Malware Analysis Report

2025-01-18 04:12

Sample ID 241030-thqrsavrgv
Target https://hackerone.com/roblox/thanks
Tags
quasar office04 discovery persistence privilege_escalation spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://hackerone.com/roblox/thanks was found to be: Known bad.

Malicious Activity Summary

quasar office04 discovery persistence privilege_escalation spyware trojan

Quasar payload

Quasar family

Quasar RAT

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Event Triggered Execution: Accessibility Features

Browser Information Discovery

Modifies registry class

Gathers network information

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 16:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 16:03

Reported

2024-10-30 16:20

Platform

win10v2004-20241007-en

Max time kernel

989s

Max time network

995s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hackerone.com/roblox/thanks

Signatures

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747780533912023" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 780031000000000047598e481100557365727300640009000400efbe874f77485e597d802e000000c70500000000010000000000000000003a000000000094f4210055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 7e003100000000005e59018111004465736b746f7000680009000400efbe47598e485e5901812e0000005ae101000000010000000000000000003e00000000005c5d6c004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 66003100000000005e59098110005155415341527e312e3100004c0009000400efbe5e5901815e590a812e0000003e3d0200000008000000000000000000000000000000b33c0a005100750061007300610072002000760031002e0034002e00310000001a000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 66003100000000005e59138110005155415341527e312e3100004c0009000400efbe5e5901815e5913812e0000003e3d020000000800000000000000000000000000000080fcc8005100750061007300610072002000760031002e0034002e00310000001a000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\NodeSlot = "2" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 50003100000000004759534e100041646d696e003c0009000400efbe47598e485e597d802e00000050e101000000010000000000000000000000000000006e3d5c00410064006d0069006e00000014000000 C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1156 wrote to memory of 4736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hackerone.com/roblox/thanks

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba1446f8,0x7ffeba144708,0x7ffeba144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\osk.exe

"C:\Windows\system32\osk.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x450 0x4d4

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1566177862608675047,3125712080311063824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffea826cc40,0x7ffea826cc4c,0x7ffea826cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1732 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4416,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3228,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3700,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3160,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3188,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5372,i,16862020755243883115,14557900248430591253,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 hackerone.com udp
US 104.18.36.214:443 hackerone.com tcp
US 8.8.8.8:53 214.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 errors.hackerone.net udp
US 104.17.168.185:443 errors.hackerone.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 185.168.17.104.in-addr.arpa udp
US 8.8.8.8:53 rum.browser-intake-datadoghq.com udp
US 3.233.158.34:443 rum.browser-intake-datadoghq.com tcp
US 3.233.158.34:443 rum.browser-intake-datadoghq.com tcp
US 8.8.8.8:53 34.158.233.3.in-addr.arpa udp
US 8.8.8.8:53 profile-photos.hackerone-user-content.com udp
US 8.8.8.8:53 hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com udp
US 3.5.84.197:443 hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com tcp
NL 18.239.18.53:443 profile-photos.hackerone-user-content.com tcp
NL 18.239.18.53:443 profile-photos.hackerone-user-content.com tcp
US 3.5.84.197:443 hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com tcp
US 8.8.8.8:53 53.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 197.84.5.3.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 3.5.84.197:443 hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 3.5.84.197:443 hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 3.233.158.34:443 rum.browser-intake-datadoghq.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 94.110.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.187.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.238:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.187.238:443 encrypted-tbn0.gstatic.com udp
GB 216.58.212.238:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 216.58.212.238:443 encrypted-vtbn0.gstatic.com tcp
GB 172.217.169.36:443 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.200.1:443 lh5.googleusercontent.com tcp
GB 142.250.200.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.212.195:443 id.google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.212.195:443 id.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.187.206:443 consent.google.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.179.195:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 rum.browser-intake-datadoghq.com udp
US 3.233.158.30:443 rum.browser-intake-datadoghq.com tcp
US 3.233.158.30:443 rum.browser-intake-datadoghq.com tcp
US 8.8.8.8:53 30.158.233.3.in-addr.arpa udp
NL 142.250.179.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 rum.browser-intake-datadoghq.com udp
US 3.233.158.32:443 rum.browser-intake-datadoghq.com tcp
US 8.8.8.8:53 32.158.233.3.in-addr.arpa udp
US 8.8.8.8:53 rum.browser-intake-datadoghq.com udp
US 3.233.158.30:443 rum.browser-intake-datadoghq.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_1156_ZOSQSHXYBLOFQLPM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c76cde30c30a74609cb8fc206f8acd3
SHA1 196c2b4d8ee4cc18332044297e2c6aaad503da45
SHA256 9e4a77e0e98026cae2ac1e1d5f8f700a13dc4e3861cf0bed58798f98cabd3e1e
SHA512 61fbc61eaab48eb4f429921490022ae46509b2a410ae96bef529b505acb0debd46bddc1e5d06d2a266039a0afe4cefde367cf6f18307dde3f42dd7ab851ffa2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d2eb25fce447cbc9b739469f8cf32bd
SHA1 01b73b0357f4963bea1b712e337f6a49423dbedd
SHA256 f772a2754446809ac53a89c56e5bb522d6f989ab73356fc94d27084da4030c2a
SHA512 ba6b00c61c5d74a2ea04d713582abe182f33435b65a335525e783f3671fdd059c0461e1cf4a0eb43bfc59a87b9aeda79170fbe682392080b6dbbaf6ba50848be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c1c563b7a2eb257f3d6402a243f157d0
SHA1 db45410d603fa31897d5cd9d123de216af82bb36
SHA256 70647624cb3604df0e7b4ce3735a0b53ccf40a7a264b098af6ee834a5d4ad087
SHA512 f2415c0835054df1c01e6ff5fd3c1a3037635382211f2e23a27a964ab038b299ac4cb6db61cf91971497bbab13ef80d24ac5ca9e000e3c6ca17bb02f284750a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e9f2.TMP

