quasar | hxxps://hackerone[.]com/roblox/thanks

Analysis

max time kernel
989s
max time network
995s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hackerone.com/roblox/thanks

Score

10^/10

quasar office04 discovery persistence privilege_escalation spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

10.127.0.190:4782

Mutex

73bb01eb-13f9-4b6f-9445-c8d0481bd51d

Attributes

encryption_key
62E69DA8A3E1C409D9E4DDB6C6C194AA06AD6112
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/5572-583-0x000002691EBE0000-0x000002691ED18000-memory.dmp	family_quasar
behavioral1/memory/5572-584-0x000002691F130000-0x000002691F146000-memory.dmp	family_quasar
behavioral1/files/0x000b000000023d63-708.dat	family_quasar
behavioral1/files/0x000b000000023d63-907.dat	family_quasar

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

Processes:

flow	ioc
198	camo.githubusercontent.com
199	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

DllHost.exeDllHost.exeDllHost.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

Processes:

ipconfig.exe

pid	Process
5960	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747780533912023"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

Quasar.exechrome.exeexplorer.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 780031000000000047598e481100557365727300640009000400efbe874f77485e597d802e000000c70500000000010000000000000000003a000000000094f4210055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 7e003100000000005e59018111004465736b746f7000680009000400efbe47598e485e5901812e0000005ae101000000010000000000000000003e00000000005c5d6c004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Quasar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 66003100000000005e59098110005155415341527e312e3100004c0009000400efbe5e5901815e590a812e0000003e3d0200000008000000000000000000000000000000b33c0a005100750061007300610072002000760031002e0034002e00310000001a000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 66003100000000005e59138110005155415341527e312e3100004c0009000400efbe5e5901815e5913812e0000003e3d020000000800000000000000000000000000000080fcc8005100750061007300610072002000760031002e0034002e00310000001a000000	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\NodeSlot = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 50003100000000004759534e100041646d696e003c0009000400efbe47598e485e597d802e00000050e101000000010000000000000000000000000000006e3d5c00410064006d0069006e00000014000000	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid	Process
5316	explorer.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exechrome.exe

pid	Process
996	msedge.exe
996	msedge.exe
1156	msedge.exe
1156	msedge.exe
5180	msedge.exe
5180	msedge.exe
5180	msedge.exe
5180	msedge.exe
4676	identity_helper.exe
4676	identity_helper.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

osk.exeQuasar.exe

pid	Process
5188	osk.exe
5572	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exechrome.exe

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEchrome.exe

description	pid	Process
Token: 33	5908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5908	AUDIODG.EXE
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe
Token: SeShutdownPrivilege	6124	chrome.exe
Token: SeCreatePagefilePrivilege	6124	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exeosk.exechrome.exe

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
5188	osk.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe

Suspicious use of SendNotifyMessage 59 IoCs

Processes:

msedge.exechrome.exeosk.exeQuasar.exe

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
6124	chrome.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5572	Quasar.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

osk.exeDllHost.exeexplorer.exe

pid	Process
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
2016	DllHost.exe
2016	DllHost.exe
5188	osk.exe
5188	osk.exe
5316	explorer.exe
5316	explorer.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe
5188	osk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 1156 wrote to memory of 4736	1156	msedge.exe	85
PID 1156 wrote to memory of 4736	1156	msedge.exe	85
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 3772	1156	msedge.exe	87
PID 1156 wrote to memory of 996	1156	msedge.exe	88
PID 1156 wrote to memory of 996	1156	msedge.exe	88
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89
PID 1156 wrote to memory of 4988	1156	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hackerone.com/roblox/thanks
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba1446f8,0x7ffeba144708,0x7ffeba144718
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5188

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5764
- C:\Windows\system32\ipconfig.exe
  ipconfig /all
  2⤵
  - Gathers network information
  PID:5960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x4d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffea826cc40,0x7ffea826cc4c,0x7ffea826cc58
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1732 /prefetch:3
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4416,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3228,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3700,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3160,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3188,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5372,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5800

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5572
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:728

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5316

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
PID:2252

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
PID:5388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
59e101b063d3ccc65789bbc5756f4938

SHA1
de0b9ad04b870496b0799fc6a4ab8ffb42fda91c

SHA256
3084b8069b5975359bb914d9946b252aa6b07a606f2e118ab62d4920a6fa3ced

SHA512
fd2cd6f276f75780993c7f7deeead34360d1321aa32acaf9218050350f06c4f64f5128a3606a7a7d0fdf0e11e66c8db525c6c4f3a53217e2573b16b756cc3e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6891b61dbebff410f91c96b455bc970c

SHA1
baacbf005a8beb51abe2516f9f4d6f34a4259ade

SHA256
3b726c91bd0b690ae26d8d5765b5cf5a8106bb74a783e12767c7bff224e960c4

SHA512
7f7d2acc387e698c95ea48b8f4b64dbee93713ff3f9727ef81cb738ae5b0e1e5b43358499740c11f84743ffc0a5dd8905872853b558f0e5ef57b50e1b6411ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6abe5ada9c42189338d65459006cddc9

