quasar | 4eb15cc2049a0945258b21fab368829cf9d921d9540127b954f0d0ba6034f335

Analysis

max time kernel
533s
max time network
535s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-11-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

el liam bailando xd.mp4
Size

3.1MB
MD5

923b5eff3b0b3c29308cb73a568ebddf
SHA1

4cc065f11403aee930f0d2e4ff996454c607dc27
SHA256

4eb15cc2049a0945258b21fab368829cf9d921d9540127b954f0d0ba6034f335
SHA512

3b4d63b963b0bc2f15527db0bcff9268dba6bc5efb6842eec391b040aeca5a1dbe1bbac840930070855913542c999778e65e5b3a6171f992deec2a83945248ea
SSDEEP

98304:6aps3ZS26/GvzUYWcOn5xh24cf10YLjnM8Oz4Y:6ucZS281jcOv4HL7Oz3

Score

10^/10

quasar office04 discovery spyware stealer trojan

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

10.127.1.137:4782

Mutex

QSR_MUTEX_hbxMQFPRGA78sZ0gkM

Attributes

encryption_key
I6Y1GM1uLHisr8VCR7Cf
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 3 IoCs

resource	yara_rule
behavioral1/files/0x002a000000045258-1044.dat	family_quasar
behavioral1/files/0x0004000000040cfc-1176.dat	family_quasar
behavioral1/memory/2832-1178-0x0000000000130000-0x000000000018E000-memory.dmp	family_quasar

Executes dropped EXE 5 IoCs

pid	Process
1992	Quasar.exe
4540	Quasar.exe
2832	Client-built.exe
800	Quasar.exe
4596	Quasar.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
131	camo.githubusercontent.com
132	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
161	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Client-built.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
560	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767087303979714"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 01000000030000000200000000000000ffffffff	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Documents"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4\MRUListEx = 00000000ffffffff	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "7"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = ffffffff	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Quasar.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2828	vlc.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
4320	msedge.exe
4320	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
2828	vlc.exe
4540	Quasar.exe
800	Quasar.exe
4596	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1164	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1164	AUDIODG.EXE
Token: 33	2828	vlc.exe
Token: SeIncBasePriorityPrivilege	2828	vlc.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe
Token: SeShutdownPrivilege	764	chrome.exe
Token: SeCreatePagefilePrivilege	764	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
1992	Quasar.exe
1992	Quasar.exe
4540	Quasar.exe
4540	Quasar.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
800	Quasar.exe
800	Quasar.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe
1624	taskmgr.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
2828	vlc.exe
4540	Quasar.exe
2832	Client-built.exe
4540	Quasar.exe
4540	Quasar.exe
4540	Quasar.exe
4540	Quasar.exe
800	Quasar.exe
800	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe
4596	Quasar.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1864	764	chrome.exe	94
PID 764 wrote to memory of 1864	764	chrome.exe	94
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 464	764	chrome.exe	95
PID 764 wrote to memory of 2004	764	chrome.exe	96
PID 764 wrote to memory of 2004	764	chrome.exe	96
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97
PID 764 wrote to memory of 1960	764	chrome.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\el liam bailando xd.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff8df9ccc40,0x7ff8df9ccc4c,0x7ff8df9ccc58
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1388 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4964,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=504,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4620,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5044,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4716,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=904,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4656,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3172,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,2696423433967384082,658461338380043957,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2392

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4132

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29919:92:7zEvent2836
1⤵
PID:1716

C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
PID:1992

C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4540

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1780
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:560

C:\Users\Admin\Desktop\Client-built.exe
"C:\Users\Admin\Desktop\Client-built.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff8dcb446f8,0x7ff8dcb44708,0x7ff8dcb44718
    3⤵
    PID:3460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5147905669403774997,55799180983490971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5147905669403774997,55799180983490971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5147905669403774997,55799180983490971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
    3⤵
    PID:1452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5147905669403774997,55799180983490971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
    3⤵
    PID:344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5147905669403774997,55799180983490971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5147905669403774997,55799180983490971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:5204