MD5 cda382c5774c9180f2c3dd3867a21eb1
SHA1 a34a1c142c4d8218033e3586d58210d2e4c6f55b
SHA256 9ed7ebee29b15811c7def6c2844af6ce41acd1fb124b74f9af3bf24176cbd8be
SHA512 d9728c96848104927f63c754554831323e43072967f4e8d05644db8a1598be95639cdca4ff6d21cf4bb85d55913eec3d75265a1d3892e117562cee63e6e60866

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fe0d5fca32fa4803d9791e599eae8b45
SHA1 1b24b1744ff080037246c38f0791318b8c3e835c
SHA256 343f7a14776cbdd995cc6affcf0519e142a9da7ad42d930eb3dee8082ec295c1
SHA512 f9b5ddf54db44700c55839187b10dccf128cc66f1afeba574660221ff3f314eeca81bed027824dbfc6065a9819244d5dfd0b3800205cc01820f3e7dac348e785

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 53a01f90e2fc2d4c80a56d0a02359701
SHA1 70fe3ab7efd9471284c63a0860354dd0772bf2f3
SHA256 ae8c60a64cdf9cf2af3d406016a06dfd1ea7616db36a2d630c06826626effcdb
SHA512 0563994296909f007f873c1d8021bbb622486904a65d7bcaaf1ed576dc4c97f6965412e3e830e4e4f7bad91b9828f398b7f627d10d679b7e3e60d3891e913fb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2daaf0a6c8d7c2b3f4fc52257db33a6e
SHA1 211f208d59428ce663aeed88e1f1d037b14842de
SHA256 21bc187e2908adabe3ace17500d70981d4a9eddf4bc32140034ff00a67fe7651
SHA512 6a387280b469dd4afa9149519ccc307654349e0f3e5b231dec7f1bb39d877d7e301e1ce0067a23fa7f364c43817a9197ccce53280937b6d4b375eccb5eaeeadd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7358d7d4af4706b92a01d3e1786413f9
SHA1 ae0d153c654c48510dc4ba5ecb54b10f3869c942
SHA256 4fe8c21e3c31437d0fc75ce4899149251504d5a66786a2cf724a781a008040bf
SHA512 00ee5287591eae584c2ea2fdb2f9a4639754033ded71115f784876e74450b92339e9b3609c3fbef0951a14c9637434c4e3e7b25798c95cc23a237718673b28b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 26c7e21f8d169ebd60762f6b76130af0
SHA1 474076253c85133fe9136d9c2c64f1d7084ed1d7
SHA256 28bc1f1148c466c48008fe24d7b55ddd4a159f1ba4d0aadfb46909c0b21afcbe
SHA512 9329577aed09833dffa9784c982d425617b550fa4878cfdc587f934d1d148d1ac7a9c7af5f2605649fff84079762af2efc0f49c083e5362c4a57ed26b5a9f52f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a123d4e6ea4db4cb986ff16285432c0e
SHA1 7b191bba81c10d27fdd1c81f607ae6719febfecb
SHA256 b7e562a3e38a6a693f371d73a8ea5b044c819dcbc15881ef2cd0e296077339a4
SHA512 0a8c4b87ca989189c229ca572fe687f23beac7a1b6d5c30dccc1dbde8d7331e02187b0779c45ea569c360e67e04bb3209b6d9486c62c17295b64d390cbd0699f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 95256d587134d4867943011a9e04236f
SHA1 d6522c3fa8905afc809eb76484cea038644b8940
SHA256 28938965d566bfc911d7bd694b94264869e399e6613e400e4da9c8b69d81c0d8
SHA512 7c1000f7c21bdb3e90ff928ee0bcc287cf71ce57d9adad5e75662f788851446bcb06878a43351bffc7f9e54bf9088caa75f02d5baf81751e63868efc9f710433

