Analysis Overview
SHA256
9fe210a11e62457a2913c5501e50ef80d2c8cd1120d938432626eb914909f801
Threat Level: Known bad
The file Inversin2.first.ovpn was found to be: Known bad.
Malicious Activity Summary
Quasar payload
Quasar RAT
Quasar family
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Gathers network information
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 04:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 04:25
Reported
2024-11-05 04:30
Platform
win10ltsc2021-20241023-en
Max time kernel
246s
Max time network
247s
Command Line
Signatures
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\wf.msc | C:\Windows\system32\mmc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752543868731060" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000010000000200000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000a241450f5b25db01e465e72d6725db016a09fc283b2fdb0114000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 66003100000000006559762310005155415341527e312e3100004c0009000400efbe65596823655976232e000000d150040000002c0000000000000000000000000000002c1a37005100750061007300610072002000760031002e0034002e00310000001a000000 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000010000000200000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 7e003100000000006559682311004465736b746f7000680009000400efbe57597376655968232e000000050904000000020000000000000000003e000000000080d822014400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-870806430-2618236806-3023919190-1000\{E60E27B8-4988-412A-BCB5-B44611944898} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "5" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\System32\CredentialUIBroker.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Inversin2.first.ovpn
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc1898cc40,0x7ffc1898cc4c,0x7ffc1898cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1964 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1988 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2120,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3848,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4660 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4812 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4956 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4948,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4916,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5336,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5404 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap21226:84:7zEvent15695
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5592,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3512,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3388,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5664,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5916,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5812,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6156,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6192,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6204 /prefetch:8
C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4708,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5088,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4500,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5936,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6516 /prefetch:8
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\ipconfig.exe