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3e013d7308734f31af542f4649adfedd /t 4384 /p 4540
1⤵
PID:3432

C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:800

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:1624

C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a96ab5246b634b8c94ebdcf5aa781353 /t 1244 /p 4596
1⤵
PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0e420b41-154c-41ca-8a62-a799427e44ee.tmp

Filesize
9KB

MD5
2f77e907cf89e7c2fab7bb17487968fe

SHA1
3f3b630fe9d428bcb82aa90add0a41214361beff

SHA256
6f50967920964abd87372de40f3c73a876ca631b743f122ad653656136c57b33

SHA512
562366fdb3cc0b19b1e9432f8893ee8d0247cb04abfbf138be1a2d1bb7acdcd19acb3300c2c94acded3b213b39978130b71197e138ffacdc163a4619ed204d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dc43e62ab0a16a7e36efd1f68229ce91

SHA1
b246754e6cc9b3f9c68d532cea5b6ec8103fa326

SHA256
3dadeb97dbdc8c403affc38e1e373a1db7d93f2d2d95f23656412a70a61558d6

SHA512
58fd03858fff15b1984b1e716e41410d4d4d9921a5dd2444c12eb0aa64e234146ea105290457f001e62636bf22f58e03ae4c67a9b78fe0a022ef0f2d3f6873d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c7a6f81c43b893cb7778cf99c3c8fa0f

SHA1
f7ce1cd3b1e614722cb51a2d042411da038196cd

SHA256
625db46fb96b58b491179789e81757ecb7e8703095fd8a7916b1953f79d77328

SHA512
63deb9b17e36d6a0da58468506ace95a3b3660b520083074f338d28c7e0a6ffb806cd0a3dc20dff7d2762d7acbc49e56d4c95bc82ead15d0ca73b065f75ddccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ad6d35fa133be1398d25be04a0d35966

SHA1
efc04fcfb22db4c7121d6bf25b1373c91c441101

SHA256
a1a4387f92fef9bf8860fb672052c5bcca9f3f0435eebcc6eb0bfd1704076563

SHA512
f78f614d0e22428b2bff5aa39e81269ca988fe0b4d597a1e101de6fdcd38afb355409484f31119950fa0306cdd9ab31b972c47451ce56d2395de76c3622f2759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8956e36c4c73e857c5ba9a635ca738a7

SHA1
44234d788fab2881123830b5bfa901553a6ee3ee

SHA256
cd0026a6d1644bc81714f43714ac795b0d644ad84c0631e666aeec8eff2b2d4f

SHA512
833fde30c24dc11d66497120730a35ffb81e4bdc9b7914f996b02322130329d5b2369d631c8371d2ab80573180df3b9da63e4a7d5e1e404590e51d631855ef46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2af16d85e6a424da34c2f855c7b57eb6

SHA1
477dc14552465ecd32253b5adf80af44cf81c8ec

SHA256
b40f66cb16cc62fea5b26b7eaf5d89d1e2d65e7da10a4270b1722c5dcfadced6

SHA512
60399a41f118409ff8582ba10c484efac5f7178afdd08a4381536d7d5153cdb81cc3cd4cc1dc310d534bf7ad54f28328130f81a6d0b01c248aa4de7a742a114a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
722674ecac57338c90a68f4e76dd229e

SHA1
483a2c65b1f8ef109989b889933122f025fc81d5

SHA256
fe2b352cfb394fd3fd0734124f6be733e991e21d8071382f2d39e322c19a32c3

SHA512
b47fab34ce21df9e9bb6623cfb5b7cb917ac8e1c9433ed6ec121f09253c2a1f54c66db80a566e9ae19fe7078f3cc2f861787adac00c3992dd3da134dbec46fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fee1b203d63457a1e65b4bc13cd9e056