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 59e101b063d3ccc65789bbc5756f4938
SHA1 de0b9ad04b870496b0799fc6a4ab8ffb42fda91c
SHA256 3084b8069b5975359bb914d9946b252aa6b07a606f2e118ab62d4920a6fa3ced
SHA512 fd2cd6f276f75780993c7f7deeead34360d1321aa32acaf9218050350f06c4f64f5128a3606a7a7d0fdf0e11e66c8db525c6c4f3a53217e2573b16b756cc3e57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 96a6eae723f44ebaa5e97dd9b7523a24
SHA1 50daedfe77c78c6d26ba2a3179115378134eb0fa
SHA256 cf0847f0428bd49974ac78fccb9e22dc498306f5994cee1cfa4ee031212c4f6a
SHA512 9d0869a2a3d7f529e522e76cb8bd1aa6d3cfcc1fce877e1c3727c89d68df0ed5c8380cd3bdf87f7b870613cee5bceedafe36b4abf55a873e42f7fd536a64eca7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f69348fefe1f6ac811218db0bce40936
SHA1 d3eef9eb4ad411e56daf7ccb8ff6e24a6bc80faa
SHA256 a3a64da2f93088d2d5e6b5141c8c131fae8b465985376152b9e9188016f75fc9
SHA512 762c11db2c9c50f380ca23ec6cccca303cad7159171eebfd679ad06dbb58aefe9d4fcce82b88e27c859915b44d3c41a9f81ffa93ad56e7add26b257f00be9662

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1da0025985a4e9a2852bee2345874517
SHA1 edb6f6bbf8ae5510d1bf549d1f788750a5490639
SHA256 1db732851969a65991ed1c103ee4db195814d25982fbb7191ad3642b01673fe3
SHA512 e1afd52071ee462051ce002976450fc401036a5b9e358e6a99e1ba74f426a35f686a19d6287271e349462528d1e72106bf2a8d65bbd7fdd662c7b559a18b1b51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a1f8edd30249b8767bbdfeda76875fe
SHA1 6e7014a4b4508e7819d936ecd482e4470b0003b8
SHA256 85d6c696c533907f3511fabbded5f480bd61b048bc553936fe7719ffa48552c7
SHA512 a67e2dc6282ea159badeb65399534f6c3f96d52d8ba4f55a1fc911fc1fb4b1a24f95ea9e408f285161a3aae7aab9fe933f9da1e52688ab4d2be7a8c21f0bdcee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ced8ae2e80a3c2b46b99d41c4e05563c
SHA1 67af5ecf6f90828a8fe88c16884dbed7b8a9a432
SHA256 e60c9c5bb224294220ef828aa073f91e83f96140816de2d612d1e9209c507f56
SHA512 e4ba63ec1c96c31e0afb5ef550741c93f43e9f85795ad5ad9a36bc0889bba313ae3c1444e29c50aa13441c78f9f2fdbe1b9c279a71fc32870551a02d0a1e7372

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

MD5 13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1 c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 724b37d21bb59402708b503d2372f268
SHA1 1c57c9c6f2d31d3e366a39c2e24d13b3b7903ba4
SHA256 2559ec46e62da3e59998ec0e4e1a27de736a2335998255456bcb81eec271dcdb
SHA512 05fc0628b22219e0d9880800050edd1cbb3fb631b7ea8faf60f364ebc03fb2c61a50d0ecc5fb53d50e1e5fd9d47c27f960781cf34cf915216afd6e0cdf233e7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 175b0c7dfc79768a92655977c2ed75a0
SHA1 c21a84b024f2ca56e2998284484c28e8ae67f724
SHA256 1835cab836470b955fcb18d96d4ac44da9b94a81572c048ee87fe827a0859ba5
SHA512 dd7a23e597de0f7b3d2d5b45feaa0e0f01c0643ef6bfbdeda36a25399bc08b9d4fed6f56579a6a42c47c5197b111202c78df9e5d78e1556ca65b33357e1fc616

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6891b61dbebff410f91c96b455bc970c
SHA1 baacbf005a8beb51abe2516f9f4d6f34a4259ade
SHA256 3b726c91bd0b690ae26d8d5765b5cf5a8106bb74a783e12767c7bff224e960c4
SHA512 7f7d2acc387e698c95ea48b8f4b64dbee93713ff3f9727ef81cb738ae5b0e1e5b43358499740c11f84743ffc0a5dd8905872853b558f0e5ef57b50e1b6411ace

memory/5572-583-0x000002691EBE0000-0x000002691ED18000-memory.dmp

memory/5572-584-0x000002691F130000-0x000002691F146000-memory.dmp

memory/5572-585-0x000002693D540000-0x000002693D86E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3a379677f950f7dcdc9b14133074581b
SHA1 36425fd93336adcc740bb1c7a44bef5fbc958857
SHA256 9e4eac6735ef6a06302d35d6b1564ea072ba75f87f6ed91d01fa249accff8b96
SHA512 8e8fbbfaeef0ddf1affa3d894ef14070630142d9c0f54ce7a5c07b2d3a51a070e128ea49b76cbb8cffab5abf11f1fcf003e7133c5951a302b6e7e69312167871

C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

MD5 175f9296960de5300ea60e55dfed475b
SHA1 71d4ae389c65de2a93a6bfb101ad303c6ca07396
SHA256 de0940e9e406b4a7f1ff3b2370058e64e6c3a2696f125295939cdaef2bdba2b0
SHA512 e115c197b1695ef9647b566aa6f90b3d89d8e8efd63a780a9d7c6a1ebfdddd6aa2de504f536f2bd996ec0426d9b3f76910900b397299129b38fda8ae97039198

memory/5572-616-0x000002693AEF0000-0x000002693AF08000-memory.dmp

memory/5572-617-0x000002693AF60000-0x000002693AFB0000-memory.dmp

memory/5572-618-0x000002693C940000-0x000002693C9F2000-memory.dmp

memory/5572-619-0x000002693AFB0000-0x000002693AFFC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce76d185146c3cdf037786fdfc6f716a
SHA1 01c4ca531d37784f342bc53ae20e215794523fcb
SHA256 b8658ee1bf9060379d25e88c294421a22b9cfa77596248238c4d5eda6d2acac1
SHA512 5d65652213cb6877caffac0cf57f9ecb3a00b736683acf8bf09c557b38292562bc61456d3c8a8421864d5ece5ae2a853d9e0d32452dabab584c408dbfc445339

