Malware Analysis Report

2025-01-18 04:08

Sample ID 241105-e196tavbkd
Target Inversin2.first.ovpn
SHA256 9fe210a11e62457a2913c5501e50ef80d2c8cd1120d938432626eb914909f801
Tags
quasar office04 discovery spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9fe210a11e62457a2913c5501e50ef80d2c8cd1120d938432626eb914909f801

Threat Level: Known bad

The file Inversin2.first.ovpn was found to be: Known bad.

Malicious Activity Summary

quasar office04 discovery spyware trojan

Quasar payload

Quasar RAT

Quasar family

Checks computer location settings

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Gathers network information

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy WMI provider

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy service COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 04:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 04:25

Reported

2024-11-05 04:30

Platform

win10ltsc2021-20241023-en

Max time kernel

246s

Max time network

247s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Inversin2.first.ovpn

Signatures

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\wf.msc C:\Windows\system32\mmc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752543868731060" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000a241450f5b25db01e465e72d6725db016a09fc283b2fdb0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 66003100000000006559762310005155415341527e312e3100004c0009000400efbe65596823655976232e000000d150040000002c0000000000000000000000000000002c1a37005100750061007300610072002000760031002e0034002e00310000001a000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 7e003100000000006559682311004465736b746f7000680009000400efbe57597376655968232e000000050904000000020000000000000000003e000000000080d822014400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-870806430-2618236806-3023919190-1000\{E60E27B8-4988-412A-BCB5-B44611944898} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "5" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4196 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 3104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 2136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4196 wrote to memory of 5340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Inversin2.first.ovpn

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc1898cc40,0x7ffc1898cc4c,0x7ffc1898cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1988 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2120,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3848,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4940 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4956 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4948,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4916,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5336,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5404 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap21226:84:7zEvent15695

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5592,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3512,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3388,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5664,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5916,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5812,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6156,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6192,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6204 /prefetch:8

C:\Windows\System32\CredentialUIBroker.exe

"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4708,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5088,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4500,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5936,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6516 /prefetch:8

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\ipconfig.exe

ipconfig

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6516,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6032 /prefetch:8

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca

C:\Windows\System32\SecurityHealthHost.exe

C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding

C:\Windows\System32\SecurityHealthHost.exe

C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\wf.msc"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
FR 20.199.58.43:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tria.ge udp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 hatching.io udp
NL 154.61.71.12:443 hatching.io tcp
NL 154.61.71.12:443 hatching.io tcp
NL 154.61.71.12:443 hatching.io tcp
NL 154.61.71.12:443 hatching.io tcp
NL 154.61.71.12:443 hatching.io tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 112.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 12.71.61.154.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com udp
US 8.8.8.8:53 84.15.177.108.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.169.78:443 accounts.youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 signaler-pa.googleapis.com udp
GB 172.217.169.78:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.co.uk udp
GB 64.233.166.94:443 accounts.google.co.uk tcp
US 8.8.8.8:53 accounts.google.com.gt udp
GB 64.233.166.94:443 accounts.google.com.gt tcp
US 8.8.8.8:53 94.166.233.64.in-addr.arpa udp
GB 142.250.179.234:443 signaler-pa.googleapis.com udp
BE 108.177.15.84:443 accounts.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 172.64.147.112:443 tria.ge tcp
GB 142.250.179.234:443 signaler-pa.googleapis.com udp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
US 172.64.147.112:443 tria.ge tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.co.uk udp
US 8.8.8.8:53 google.com.gt udp
GB 142.250.200.14:443 google.com tcp
GB 142.250.200.3:443 google.co.uk tcp
GB 172.217.16.227:443 google.com.gt tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_4196_ODVOYWUBGRKTBDKT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 a54845a576c9e98a49700156850517b6
SHA1 4d97ac0336780b8ddb760b4923d8d2b2e8e080b8
SHA256 39b628d94cb54b4f3c16e014394132e4806d8b95dee8e3e6be5291d20f2b4179
SHA512 f60a1306198fae09e8f46a07a5eebef8486ad55e8f223dcae962a2c72ddc01571f5c49c5beb7257befbee214eb68e80a84eb7a7388f33e82790259b6976bc3d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f4b121ca929de459ff26e5cbdbc0117c
SHA1 9a9e04df0ae3c8ef74c12a26bdd94e244152fb9f
SHA256 3c8d602a79be26d7faf71e7fb95dc85643d2a77cee45d87e473994886904e7de
SHA512 35692046492018b7bad7273cb3576ee4053736d04027b1df463dc8e51ad7d98b83b46a44383354169f9036ad320be3ce1a1faa2cb064d315d5896c28ba33e21f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f42f1d0cf0b1b9385059bba6256c13fc
SHA1 af3809ccbe7f45d22cf700ba4a8b96012ea5414f
SHA256 1aec43c08bf71c4f2822e0ab00836858cadf2a1c3761ac4c7ee35c20535b14e4
SHA512 e75d32b1ef5a48e36a69f2b454bc5601b5456314a742cf05f16e4942ddb13a27eeeb360924818643c35c1bfd30a7ff37c55b8fd34b6c4f954eb871d92c17b152

