345eca31d4038d042e218170b7edf1f904217df7c1f4fd39dbedc70b7dde3af4e4b85801c19edd5ff8419b2102740337d5

                                                    • C:\Users\Admin\AppData\Roaming\Logs\2024-08-04

                                                      Filesize

                                                      352B

                                                      MD5

                                                      70efa17933ca4cf0406586b72919fd1d

                                                      SHA1

                                                      4d3b7b269aca8747044d0bf53d8447518111c9f6

                                                      SHA256

                                                      05d71b66acb0fac15c5168ed76a1d80db256de5cb8f38727d09a853128ac3ff4

                                                      SHA512

                                                      4701d3e8822f869a0a7669d61e1d96664dc7d567f96176c9a0b0c9067cc5c21890452dc7f242b0a8712d01e3879170280161c4fccba2b765943167068355a172

                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2412658365-3084825385-3340777666-1000\5a9c4fbfa0752a8d057b8fa0c7db0f7a_dd06e985-ac7f-4567-b0c7-3752f03c29fc

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      3f67394c0e096325c7243310c09593d8

                                                      SHA1

                                                      7fa27bd2ec534764e8f32a0e69b0bec3e17eb7e0

                                                      SHA256

                                                      92b6746998c595c1676aa850632210eeca3cd6db217f15d815e933a25c3f9027

                                                      SHA512

                                                      7be00b805237566dc1b3ff296692a7560efae93d9304e5628ffedffccd8e4352349a517204444f66affed1e53a7fece09841be69fd8b6176d6f4c2777993c766

                                                    • C:\Users\Admin\Desktop\Client-built.exe

                                                      Filesize

                                                      3.1MB

                                                      MD5

                                                      cccda4656c0a50bae7421b77bac92620

                                                      SHA1

                                                      2c233643f8681cc2fb52f54c364cf3a1772bcb53

                                                      SHA256

                                                      e137c0cf65e0fc4ffb3fe9cdcb0a8281feb45165ace9505ee8b250f2506c0ef8

                                                      SHA512

                                                      4bd2232ab50aaa0de7275fd087523896b5051b854802eee8c35f7ece0c835109bde884bf7f1b341a6158badee8e680f61e6d3577198db9b2fc06bc020fd3cd65

                                                    • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

                                                      Filesize

                                                      3.3MB

                                                      MD5

                                                      13aa4bf4f5ed1ac503c69470b1ede5c1

                                                      SHA1

                                                      c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                                                      SHA256

                                                      4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                                                      SHA512

                                                      767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                                                    • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Clients\Admin@HVDPCYGS_872C1E3\Logs\2024-08-04.html

                                                      Filesize

                                                      512B

                                                      MD5

                                                      bc62de9d5127ece1d08aec11a96470d1

                                                      SHA1

                                                      53e92faf01aa88ee506c94cbaf1246f57ab1e8c6

                                                      SHA256

                                                      12d029c3a7a7a9aefc54e4bf7e6b67b6844debe74654a286ef93ef98bf84f8bb

                                                      SHA512

                                                      6af7f475bb464bcffc71317696e4fae11b397b5e15d03a2aa73a79fabc56c3fff78cc825bfcfe506d2d3060837e0b96b9e0fd6e4a1a134a4a235e19c65901d6c

                                                    • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

                                                      Filesize

                                                      1020B

                                                      MD5

                                                      5b58471ac4e5bb2e94ed0434020b112a

                                                      SHA1

                                                      be172639ae9372f147c5739ac025a4c0cc268f51

                                                      SHA256

                                                      abe326a74fc76908fe3dc1a06996b1b4550866a8c7b84e2917bc849d41f97edc

                                                      SHA512

                                                      5fb5f3e68c713a7334a33b4ab55f20510ba2e9ee0ac94074caf4361e4bf28f5705438f91259c91f05810de7fd608fd015493c887d1daf3eb1964cc095273c7e2

                                                    • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

                                                      Filesize

                                                      4KB

                                                      MD5

                                                      a194d77a59788335c0683606da4acdd2

                                                      SHA1

                                                      735b11d8cbd266d5431c1d7c6757154f6335154c

                                                      SHA256

                                                      23b9bc7fd76051043da05ba3391056ccc8072bb59397d4daa3b46374b6c8add6

                                                      SHA512

                                                      8526aef0e8560862755a4059bd81c2137c2bc9d6f961ca7bad6af8571f31e39f9667773c10b64eac1967e0bad05971e7f1f989b20cb625e2dbabaeff3cfa039a