ipconfig
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6516,i,1326264328853914456,6201746595737847505,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6032 /prefetch:8
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\wf.msc"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| FR | 20.199.58.43:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tria.ge | udp |
| US | 172.64.147.112:443 | tria.ge | tcp |
| US | 172.64.147.112:443 | tria.ge | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | hatching.io | udp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| NL | 154.61.71.12:443 | hatching.io | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 112.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.71.61.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.15.177.108.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.169.78:443 | accounts.youtube.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| GB | 172.217.169.78:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | accounts.google.co.uk | udp |
| GB | 64.233.166.94:443 | accounts.google.co.uk | tcp |
| US | 8.8.8.8:53 | accounts.google.com.gt | udp |
| GB | 64.233.166.94:443 | accounts.google.com.gt | tcp |
| US | 8.8.8.8:53 | 94.166.233.64.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | signaler-pa.googleapis.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 172.64.147.112:443 | tria.ge | tcp |
| GB | 142.250.179.234:443 | signaler-pa.googleapis.com | udp |
| US | 172.64.147.112:443 | tria.ge | tcp |
| US | 172.64.147.112:443 | tria.ge | tcp |
| US | 172.64.147.112:443 | tria.ge | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.co.uk | udp |
| US | 8.8.8.8:53 | google.com.gt | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 142.250.200.3:443 | google.co.uk | tcp |
| GB | 172.217.16.227:443 | google.com.gt | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4196_ODVOYWUBGRKTBDKT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | a54845a576c9e98a49700156850517b6 |
| SHA1 | 4d97ac0336780b8ddb760b4923d8d2b2e8e080b8 |
| SHA256 | 39b628d94cb54b4f3c16e014394132e4806d8b95dee8e3e6be5291d20f2b4179 |
| SHA512 | f60a1306198fae09e8f46a07a5eebef8486ad55e8f223dcae962a2c72ddc01571f5c49c5beb7257befbee214eb68e80a84eb7a7388f33e82790259b6976bc3d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4b121ca929de459ff26e5cbdbc0117c |
| SHA1 | 9a9e04df0ae3c8ef74c12a26bdd94e244152fb9f |
| SHA256 | 3c8d602a79be26d7faf71e7fb95dc85643d2a77cee45d87e473994886904e7de |
| SHA512 | 35692046492018b7bad7273cb3576ee4053736d04027b1df463dc8e51ad7d98b83b46a44383354169f9036ad320be3ce1a1faa2cb064d315d5896c28ba33e21f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f42f1d0cf0b1b9385059bba6256c13fc |
| SHA1 | af3809ccbe7f45d22cf700ba4a8b96012ea5414f |
| SHA256 | 1aec43c08bf71c4f2822e0ab00836858cadf2a1c3761ac4c7ee35c20535b14e4 |
| SHA512 | e75d32b1ef5a48e36a69f2b454bc5601b5456314a742cf05f16e4942ddb13a27eeeb360924818643c35c1bfd30a7ff37c55b8fd34b6c4f954eb871d92c17b152 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 70f6dee67cc6b013b2552210b5899e12 |
| SHA1 | a5835092a20364491c7eedc172b5023dfba46260 |
| SHA256 | 68579e5a6a28a0610fbba247cf9d2901e9db8db3da0926206f957f2ac3e33295 |
| SHA512 | 95af0a53825d746ac529e457f67381761356f4e4086cc7a0bb614fb8c1b9730e27691b20aba53c0ce0c6a2e2c5c77200a0f953b8a1568c7e482508850bf08f1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 680212df349824050b011b9297a0636f |
| SHA1 | e447bf14b7c6a41cde45fcb5538c501b8661538c |