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 70f6dee67cc6b013b2552210b5899e12
SHA1 a5835092a20364491c7eedc172b5023dfba46260
SHA256 68579e5a6a28a0610fbba247cf9d2901e9db8db3da0926206f957f2ac3e33295
SHA512 95af0a53825d746ac529e457f67381761356f4e4086cc7a0bb614fb8c1b9730e27691b20aba53c0ce0c6a2e2c5c77200a0f953b8a1568c7e482508850bf08f1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 680212df349824050b011b9297a0636f
SHA1 e447bf14b7c6a41cde45fcb5538c501b8661538c
SHA256 7dbde7db45084bd2111bbb4ef7d81151409b49d3d9c828f8fe92c85afde3400a
SHA512 4765356fce940e7d54847cfc1b2b2fde1114bc88c21e822b4af810de682b5fb5daf5793b9a29fbf7361407cf3982f6dfd43370da1bc841802b51d63bdaab3099

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9703b118e625b09d3d6a0d59f7f941dc
SHA1 2f6766a09d23aeb33ad6a528309a96bf8d562cdc
SHA256 3cf40e98a2adea42e797e4d57575a9c02f930ed001e7b50e23232484c6fb6c30
SHA512 77148d432f745967dc1a9216f1e9ab4db618a54a0ea4553612f2a17541a07c8a46f40e055218db1bca76d77582e1305fe5e388b3bc044583e783fa3e7ea5a259

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dba721e2a17d3c4bc2b0b5c9209bd2b5
SHA1 2c4b45adef68c3d9d395653aafefacdc5d7600a8
SHA256 7d0609e0c6b290a700027c57542fab2ccb84ea825450c9c9fb7174797d553c2e
SHA512 a45cb969888a042ec8b792070eb2f16293c3565f5debefd4e5a26c6219355f0a772a64a6b9e61ef66e37171ed3076e34459ea46a996c914aabaf826a5e9fbb5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8cc267af9f2e7e30901ac84f3eb0c1f4
SHA1 f089bf5183a232e3b2d03eaf98d37bc1380d97bf
SHA256 5582774596bae55782c2a2f9f67d0210a6398bbf2ebdc74f8c053a9c83a0bf05
SHA512 cf63134d728a447a233f5e882c2e8b26f11b4b88d4e09ac9c64acf67907592a3ff175e859b3430ca9b10ec17bbb9ec6ef9d4a4f229eb0eab74ac9f12491b4b70

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

MD5 13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1 c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8acc5e3d64e77fc191eacd93ab33c82f
SHA1 de07cb2912077372181c68922d22a5840714647a
SHA256 6c92be8eb572c8e305498d7f7feaafe91ddf88c7f7a2524176ee884734772def
SHA512 71e4da629ec5c1473cf9b467264573252bf0808f5669b28e9c16bfa0be03a2dd95a861c403c482ad5cc8d4164d700a14ec9173af5e7fc156f53dd5ce320f6a50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a38e7959717bef736810a8c0d897ea22
SHA1 7edc97819c6165f6c9f5c4944ed1fd1e238b973c
SHA256 3786e777cdb47747f3f7ae9968234495a9e504dc7543ff2bf237815b3cd7ea18
SHA512 c5a773d161ee3e3a4100244781d661fa3545c518ebdddf209cb00e10a08b7474c4f6f5e8ce1c36552947ba7485bd00f0994715b77a828a7a017002e21cbd1448