                                                    • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

                                                      Filesize

                                                      157B

                                                      MD5

                                                      94bbb85b209841b1379708d39eb7702c

                                                      SHA1

                                                      ac4391c9a6b99a04cb414eb55d727ac8ac86d2a0

                                                      SHA256

                                                      67a8b474793537687a6c087ac9f6c0fc75b4ec43e2f33bff90e0d2a68c82dc45

                                                      SHA512

                                                      8b8b0f4758a9c87d3aadbf8e76acc86405bbb8b003c138876765aef7e1d2120feaa0f68055b400a5c34ff294d20bbee1e8173b037daab225a3e1b04cf8a54554

                                                    • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

                                                      Filesize

                                                      372B

                                                      MD5

                                                      fca8b1c002395cf5d7ecf1a357f34319

                                                      SHA1

                                                      3795bf632d1a619814301b5226d958ce78a0ab12

                                                      SHA256

                                                      0ac0e8ff8e7d2722ee870e3e227f844d16ee41250a16ba0b2d3e1537297bdc21

                                                      SHA512

                                                      5d38019d282afd8b8da9d0acf0c2e622c3a889e0f7e457d08aeb6324192b7ab904ad133c6336fc24555a00c9654a8d9d21fa7211299d01b4aaad028a5739483a

                                                    • C:\Windows\Logs\PBR\ResetSession.xml

                                                      Filesize

                                                      9KB

                                                      MD5

                                                      3f13d75af0ee3cfcda4f82d98719f06f

                                                      SHA1

                                                      9ffe54bf0f0dd28bb295d76c27c7caa548f39a68

                                                      SHA256

                                                      7f1ab4990396dab6c70ca58da8f103b15deda89096c884fa62c499403187554f

                                                      SHA512

                                                      81d60c33ac31f30f50e644f0c6bbd53bb89591971201d52f130e08586c2a961637048aa13ae08ffddd495b0eeeec7cc98f25a1db3db6de48ae50533e1f8a6fe1

                                                    • C:\Windows\Logs\PBR\SessionID.xml

                                                      Filesize

                                                      106B

                                                      MD5

                                                      3105d96cd9f198ca8986f4255789a09f

                                                      SHA1

                                                      5247bfce652665d6831f392de47c873953618ec2

                                                      SHA256

                                                      732d935d25d2db004c1e77ebc3040325562175ee6d76399057ca81f856c15815

                                                      SHA512

                                                      9098f665e199174a70d4c298354498d70caa32b1ecc26aa0458beadd0dfba12a20bd4c92db5bb5bfeea2f56a2234a69a3c264aa7cc114e122c5579518caaba93

                                                    • C:\Windows\Logs\PBR\Timestamp.xml

                                                      Filesize

                                                      42B

                                                      MD5

                                                      75720c403d57d188db40183385219803

                                                      SHA1

                                                      91aca8d220ac46a788a7478a50511f9da79847f6

                                                      SHA256

                                                      c2464f286ab6b8b534385064f0f4d770ffe040be4f1b5c3be340a4a511238b70

                                                      SHA512

                                                      47fcb2e3f02190cfee808ba6dc4d4057946076725a2e1172c4b9ab70f7ca91b7de2126047ac20491c3cf1f73971f55c9fa91117ab4fac107041af9dc3102c482

                                                    • C:\Windows\Logs\PBR\WinRE\bootstat.dat

                                                      Filesize

                                                      66KB

                                                      MD5

                                                      3c08dea20e350ea34f7309e856576428

                                                      SHA1

                                                      d7a048ccc07b4d16afc4d778d5601a067fb151b9

                                                      SHA256

                                                      b7bbc3f2463000f52eadcce2e262512dc79bbbb3355c62c734f18db57e0fba82

                                                      SHA512

                                                      1c1cdd554cbf98dcb7358808cfa2682bd09a596e24a3708ab73e379e5f8ae7dc394b8e88824589327e2f67487ca19dacba9e3288993e2e92463dc32aaef67f9d