| SHA256 | 7dbde7db45084bd2111bbb4ef7d81151409b49d3d9c828f8fe92c85afde3400a |
| SHA512 | 4765356fce940e7d54847cfc1b2b2fde1114bc88c21e822b4af810de682b5fb5daf5793b9a29fbf7361407cf3982f6dfd43370da1bc841802b51d63bdaab3099 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9703b118e625b09d3d6a0d59f7f941dc |
| SHA1 | 2f6766a09d23aeb33ad6a528309a96bf8d562cdc |
| SHA256 | 3cf40e98a2adea42e797e4d57575a9c02f930ed001e7b50e23232484c6fb6c30 |
| SHA512 | 77148d432f745967dc1a9216f1e9ab4db618a54a0ea4553612f2a17541a07c8a46f40e055218db1bca76d77582e1305fe5e388b3bc044583e783fa3e7ea5a259 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dba721e2a17d3c4bc2b0b5c9209bd2b5 |
| SHA1 | 2c4b45adef68c3d9d395653aafefacdc5d7600a8 |
| SHA256 | 7d0609e0c6b290a700027c57542fab2ccb84ea825450c9c9fb7174797d553c2e |
| SHA512 | a45cb969888a042ec8b792070eb2f16293c3565f5debefd4e5a26c6219355f0a772a64a6b9e61ef66e37171ed3076e34459ea46a996c914aabaf826a5e9fbb5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8cc267af9f2e7e30901ac84f3eb0c1f4 |
| SHA1 | f089bf5183a232e3b2d03eaf98d37bc1380d97bf |
| SHA256 | 5582774596bae55782c2a2f9f67d0210a6398bbf2ebdc74f8c053a9c83a0bf05 |
| SHA512 | cf63134d728a447a233f5e882c2e8b26f11b4b88d4e09ac9c64acf67907592a3ff175e859b3430ca9b10ec17bbb9ec6ef9d4a4f229eb0eab74ac9f12491b4b70 |
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload
| MD5 | 13aa4bf4f5ed1ac503c69470b1ede5c1 |
| SHA1 | c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00 |
| SHA256 | 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62 |
| SHA512 | 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8acc5e3d64e77fc191eacd93ab33c82f |
| SHA1 | de07cb2912077372181c68922d22a5840714647a |
| SHA256 | 6c92be8eb572c8e305498d7f7feaafe91ddf88c7f7a2524176ee884734772def |
| SHA512 | 71e4da629ec5c1473cf9b467264573252bf0808f5669b28e9c16bfa0be03a2dd95a861c403c482ad5cc8d4164d700a14ec9173af5e7fc156f53dd5ce320f6a50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a38e7959717bef736810a8c0d897ea22 |
| SHA1 | 7edc97819c6165f6c9f5c4944ed1fd1e238b973c |
| SHA256 | 3786e777cdb47747f3f7ae9968234495a9e504dc7543ff2bf237815b3cd7ea18 |
| SHA512 | c5a773d161ee3e3a4100244781d661fa3545c518ebdddf209cb00e10a08b7474c4f6f5e8ce1c36552947ba7485bd00f0994715b77a828a7a017002e21cbd1448 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 315795eddb1b1d7ba425af9d402a9656 |
| SHA1 | eb378291f2ab6f65f12fdf54b70189870ac1c4d8 |
| SHA256 | ddfdea014c09bc95e6a288d79d267412b9da29b8b8f67a3e1267453075468baa |
| SHA512 | 3e0fbf9c4cfc039b79a53688e82e59d12e10a194939b9048ba46f3bdc9c38adb575b2adc93fc462815fd42825477abb444ddf410d1b8a0e9ee94fb0feeb26191 |
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
| MD5 | 12ebf922aa80d13f8887e4c8c5e7be83 |
| SHA1 | 7f87a80513e13efd45175e8f2511c2cd17ff51e8 |
| SHA256 | 43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e |
| SHA512 | fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275 |
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe.config
| MD5 | c8cd50e8472b71736e6543f5176a0c12 |
| SHA1 | 0bd6549820de5a07ac034777b3de60021121405e |
| SHA256 | b44739eeff82db2b575a45b668893e2fe8fdd24a709cbf0554732fd3520b2190 |
| SHA512 | 6e8f77fcca5968788cc9f73c9543ce9ab7b416372bc681093aa8a3aad43af1f06c56fcbc296c7897a3654b86a6f9d0e8b0fe036677cf290957924377bc177d9f |
memory/5800-354-0x000001D5C5C20000-0x000001D5C5D58000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.Common.dll
| MD5 | 2185564051ea2e046d9f711ed3cd93ff |