SHA1
a97ccbd157160d6c79fff9a63bf6121793ec9eba

SHA256
8ede8076bad163e7a65c175e6851d67cfb3a27ea363e35eb87e3eb742d750226

SHA512
915dc193cf02d1903f3a3472610f808945eff5ee13989af174697724d8d9c111c2d2df30921427c58a0553deb74ccfe6b285c86786c1e8fa3bcb7a315ccbc91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
724b37d21bb59402708b503d2372f268

SHA1
1c57c9c6f2d31d3e366a39c2e24d13b3b7903ba4

SHA256
2559ec46e62da3e59998ec0e4e1a27de736a2335998255456bcb81eec271dcdb

SHA512
05fc0628b22219e0d9880800050edd1cbb3fb631b7ea8faf60f364ebc03fb2c61a50d0ecc5fb53d50e1e5fd9d47c27f960781cf34cf915216afd6e0cdf233e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ced8ae2e80a3c2b46b99d41c4e05563c

SHA1
67af5ecf6f90828a8fe88c16884dbed7b8a9a432

SHA256
e60c9c5bb224294220ef828aa073f91e83f96140816de2d612d1e9209c507f56

SHA512
e4ba63ec1c96c31e0afb5ef550741c93f43e9f85795ad5ad9a36bc0889bba313ae3c1444e29c50aa13441c78f9f2fdbe1b9c279a71fc32870551a02d0a1e7372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
96a6eae723f44ebaa5e97dd9b7523a24

SHA1
50daedfe77c78c6d26ba2a3179115378134eb0fa

SHA256
cf0847f0428bd49974ac78fccb9e22dc498306f5994cee1cfa4ee031212c4f6a

SHA512
9d0869a2a3d7f529e522e76cb8bd1aa6d3cfcc1fce877e1c3727c89d68df0ed5c8380cd3bdf87f7b870613cee5bceedafe36b4abf55a873e42f7fd536a64eca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a379677f950f7dcdc9b14133074581b

SHA1
36425fd93336adcc740bb1c7a44bef5fbc958857

SHA256
9e4eac6735ef6a06302d35d6b1564ea072ba75f87f6ed91d01fa249accff8b96

SHA512
8e8fbbfaeef0ddf1affa3d894ef14070630142d9c0f54ce7a5c07b2d3a51a070e128ea49b76cbb8cffab5abf11f1fcf003e7133c5951a302b6e7e69312167871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95256d587134d4867943011a9e04236f

SHA1
d6522c3fa8905afc809eb76484cea038644b8940

SHA256
28938965d566bfc911d7bd694b94264869e399e6613e400e4da9c8b69d81c0d8

SHA512
7c1000f7c21bdb3e90ff928ee0bcc287cf71ce57d9adad5e75662f788851446bcb06878a43351bffc7f9e54bf9088caa75f02d5baf81751e63868efc9f710433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
175b0c7dfc79768a92655977c2ed75a0

SHA1
c21a84b024f2ca56e2998284484c28e8ae67f724

SHA256
1835cab836470b955fcb18d96d4ac44da9b94a81572c048ee87fe827a0859ba5

SHA512
dd7a23e597de0f7b3d2d5b45feaa0e0f01c0643ef6bfbdeda36a25399bc08b9d4fed6f56579a6a42c47c5197b111202c78df9e5d78e1556ca65b33357e1fc616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c69c73e6aa9a05b1f6217932a01566c6

SHA1
2418357e155a52b70adfbf6195b04a3f9d84091d

SHA256
88d3700037d1fb2b5ade43ced467caa4642f2c19bdb217f5bd19a797c3425fee

SHA512
7ab361a5b549581d2ff820217441f66f52c3c01e277fba61d1f0d53460ab645b38c2c64c757ae0c2af02dc51e84a265300b75bce7d825154f1218333bb1b3a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a1f8edd30249b8767bbdfeda76875fe

SHA1
6e7014a4b4508e7819d936ecd482e4470b0003b8

SHA256
85d6c696c533907f3511fabbded5f480bd61b048bc553936fe7719ffa48552c7

SHA512
a67e2dc6282ea159badeb65399534f6c3f96d52d8ba4f55a1fc911fc1fb4b1a24f95ea9e408f285161a3aae7aab9fe933f9da1e52688ab4d2be7a8c21f0bdcee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce76d185146c3cdf037786fdfc6f716a

SHA1
01c4ca531d37784f342bc53ae20e215794523fcb

SHA256
b8658ee1bf9060379d25e88c294421a22b9cfa77596248238c4d5eda6d2acac1

SHA512
5d65652213cb6877caffac0cf57f9ecb3a00b736683acf8bf09c557b38292562bc61456d3c8a8421864d5ece5ae2a853d9e0d32452dabab584c408dbfc445339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6e520a1add3c9044ee23faaf9379a80

SHA1
d75768c99747b64e0b155a780cb97fc19f7ae0ba

SHA256
1896f50f5aa8091cb99dbdcb2a6cb529dd4e8d47ccb0e5c96724627f22ff677d

SHA512
6b5530e7a2b1481bad9914f96e3cfae5c930b718ffcb101a5f691dfae218361f2e6d481f5136a96104439411edb9c64978d23a5403e418fd5fb17ee36c40eae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
630e0979a86e3688b93495ac0f0f90df