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c69c73e6aa9a05b1f6217932a01566c6
SHA1 2418357e155a52b70adfbf6195b04a3f9d84091d
SHA256 88d3700037d1fb2b5ade43ced467caa4642f2c19bdb217f5bd19a797c3425fee
SHA512 7ab361a5b549581d2ff820217441f66f52c3c01e277fba61d1f0d53460ab645b38c2c64c757ae0c2af02dc51e84a265300b75bce7d825154f1218333bb1b3a7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6abe5ada9c42189338d65459006cddc9
SHA1 a97ccbd157160d6c79fff9a63bf6121793ec9eba
SHA256 8ede8076bad163e7a65c175e6851d67cfb3a27ea363e35eb87e3eb742d750226
SHA512 915dc193cf02d1903f3a3472610f808945eff5ee13989af174697724d8d9c111c2d2df30921427c58a0553deb74ccfe6b285c86786c1e8fa3bcb7a315ccbc91a

C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

MD5 70b71053a65db7533de2fe6168e2ee73
SHA1 925f9cb54d56521adcd4134a164a26b28bac3d7b
SHA256 01decc4425e8a882a12f23443a42d51d10a199a44013c8cacc84d83632f796e6
SHA512 791e363061dc32e112993e3d20e0a9e7acaeab7857a699147e1e9c8804fafc91fcca95be847302235e831e0a280796f641b919d160ca80d64386a8109c3f2d2c

C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

MD5 b6af1da05c1a00991f04f8b898cea532
SHA1 24c48b062d8d864eefd32f2d84a36e1a7282e911
SHA256 f2ef0d8f29904a65ce6dbe29baf9379fb4659afb6930a5af5d9fb88f73b73f41
SHA512 2ab2de469911c3fee5b9bbfdbb373e5eb15023bf25b9e1835ebbf5890c66cfd7a06d7d5911e2fb630afadf9b30489e589634cefe52ca4c4156ae24b24c00c8aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8d417820f326c546bfd5837ce68977b
SHA1 db91f375193adb05291e0ef104a4085656813a89
SHA256 2393fb43e5e7fa3417dad4e1d161d71573f7527ae945f9bbc48ab0f54fa1b77b
SHA512 a21fdc8eacc4faacbdc6ac52117ebcbd680bf28196fd52b5a8d2d9f20479a8891ea87542125e8469d0c901323305d8009c1c4382374340c755fdcfe448b7778d

memory/5572-677-0x0000026940BA0000-0x0000026940BFE000-memory.dmp

memory/5572-678-0x00000269406D0000-0x00000269406EA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3227495264-2217614367-4027411560-1000\eeee2811e4f9af7d9f2e3d1085e0f657_423fd5c7-8559-4b8c-bf1f-c9d05c9f0fd3

MD5 bf5929c8a60eafeae7b42a3d1c7c5257
SHA1 bb9abca4b006deb3413d795ead86926452d6d748
SHA256 5b19359d79f9aec436d1289432c69dcc322dadc2df74e18e51a283584a2ba8af
SHA512 250a0464c8f204ec53a7933b7d06d34c10376f3e50de0be7ec75a3684d1884f2d98241a7b78ccfaf84a14d3bb750060450721d3df7fbea4f44c4bd1f93496267

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6e520a1add3c9044ee23faaf9379a80
SHA1 d75768c99747b64e0b155a780cb97fc19f7ae0ba
SHA256 1896f50f5aa8091cb99dbdcb2a6cb529dd4e8d47ccb0e5c96724627f22ff677d
SHA512 6b5530e7a2b1481bad9914f96e3cfae5c930b718ffcb101a5f691dfae218361f2e6d481f5136a96104439411edb9c64978d23a5403e418fd5fb17ee36c40eae1

C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe

MD5 c5eb36642ab3c2806040c4f00ec05dd0
SHA1 4e189a5aad699b07ea1aa27b678b25b8ed3179f1
SHA256 828eeb5d67bbbd9dffd9aa69bfefd9aacaa04d09374a07fe616d3c7189d2d732
SHA512 277c8615f9d8872116f07235d0b712e19c91dd7990d8f6b902e792f08984a1f3a49ae921b2a5ac4960c11a218182f3a63bc6b10f66892e17e68330e48940f42f