| SHA1 | 2f2d7fd470da6d126582ad80df2802aabd6c9cea |
| SHA256 | de930a748e4dc08c851ba0a22afce8dcfd0f15f23b291f9306c8ef6ccd7460a2 |
| SHA512 | 00af241c1f89b478e66d758db26ed0a413b690d695abf91211b5cbc3985133632327ea0fc41140bd61d02271b6aa278a8e8f539d8ca6ce94972aef50c1a9c868 |
memory/5800-356-0x000001D5C7A00000-0x000001D5C7A16000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\BouncyCastle.Crypto.dll
| MD5 | 0cf454b6ed4d9e46bc40306421e4b800 |
| SHA1 | 9611aa929d35cbd86b87e40b628f60d5177d2411 |
| SHA256 | e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42 |
| SHA512 | 85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048 |
memory/5800-359-0x000001D5E3F30000-0x000001D5E425E000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12
| MD5 | 82e9a52a60f9dd983b1b10f5e6f6c26c |
| SHA1 | 33973f40f495fa68dd922fb51d8eda29830ef5f4 |
| SHA256 | f3a42061d0240a4ac28d7c7f7bc148478b934aa6c68c5e3e2fe54e51a165249a |
| SHA512 | 6ea2086d9ebb8f3e07dcc8d840664c59a18c9e3446e4a88ce2172d96028eb822e6b71277a1fc44d24708f17adefa39f25baf1be7fa5cb7b668a739b39733e824 |
memory/5800-382-0x000001D5E16F0000-0x000001D5E1708000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\Open.Nat.dll
| MD5 | cc6f6503d29a99f37b73bfd881de8ae0 |
| SHA1 | 92d3334898dbb718408f1f134fe2914ef666ce46 |
| SHA256 | 0b1e0d8f87f557b52315d98c1f4727e539f5120d20b4ca9edba548983213fbb5 |
| SHA512 | 7f4c0a35b612b864ad9bc6a46370801ed7433424791622bf77bf47d6a776cb6a49e4977b34725ead5d0feaa1c9516db2ca75cb8872c77a8f2fab6c37740b681f |
memory/5800-383-0x000001D5E1760000-0x000001D5E17B0000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\protobuf-net.dll
| MD5 | abc82ae4f579a0bbfa2a93db1486eb38 |
| SHA1 | faa645b92e3de7037c23e99dd2101ef3da5756e5 |
| SHA256 | ca6608346291ec82ee4acf8017c90e72db2ee7598015f695120c328d25319ec6 |
| SHA512 | e06ee564fdd3fe2e26b0dec744a969a94e4b63a2e37692a7dcc244cb7949b584d895e9d3766ea52c9fe72b7a31dacf4551f86ea0d7c987b80903ff43be9faed3 |
memory/5800-384-0x000001D5E3320000-0x000001D5E33D2000-memory.dmp
memory/5800-386-0x000001D5E17B0000-0x000001D5E17FC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fcd8fcded9175d4398f505f165968e17 |
| SHA1 | 47fa7851201d449952c3b2a6c7269cd89e4c1899 |
| SHA256 | fd75672275974fc63bb14ac4955495dc00fa40a9c9160a3670f2e0f74a61bb3d |
| SHA512 | ec35d29c9292c3e2e24b3fdbde64c3e6c4416544060ef8ec085de60fd74495b2af715631c630e5c0b846ee61937e6e0970ba56c1dffa41e7e21568f309794197 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f887fd7773a95282ee6e92ce7a6869c3 |
| SHA1 | 3d834d170b63803dee5f28ac4a46c3b72abd36fa |
| SHA256 | c2da780637905210a2e4d33c9605199734f8b7fb8208d61e930dee81db8e99cf |
| SHA512 | 1ee0e72cf69a823257ca986d77ac8f6d6da3241bc79ee9f93f8b695a2cd9de04f9243e05910a85b362eaffabb2f3d0a38683ea300afcf60cd5b4ca11908110cb |
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml
| MD5 | e341552405a31e7fa52ec364089150c1 |
| SHA1 | 981251e0397518ed9ba382e7fd1f3c0af99daea2 |
| SHA256 | 1ecd242aeac4f9ec2514af1251650baa9e915518d4f9223c6f583e0c7a652331 |
| SHA512 | 359331f8ac5b68d25f19d4520955520edbdb46a94b6b26077aa628079e14fadf662e32aa611af2c95359ab82fac3d63c134227fc219bd184a7cceda2e04946ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75e68a4167dac922381e70323e915d0b |
| SHA1 | b37bcaaf88034b467d8a8f3f3150f01cabaf2bb0 |
| SHA256 | 9b060454c9c9e8bb8d6184742191b46fa3367a9c72e02754a4b7ad18d2bc7477 |
| SHA512 | cfbf8412cb76d926cb4f3e2a8f98803bbdf61b58f6126600e80bdfa534e6c1cf8bfd852dc29b0353d9026f7fe70eb7cfccf3a833cbceb7e61ecef5939731eeef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb5b7f582eff69e8d130a9affda13a77 |