SHA1
80369b2b70d9e4b9af89de929f4d7967bc0eadd2

SHA256
4a92660bfe01c1ea3d6566c48d72772304125532a632b3c527c1ffdcd99d7d35

SHA512
9437a7e56d0fa43d483f57439bd8a83f2267093e01b86beb868ccc808243efd8310b10df9bfcbf6b05712173432152f8eae8cc03098aa02789c7eeb171a965a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a741d8afad77bb56ab472d71d5710a9

SHA1
dd28b90ce8ea5669dd448aaef3fc469e5d554aab

SHA256
0d0ce48d65d7bc7d754f31efe7b9c4b5b90705587f10fca30fa8de9db4b69d5e

SHA512
c5d4e4a9164221ea8cbc2bbbbf64153362288658685e701ffa4af3e1e86f89ddf88e32f901f88a525bdd17d0cf939139297f1a69b4c1684244e9cbf08185c30a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86072691b5b69b374deaf87cd9947f9d

SHA1
0b5b50a4dd3d21692995d6dc462c2af1f88bb8a5

SHA256
0628dbfc84a80ea4d5a456ca82da35558effd393d96b5d5b67620e4833b20809

SHA512
4faf3b7deaea6a8c631a0a17a1dbbadb9a6a9ea8b23de41c3ae79ed94d5a09295f5c8b8ca0d8029aaaaf10ca257506b79ac0b72a95d26e44aaa015144c8868d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40186e1dbc79d4b8349be2a7e64f41dd

SHA1
db2d591be14cd1d280bff743bd71c4e75258f104

SHA256
88504c5ce418fce4fe49a95d77b3dd55829ee0a9b8220e0dd69cdc60454f894f

SHA512
928c465d534d332f835c1b5842f9fd06d29b6f6b95d381fbf4ddc9addd73d4291a3e450fc6fee732ff8b8d6126d2b03a5e497300f7f12db85f4c08fe94b6df0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b321ec3e2e4e9cacfcd0c8a72d85921e

SHA1
5a7769c9c00b8b7a2f1519cc4801161d7843b813

SHA256
7f5364e238ef57d751b1dfbc8cade2e5c8be827df9b84322788b5a8a9d3c91de

SHA512
b5f12e45f9715fa0dac68888a99c3beb69f7b9d22f7e5ace248ecd8bc28483bcdb6f599aee72faa29afa5c3945fd2ca0e59e7f6e7ba485cd030cde68f81d2269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb316eab71029d73680e333154093a3b

SHA1
ea5c5d052990ad3db8faf82ae9667f86f42c8ea7

SHA256
8d83186bbf7a60dc342abfa8c8a04169f06828ef40193f29c79d7469ca9b312b

SHA512
2b033cbb04c19eafe0dd95900328656c02e727be6bb447d2ad1bfce47ff47387f474e43d1107ca6dde29a358713592c049207b9176b4be99fdc1c7c9e8ed385a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32b56331d8ee6d7a4649eb845c0a8603

SHA1
eef45d2485b53b6d7fed4735a6491d8edd0f720a

SHA256
4af33232125e15b719de6f8d8cc8bfa01478168d284614db6841086ed24234e6

SHA512
e5ace05c07fd1e2dfafa3b9ef9481463027c68b93bb153af1a90c300d40f7e3c29b1a3b14357c91068d8d179afe0888dc71def25d36b34df5aaf4420b79f7b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b3311a32b3af674aa1bcc4b7e8729740

SHA1
f623772a09298119eaf32e4c6e546d393e103871

SHA256
db390036bda89b75b31ee6d7dd33f68147ce9b4ea8d375c66ff16ae3943fc858

SHA512
a4b84e01d9f5393bf287732e14c4f979cd09f7e13379b50caa4aefee8b49627306126fc5811743abb1f61cfbd47d10c8fddaf6cf57a3b60a4b04c07c9a78f8b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
876a9038a91fd0bdf64e2919619c94a3

SHA1
77b04e7cecc36dac2c92bd727d269f776d3efb1d

SHA256
cc3086cb352bdd237e3b919164cfcfae76dad1156d7cf3236ed217ef4a166508

SHA512
ea0bb9b40348535ea1480698d32c4e717128feee80b63f0cd45d3ef65b386ff7998ab0abce43bbe851dac391dd23d49f7cb21778c1b4d1cc03b6f96c9d517720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4fbf96b27cc35fc2572ee1b65e95dac5

SHA1
c2d34d4013d91f645da5c7f4d3a007afa1adb8e4

SHA256
090116c884d664848281cbd3c4b63e84f561171668f8bde865c962b9d5472f75

SHA512
a055a77a32fec7eb4707d99bc11b3886c11d3fafe6035ecc38b9e2e1a9bc6810a71452a9d48376b2f6091b91816dad485ed385d14ffca316c0e4e1c9582c4954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8d417820f326c546bfd5837ce68977b

SHA1
db91f375193adb05291e0ef104a4085656813a89

SHA256
2393fb43e5e7fa3417dad4e1d161d71573f7527ae945f9bbc48ab0f54fa1b77b

SHA512
a21fdc8eacc4faacbdc6ac52117ebcbd680bf28196fd52b5a8d2d9f20479a8891ea87542125e8469d0c901323305d8009c1c4382374340c755fdcfe448b7778d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0921620e578a830d5f7072d83ece1114