                                                    • C:\Windows\Panther\UnattendGC\diagerr.xml

                                                      Filesize

                                                      9KB

                                                      MD5

                                                      2ff3cb48098a371025bd35627e0ad18b

                                                      SHA1

                                                      45e73c16d3718ed33fa11987f23d7621102a96eb

                                                      SHA256

                                                      f5a7335d27c89072fc657286b1eb4203ef39fabfb40ae3e17150fc42f21346c7

                                                      SHA512

                                                      de30b7f190b9cb2d78843f29c3cc8460c47d81d9dae78acba1133cc1e42d6f52eb6c4291b161abb1429f48a88da96cee4e55938397f10e181464d59439ef44c4

                                                    • C:\Windows\Panther\UnattendGC\diagwrn.xml

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      f46ca122746cf66a7735a71ffa145f62

                                                      SHA1

                                                      0b190aae384f53bee055a789dbd868c60f246501

                                                      SHA256

                                                      eeab26bc6d25c9d40664fd63dd438a46439314bec5d460d1319411448e6e8dbb

                                                      SHA512

                                                      9d639570547e2c9e030eccf6b0556a5bd2ddccd0597d74c90002b7648bdd4c5a42126575a23c5b667c971874ab9e89b4f27dfd83d781c8ace517f4b9f50b2070

                                                    • C:\Windows\System32\Recovery\ReAgent.xml

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      606bb04b79c722de9b08833316da196b

                                                      SHA1

                                                      0b2721425831ceb6a660f44452d009d4e1959388

                                                      SHA256

                                                      4d2b43d964d53c7c65c36ed9d638aa5c272e54c9f861344c3eb38ad4ee64a512

                                                      SHA512

                                                      f062c5c907431a7006c3a172596967ce7895bd8f11de7b42549f6e979930a661cfd2604296533cc257796e69cecf7d2e62e761e328904a10a1ef1efb56a384bd

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\90ae2b83-04c3-4ea5-8685-fd898ec76d91.AggregatedMetadata.cab

                                                      Filesize

                                                      1.7MB

                                                      MD5

                                                      ac8304d9dd93aa844e6a80ceec3bfcf6

                                                      SHA1

                                                      25d8a0e335aea196d69a21c4b64fef31a2ecb49b

                                                      SHA256

                                                      e5a3fbb00d6ec175f3912cbf333614034d088ee665cf276b8631b309714f96a6

                                                      SHA512

                                                      b415bb722ed5f6db287c8beca06ad6c4a9006c1a815b224b14ae55b85fe3f0e1b72db355ec7969eba9fc7d12cc3df84746dd81f6a478f9984e0d2ac7b85f8c63

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_ar-sa.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      4c23e3473262f08834b8841ae2a52ba2

                                                      SHA1

                                                      5db8dba4f97e55361fc24c1b1694e9571f161183

                                                      SHA256

                                                      fe95f47d1f5227829fd03b05c896e757cae92ef7e5bf53ac89b8bfec16eac042

                                                      SHA512

                                                      f9aa2703fff27df1198ff4e20cd7f692e90a09b8a664d10fcd77fd979d7545282aa1379e3e3144effa3b71170238215eb1f2389c8ad488a67ce48ada357d62d3

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_bg-bg.CompDB.xml.cab

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      6583f80c152b3144a5cdecc99795214b

                                                      SHA1

                                                      df52ee426687262b5548d3c724b4f53ef6604839

                                                      SHA256

                                                      03b31d9afa1c55d3d5452bb9c69b6688d276e58221b8eda8469144aa019eb579

                                                      SHA512

                                                      da8c3fafb716e5b3f7e339fa59992b73463f6695571cba1711d402c58e14d1734ba26da7d1e2cc55d664d5469870f14f65652fb5ce492985fc5b2577602d3da1

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_ca-es.CompDB.xml.cab

                                                      Filesize

                                                      9KB

                                                      MD5

                                                      ec32e5f5fbae4cea7d8eac9ec2c4da3d

                                                      SHA1

                                                      6203503e8f1f710973118dfacefa1973268f4970

                                                      SHA256

                                                      4cdadd73a1bef82f578c9da785339572561c649c9bdf0cc80134aef326644461

                                                      SHA512

                                                      90b01b8d8d2cefa9e2c765ecbc1f4d44e088c9bf4f670236b7b80334593e04c414fe389aaf9f8601402d68c964f5e1a862e9da0ca32ce9af23fc19a22bcbd6dc