| SHA1 | e136bfe7c66abfb3941aad96bf81f7bd26d19f43 |
| SHA256 | 9b4c68875a6c8da7461b826e8929bf8a2669fa9722a33496f8d719fab8715f0e |
| SHA512 | 18641eeaca3528689021bff798d61c23cbeffdb519167d0246e5356472a68123baed7354cd7c3ff83ff30376ce917c1f9444c5b856c18b7a3834d8d84446be27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 685f812bcc5e6813b41dd5894595ee6c |
| SHA1 | 80d39f106995111ba186e67a152bd250526959b7 |
| SHA256 | 10ae1e42900407337437cf363794cabd18ffcc19870ddc4268c68969bdaa2f00 |
| SHA512 | 19801631a0125001902e360b6705b0abcefd332a15119820e0133b877df5bf657ddeffdf62dadc8de08bd7bb9412dcef53098ab7211c422f89e048d347aa1e9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41610a3238aafa647eba65af9cffe5ec |
| SHA1 | c68208f616319917ba8e2d60e1b1a2ed26699ad1 |
| SHA256 | e937710a86a0d9e741d8e8c26c6aed8a2760a96408cc66b6481ee0b7f95b1493 |
| SHA512 | 1e4ff33e363383a57c87c5ffc78fa8ed81b89290eb4f2d608d74bfaecfdbac7d4fd5e4926fea8025fb5bc52703636d8a7877611cd8888e422f577032a710d629 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f660586c873257974ba851f2244832ce |
| SHA1 | 636e06ddca5d9a2d6db2ecf23412be9ecbb90395 |
| SHA256 | 2a8e3d5c86934cc131615aa15092b5ed673c52711d82b05335e36aa35ce2e86a |
| SHA512 | 2f0d3c0cee18fbcf38769b0bcc8ef549a872c32db433fc53ca94ff4be0834ddd2ba72de9525bf9e99d4b1de82b22514ab6577170f1f220e2b13173304a6cace8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1cb83365-b235-478f-bde0-e483d54c41d8.tmp
| MD5 | 8a7bba468b71739b77243674cd0ae7c3 |
| SHA1 | cfb5fd5486acf7ee194d3dd0039e84431ccf1647 |
| SHA256 | 8d52c7f5f45afecb3c477bbcda21c92a409c420576b75405f1d9a250c75965b3 |
| SHA512 | 2f3275d0dc807549889345ccb1afbe7653c0f995385e13d3468ba40b28a54d09a9b0555683b60beb17ad9d7481ae37241b5c740ed7409ceed3117a7c6e2e7ea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65c59c59973bdadfe137722194603d36 |
| SHA1 | faea12b01104d90f8664d80ba94b80f71a40c9b3 |
| SHA256 | f5cc1f9f6fac3c33f319db0d49cece0018ceecf57db5840a3c11bcbd24bc1ef0 |
| SHA512 | 799b4a407efbecf712152d8df3078eea744a61a488158ebbf599bee9b796fedb3741f7ffce9b6ab32775a4274e640126eb4a8cbb59f426daccff8e0ef23c037d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10340dacbc34d4e5a2aa5938724b1cf7 |
| SHA1 | 61702c5c06d6e86050458716e8df7b4e21cd2b04 |
| SHA256 | d8ef117a61d0b46c7f557969201c271103e94c7dae45081c3cc21858259f912f |
| SHA512 | 4425148ec3b4316e6e675b09f703fe574f201b4e61ba9605ddfcbbacb0c54612c31f8b48a8f9f4765429f41593a958a43576748ca4279538fbf6a47df99e90f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e3bc646f317bd755fef5cd8caf1917c5 |
| SHA1 | 30deab239e982527322ca1c24e553c79cb307c8d |
| SHA256 | 17015bf9cb7c1c2415b9e45b8e786fb0c2ebf7dfbb785d7929c233119245ea89 |
| SHA512 | 3c14325b005e61684f253172bc8ea5597b2ee4885ef1329bb21512fef3b71c5be1beca335da3aa65671dd1f28ec8dd3314d0e41aa5fcb955ed92ac9e747cadf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f3ba6200b2c59e7a1d447fd3e3dc77dd |
| SHA1 | e29545bf5f616db8ae40c74d596e4dbaedff8411 |
| SHA256 | e38d277b42580fb2360e6d11c4b17f96a6d86067ecf47503e376c189dabf0d90 |
| SHA512 | 1969a6879f63153fe10962dd2893d3a3f2dc58f57726d1ecb695adbf71ffaaa3294db790842293baaf12e193527c6b4e494048b9beee6a2bc0b58bc9b2c0ef4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d5ae069b1d33dca09bb53df09f3bdb2 |
| SHA1 | 81c3e90ee6b97ab7153f6b2ad544de793e7c2649 |
| SHA256 | e318c1d356b963ba5a8596f1e6fa650778ee9a785e038caea494584db4a472f7 |