SHA1
2a89245f5db82203b26e83f6643078a1675fb4bc

SHA256
c0eee91ba7bbca039d62d5c646e2bcf713dbb65066a7d34656df17a2a7efafc8

SHA512
c0dec82ea0c775bed69326c64e86159009d8e0eed4b80c581760d74d93c18f9e290aa5ffa4493a4da57ca48eb40a45011d42b556817af54eb1313bd46ea948ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f308b8a5ee8fb9539933857f7a6ebd21

SHA1
f2b938f2d13724ebab719d1cf22d5355bbe516d0

SHA256
a90953c2fb6d5ff4d0be4570da10ccbc58076e17043cbe20fe83b68c298a25f2

SHA512
829ceb6c8aabf39d7008484f9f7cc1bb3ea9af3d0d570051c74edbf2956d1631b0d84e782684ca872549bf2944ccdc91a2432f6286b3f593ced067fa6112bd7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
148ea8656c94c2f4470726c10be8a749

SHA1
fec77bc487d3aabfc6246c0440d188905ffc3d6b

SHA256
4aa1801087dd5aa13588ca68643054d3c00fee11751f45ea12f77abd2bd57005

SHA512
2c520dbd563c2c1bcc363525ae181a1f10121942c47c9f354877dd009d7f0c9f7fc6a8c0e9de3b0b0441afa5654fc60c594e534dab5c3ff459a4dc7343353caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b1d88f348d93ee924edee86991a74d6

SHA1
1b4840ddc685b5a8e705cbb900c0c6211b9e6465

SHA256
45f4dfc8147f6aa825923449778f174f7ff6541f222c2d144024386c625a0a66

SHA512
3baeadd24aa1a616eb414d8d491336b12bfbb3cda674b9dd019b1915f8d85989d8606048eda9141737c79effc9c74754d4bd2b7c0ae02e8f7a6c977945c6acb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
139a80550aa720760416fbdd9a496202

SHA1
8e17f9b6de8dbd212e17937ab8e997b67dac7b75

SHA256
8cf1f7103816bc9b0fecc87bc2d79d52be08eb2227084911443dcd905d1e873a

SHA512
f774f486f52e38293bc515efce7aeb1adfc9823b1cc9b9ee53bd06fe32eb5ef1235026ec1e4471a2f20998f78845285b29447035bebf1208904004b830645716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbf37609ebbb0a04fea688a7fa4b9d86

SHA1
81762982ffcec25b1bf895cc59f636bec0ef127f

SHA256
15ff4c72730e7431df02c42179e875c532f12a7266f82cfc7a1ca16e50f2aa96

SHA512
19c0c9ad6880ec95ffe3d9800aaeb7daf9945b32f8ba9af50c2a220a9d8edd5b02e7bbccf55a5ee35560ddc0f2fa5a9ebfe7b7ecefde3d9094504154696ac421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d8d08e83934ed41291bbcf57dc32f2b3

SHA1
33672fcf923f3189c22d6067ead0a206feb28a86

SHA256
1c420ba788cc55a7197c6141a76922c5c017d5ab20631750b027d18b05e057c0

SHA512
d37fb9b9e9e886496e0bd13c831a80df7c45d30e737b8f2639428023a3a29e451020c3d60a57a7039e993ad8b4fe5062141277ccda19040420a7b68027a25921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66187ae54488c01a4137f9abb1f5c179

SHA1
4c26e4f957be3e4cdfe905088f04027afd6b74a2

SHA256
cd8762ad0e795bbf41fa38bfa2f645f97268ff31e7c5204fee463b790eef77a9

SHA512
a557dbe782bb62469f04b1df731373c90f9111bec373a9e365d87b0ed2130f6297922967f40250615440246ee42b269c5fa22bfa41430bd77365e23335a38cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b21c3f0d687374603654fe90674ddc9f

SHA1
ee0a56ef777e6a0ab96731c7f2d14168beb9a0d2

SHA256
71a2e0ab6249a424d50fe329f49787c153986611cc80aad22027e1acdacda543

SHA512
34eeb374504bd7fddaff14a8f75d45fb83b4281af4e83efe0c46812da685a81ed5b084c6f722af805d0e7ba822c9fcda0f28eb65b5002fe46fcd0262da7ce62f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7c812ea1f929fceae1ab9c6b10017a2

SHA1
19d148f24d45d4e6a1f6442e5ef27f2d9fcf1213

SHA256
240b747c04bccbba2f39aa645bd4db0c4d64a939bb8833c19c245c8ad0d15d6b

SHA512
04d176a0c8e3d7848f25d8562027d6baf5ed3fb304004337ed3addded987f2f17213f73819b2944e618a202b1d84a0cbafe5a4daa2a0397966318a3d3ba46a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a96cf87419b99fa9d8c65da895ca40d9

SHA1
8ba7c182b8f7c0d4dd4933d7b9bbe10991e72bdb

SHA256
0c143054279b6e857c5a52975f0ff0161010aabb65f4e5e4aec36d83736e4c0e

SHA512
b5be16eb758489a0f55b329cef8a2bae2b1977aa6b965823711060e9380c1e1a0be59e07da3937e04bf8a06018bfb749f80f9e9559f4cd31bc2b122680df1be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
254b5f00df4e4cf9a69212ff15a9e4c4