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_cs-cz.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      c8b7dbad3b2d31c56fc6c35047988bc1

                                                      SHA1

                                                      b0817adf413d287fc929c5e2df1cacc3455ced43

                                                      SHA256

                                                      e8ce236f1a9706fceb6db46d1e89f7ee1134550c0fa767cec46acf788a1adbb7

                                                      SHA512

                                                      e09cb1213560e885f1fa9adfb0578c1e5ac2bf5b3a663242d19ad6f8125f631d23b512af03346cfbb716f91c6570cd39a65694720cac6504b3bb9c40ccb80940

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_da-dk.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      24436a3af469e98c90cefa37409584d6

                                                      SHA1

                                                      1b1df7cb3b15a31721ad014faceacd977b0a4567

                                                      SHA256

                                                      7ce7e1e864e84dfc5eace134a236e9312a7deb9c3f8413a43580f86a8f15019f

                                                      SHA512

                                                      b14ec01a13944d3be427059b37de3ff70f9e256aa4220da76dcb77d97e84208970cbac1ff28ed635da684e6be5560ea62d13f40a86b252b6a3a301037d4783ed

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_de-de.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      7e21b40a21b06403e9612cc73d46228b

                                                      SHA1

                                                      2ca64382163556ccdb02f5123faebdc4daf22c09

                                                      SHA256

                                                      051097420c09aa3d7348dda0872092ccd9118043ae20e56725e42b73c3dfd42d

                                                      SHA512

                                                      33074c263febb4a07c7a01379ee46a52860f42f3926ede3c320cdc7e015906616501f9b1c28be4816201a102267867250154b72877d80bbddf4ba68cdb79beec

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_el-gr.CompDB.xml.cab

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      b3a1893721c1a2c7032efbf366f44f74

                                                      SHA1

                                                      1745fabbe0e5497eb60e822f6b1a9cb7b05cef08

                                                      SHA256

                                                      2bb68feddf18ef7692b9dddcdcf650632712e478a7e58cf226f4a1343899f9bc

                                                      SHA512

                                                      54321d96f2c961013d39b50a0317f2bfe39a8d64a679b6aa70a28f61e82d8c53f3dd9d2239129b43ab107317c850c30754dfd9749a75c5315ae3495f29358d48

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_en-gb.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      cfa403ca31e03930ef86106747141e38

                                                      SHA1

                                                      a433317ec46c65d5ecf60862bf1b53cbd93a2bd2

                                                      SHA256

                                                      f59acd90823da247b61605a22eb73f90ce4dfc31664398495e89e634dd519d31

                                                      SHA512

                                                      b09c1cb61e65bd1076696b08f9af8fa071b539f32e771fe631a28ab19520013b329498b52373532dc01abfa9d1582971ef858e9ed5e1b1f204466f45a1e2205e

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_en-us.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      a83112f73700b04f7e2269d5035ed7d7

                                                      SHA1

                                                      abfad299ed2275cb7318843ccb55f8107afe08e3

                                                      SHA256

                                                      7ff228a96ed33e47464dd7cd21338727b00d71318d23877d3670a0d0ce4bfb94

                                                      SHA512

                                                      17d5fceb18533e29a8ee23d282223afa75ba51f45e0197a96256671216015e1a6c35b085d338a1bdf2303f63e3f68827b37bcaa27f63fedeee6256cfcfad45f9

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_es-es.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      a1ca8e6d8c9b3852f4a67dc892422f36

                                                      SHA1

                                                      ba7b2017d6fbfaa38e1d9c0a7b9a849df9139869

                                                      SHA256

                                                      7c50b8420c8b0cdd48457a03fca407b940841a47c7a09762ee44b9dc1b6a8370

                                                      SHA512

                                                      7dc3bd971f9bbb5bf055c229191409323289a10236762751aabf2a375c85209ce517bf78531f3914ddaf4258158ea0f7c4e2585a611d4c9f09aebd8fc31030b5