| SHA512 | 854743070e088deddc3ebb6b81dbb80d5973e7e2a453fe665f1afba731a7449c4eab6d53f7919a03728c04c17c715463787987655329c43b2f85d88a33a369f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c001adf5bf49939ad3f43e642b2547ed |
| SHA1 | 914ac2780f7ee7bce222ad05d501104b88e87eea |
| SHA256 | c91b7bbb4cf73b5822eca7438b238a802cb321cec55a36a5cfa35dbc010c6652 |
| SHA512 | c58f02f3627c3a64d8d13c275c2e72feeaf76a8abcfe90cd3d2ad66ef2f64bd4a684212408ce3b4b54347c048dc9df5d7c1e7e740dd172e6c141f44636caddb4 |
memory/5800-655-0x000001D5E75A0000-0x000001D5E75FE000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\Mono.Cecil.dll
| MD5 | de69bb29d6a9dfb615a90df3580d63b1 |
| SHA1 | 74446b4dcc146ce61e5216bf7efac186adf7849b |
| SHA256 | f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc |
| SHA512 | 6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015 |
C:\Users\Admin\Desktop\Quasar v1.4.1\client.bin
| MD5 | f4d16cfe4cad388255e43f258329f805 |
| SHA1 | fe7cc6c9eb76b5ad97867b46d053fae601fd4a2d |
| SHA256 | 8fb6ae3496d4ac025eab443d3e322b0faa3461d25b54093c9205d35746e3250e |
| SHA512 | 867045eac0f7765e6bea51e62bc4ed68b1e81ce6c2843d2e08714eb391a8ac94c2571c09828286252248400ea5c12bffa50a25c8ec5ad9e6d0bb836320ec188f |
memory/5800-657-0x000001D5E7140000-0x000001D5E715A000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\Vestris.ResourceLib.dll
| MD5 | 944ce5123c94c66a50376e7b37e3a6a6 |
| SHA1 | a1936ac79c987a5ba47ca3d023f740401f73529b |
| SHA256 | 7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a |
| SHA512 | 4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1f43f6da0665a5bb25399845d34bfbed |
| SHA1 | b15c881523bb551917c42217fd7d1e43c9fc842d |
| SHA256 | 94e58b0ce648e8124fe691c695b7b9e5a98ca8277328914e519bfdc68b0826bf |
| SHA512 | a7f426aae13fcc3e463b88eb25c1b8bbcf0b653e25c531d495db643a77f95235d1befea3f7efb830dc7ac3b871a195a7b2324c7785a802cdc69b18ffe6479357 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e392aff8d7f39856662986308ffaed2e |
| SHA1 | c0a80e7ac2de2ad3b674302485a06a23b0b982d6 |
| SHA256 | ee34629cd79aefcd2805de70dbf1104fe5b3012612b434f21eaba960e68ba1f7 |
| SHA512 | f6cd04a89c5646ef56002b17f71aa857618e43bd116615e9f32c19437fd696c5991496ee411b141f61db90b3064a2de9b0ca5afd01ee5162f7eae980c2ed1d45 |
C:\Users\Admin\Desktop\Client-built.exe
| MD5 | fef7fc18a56919307292dad1b0481e8e |
| SHA1 | 1b4cc3b74a2c5c43cad76cf12f7b03dafe6dad3a |
| SHA256 | d2422e4e839fa1da5bdb80a4762ba07c26c6134eb9f00e691894ec5312024c83 |
| SHA512 | 6fd9b368c64364b28e35a972fe5dc25f3afc3ce13ab4bb8764c9a80018bf97b1c6e13b2026750dc5dc08909a3f7054b85c5d23ef59217489f1d7807e3132e568 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 839940e02893b33f2f4d77938ef431b2 |
| SHA1 | ed40b67b5907f48b009e019fe8fa58759b84815f |
| SHA256 | 7f084d69c1b6759b8b58fc5b9b10066e10df77d56ad4657dfcbf0143329e1f13 |
| SHA512 | ef7ed9cc02ff40bca2830f5365198ba58ecba0b097e11bc47f35c2b2fc8f5bd2ec17363542f90aab4bf0b1d9c7d9e12913e690436c874246a74578d001ffa8ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c40794bbcb325f9db691dca4a4c0a362 |
| SHA1 | b2b6ee1dd63ec8d84dad142d3cf0a0771f44cffe |
| SHA256 | a3b3a25b222343780a21f1570bc5e1683fb04f34c13f62049208e191ff3fcbcb |
| SHA512 | 4a606dc8b79e4f0a6b4623ac7e27753b7f9bb1d6f69deb0f81fab659b83f0d2bfc83f2e9404c7742fda0ee2787ed8f2a776c2c8b01cb9c1731b57a8d48ebc057 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 353d65f89e9942a1b0a29a7536a51db5 |
| SHA1 | aac987ff720d368f97cd349a7165d29436c483aa |