SHA1
162e0cbd1d40209a43b4f97894b0f24f2308cdc8

SHA256
9a0616880aa92a2018a41a977bd369c4475e4e7dc246acf47cb3bd492adf8864

SHA512
c8def5565bcb0c320b11e5501a4772458861ccb9340373e29d53ee1e2838ed89f44d41ee09252c97b14c8ebb90898088f8b4b1359b749981730002802edb7425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1d5c5a382a4ae07c97053feecebcc0ef

SHA1
3821d09aedefad974833463b06be5901c8d71f32

SHA256
13c40095c8bc8205edb24f130c6986bdc1223b2d109f4fc2d245920d49a031c0

SHA512
ada0ca503aac60ca49883545ff1a6a049e7bad59e9d217353ce5df07de7d7edb510a0511aea9cf88ebd79449a6d92cfcf3ecade1893783bec5e66ee6c4d3d56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a634a599d429dea184f6609a11c31040

SHA1
a63db823c07f60cfa64c45b9089eca37d008b875

SHA256
d8e202795d6bdf54b0374718bc1cf8f0ffd30514d5690b74b23302cae8870c0e

SHA512
465c53c10fac656dc17ce896030615e78c9ad61cdcf2f9bf79a83508b5e636fd8d6e32805890327b6de4453490911b4912cbdfb7b88baf29155403286edfcc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e076dfca3aaf1ae186a7746494cdeb23

SHA1
d2efbc4d599dedb27207a7ecd1ccb694decd8d5f

SHA256
f5ac18c65b2682075a05fef77a66474fd4cb53a8909afe33efb9abe041cc9371

SHA512
f963c6c2bfa119749916d8bc4f063c4cceb5a59aeec957ee909e821ec1c48474dcdb83434a473487084c428d8fe291eef9f6485d428659fe5a3c643e811c9288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4b69db26430a3e5c10182297e6d77183

SHA1
17f065853e033f7c2ec94eccaba57ac9d05f418b

SHA256
35c9fb881fa7bfd601d5975fff221d6910d9143a2506490a58d0e9f2f5d8ece1

SHA512
bb978d74a5adc05c306807d5341863d97c20a345721fa658b5cb0cbf9451dcc3e7bb3e019e9254791f80056af2382974f628c71afd894411f7cf9a07dc4c8848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bd61085cc9dc1610e27cdc43d74bafd2

SHA1
10d7b41ff1c9414db0c252e2508ec08f4d099482

SHA256
1aec8e547016322488f664ac4320d679a908eed529e31b3f2627fcd2ee4413ea

SHA512
a2528d89b4aa3ab051278bc61eb6dbb00eafa544ff5cad629e9b3fd0ac6d146a577ba6a972a0ef756e70206974cb901a91395899090fdb035af1f0f7e512bb34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da38f2c54905c7f862ad82bf4f863101

SHA1
c1eeb01a08e0a2cfa0d1544af4f6d6306748af40

SHA256
75047852d2b517d0735a39071f17f10c73b83b5349a7972248e4ec097ba2e12d

SHA512
b46ee8a7c0b7e2241f363113ca36d10148a36705429731105b6d41eb37fcf0117e529963aaff86ac9a3954a47dd8cb0d0b7c92e108414ef3359d8c9c253acf87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
db9f79a3c97ae48e78d4b36bd78aee3b

SHA1
a982ef16ff9db72a8a2089087adc90a2bd1320ca

SHA256
f4303cbae5df1b4189354bc87339fd8afcba50efc7bfc58e4e2e0f23b7bf1ea3

SHA512
8e54ea7caa57148921c9842ade95e355a04b989cb07a98c265c0568ab5543346a864a9b634c5d2116966d581d35cd944c694ef2aae5209e509966932cddd5ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
141285e0570e79f0ac8092b51f92b66c