SHA1
2e34fc45b1ebb22f2c304c99a508f4ccfa26bc9c

SHA256
d82ec00f01e8e0e4f6732ba55e83b76313dca2361b257a95090a158c70a6977c

SHA512
ebfde43201d51e37f5192beba82da2b02cf006065205ca2becc04e5ca80d8e4ec59c4f71240b7f57639837984f29b64f25df5da284f5c2b611212fe258d52763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9cccdb30ab62272fe111cdd1e546081

SHA1
8bb9fa04205785726174d0f87bff7adfb8f63ca4

SHA256
0ae147a8e0de0eba44c67cb5d264edb191638388471ee7538adabacd910f13d8

SHA512
25a9bfb9ef7fabe7de81359de7255cce24f580448fe1103c5d4d296cc9b19d1a71347ca7528194e1f64657b4a39b118d2de59a63ed931efe62753fd653db537f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97487a9b910fd5a7a08e032f3156d278

SHA1
cd74623310506c35a1c28434095e64d1bebc27af

SHA256
f2292c541bbf11040c81771a5eea391ae44019e7bff18a49c640869e9fe9cb58

SHA512
d8c6c0ca4b8acd029e3e32fecc89bf7caa3df14d30ae8fc1581f838a4ab2f7489b25c31909ac49c2a499c4b8e825bdeb77e0d440d4271720d02b6b8f7726c0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c87df7ae274903d94ea2dc4b926f942

SHA1
c3c4bf19a96224d53a5c459a892ee26955ede52b

SHA256
81dbb7a31f2cb92bac83b8a1f8c949754352af02753f8567df7e2ebdc9526d20

SHA512
3d8c79dc210bee26075df8758dcd73306217489dcfc83dec19d5489de2a035586f707a8a30a8f35504deb345fe561b4c60dd0f6a196e7945d547099d838bf610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ad12c9af33ead65c547e04a9383cd6b

SHA1
b0785fad430db1878f2746d37548d860413e1a8f

SHA256
5a0b4f35a90de09baae029f7138a8c766fe0ba7c69e893e2f30058ca59b21a8e

SHA512
08e6c83e58fac66f5805e292aed033ba420a7702ea2c4eebaa15f8be5de43fa03d686c3028362ea7465710c35df3ee469edf4807135fa2274bb0f8f2828b45ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4da754086e7c71497ff09953e07eaa9

SHA1
d0128e041d793d9b7ba4f5173739634b2f37a67e

SHA256
d378e2d482c2484cee0d8aa9fd12a61c73228897a3b3853a79e42f9439f53ca7

SHA512
56f272338b2bba0e04e334231b04a97f04e533f0a01d585c3ef34789289264f52ae067c92e35af61f43709c3e0abd0a66e3ac290853d62fc616101fd99df45bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
880dae3c24e94fdb26a4c7ea0616e305

SHA1
331e77dbff851d5570f07a38455376255ef847f3

SHA256
78ea4824b2ce32c460daa31d445f9a7d17ca77828dff27eacdec9c02a1964028

SHA512
5781f80d514f3413623e83e97535c021beaefbd0204402eb7b9f7aca979036c348a376f4774741813238ab71ede1ded7a5117332d4908c676f14200b9abd28ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea675d174d4a5f80f181ecd4ca2ea78d

SHA1
639894a39488bca9abc1b1a5f5257250fcd2f76e

SHA256
3783dd5eafa1dcb829f04fe4b9a973537119d928ac1fae834bf844a45e8d0c40

SHA512
73618b7432034fa7000b5ff36986e083440537ffe3a0b06a63b51c3c47bee6775ba1148ab4b1088adb69e2dbfb8039f5985a8691c076d277d4b489956b14426b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22d6d535c7022958852eb873def79782

SHA1
ccf2110712e3bb6900fb78e9d4df74dd7efdec86

SHA256
a5c7aa8d2031f20409da34c15b41583fb824af073671a106bd19fe48905e46e1

SHA512
913d367b4f53bfc4a3b4a7c86e71ab75a09d17c13bdeffa95aa03ca1a883be90f9bffaf892c6b64adca50968a8407af775dac63c8c04409d336b7f486cae580f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f11b8af5c452a0d6c75b30dd543c178

SHA1
8c8d3b0969644158da834f2dd8663a99cab46da7

SHA256
302022710252de9c08d371385eb87f59e4a6d8d2e368eaaf867ac96e31eff6bd

SHA512
da37e8eadda985e4385c5490b32b187a07639945c4eb0db600a25cdbe882930f513a264e69c97cfb0bb0b370b7fca1d1b7eae364ece0699c077070e9cbaa899b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1430585a0301ba2a42b855519dfa73f8

SHA1
d8ad951f28d548dddab73e39dfe9151b105a769d

SHA256
7323e0bfa073ccdcbdbe4cd75da74ea455f3c4dc1aa5c44ed27d224cb87b9044

SHA512
7a77bd3093fa22432173a9e765ecd97c4ef776a2cddf7fdb1bc124d25247dc7d3b4d5b4860340cd5ff936b74fb7b5e8a4011fa983504fde862b6ec1835fde9f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08032423b1e9958e9caec8609ea6ca4c