| SHA256 | aa7b070eeb1d96c05bd390280e6d8568a7f8b01c99a0cd3231a1e5a2ffe4620e |
| SHA512 | c1064632850d347333ec02947d6c2a0dfd6baeda27d778ded26a1aade04c2bbdd82e2749aaed16923fb62204651a068acbc2be65fe702ca250b7872bc3e62f0a |
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
| MD5 | bd817c177429cc8eddb515176a519638 |
| SHA1 | 6a1113e208dd97cdb7fd338c6a683630bc36b2bd |
| SHA256 | 455202a6dd9b300c7c143f8c8a33015245b824ffd0ab7783cfb8b5e36cc60e23 |
| SHA512 | fc09f20f54d4fdb35138ee744e51338bac2d4374d584cc77995c5fbd5f83ff0f3c841070363ae7db4a2e77ae123577a9e8fcea8728ed34d85160c7b84de85069 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5f3ce74e50127e4b872797e27d540316 |
| SHA1 | 9be9e45db3f08891f15922f649580d7e4d1eb9ff |
| SHA256 | ee99674b73e58fe9b5c83fbac3d1d56b7f5549b397b855be6fea8b4e804ecbf6 |
| SHA512 | 8974ffc71e48fb43b852dcdc35bd9550b62f45e4f4b817fc1e3c860017cc5db0fc471fd928449113de35516b1f46cba298d46a9b134d79217ed4511b18efc9cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ffc1bd9d862cc716de699124f0f178a |
| SHA1 | f136f12c6ecdbbb5d2e9f2d66d5da81d3ce9a39b |
| SHA256 | 01d4d35ee5a7d4c51e2199503e70a058ca457d11ed78c2aa428ddfc77af5d74e |
| SHA512 | 76d6a4423e4eaf2a6f487ce2f3fb48caed44e0ff3a1ee5017e88b287450a5e3534e1723b5e1cab31de30345c10ffadd8e37f1857e6eb4d0b8432d04ea779f9b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7c09bcad82625d6d4806dd5fc7c6c6e9 |
| SHA1 | 3425619002080ab04f6b6859fc8c882848c78876 |
| SHA256 | 73145134b92c8e86de08915b4831eae5b8fdcf5b463f8b7c933e9d26764f6429 |
| SHA512 | 64393feb5d48cfceb8add37efcd6002b8c2205f03a5d4da5d6c35e254946114dbbf0a4d8a7a1f4b55d7a36ff77a87a19131adab7736370b848efae4c291a2fc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d5d161f4b1db83976d163372fea9aae |
| SHA1 | f16473538ab119d10b5676483f7e716f311993fe |
| SHA256 | 94054431f7f9d005d95d0813ba3a07f4368937f28a6291a1eb53e80cc1692bc3 |
| SHA512 | ee36ea15ce8bc5c305495c2e552e038205914255121561722eddff86799a289423c9190324ab1d4fab8bf3db7edf7ad0163e1328180101812d63bcdc94cd811e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5c51c9d3c63df381939a205822260400 |
| SHA1 | f70018f21e303c9843cfd4e227527e68f9ebb021 |
| SHA256 | 1eb211f71d617425201e0f49dfb9abb82ccfa8c4e40a8f932c7cda3217dc5d76 |
| SHA512 | e3b249d8b3e1d984306ad3c2678cfcf2e020c82854c79de54ab7007e9e79bbf5175357c620eb0166f8cbb08828fa128d17f2e6bd7eebbefc576d16db1521eeec |
memory/4612-873-0x000000001D8C0000-0x000000001DDA6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a84222c9533ff623ef86de9283940078 |
| SHA1 | 8c9e66ab7a2e3cfb0141da0da1290fc73b1341c8 |
| SHA256 | 19a1070af5f8330a4cd98fb6cc274920a50c8428b750126405ed691b0b8350fa |
| SHA512 | dfdb816cfb9a902ca8a316c4fd506f5d8ca251c3f346e78da93b1bbddd17d5d9a8ea304a1b1325e893a70cf3310f7d2cdbfd080f4309c7cebb5e065024205f87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 66bc32433d06541ae34d57eb903db52d |
| SHA1 | de80721e67f644b9541ed554b2337676c12b00dc |
| SHA256 | 799cd87b27d3604b0c0c09ee399c60a34c35638a58fb4a2b6b47ab57e40e6318 |
| SHA512 | 8c370593180b20111a49ce4675f0579ee4c8f02830a03e32131ac7cd82ee38255a73fb592c564fe32a5f166fbe5abbcb1520d23350eed7f1ee681ef0f9499c1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c730a04653d7524916f99267f600c0a2 |
| SHA1 | 46fc30c2838fefe2f2f3f7c68776aa8fd4e7de49 |
| SHA256 | 62e0cb51fd8e5a2b3b94d4e8e80c6292fca15057ccd312dd0cdd9b9f8b0f37fb |
| SHA512 | 012cf6360ede15b3fe0ce4aabde8ca8d96fd9998a064aea791e950da09e6a8e6b31cf2787ed40aba55323943bdc31cf2151765a40688a06f6c3bf6c5f01ea897 |