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_es-mx.CompDB.xml.cab

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      c310d1bf613219c29ef7325d5d7c3f34

                                                      SHA1

                                                      93ef60383ded86ad5bca2060c6854c1b6c7a8e04

                                                      SHA256

                                                      a0d8284f08bf728e4a19bf14b0f51068d1fcecf5cc277a2835af9b3f5221d6a1

                                                      SHA512

                                                      8083605ace9a462a4bdc8ab156e3d82ee744c9d6420886ee0bac5f3911ab81c5499195443d4ec7a3e5cb55099fc57daa2518dc7475668ab0a05c0a349e810888

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_et-ee.CompDB.xml.cab

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      b75b777b8743bd509bdf9f59825823c1

                                                      SHA1

                                                      8a474eb7b01206ba88aae87b287dba96a44e2e47

                                                      SHA256

                                                      d7099d9a6757b428e82b8100ce2cbee77d4c359ff2b2d27831a155e9cc9442e5

                                                      SHA512

                                                      31ab7a4f2630dd84121b0ba10fb6b7ef1db2f5dcc4b9d098680c0b018b086b16c322fa2561856a1a6771cc19891faf808f682e8b8c38466f038a1dddce70e559

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_fi-fi.CompDB.xml.cab

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      87f71a1fc29e28a2e138d49bc82a43f3

                                                      SHA1

                                                      14f2a3a85162e2e7932c69a95e4ca2b0057ffe69

                                                      SHA256

                                                      0c95f3c316cf74e4b46f1d1a43f718ea47b4c15ecdfc273042f660c98bdc254e

                                                      SHA512

                                                      183e2adfa9afa4fbec28968af5e09e207fa3403d15f54c2d666ca348299eb57c4ccda36bb5a6e70d6f0b7ed44f2df160b997439144b3fb5143a782ab275e22ed

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_fr-ca.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      24e6f04053bd7568e7e50dea7ee6af68

                                                      SHA1

                                                      4bc3e0a58cda673114ae3283ce7a6437e7660edb

                                                      SHA256

                                                      42351f8d85d1f8789a337ecfd85b254e65a767232e89878ba3182aaf68a47e6f

                                                      SHA512

                                                      2fea27f7db72b7c999c9b6fae7ab51802f1182bd731d9acefb2891e8fe18b5013b2e399c77176e49ac9f27bff542812736dd97e6cc06bf477596620f5c604b46

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_fr-fr.CompDB.xml.cab

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      a96f4f0f0efa9624343d69edc823d9b4

                                                      SHA1

                                                      769e10d7e4216f2a9e541bfcac274ab059667e68

                                                      SHA256

                                                      cddc265162029f301e3a31506bce636509d2597223c77d410e989d36bc43f13e

                                                      SHA512

                                                      3ce79218ed71766a8424dffe8bc2ff0842dbefd3bae5e00a20cd569e17c91cbdf7f1d5a9e1e47eeef297c3aa51ab6e5b2962087af57b3f0f43c2f22b6247717e

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_he-il.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      fd0f365ab0ddda136be2daa79bc3156e

                                                      SHA1

                                                      9cc250659501d2c23003a2747c306e9bab9f8d60

                                                      SHA256

                                                      e9ee8268809809295b887349740bc8b10b605b2f0cf361233cb7e3f3c6f787ed

                                                      SHA512

                                                      e031f3f16b9ad482eb49f0d5284946c05565d10c715d324843f087e5c5a65d57b7cbfb840cae80310277d732b3906e2f51ef71e75595cf4647d7bf4b89fbe8a0

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_hr-hr.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      57afb1327ae97a65ab58954a7c7cce38

                                                      SHA1

                                                      78d1b656c2bcaac6bac4c74cec514a00a2edfea8

                                                      SHA256

                                                      b29b72158bb09c4cf61cd1af7849cd6a4ae092e39e5c536579b0779a6e2d3fed

                                                      SHA512

                                                      895b62e1fbad905020cd1685a4bd7487d4a1a08e9ab7997b005bd39c5c5a0dbbdc5524a31fa8ef01b848a1658150c3e2f1f9851b08ddf7ce1d02b11a73c95126