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 a175fa66c0af7466c78b2ac2d64ea17e
SHA1 4228345490302f3deb8549b63b86a8718fe2c1e8
SHA256 0a5d09dd5fc04501ef3ea08f595dc824608c480b7a3c6f96b5c64a198f156626
SHA512 8c5b5ca8a4f9d1a794faed14b3058009f88fb3d7c4def0484eeb6373a68e8bf6009b9ac389e349d34cd90e418206a2335fa71133fdb5a7742f748116e71a66e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41d44f1376812baef94402a364e819bc
SHA1 91d995cf0ce68593b48812a83bc92727083134a9
SHA256 7431cbcb09076d188ef4822d3f6538f0e7b606c4928890be5260a3eec076c1d7
SHA512 c0c658cc4bf165724bc89d87d58b2e00e616d1aaf9c7dcd0015dc2c56bb0ca7e232a8877ffdbbf3ff47a5540b57ae2c918f843889f17f06d3ec012f932e07c66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ad12c9af33ead65c547e04a9383cd6b
SHA1 b0785fad430db1878f2746d37548d860413e1a8f
SHA256 5a0b4f35a90de09baae029f7138a8c766fe0ba7c69e893e2f30058ca59b21a8e
SHA512 08e6c83e58fac66f5805e292aed033ba420a7702ea2c4eebaa15f8be5de43fa03d686c3028362ea7465710c35df3ee469edf4807135fa2274bb0f8f2828b45ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 630e0979a86e3688b93495ac0f0f90df
SHA1 80369b2b70d9e4b9af89de929f4d7967bc0eadd2
SHA256 4a92660bfe01c1ea3d6566c48d72772304125532a632b3c527c1ffdcd99d7d35
SHA512 9437a7e56d0fa43d483f57439bd8a83f2267093e01b86beb868ccc808243efd8310b10df9bfcbf6b05712173432152f8eae8cc03098aa02789c7eeb171a965a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 880dae3c24e94fdb26a4c7ea0616e305
SHA1 331e77dbff851d5570f07a38455376255ef847f3
SHA256 78ea4824b2ce32c460daa31d445f9a7d17ca77828dff27eacdec9c02a1964028
SHA512 5781f80d514f3413623e83e97535c021beaefbd0204402eb7b9f7aca979036c348a376f4774741813238ab71ede1ded7a5117332d4908c676f14200b9abd28ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c9d70614a84e94d9e73bc2e583fd0ac5
SHA1 55aeb359e67eead926709f684ac65987de96c00c
SHA256 7d024b13ea5c9147c8b663955f1c7b94a4f511cd96876bbc8f18aa83c8e91e9e
SHA512 1d21a2df92e814b57457fabdd24ec8dbc80d8df548135eb4cd7a78bb2c78ed57f9173bc9499343cbfbbd8213871622b0b501f24dd9080bf74d96a649eac9b474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40186e1dbc79d4b8349be2a7e64f41dd
SHA1 db2d591be14cd1d280bff743bd71c4e75258f104
SHA256 88504c5ce418fce4fe49a95d77b3dd55829ee0a9b8220e0dd69cdc60454f894f
SHA512 928c465d534d332f835c1b5842f9fd06d29b6f6b95d381fbf4ddc9addd73d4291a3e450fc6fee732ff8b8d6126d2b03a5e497300f7f12db85f4c08fe94b6df0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22d6d535c7022958852eb873def79782
SHA1 ccf2110712e3bb6900fb78e9d4df74dd7efdec86
SHA256 a5c7aa8d2031f20409da34c15b41583fb824af073671a106bd19fe48905e46e1
SHA512 913d367b4f53bfc4a3b4a7c86e71ab75a09d17c13bdeffa95aa03ca1a883be90f9bffaf892c6b64adca50968a8407af775dac63c8c04409d336b7f486cae580f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32b56331d8ee6d7a4649eb845c0a8603
SHA1 eef45d2485b53b6d7fed4735a6491d8edd0f720a
SHA256 4af33232125e15b719de6f8d8cc8bfa01478168d284614db6841086ed24234e6
SHA512 e5ace05c07fd1e2dfafa3b9ef9481463027c68b93bb153af1a90c300d40f7e3c29b1a3b14357c91068d8d179afe0888dc71def25d36b34df5aaf4420b79f7b75

C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe

MD5 7734c85e35554d34fd47490316aaa2c4
SHA1 774e458221f55ea1edcb1f115224fae2e843dc78
SHA256 3a019e72137c43a24979ff833790d88c67e4a81d1a5d43f97457c46e04eeccf4
SHA512 877e89f4cf4b5ed6e53820438ba611b3bac911d691116cc03d9646656c97ec776751bae64679549bc9ae9ae144188413f65326e350d867a7b728826153ab38fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4fbf96b27cc35fc2572ee1b65e95dac5
SHA1 c2d34d4013d91f645da5c7f4d3a007afa1adb8e4
SHA256 090116c884d664848281cbd3c4b63e84f561171668f8bde865c962b9d5472f75
SHA512 a055a77a32fec7eb4707d99bc11b3886c11d3fafe6035ecc38b9e2e1a9bc6810a71452a9d48376b2f6091b91816dad485ed385d14ffca316c0e4e1c9582c4954