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 315795eddb1b1d7ba425af9d402a9656
SHA1 eb378291f2ab6f65f12fdf54b70189870ac1c4d8
SHA256 ddfdea014c09bc95e6a288d79d267412b9da29b8b8f67a3e1267453075468baa
SHA512 3e0fbf9c4cfc039b79a53688e82e59d12e10a194939b9048ba46f3bdc9c38adb575b2adc93fc462815fd42825477abb444ddf410d1b8a0e9ee94fb0feeb26191

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe

MD5 12ebf922aa80d13f8887e4c8c5e7be83
SHA1 7f87a80513e13efd45175e8f2511c2cd17ff51e8
SHA256 43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e
SHA512 fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe.config

MD5 c8cd50e8472b71736e6543f5176a0c12
SHA1 0bd6549820de5a07ac034777b3de60021121405e
SHA256 b44739eeff82db2b575a45b668893e2fe8fdd24a709cbf0554732fd3520b2190
SHA512 6e8f77fcca5968788cc9f73c9543ce9ab7b416372bc681093aa8a3aad43af1f06c56fcbc296c7897a3654b86a6f9d0e8b0fe036677cf290957924377bc177d9f

memory/5800-354-0x000001D5C5C20000-0x000001D5C5D58000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.Common.dll

MD5 2185564051ea2e046d9f711ed3cd93ff
SHA1 2f2d7fd470da6d126582ad80df2802aabd6c9cea
SHA256 de930a748e4dc08c851ba0a22afce8dcfd0f15f23b291f9306c8ef6ccd7460a2
SHA512 00af241c1f89b478e66d758db26ed0a413b690d695abf91211b5cbc3985133632327ea0fc41140bd61d02271b6aa278a8e8f539d8ca6ce94972aef50c1a9c868

memory/5800-356-0x000001D5C7A00000-0x000001D5C7A16000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\BouncyCastle.Crypto.dll

MD5 0cf454b6ed4d9e46bc40306421e4b800
SHA1 9611aa929d35cbd86b87e40b628f60d5177d2411
SHA256 e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42
SHA512 85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048

memory/5800-359-0x000001D5E3F30000-0x000001D5E425E000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

MD5 82e9a52a60f9dd983b1b10f5e6f6c26c
SHA1 33973f40f495fa68dd922fb51d8eda29830ef5f4
SHA256 f3a42061d0240a4ac28d7c7f7bc148478b934aa6c68c5e3e2fe54e51a165249a
SHA512 6ea2086d9ebb8f3e07dcc8d840664c59a18c9e3446e4a88ce2172d96028eb822e6b71277a1fc44d24708f17adefa39f25baf1be7fa5cb7b668a739b39733e824

memory/5800-382-0x000001D5E16F0000-0x000001D5E1708000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\Open.Nat.dll

MD5 cc6f6503d29a99f37b73bfd881de8ae0
SHA1 92d3334898dbb718408f1f134fe2914ef666ce46
SHA256 0b1e0d8f87f557b52315d98c1f4727e539f5120d20b4ca9edba548983213fbb5
SHA512 7f4c0a35b612b864ad9bc6a46370801ed7433424791622bf77bf47d6a776cb6a49e4977b34725ead5d0feaa1c9516db2ca75cb8872c77a8f2fab6c37740b681f

memory/5800-383-0x000001D5E1760000-0x000001D5E17B0000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\protobuf-net.dll