SHA1
b4ce295a0ba38b4cac426a10bebf74104fa61b34

SHA256
37e700b02032d9a18f8536e937b63d9f0892cd1240e6daa0d30301ad5d4612ea

SHA512
552b6c33fc59a682cd201e88b30f0d8ed74ef40ff2396daec6f337b674c4d10a3002d6078135407da5f682de216e671e93a3b984af6dd2512eeafdd6cf5d05de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dff50e58a4cc500f60fdef3559f045a5

SHA1
8a3b5f6411b0ebaf1d77e61221aa4e7a02fcbd1b

SHA256
a565b8897176729099345ece2b19a84c32d7bf7cc523319abd2454a033532038

SHA512
3c09691145f98402bdc7b7c2cbde9f1e23a0f25cd0df5c7df26a306c7058068b0682d9952e3bb71ec099394b44f81b26ca865060fde1993f92cce41b35f83cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
429d78780be268390d9d976160e3fed2

SHA1
e9b1ead2f2266654f6c08a6123d062f562cde505

SHA256
5c07d92c63a928eb421406cbbd26011dbd9e8402edbef64864205399e28b78d3

SHA512
200e0634ed992286e37c4e966e71b353a1e85b22ff90e7914a543d0aee55e3b8f7973288f1df9d1121da5ef79800d03f41ea9991873e507125d375959e77ea07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f69348fefe1f6ac811218db0bce40936

SHA1
d3eef9eb4ad411e56daf7ccb8ff6e24a6bc80faa

SHA256
a3a64da2f93088d2d5e6b5141c8c131fae8b465985376152b9e9188016f75fc9

SHA512
762c11db2c9c50f380ca23ec6cccca303cad7159171eebfd679ad06dbb58aefe9d4fcce82b88e27c859915b44d3c41a9f81ffa93ad56e7add26b257f00be9662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
a123d4e6ea4db4cb986ff16285432c0e

SHA1
7b191bba81c10d27fdd1c81f607ae6719febfecb

SHA256
b7e562a3e38a6a693f371d73a8ea5b044c819dcbc15881ef2cd0e296077339a4

SHA512
0a8c4b87ca989189c229ca572fe687f23beac7a1b6d5c30dccc1dbde8d7331e02187b0779c45ea569c360e67e04bb3209b6d9486c62c17295b64d390cbd0699f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1da0025985a4e9a2852bee2345874517

SHA1
edb6f6bbf8ae5510d1bf549d1f788750a5490639

SHA256
1db732851969a65991ed1c103ee4db195814d25982fbb7191ad3642b01673fe3

SHA512
e1afd52071ee462051ce002976450fc401036a5b9e358e6a99e1ba74f426a35f686a19d6287271e349462528d1e72106bf2a8d65bbd7fdd662c7b559a18b1b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
53a01f90e2fc2d4c80a56d0a02359701

SHA1
70fe3ab7efd9471284c63a0860354dd0772bf2f3

SHA256
ae8c60a64cdf9cf2af3d406016a06dfd1ea7616db36a2d630c06826626effcdb

SHA512
0563994296909f007f873c1d8021bbb622486904a65d7bcaaf1ed576dc4c97f6965412e3e830e4e4f7bad91b9828f398b7f627d10d679b7e3e60d3891e913fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
448B

MD5
26c7e21f8d169ebd60762f6b76130af0

SHA1
474076253c85133fe9136d9c2c64f1d7084ed1d7

SHA256
28bc1f1148c466c48008fe24d7b55ddd4a159f1ba4d0aadfb46909c0b21afcbe

SHA512
9329577aed09833dffa9784c982d425617b550fa4878cfdc587f934d1d148d1ac7a9c7af5f2605649fff84079762af2efc0f49c083e5362c4a57ed26b5a9f52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1c563b7a2eb257f3d6402a243f157d0

SHA1
db45410d603fa31897d5cd9d123de216af82bb36

SHA256
70647624cb3604df0e7b4ce3735a0b53ccf40a7a264b098af6ee834a5d4ad087

SHA512
f2415c0835054df1c01e6ff5fd3c1a3037635382211f2e23a27a964ab038b299ac4cb6db61cf91971497bbab13ef80d24ac5ca9e000e3c6ca17bb02f284750a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c76cde30c30a74609cb8fc206f8acd3

SHA1
196c2b4d8ee4cc18332044297e2c6aaad503da45

SHA256
9e4a77e0e98026cae2ac1e1d5f8f700a13dc4e3861cf0bed58798f98cabd3e1e

SHA512
61fbc61eaab48eb4f429921490022ae46509b2a410ae96bef529b505acb0debd46bddc1e5d06d2a266039a0afe4cefde367cf6f18307dde3f42dd7ab851ffa2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
2daaf0a6c8d7c2b3f4fc52257db33a6e

SHA1
211f208d59428ce663aeed88e1f1d037b14842de

SHA256
21bc187e2908adabe3ace17500d70981d4a9eddf4bc32140034ff00a67fe7651

SHA512
6a387280b469dd4afa9149519ccc307654349e0f3e5b231dec7f1bb39d877d7e301e1ce0067a23fa7f364c43817a9197ccce53280937b6d4b375eccb5eaeeadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
41d44f1376812baef94402a364e819bc