SHA1
19efaa1cbf1230b0ae24aceb9db1d81dd6392952

SHA256
bb78e28f71bd6e2712218ef8294ce7ebca234113a659abc9c30563ba370dda19

SHA512
479aa2bef2411026cb00518a94e223e2c0a8fc031bba3536df45d0d96589f28bbaf811364c5de49183c3218773fa4b30a7bdba97396758dc8d20c42724267da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c139006c5dfcd0cdf8af4d19535272b9

SHA1
bcd872c524ed163223c33cd4d99eebc68c793086

SHA256
aac816f4f27553f368b1d61fe3ee539bc550740148bc3bdb1bc26aa3579f19eb

SHA512
5f5b7d83f43e35d337b46a01a836e4a0e33b201c8f705662a360f1a952fddf24ea2e0c00fec0499299661d66f5b51e4dcf66d40be50c0f1d2e4a2a3d35792bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
faf2e23312754cd26baa226b7182b78c

SHA1
cee9b2a17d2c47f7d43383a4bc927d218527753e

SHA256
9da50f58a4f360544c86431ec442ebbd502fcdcbe2fb9cf4f5409d96b15d6501

SHA512
253ca6d4b65a302f8fda140e93483314862ee091278dc1b6aed9544aa8211dd40e0c6ca40940c814837dc57848c2e6cb1f78b4c3e50372aced7df092f2e4b925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
189810a61afc4a05f13fc67cb1d5f355

SHA1
1edd17c8b8781976a974578765061e16a310f8a9

SHA256
ad2d2f7cb9aab32fd54327a33ab8fcf426e0b644a4453672a7f3d2f29de3e8a8

SHA512
5d11823de8784c89a5e0608fc0ee370ee7f6512977a0e6d8f235d22eb3814755a8f0399f12fb9ce98fe42206c1d1b31a9fea67796d5ca4c35f7ce7a803b728cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ee38d33cbeea50801be080759ea907c3

SHA1
29fbf8eef0834925c6345b349e2555d80ea50e75

SHA256
3bed104b5578a7f603d1b07299770d3df0a2386169eb9badedbc9c1668cf6b6a

SHA512
f827d467c1e7ef82d8b7e938c9c9e4ae6dbb81943b81c2fb0e17f7797510ca94013aff4ea88d20ebc5dfd06a335b8afb90027e79f039a986b6b37d0eb20566b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
58cad8aaa7a13a75fafea64fba1bda0e

SHA1
420e077fa3f8cbdaa0bbac98bce0e47a8da3de43

SHA256
f40683d71d108137e5bfded39836399afb65bf80e91955b3b8f0d40c212d6fb3

SHA512
2978ee7fe6daa0e5a633b68e4fd63debd4e05cd33cd0641809b89f3c24f275736cae9fd9904cc67aac9e82d716e2ce8bbb2ae934f959c42d0d8dc1fda55be5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5c7daad1bb91a34593d5aaa33008cb3b

SHA1
30ca51e63ccc6f9ba85f1397163977086d62e147

SHA256
5b0ebd99d51f0033970ee1c727f8c766129576b9e39374da9a8f5edb5274d935

SHA512
ff5d7966e8bad2fe6d5f916870f5e2c076b762883abceb911e5ef8676dcd202ca129274a27bfb6db48ce9748f214e9e373d1c24fc9abebba4b6a72a6742988df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f6b8ef0e46de84834cfe57709bd2d5a

SHA1
25a3304687ab11477864293669d047248b5f60ac

SHA256
52f3864f583eef4fd00729510775bfc6a4714630abb472cdf1d8e887fd875f68

SHA512
023324fdeb348f1caa9fb9c704e886afc455c83ba3b3cce411dda25b31e78b43760abf740298e5f93f110ae3bccdb53fb3ce920e3909f5a9b51b3453c91af8c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a06ca7efee355d1690e95865a687aec0