MD5 abc82ae4f579a0bbfa2a93db1486eb38
SHA1 faa645b92e3de7037c23e99dd2101ef3da5756e5
SHA256 ca6608346291ec82ee4acf8017c90e72db2ee7598015f695120c328d25319ec6
SHA512 e06ee564fdd3fe2e26b0dec744a969a94e4b63a2e37692a7dcc244cb7949b584d895e9d3766ea52c9fe72b7a31dacf4551f86ea0d7c987b80903ff43be9faed3

memory/5800-384-0x000001D5E3320000-0x000001D5E33D2000-memory.dmp

memory/5800-386-0x000001D5E17B0000-0x000001D5E17FC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fcd8fcded9175d4398f505f165968e17
SHA1 47fa7851201d449952c3b2a6c7269cd89e4c1899
SHA256 fd75672275974fc63bb14ac4955495dc00fa40a9c9160a3670f2e0f74a61bb3d
SHA512 ec35d29c9292c3e2e24b3fdbde64c3e6c4416544060ef8ec085de60fd74495b2af715631c630e5c0b846ee61937e6e0970ba56c1dffa41e7e21568f309794197

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f887fd7773a95282ee6e92ce7a6869c3
SHA1 3d834d170b63803dee5f28ac4a46c3b72abd36fa
SHA256 c2da780637905210a2e4d33c9605199734f8b7fb8208d61e930dee81db8e99cf
SHA512 1ee0e72cf69a823257ca986d77ac8f6d6da3241bc79ee9f93f8b695a2cd9de04f9243e05910a85b362eaffabb2f3d0a38683ea300afcf60cd5b4ca11908110cb

C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

MD5 e341552405a31e7fa52ec364089150c1
SHA1 981251e0397518ed9ba382e7fd1f3c0af99daea2
SHA256 1ecd242aeac4f9ec2514af1251650baa9e915518d4f9223c6f583e0c7a652331
SHA512 359331f8ac5b68d25f19d4520955520edbdb46a94b6b26077aa628079e14fadf662e32aa611af2c95359ab82fac3d63c134227fc219bd184a7cceda2e04946ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75e68a4167dac922381e70323e915d0b
SHA1 b37bcaaf88034b467d8a8f3f3150f01cabaf2bb0
SHA256 9b060454c9c9e8bb8d6184742191b46fa3367a9c72e02754a4b7ad18d2bc7477
SHA512 cfbf8412cb76d926cb4f3e2a8f98803bbdf61b58f6126600e80bdfa534e6c1cf8bfd852dc29b0353d9026f7fe70eb7cfccf3a833cbceb7e61ecef5939731eeef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb5b7f582eff69e8d130a9affda13a77
SHA1 e136bfe7c66abfb3941aad96bf81f7bd26d19f43
SHA256 9b4c68875a6c8da7461b826e8929bf8a2669fa9722a33496f8d719fab8715f0e
SHA512 18641eeaca3528689021bff798d61c23cbeffdb519167d0246e5356472a68123baed7354cd7c3ff83ff30376ce917c1f9444c5b856c18b7a3834d8d84446be27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 685f812bcc5e6813b41dd5894595ee6c
SHA1 80d39f106995111ba186e67a152bd250526959b7
SHA256 10ae1e42900407337437cf363794cabd18ffcc19870ddc4268c68969bdaa2f00
SHA512 19801631a0125001902e360b6705b0abcefd332a15119820e0133b877df5bf657ddeffdf62dadc8de08bd7bb9412dcef53098ab7211c422f89e048d347aa1e9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41610a3238aafa647eba65af9cffe5ec
SHA1 c68208f616319917ba8e2d60e1b1a2ed26699ad1
SHA256 e937710a86a0d9e741d8e8c26c6aed8a2760a96408cc66b6481ee0b7f95b1493
SHA512 1e4ff33e363383a57c87c5ffc78fa8ed81b89290eb4f2d608d74bfaecfdbac7d4fd5e4926fea8025fb5bc52703636d8a7877611cd8888e422f577032a710d629

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f660586c873257974ba851f2244832ce
SHA1 636e06ddca5d9a2d6db2ecf23412be9ecbb90395
SHA256 2a8e3d5c86934cc131615aa15092b5ed673c52711d82b05335e36aa35ce2e86a
SHA512 2f0d3c0cee18fbcf38769b0bcc8ef549a872c32db433fc53ca94ff4be0834ddd2ba72de9525bf9e99d4b1de82b22514ab6577170f1f220e2b13173304a6cace8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1cb83365-b235-478f-bde0-e483d54c41d8.tmp