SHA1
91d995cf0ce68593b48812a83bc92727083134a9

SHA256
7431cbcb09076d188ef4822d3f6538f0e7b606c4928890be5260a3eec076c1d7

SHA512
c0c658cc4bf165724bc89d87d58b2e00e616d1aaf9c7dcd0015dc2c56bb0ca7e232a8877ffdbbf3ff47a5540b57ae2c918f843889f17f06d3ec012f932e07c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
c9d70614a84e94d9e73bc2e583fd0ac5

SHA1
55aeb359e67eead926709f684ac65987de96c00c

SHA256
7d024b13ea5c9147c8b663955f1c7b94a4f511cd96876bbc8f18aa83c8e91e9e

SHA512
1d21a2df92e814b57457fabdd24ec8dbc80d8df548135eb4cd7a78bb2c78ed57f9173bc9499343cbfbbd8213871622b0b501f24dd9080bf74d96a649eac9b474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
c3512b2ff90338169e424680e66008f0

SHA1
55e201edf5984e34dce7ef02569a1ef954129042

SHA256
31ba315c5152436ebcaa5deaf9b68ae0b4244daeb36947a6a0aa91e1def38bf5

SHA512
9a8c9d26d3741849d7eb8f27081cdaa01e866415486c9c56ffb128ed328bdfe7e7f0a1ee749f2332d4aa256fc5bd6263bb7f0213a76bd3ba123585af501d1af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
25b6c1b7fcc2845f58f8d82478938370

SHA1
0fabfeb7b356102e11f772a06e7d9a19b1027daa

SHA256
2d0d08257fc6d9d57e3abd928b8489da9ebdf5b47897adc2e4b33bc41991f68a

SHA512
c4cf57ea47322b1cddf2c1b3d6b6330a4df1815e6402d6d599b426ea880c4576962ce7758f926c940603868658ba9759b274f1005b72056f1cbfa513886b3076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
17652916a9fb42e0a2410df092417f77

SHA1
8a3f01a1cf581e7c9aa2a90fbe595186166eb09f

SHA256
1d55c0fe3ece412e00c18d179826fdf4431d117810753ca8202ba55b26a9f1e6

SHA512
0f286218d8c39f92c063dc3c50e8ec3589af861b9ef9ba38795762242098f05c71ea0aae9a5a1b30b2d8924d56d6da89148a48b1fd772134a2194392ee907019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
fe0d5fca32fa4803d9791e599eae8b45

SHA1
1b24b1744ff080037246c38f0791318b8c3e835c

SHA256
343f7a14776cbdd995cc6affcf0519e142a9da7ad42d930eb3dee8082ec295c1

SHA512
f9b5ddf54db44700c55839187b10dccf128cc66f1afeba574660221ff3f314eeca81bed027824dbfc6065a9819244d5dfd0b3800205cc01820f3e7dac348e785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
8b104eed9ea2f16910c91cef9ed63e78

SHA1
0ab3fba77876e4b72c8a6c798b6f0db701772918

SHA256
0fef80a6eb5237190b1c492b397460b0342d7c67dde2f30ec1d9f224557e6267

SHA512
b9c97fa6b04df138b89d35dcc8f24ef353f4c370f3a3b2c71dc23b181de7310b0f12684ddaa8fefbfb64ce181cb8496240faca60c2080c342e5910c958fa7c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
7358d7d4af4706b92a01d3e1786413f9

SHA1
ae0d153c654c48510dc4ba5ecb54b10f3869c942

SHA256
4fe8c21e3c31437d0fc75ce4899149251504d5a66786a2cf724a781a008040bf

SHA512
00ee5287591eae584c2ea2fdb2f9a4639754033ded71115f784876e74450b92339e9b3609c3fbef0951a14c9637434c4e3e7b25798c95cc23a237718673b28b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e9f2.TMP

Filesize
537B

MD5
cda382c5774c9180f2c3dd3867a21eb1

SHA1
a34a1c142c4d8218033e3586d58210d2e4c6f55b

SHA256
9ed7ebee29b15811c7def6c2844af6ce41acd1fb124b74f9af3bf24176cbd8be

SHA512
d9728c96848104927f63c754554831323e43072967f4e8d05644db8a1598be95639cdca4ff6d21cf4bb85d55913eec3d75265a1d3892e117562cee63e6e60866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d2eb25fce447cbc9b739469f8cf32bd

SHA1
01b73b0357f4963bea1b712e337f6a49423dbedd

SHA256
f772a2754446809ac53a89c56e5bb522d6f989ab73356fc94d27084da4030c2a

SHA512
ba6b00c61c5d74a2ea04d713582abe182f33435b65a335525e783f3671fdd059c0461e1cf4a0eb43bfc59a87b9aeda79170fbe682392080b6dbbaf6ba50848be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3227495264-2217614367-4027411560-1000\eeee2811e4f9af7d9f2e3d1085e0f657_423fd5c7-8559-4b8c-bf1f-c9d05c9f0fd3