SHA1
e8944110038658ae15cb7488af4b6ae48941115b

SHA256
f3b9539512cc8784d17280cdc3940c37633d17591b84731a40c14dcd076f5638

SHA512
2ea81d1e8ee7d248f6d00baece546f87de559ff89591db1f9226d18e88976a5cf4f947b9f33b05353ba4604f3230281988cbad0171902188cddbd27cc40b1f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
461b7c88a6e86e561d11cb91b919a9de

SHA1
37ab1182ed3b96a4304425ef441494d556d60357

SHA256
579ac31a70ed586461ccae2c9b437de566f909e622c595bb0250d840413823e7

SHA512
fccc061cb2ac9355eb6a79e0561287060f51ab82c58ca68c15ce7539c5154d03d91c4c8807fc2c58080daef428cb401b0707aabb095938ea7a245ddb6ba2b469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6d3bfd083f0db469d44f20c1c01f27fa

SHA1
3c782c7e811e248488b3dad9eb688bd882c78d3d

SHA256
5e2e9d404fd1f55cdfdb11693748ef314b8c979bdb6b4d3e9ff06a7ebe5b8a5b

SHA512
2d0b02cadfe365b88e6ba0b012fbe199c02c300f30204af0dc6d4ab2e545150bcea7480ddd2ddac14858c490cce74671d826d6d174916e4f85a03d14aa3fcd90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55a410c87158f161bf34c7edca8bcb4f

SHA1
4eda66babcfdbc4d32e7887058af5493d8c7aeb1

SHA256
5a37b40791eba28f0b85096532a56a66ccceeb5162f9234ea338fbe04c3bab3e

SHA512
9165954f5974723d5c5379718625f084be4fe6cfa82975624245f61e2ed29f7b99ed59fca6101719bc5b8c6246bf760936534dd78d01e48d4ee40b7d2a67e802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
af0eb28af150f9d931df1dcb9dbe8439

SHA1
e69394aa329275719b49adeeb8a23c8ed9ad325e

SHA256
3d4f873071754cf06fd863acfc49a1c32af83f8e713005c1e3614f3759a4a8fd

SHA512
713a95c75eda56b4ba42c37df5e3dafe2bb7c24e501fa841d95dcb70e91d1aeac62f3727bf554ddbb8f405797ff8f567c724230f3b0a329999492877b1245c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d325c23765ea443be12f19670ed4582d

SHA1
00ef81e87a0f4df181505a0754bfd89c89bf7890

SHA256
02c400ec09e9ae725232c3961d881f06716d53447e408abbde5a020b468f0b75

SHA512
416b7767bce1cc473e8176f3225a815ad66732097c6bda51ee7eb9b5bcaa332be008ea66fd17f4a032c5cfaf32fb1632b79d82394b1d0ae9c3782a4ff11a3775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e15a25d16494b11d25b7bae13aa214b7

SHA1
f8e016a9b190ff67279ee844ecb25f1db0f92c6a

SHA256
68940c1a7ad2fed2635ea1cc374c8f72f8e6d87666bdf199b8769d978fdff75c

SHA512
5041596d914f3b5ddf6625b4d17b0cf521c772d207af29118b7623d482a6904f7e2a17d15742ea60cec9a654be69d665b6c2b4a8e4d70e03d74bc8d364f82d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6804265e60cd00bf6ade878d4b046965

SHA1
311cb79afdbb35c6eb04c29bd9f89d6ab376415a

SHA256
5089fbb43efea9f23b2bdd163e30d2451ef6c4f437f163fd1153a82d4f98e6fe

SHA512
b3e1a10a6562546f2fccf9b41977f5a8875d3461087940c494f69ae473582f88c725f0f2e91227ae2ec20fc606417dfd0d8b6dc21b2a4f43a32cc08b60fbbd03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
04c93119b4cc3ab0072010726d8e8165