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_hu-hu.CompDB.xml.cab

                                                      Filesize

                                                      17KB

                                                      MD5

                                                      8d5bee317aeeaefb302014758fed0612

                                                      SHA1

                                                      3e5d3d0ad2c713a6dc9db2c978fd5d33ccf6d83a

                                                      SHA256

                                                      be09db63d9d58b87b6750ab2369616fb3f228a9f6f32ef1bdecf2ff77ed2a2c7

                                                      SHA512

                                                      842247c402cd268eb51c0747bf9885f4579ecd79f4efcb03635eb58c0ee09415e0521747d91937859eb8657d8394b7cac7b0248c3b0324cfa7d547494a9bf86c

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_id-id.CompDB.xml.cab

                                                      Filesize

                                                      9KB

                                                      MD5

                                                      fa21745dee956210ca2f09b802108379

                                                      SHA1

                                                      0d6ca47c794f14cc8907edd04fcc4709a5813e31

                                                      SHA256

                                                      de05b252d420b8e8f28471bb39115dde9005d392eda4c09a5c557dd98db84107

                                                      SHA512

                                                      8373819f4873e734c134939452605d2102d0f1c083a63e581be88577d6b92681f17d49ba36fa8024b8f91265fe331b0c854e584fa9c95ce8e064e4b30508b662

                                                    • \??\Volume{851c08bf-0000-0000-0000-d01200000000}\$SysReset\CloudImage\metadata\DesktopBaselessCompDB_it-it.CompDB.xml.cab

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      1f89fac27015649908857f4ae63de59c

                                                      SHA1

                                                      bc3bc4b15eea2321156ff4818686fa4c008296d6

                                                      SHA256

                                                      74497495d7a5ffc28ecad6596c03702abd0758a068f0c6d3017e31d2655fad13

                                                      SHA512

                                                      8553cf9c770d291af59aeed0890dda5e891ca622cabdfe1249b98968086d6442db03b15184f1e34d590514e71a1e78620ae8f6f6d0e889609c9659d1f112fd04

                                                    • \??\pipe\LOCAL\crashpad_3800_NUBMNOXIGZSGTMDR

                                                      MD5

                                                      d41d8cd98f00b204e9800998ecf8427e

                                                      SHA1

                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                      SHA256

                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                      SHA512

                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                    • memory/3232-611-0x00000000007A0000-0x0000000000AC4000-memory.dmp

                                                      Filesize

                                                      3.1MB

                                                    • memory/4616-627-0x000000001D730000-0x000000001DC58000-memory.dmp

                                                      Filesize

                                                      5.2MB

                                                    • memory/4616-618-0x000000001C520000-0x000000001C532000-memory.dmp

                                                      Filesize

                                                      72KB

                                                    • memory/4616-619-0x000000001C580000-0x000000001C5BC000-memory.dmp

                                                      Filesize

                                                      240KB

                                                    • memory/4832-297-0x0000016ABCAA0000-0x0000016ABCAB6000-memory.dmp

                                                      Filesize

                                                      88KB

                                                    • memory/4832-452-0x0000016AD9B10000-0x0000016AD9B5C000-memory.dmp

                                                      Filesize

                                                      304KB

                                                    • memory/4832-454-0x0000016ADCE90000-0x0000016ADCEAA000-memory.dmp

                                                      Filesize

                                                      104KB

                                                    • memory/4832-453-0x0000016ADD350000-0x0000016ADD3AE000-memory.dmp

                                                      Filesize

                                                      376KB

                                                    • memory/4832-451-0x0000016AD9BD0000-0x0000016AD9C82000-memory.dmp

                                                      Filesize

                                                      712KB

                                                    • memory/4832-450-0x0000016AD9270000-0x0000016AD92C0000-memory.dmp

                                                      Filesize

                                                      320KB

                                                    • memory/4832-449-0x0000016AD8FF0000-0x0000016AD9008000-memory.dmp

                                                      Filesize

                                                      96KB

                                                    • memory/4832-300-0x0000016AD9E30000-0x0000016ADA15E000-memory.dmp

                                                      Filesize

                                                      3.2MB

                                                    • memory/4832-296-0x0000016ABC590000-0x0000016ABC6C8000-memory.dmp

                                                      Filesize

                                                      1.2MB