MD5 8a7bba468b71739b77243674cd0ae7c3
SHA1 cfb5fd5486acf7ee194d3dd0039e84431ccf1647
SHA256 8d52c7f5f45afecb3c477bbcda21c92a409c420576b75405f1d9a250c75965b3
SHA512 2f3275d0dc807549889345ccb1afbe7653c0f995385e13d3468ba40b28a54d09a9b0555683b60beb17ad9d7481ae37241b5c740ed7409ceed3117a7c6e2e7ea5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65c59c59973bdadfe137722194603d36
SHA1 faea12b01104d90f8664d80ba94b80f71a40c9b3
SHA256 f5cc1f9f6fac3c33f319db0d49cece0018ceecf57db5840a3c11bcbd24bc1ef0
SHA512 799b4a407efbecf712152d8df3078eea744a61a488158ebbf599bee9b796fedb3741f7ffce9b6ab32775a4274e640126eb4a8cbb59f426daccff8e0ef23c037d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10340dacbc34d4e5a2aa5938724b1cf7
SHA1 61702c5c06d6e86050458716e8df7b4e21cd2b04
SHA256 d8ef117a61d0b46c7f557969201c271103e94c7dae45081c3cc21858259f912f
SHA512 4425148ec3b4316e6e675b09f703fe574f201b4e61ba9605ddfcbbacb0c54612c31f8b48a8f9f4765429f41593a958a43576748ca4279538fbf6a47df99e90f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e3bc646f317bd755fef5cd8caf1917c5
SHA1 30deab239e982527322ca1c24e553c79cb307c8d
SHA256 17015bf9cb7c1c2415b9e45b8e786fb0c2ebf7dfbb785d7929c233119245ea89
SHA512 3c14325b005e61684f253172bc8ea5597b2ee4885ef1329bb21512fef3b71c5be1beca335da3aa65671dd1f28ec8dd3314d0e41aa5fcb955ed92ac9e747cadf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3ba6200b2c59e7a1d447fd3e3dc77dd
SHA1 e29545bf5f616db8ae40c74d596e4dbaedff8411
SHA256 e38d277b42580fb2360e6d11c4b17f96a6d86067ecf47503e376c189dabf0d90
SHA512 1969a6879f63153fe10962dd2893d3a3f2dc58f57726d1ecb695adbf71ffaaa3294db790842293baaf12e193527c6b4e494048b9beee6a2bc0b58bc9b2c0ef4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d5ae069b1d33dca09bb53df09f3bdb2
SHA1 81c3e90ee6b97ab7153f6b2ad544de793e7c2649
SHA256 e318c1d356b963ba5a8596f1e6fa650778ee9a785e038caea494584db4a472f7
SHA512 854743070e088deddc3ebb6b81dbb80d5973e7e2a453fe665f1afba731a7449c4eab6d53f7919a03728c04c17c715463787987655329c43b2f85d88a33a369f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c001adf5bf49939ad3f43e642b2547ed
SHA1 914ac2780f7ee7bce222ad05d501104b88e87eea
SHA256 c91b7bbb4cf73b5822eca7438b238a802cb321cec55a36a5cfa35dbc010c6652
SHA512 c58f02f3627c3a64d8d13c275c2e72feeaf76a8abcfe90cd3d2ad66ef2f64bd4a684212408ce3b4b54347c048dc9df5d7c1e7e740dd172e6c141f44636caddb4

memory/5800-655-0x000001D5E75A0000-0x000001D5E75FE000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\Mono.Cecil.dll

MD5 de69bb29d6a9dfb615a90df3580d63b1
SHA1 74446b4dcc146ce61e5216bf7efac186adf7849b
SHA256 f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
SHA512 6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