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 753fd3bee81714e308090f350ffa7e25
SHA1 b12c1adc6b1f997a4efdcb2e6cc32725329e468b
SHA256 549a28f5b7d337f1628afc2f7d86c64f7279d638bc0f4dd65a75ae4eda79d14c
SHA512 bffd76455250cde3c8df2a5798d7c2043f538c0c615afdbabf99904bf545b76fd53f4699cb3c64402f9c480675bf5a4554a935ba855aeeb7e9ab1e00a1c2be6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0921620e578a830d5f7072d83ece1114
SHA1 2a89245f5db82203b26e83f6643078a1675fb4bc
SHA256 c0eee91ba7bbca039d62d5c646e2bcf713dbb65066a7d34656df17a2a7efafc8
SHA512 c0dec82ea0c775bed69326c64e86159009d8e0eed4b80c581760d74d93c18f9e290aa5ffa4493a4da57ca48eb40a45011d42b556817af54eb1313bd46ea948ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 139a80550aa720760416fbdd9a496202
SHA1 8e17f9b6de8dbd212e17937ab8e997b67dac7b75
SHA256 8cf1f7103816bc9b0fecc87bc2d79d52be08eb2227084911443dcd905d1e873a
SHA512 f774f486f52e38293bc515efce7aeb1adfc9823b1cc9b9ee53bd06fe32eb5ef1235026ec1e4471a2f20998f78845285b29447035bebf1208904004b830645716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbf37609ebbb0a04fea688a7fa4b9d86
SHA1 81762982ffcec25b1bf895cc59f636bec0ef127f
SHA256 15ff4c72730e7431df02c42179e875c532f12a7266f82cfc7a1ca16e50f2aa96
SHA512 19c0c9ad6880ec95ffe3d9800aaeb7daf9945b32f8ba9af50c2a220a9d8edd5b02e7bbccf55a5ee35560ddc0f2fa5a9ebfe7b7ecefde3d9094504154696ac421

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66187ae54488c01a4137f9abb1f5c179
SHA1 4c26e4f957be3e4cdfe905088f04027afd6b74a2
SHA256 cd8762ad0e795bbf41fa38bfa2f645f97268ff31e7c5204fee463b790eef77a9
SHA512 a557dbe782bb62469f04b1df731373c90f9111bec373a9e365d87b0ed2130f6297922967f40250615440246ee42b269c5fa22bfa41430bd77365e23335a38cc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b21c3f0d687374603654fe90674ddc9f
SHA1 ee0a56ef777e6a0ab96731c7f2d14168beb9a0d2
SHA256 71a2e0ab6249a424d50fe329f49787c153986611cc80aad22027e1acdacda543
SHA512 34eeb374504bd7fddaff14a8f75d45fb83b4281af4e83efe0c46812da685a81ed5b084c6f722af805d0e7ba822c9fcda0f28eb65b5002fe46fcd0262da7ce62f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a96cf87419b99fa9d8c65da895ca40d9
SHA1 8ba7c182b8f7c0d4dd4933d7b9bbe10991e72bdb
SHA256 0c143054279b6e857c5a52975f0ff0161010aabb65f4e5e4aec36d83736e4c0e
SHA512 b5be16eb758489a0f55b329cef8a2bae2b1977aa6b965823711060e9380c1e1a0be59e07da3937e04bf8a06018bfb749f80f9e9559f4cd31bc2b122680df1be4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 254b5f00df4e4cf9a69212ff15a9e4c4
SHA1 2e34fc45b1ebb22f2c304c99a508f4ccfa26bc9c
SHA256 d82ec00f01e8e0e4f6732ba55e83b76313dca2361b257a95090a158c70a6977c
SHA512 ebfde43201d51e37f5192beba82da2b02cf006065205ca2becc04e5ca80d8e4ec59c4f71240b7f57639837984f29b64f25df5da284f5c2b611212fe258d52763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9cccdb30ab62272fe111cdd1e546081
SHA1 8bb9fa04205785726174d0f87bff7adfb8f63ca4
SHA256 0ae147a8e0de0eba44c67cb5d264edb191638388471ee7538adabacd910f13d8
SHA512 25a9bfb9ef7fabe7de81359de7255cce24f580448fe1103c5d4d296cc9b19d1a71347ca7528194e1f64657b4a39b118d2de59a63ed931efe62753fd653db537f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 876a9038a91fd0bdf64e2919619c94a3
SHA1 77b04e7cecc36dac2c92bd727d269f776d3efb1d
SHA256 cc3086cb352bdd237e3b919164cfcfae76dad1156d7cf3236ed217ef4a166508
SHA512 ea0bb9b40348535ea1480698d32c4e717128feee80b63f0cd45d3ef65b386ff7998ab0abce43bbe851dac391dd23d49f7cb21778c1b4d1cc03b6f96c9d517720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 148ea8656c94c2f4470726c10be8a749
SHA1 fec77bc487d3aabfc6246c0440d188905ffc3d6b
SHA256 4aa1801087dd5aa13588ca68643054d3c00fee11751f45ea12f77abd2bd57005
SHA512 2c520dbd563c2c1bcc363525ae181a1f10121942c47c9f354877dd009d7f0c9f7fc6a8c0e9de3b0b0441afa5654fc60c594e534dab5c3ff459a4dc7343353caf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b104eed9ea2f16910c91cef9ed63e78
SHA1 0ab3fba77876e4b72c8a6c798b6f0db701772918
SHA256 0fef80a6eb5237190b1c492b397460b0342d7c67dde2f30ec1d9f224557e6267
SHA512 b9c97fa6b04df138b89d35dcc8f24ef353f4c370f3a3b2c71dc23b181de7310b0f12684ddaa8fefbfb64ce181cb8496240faca60c2080c342e5910c958fa7c77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97487a9b910fd5a7a08e032f3156d278
SHA1 cd74623310506c35a1c28434095e64d1bebc27af
SHA256 f2292c541bbf11040c81771a5eea391ae44019e7bff18a49c640869e9fe9cb58
SHA512 d8c6c0ca4b8acd029e3e32fecc89bf7caa3df14d30ae8fc1581f838a4ab2f7489b25c31909ac49c2a499c4b8e825bdeb77e0d440d4271720d02b6b8f7726c0ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 25b6c1b7fcc2845f58f8d82478938370
SHA1 0fabfeb7b356102e11f772a06e7d9a19b1027daa
SHA256 2d0d08257fc6d9d57e3abd928b8489da9ebdf5b47897adc2e4b33bc41991f68a
SHA512 c4cf57ea47322b1cddf2c1b3d6b6330a4df1815e6402d6d599b426ea880c4576962ce7758f926c940603868658ba9759b274f1005b72056f1cbfa513886b3076