Filesize
3KB

MD5
bf5929c8a60eafeae7b42a3d1c7c5257

SHA1
bb9abca4b006deb3413d795ead86926452d6d748

SHA256
5b19359d79f9aec436d1289432c69dcc322dadc2df74e18e51a283584a2ba8af

SHA512
250a0464c8f204ec53a7933b7d06d34c10376f3e50de0be7ec75a3684d1884f2d98241a7b78ccfaf84a14d3bb750060450721d3df7fbea4f44c4bd1f93496267

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe

Filesize
3.1MB

MD5
c5eb36642ab3c2806040c4f00ec05dd0

SHA1
4e189a5aad699b07ea1aa27b678b25b8ed3179f1

SHA256
828eeb5d67bbbd9dffd9aa69bfefd9aacaa04d09374a07fe616d3c7189d2d732

SHA512
277c8615f9d8872116f07235d0b712e19c91dd7990d8f6b902e792f08984a1f3a49ae921b2a5ac4960c11a218182f3a63bc6b10f66892e17e68330e48940f42f

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe

Filesize
3.1MB

MD5
7734c85e35554d34fd47490316aaa2c4

SHA1
774e458221f55ea1edcb1f115224fae2e843dc78

SHA256
3a019e72137c43a24979ff833790d88c67e4a81d1a5d43f97457c46e04eeccf4

SHA512
877e89f4cf4b5ed6e53820438ba611b3bac911d691116cc03d9646656c97ec776751bae64679549bc9ae9ae144188413f65326e350d867a7b728826153ab38fc

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

Filesize
1KB

MD5
a175fa66c0af7466c78b2ac2d64ea17e

SHA1
4228345490302f3deb8549b63b86a8718fe2c1e8

SHA256
0a5d09dd5fc04501ef3ea08f595dc824608c480b7a3c6f96b5c64a198f156626

SHA512
8c5b5ca8a4f9d1a794faed14b3058009f88fb3d7c4def0484eeb6373a68e8bf6009b9ac389e349d34cd90e418206a2335fa71133fdb5a7742f748116e71a66e8

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

Filesize
996B

MD5
753fd3bee81714e308090f350ffa7e25

SHA1
b12c1adc6b1f997a4efdcb2e6cc32725329e468b

SHA256
549a28f5b7d337f1628afc2f7d86c64f7279d638bc0f4dd65a75ae4eda79d14c

SHA512
bffd76455250cde3c8df2a5798d7c2043f538c0c615afdbabf99904bf545b76fd53f4699cb3c64402f9c480675bf5a4554a935ba855aeeb7e9ab1e00a1c2be6e

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
175f9296960de5300ea60e55dfed475b

SHA1
71d4ae389c65de2a93a6bfb101ad303c6ca07396

SHA256
de0940e9e406b4a7f1ff3b2370058e64e6c3a2696f125295939cdaef2bdba2b0

SHA512
e115c197b1695ef9647b566aa6f90b3d89d8e8efd63a780a9d7c6a1ebfdddd6aa2de504f536f2bd996ec0426d9b3f76910900b397299129b38fda8ae97039198

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

Filesize
299B

MD5
70b71053a65db7533de2fe6168e2ee73

SHA1
925f9cb54d56521adcd4134a164a26b28bac3d7b

SHA256
01decc4425e8a882a12f23443a42d51d10a199a44013c8cacc84d83632f796e6

SHA512
791e363061dc32e112993e3d20e0a9e7acaeab7857a699147e1e9c8804fafc91fcca95be847302235e831e0a280796f641b919d160ca80d64386a8109c3f2d2c

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

Filesize
373B

MD5
b6af1da05c1a00991f04f8b898cea532

SHA1
24c48b062d8d864eefd32f2d84a36e1a7282e911

SHA256
f2ef0d8f29904a65ce6dbe29baf9379fb4659afb6930a5af5d9fb88f73b73f41

SHA512
2ab2de469911c3fee5b9bbfdbb373e5eb15023bf25b9e1835ebbf5890c66cfd7a06d7d5911e2fb630afadf9b30489e589634cefe52ca4c4156ae24b24c00c8aa

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
\??\pipe\LOCAL\crashpad_1156_ZOSQSHXYBLOFQLPM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5572-619-0x000002693AFB0000-0x000002693AFFC000-memory.dmp

Filesize
304KB

Download
memory/5572-618-0x000002693C940000-0x000002693C9F2000-memory.dmp

Filesize
712KB

Download
memory/5572-583-0x000002691EBE0000-0x000002691ED18000-memory.dmp

Filesize
1.2MB

Download
memory/5572-617-0x000002693AF60000-0x000002693AFB0000-memory.dmp

Filesize
320KB

Download
memory/5572-616-0x000002693AEF0000-0x000002693AF08000-memory.dmp

Filesize
96KB

Download
memory/5572-677-0x0000026940BA0000-0x0000026940BFE000-memory.dmp

Filesize
376KB

Download
memory/5572-678-0x00000269406D0000-0x00000269406EA000-memory.dmp

Filesize
104KB

Download
memory/5572-585-0x000002693D540000-0x000002693D86E000-memory.dmp

Filesize
3.2MB

Download
memory/5572-584-0x000002691F130000-0x000002691F146000-memory.dmp

Filesize
88KB

Download