C:\Users\Admin\Desktop\Quasar v1.4.1\client.bin

MD5 f4d16cfe4cad388255e43f258329f805
SHA1 fe7cc6c9eb76b5ad97867b46d053fae601fd4a2d
SHA256 8fb6ae3496d4ac025eab443d3e322b0faa3461d25b54093c9205d35746e3250e
SHA512 867045eac0f7765e6bea51e62bc4ed68b1e81ce6c2843d2e08714eb391a8ac94c2571c09828286252248400ea5c12bffa50a25c8ec5ad9e6d0bb836320ec188f

memory/5800-657-0x000001D5E7140000-0x000001D5E715A000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\Vestris.ResourceLib.dll

MD5 944ce5123c94c66a50376e7b37e3a6a6
SHA1 a1936ac79c987a5ba47ca3d023f740401f73529b
SHA256 7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a
SHA512 4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1f43f6da0665a5bb25399845d34bfbed
SHA1 b15c881523bb551917c42217fd7d1e43c9fc842d
SHA256 94e58b0ce648e8124fe691c695b7b9e5a98ca8277328914e519bfdc68b0826bf
SHA512 a7f426aae13fcc3e463b88eb25c1b8bbcf0b653e25c531d495db643a77f95235d1befea3f7efb830dc7ac3b871a195a7b2324c7785a802cdc69b18ffe6479357

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e392aff8d7f39856662986308ffaed2e
SHA1 c0a80e7ac2de2ad3b674302485a06a23b0b982d6
SHA256 ee34629cd79aefcd2805de70dbf1104fe5b3012612b434f21eaba960e68ba1f7
SHA512 f6cd04a89c5646ef56002b17f71aa857618e43bd116615e9f32c19437fd696c5991496ee411b141f61db90b3064a2de9b0ca5afd01ee5162f7eae980c2ed1d45

C:\Users\Admin\Desktop\Client-built.exe

MD5 fef7fc18a56919307292dad1b0481e8e
SHA1 1b4cc3b74a2c5c43cad76cf12f7b03dafe6dad3a
SHA256 d2422e4e839fa1da5bdb80a4762ba07c26c6134eb9f00e691894ec5312024c83
SHA512 6fd9b368c64364b28e35a972fe5dc25f3afc3ce13ab4bb8764c9a80018bf97b1c6e13b2026750dc5dc08909a3f7054b85c5d23ef59217489f1d7807e3132e568

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 839940e02893b33f2f4d77938ef431b2
SHA1 ed40b67b5907f48b009e019fe8fa58759b84815f
SHA256 7f084d69c1b6759b8b58fc5b9b10066e10df77d56ad4657dfcbf0143329e1f13
SHA512 ef7ed9cc02ff40bca2830f5365198ba58ecba0b097e11bc47f35c2b2fc8f5bd2ec17363542f90aab4bf0b1d9c7d9e12913e690436c874246a74578d001ffa8ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c40794bbcb325f9db691dca4a4c0a362
SHA1 b2b6ee1dd63ec8d84dad142d3cf0a0771f44cffe
SHA256 a3b3a25b222343780a21f1570bc5e1683fb04f34c13f62049208e191ff3fcbcb
SHA512 4a606dc8b79e4f0a6b4623ac7e27753b7f9bb1d6f69deb0f81fab659b83f0d2bfc83f2e9404c7742fda0ee2787ed8f2a776c2c8b01cb9c1731b57a8d48ebc057

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 353d65f89e9942a1b0a29a7536a51db5
SHA1 aac987ff720d368f97cd349a7165d29436c483aa
SHA256 aa7b070eeb1d96c05bd390280e6d8568a7f8b01c99a0cd3231a1e5a2ffe4620e
SHA512 c1064632850d347333ec02947d6c2a0dfd6baeda27d778ded26a1aade04c2bbdd82e2749aaed16923fb62204651a068acbc2be65fe702ca250b7872bc3e62f0a

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 bd817c177429cc8eddb515176a519638
SHA1 6a1113e208dd97cdb7fd338c6a683630bc36b2bd
SHA256 455202a6dd9b300c7c143f8c8a33015245b824ffd0ab7783cfb8b5e36cc60e23
SHA512 fc09f20f54d4fdb35138ee744e51338bac2d4374d584cc77995c5fbd5f83ff0f3c841070363ae7db4a2e77ae123577a9e8fcea8728ed34d85160c7b84de85069