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c87df7ae274903d94ea2dc4b926f942
SHA1 c3c4bf19a96224d53a5c459a892ee26955ede52b
SHA256 81dbb7a31f2cb92bac83b8a1f8c949754352af02753f8567df7e2ebdc9526d20
SHA512 3d8c79dc210bee26075df8758dcd73306217489dcfc83dec19d5489de2a035586f707a8a30a8f35504deb345fe561b4c60dd0f6a196e7945d547099d838bf610

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a741d8afad77bb56ab472d71d5710a9
SHA1 dd28b90ce8ea5669dd448aaef3fc469e5d554aab
SHA256 0d0ce48d65d7bc7d754f31efe7b9c4b5b90705587f10fca30fa8de9db4b69d5e
SHA512 c5d4e4a9164221ea8cbc2bbbbf64153362288658685e701ffa4af3e1e86f89ddf88e32f901f88a525bdd17d0cf939139297f1a69b4c1684244e9cbf08185c30a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4da754086e7c71497ff09953e07eaa9
SHA1 d0128e041d793d9b7ba4f5173739634b2f37a67e
SHA256 d378e2d482c2484cee0d8aa9fd12a61c73228897a3b3853a79e42f9439f53ca7
SHA512 56f272338b2bba0e04e334231b04a97f04e533f0a01d585c3ef34789289264f52ae067c92e35af61f43709c3e0abd0a66e3ac290853d62fc616101fd99df45bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b321ec3e2e4e9cacfcd0c8a72d85921e
SHA1 5a7769c9c00b8b7a2f1519cc4801161d7843b813
SHA256 7f5364e238ef57d751b1dfbc8cade2e5c8be827df9b84322788b5a8a9d3c91de
SHA512 b5f12e45f9715fa0dac68888a99c3beb69f7b9d22f7e5ace248ecd8bc28483bcdb6f599aee72faa29afa5c3945fd2ca0e59e7f6e7ba485cd030cde68f81d2269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea675d174d4a5f80f181ecd4ca2ea78d
SHA1 639894a39488bca9abc1b1a5f5257250fcd2f76e
SHA256 3783dd5eafa1dcb829f04fe4b9a973537119d928ac1fae834bf844a45e8d0c40
SHA512 73618b7432034fa7000b5ff36986e083440537ffe3a0b06a63b51c3c47bee6775ba1148ab4b1088adb69e2dbfb8039f5985a8691c076d277d4b489956b14426b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b3311a32b3af674aa1bcc4b7e8729740
SHA1 f623772a09298119eaf32e4c6e546d393e103871
SHA256 db390036bda89b75b31ee6d7dd33f68147ce9b4ea8d375c66ff16ae3943fc858
SHA512 a4b84e01d9f5393bf287732e14c4f979cd09f7e13379b50caa4aefee8b49627306126fc5811743abb1f61cfbd47d10c8fddaf6cf57a3b60a4b04c07c9a78f8b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f11b8af5c452a0d6c75b30dd543c178
SHA1 8c8d3b0969644158da834f2dd8663a99cab46da7
SHA256 302022710252de9c08d371385eb87f59e4a6d8d2e368eaaf867ac96e31eff6bd
SHA512 da37e8eadda985e4385c5490b32b187a07639945c4eb0db600a25cdbe882930f513a264e69c97cfb0bb0b370b7fca1d1b7eae364ece0699c077070e9cbaa899b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f308b8a5ee8fb9539933857f7a6ebd21
SHA1 f2b938f2d13724ebab719d1cf22d5355bbe516d0
SHA256 a90953c2fb6d5ff4d0be4570da10ccbc58076e17043cbe20fe83b68c298a25f2
SHA512 829ceb6c8aabf39d7008484f9f7cc1bb3ea9af3d0d570051c74edbf2956d1631b0d84e782684ca872549bf2944ccdc91a2432f6286b3f593ced067fa6112bd7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1430585a0301ba2a42b855519dfa73f8
SHA1 d8ad951f28d548dddab73e39dfe9151b105a769d
SHA256 7323e0bfa073ccdcbdbe4cd75da74ea455f3c4dc1aa5c44ed27d224cb87b9044
SHA512 7a77bd3093fa22432173a9e765ecd97c4ef776a2cddf7fdb1bc124d25247dc7d3b4d5b4860340cd5ff936b74fb7b5e8a4011fa983504fde862b6ec1835fde9f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d8d08e83934ed41291bbcf57dc32f2b3
SHA1 33672fcf923f3189c22d6067ead0a206feb28a86
SHA256 1c420ba788cc55a7197c6141a76922c5c017d5ab20631750b027d18b05e057c0
SHA512 d37fb9b9e9e886496e0bd13c831a80df7c45d30e737b8f2639428023a3a29e451020c3d60a57a7039e993ad8b4fe5062141277ccda19040420a7b68027a25921