SHA1
c10e7029b707e227895b2d1333feb3251aa32c76

SHA256
1fa5ea9153bac80300cb1504c7e86ca4704010fc492b83ec6adbd020fc85fc06

SHA512
8b3bcb590bf23680d67ad7852cde93627ad9759e90c07232f0ceefc35c51a4433202b17b2d4078b6047a9c213ef88131c8eff443efa4c640cf39c569dd337be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dff716ddcae249be60f6749431ca8d26

SHA1
63fe6eccfb10c880581dfac86ea999ee90ac644f

SHA256
af3a9d8412aeb9d2d5e50b7cf496e96527c0e3562bf2ea454e30eacd1d02df31

SHA512
c63e1c6abbda4db48908891695678ceb50ae72581c839141ceaf4ec84d9a79d9fc6a21dc3b10ec876e47f17824d1665601323a76bb1a858500a169179217a741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
79b817592d022dbfc5469895acd94931

SHA1
b5415ddbf3880e3dd06c98f6d622351cb51d9ed6

SHA256
d7a36aa068d602f4d2d86e3dae1483dfe89e999296b362f42970446f1b851509

SHA512
30bce9511187aa0623273f29ff925defd94846e05152c043d88be3176f0fc9fa8b1baaef4b05e629a0f005f3617510cd1b0cd1fd26b68de713438854b06b47cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f0bda425ad6655fb408071300d41d5b6

SHA1
304b94753ec870990ce6e81d69598ea2ac11b147

SHA256
35c351cce1557695ad6eeaab7333557e0a2520d2476b3751f46b95fa4dab8afb

SHA512
3357fa1ada5ebe5b7a43267648d1979c2b310fefba24b0ab9bc442a32c69588da0e402829726eb8368668152729a3f8f474b93eaf6352954963de8b7be4e7925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3f693e723b45a5b0e393ad9703d9d3a

SHA1
19b282f8efb654b6e0314df39c8e83e257aaf8a0

SHA256
5b0da0e79e38d820458a7d5a2247b3fb2045757667a8b330b264d0b4f6ce2daa

SHA512
f0193a7380238ecc3eec6327ce3d31196c173130767b956b3dcfb7b39d8d5dee1796fbdab6498a6729700a35f0386509f556551884ad6a3a01245cd79c40e56d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
326e38455cd06ceb1ce06236ee678bdf

SHA1
f3855c0f25f756fdb7a598c5f4549678df50d98b

SHA256
46f80ddd22836ed2efd9ebc430885b40e746f43d47038dd80681c82d1b023581

SHA512
880b8dfaa0dc8486fddc999cb7d1143eb1c0d817e4882ea28c8566893a711f1ab90bdf433a8afc236aaedac9cbc8a8536d02b890416e859df42400cd56469225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
579fed7486256fa64a498c13f2a9980e

SHA1
b8d1edea1283334f3c32e628490a301d80d000be

SHA256
8b1c9b9a65d5a7249c18de3b410658c9bb8088d1e5350757b9399b9af772c932

SHA512
9b351677f23d1e74dae8c57e7eb0cc32caae3ec139da365db0dc22963d5737ee122057f7056953fde5919c5d1d923638b1db3a217f81198b03ea928f9d0b40c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c52644880e358889434d412b22304661

SHA1
24ed1b73d0d0b59421ef8c97ca84900970f71267

SHA256
a4ebb2129176322358f595f234348600afe98acbbd85a9a1d3f954f6a9031c28

SHA512
66e387a9319d50ea376a5da9e1298fc59d22208a910404b4dc76ecf9280094b8c14662b8f555f3be2d012561400a3c3a373cb8ceebd95ea57b7590b4dd7eb550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
25d16914ffa0fade29188d1da604f3a7

SHA1
92b6812b4ca911131ada04360d081a8dad600766

SHA256
55c0da1f19ae54cb112888759f31c7b74cc265a396db13a5b338090df6946d58

SHA512
9f5ffb8499bb049abfc58d3ee598ad14eb514e32c328fd1c7b9e47018d021c2f674f2b5268d241c3822b2dde64ed99b3c08ec9b22c86e28083f7bb24b4480382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2818ca567d21ab5c80499bdaf5b28edb