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5f3ce74e50127e4b872797e27d540316
SHA1 9be9e45db3f08891f15922f649580d7e4d1eb9ff
SHA256 ee99674b73e58fe9b5c83fbac3d1d56b7f5549b397b855be6fea8b4e804ecbf6
SHA512 8974ffc71e48fb43b852dcdc35bd9550b62f45e4f4b817fc1e3c860017cc5db0fc471fd928449113de35516b1f46cba298d46a9b134d79217ed4511b18efc9cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4ffc1bd9d862cc716de699124f0f178a
SHA1 f136f12c6ecdbbb5d2e9f2d66d5da81d3ce9a39b
SHA256 01d4d35ee5a7d4c51e2199503e70a058ca457d11ed78c2aa428ddfc77af5d74e
SHA512 76d6a4423e4eaf2a6f487ce2f3fb48caed44e0ff3a1ee5017e88b287450a5e3534e1723b5e1cab31de30345c10ffadd8e37f1857e6eb4d0b8432d04ea779f9b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7c09bcad82625d6d4806dd5fc7c6c6e9
SHA1 3425619002080ab04f6b6859fc8c882848c78876
SHA256 73145134b92c8e86de08915b4831eae5b8fdcf5b463f8b7c933e9d26764f6429
SHA512 64393feb5d48cfceb8add37efcd6002b8c2205f03a5d4da5d6c35e254946114dbbf0a4d8a7a1f4b55d7a36ff77a87a19131adab7736370b848efae4c291a2fc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d5d161f4b1db83976d163372fea9aae
SHA1 f16473538ab119d10b5676483f7e716f311993fe
SHA256 94054431f7f9d005d95d0813ba3a07f4368937f28a6291a1eb53e80cc1692bc3
SHA512 ee36ea15ce8bc5c305495c2e552e038205914255121561722eddff86799a289423c9190324ab1d4fab8bf3db7edf7ad0163e1328180101812d63bcdc94cd811e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c51c9d3c63df381939a205822260400
SHA1 f70018f21e303c9843cfd4e227527e68f9ebb021
SHA256 1eb211f71d617425201e0f49dfb9abb82ccfa8c4e40a8f932c7cda3217dc5d76
SHA512 e3b249d8b3e1d984306ad3c2678cfcf2e020c82854c79de54ab7007e9e79bbf5175357c620eb0166f8cbb08828fa128d17f2e6bd7eebbefc576d16db1521eeec

memory/4612-873-0x000000001D8C0000-0x000000001DDA6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a84222c9533ff623ef86de9283940078
SHA1 8c9e66ab7a2e3cfb0141da0da1290fc73b1341c8
SHA256 19a1070af5f8330a4cd98fb6cc274920a50c8428b750126405ed691b0b8350fa
SHA512 dfdb816cfb9a902ca8a316c4fd506f5d8ca251c3f346e78da93b1bbddd17d5d9a8ea304a1b1325e893a70cf3310f7d2cdbfd080f4309c7cebb5e065024205f87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66bc32433d06541ae34d57eb903db52d
SHA1 de80721e67f644b9541ed554b2337676c12b00dc
SHA256 799cd87b27d3604b0c0c09ee399c60a34c35638a58fb4a2b6b47ab57e40e6318
SHA512 8c370593180b20111a49ce4675f0579ee4c8f02830a03e32131ac7cd82ee38255a73fb592c564fe32a5f166fbe5abbcb1520d23350eed7f1ee681ef0f9499c1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c730a04653d7524916f99267f600c0a2
SHA1 46fc30c2838fefe2f2f3f7c68776aa8fd4e7de49
SHA256 62e0cb51fd8e5a2b3b94d4e8e80c6292fca15057ccd312dd0cdd9b9f8b0f37fb
SHA512 012cf6360ede15b3fe0ce4aabde8ca8d96fd9998a064aea791e950da09e6a8e6b31cf2787ed40aba55323943bdc31cf2151765a40688a06f6c3bf6c5f01ea897