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86072691b5b69b374deaf87cd9947f9d
SHA1 0b5b50a4dd3d21692995d6dc462c2af1f88bb8a5
SHA256 0628dbfc84a80ea4d5a456ca82da35558effd393d96b5d5b67620e4833b20809
SHA512 4faf3b7deaea6a8c631a0a17a1dbbadb9a6a9ea8b23de41c3ae79ed94d5a09295f5c8b8ca0d8029aaaaf10ca257506b79ac0b72a95d26e44aaa015144c8868d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08032423b1e9958e9caec8609ea6ca4c
SHA1 b4ce295a0ba38b4cac426a10bebf74104fa61b34
SHA256 37e700b02032d9a18f8536e937b63d9f0892cd1240e6daa0d30301ad5d4612ea
SHA512 552b6c33fc59a682cd201e88b30f0d8ed74ef40ff2396daec6f337b674c4d10a3002d6078135407da5f682de216e671e93a3b984af6dd2512eeafdd6cf5d05de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb316eab71029d73680e333154093a3b
SHA1 ea5c5d052990ad3db8faf82ae9667f86f42c8ea7
SHA256 8d83186bbf7a60dc342abfa8c8a04169f06828ef40193f29c79d7469ca9b312b
SHA512 2b033cbb04c19eafe0dd95900328656c02e727be6bb447d2ad1bfce47ff47387f474e43d1107ca6dde29a358713592c049207b9176b4be99fdc1c7c9e8ed385a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dff50e58a4cc500f60fdef3559f045a5
SHA1 8a3b5f6411b0ebaf1d77e61221aa4e7a02fcbd1b
SHA256 a565b8897176729099345ece2b19a84c32d7bf7cc523319abd2454a033532038
SHA512 3c09691145f98402bdc7b7c2cbde9f1e23a0f25cd0df5c7df26a306c7058068b0682d9952e3bb71ec099394b44f81b26ca865060fde1993f92cce41b35f83cd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c3512b2ff90338169e424680e66008f0
SHA1 55e201edf5984e34dce7ef02569a1ef954129042
SHA256 31ba315c5152436ebcaa5deaf9b68ae0b4244daeb36947a6a0aa91e1def38bf5
SHA512 9a8c9d26d3741849d7eb8f27081cdaa01e866415486c9c56ffb128ed328bdfe7e7f0a1ee749f2332d4aa256fc5bd6263bb7f0213a76bd3ba123585af501d1af7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7c812ea1f929fceae1ab9c6b10017a2
SHA1 19d148f24d45d4e6a1f6442e5ef27f2d9fcf1213
SHA256 240b747c04bccbba2f39aa645bd4db0c4d64a939bb8833c19c245c8ad0d15d6b
SHA512 04d176a0c8e3d7848f25d8562027d6baf5ed3fb304004337ed3addded987f2f17213f73819b2944e618a202b1d84a0cbafe5a4daa2a0397966318a3d3ba46a52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 429d78780be268390d9d976160e3fed2
SHA1 e9b1ead2f2266654f6c08a6123d062f562cde505
SHA256 5c07d92c63a928eb421406cbbd26011dbd9e8402edbef64864205399e28b78d3
SHA512 200e0634ed992286e37c4e966e71b353a1e85b22ff90e7914a543d0aee55e3b8f7973288f1df9d1121da5ef79800d03f41ea9991873e507125d375959e77ea07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17652916a9fb42e0a2410df092417f77
SHA1 8a3f01a1cf581e7c9aa2a90fbe595186166eb09f
SHA256 1d55c0fe3ece412e00c18d179826fdf4431d117810753ca8202ba55b26a9f1e6
SHA512 0f286218d8c39f92c063dc3c50e8ec3589af861b9ef9ba38795762242098f05c71ea0aae9a5a1b30b2d8924d56d6da89148a48b1fd772134a2194392ee907019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b1d88f348d93ee924edee86991a74d6
SHA1 1b4840ddc685b5a8e705cbb900c0c6211b9e6465
SHA256 45f4dfc8147f6aa825923449778f174f7ff6541f222c2d144024386c625a0a66
SHA512 3baeadd24aa1a616eb414d8d491336b12bfbb3cda674b9dd019b1915f8d85989d8606048eda9141737c79effc9c74754d4bd2b7c0ae02e8f7a6c977945c6acb1