SHA1
922401b086c6789df322bcfa7a13f6cdc35b803d

SHA256
a0fd2924636fdf59bc8584a43aff6b37355d7655d1eb4d24196fa3b9141e9e73

SHA512
b08e10b746730dc693252d8720f29606535c0b3df32a0312e16a2478c0cdb8cfc7e1e82fd6f6253e2ead1a1003c6477555253bc4916e01f73285a586e53b7248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98f90674d600be170b2e88b1216ace8f

SHA1
da612679ddf144844f0a3540062f7e52c566b4dc

SHA256
489c45541e18ce503693b9ef43889c9fdb193fe117849c3be30051ad8863c61d

SHA512
776b33b2d9627ffe70cd2ad46159ffb5d238bdea8f56bd63bcd89a99bcb2666685d1262dc4e5ea5ff984ccd6f18c48f31f8ad126102c0fd28b3bf914dcf8723e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e65d6da7fa790ed41a400e86735090ed

SHA1
c78f16777583c3efa6c03aec5d76041211b1e654

SHA256
064a7160e312387fb669f971933ba7a1ac89f1f12e585a752d9536a1b782eb28

SHA512
a21a83f2e143bbe29384a8c3a122cd5fe7fb749d95e56aef307b309fef43477a0c01321e4bcd7680bb8ba86098b813b7ad722c1e3656c5fa6670b51d7993816b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
03d85dca8656bda7bd5cd06a02124419

SHA1
ed0930cf75b7939b475799f1461a4f021919d654

SHA256
aabc11ec7c091d69f2aad68c009213789853cb59f14c0fe1a1e8da6e78688d5a

SHA512
062befa59833cada739c687e82cb122760b01e4d0c440f804b30b9c8aaeb6364376c970670de40aac648d479d2a7bc7368744fb000975a325389c7ec00da56ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
113d5acc67c477dc5f27881e497a58a1

SHA1
311a220491f79c2e1caafb085b494e8278b24070

SHA256
c35d50b510837f46d5a1bb39305c7d504881fbcaec8455ff591f57820411cba9

SHA512
eb40da86d5f7f1a97a37c128441170553db22f2219f1499e3ef306a1773c234721e3dd5e6eafd5c8224e04872c2e9293f84ff271c02a59dafb4e2ea94c22f83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d24d17cb19ac28de0e2c3369cb1742f1

SHA1
34aec102ca216592ef82876243891c5978e5c13a

SHA256
7657372293c294ddd4dc6dc08951825b87afb75e8cf5a73136a71b9acc511adb

SHA512
96de93cdef883eab91aa6c5a4a1652647b8cb20f3e0eef80ddf4c1b1164bdc1da85737fb478d7cd660968b3e50bd6db824796828a30706154a6fe8aed76d6dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
92b7a9f20f009a310ddc9cdffa27bfd3

SHA1
d6ca853ed30ec4fee4ad873be71227d57aa85fb9

SHA256
0b0e757ba345c41a1f3ffbbe0c6f8700a0c267db752e436923ed5792d23f2b8c

SHA512
40118107bbe2852229eee3019daac91ce9a3930fba2fca0dd8e454a672b670b2882625eb86113dd27e5d5919f66b1d5105c4f30dbf3ace54e4f132e1e2913174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
49f44fa47ee9a6bf261ede97bd48b4c5

SHA1
414e10f08bcdac41484cf4ed5687b553011e131b

SHA256
6bb36df4871afe2cee1647b4ad73de614b4641d5a030f9df504948971aaff957

SHA512
83629df13594717cc7b3ad31879fe0d6d3df8b0598fe82fa520237e97287b7f6b38a70e9eacee12ea296f876feb6d87577953b198ab1fbdc3c45157484c7a15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
df4ebd0207153d2c97942fc0040e72eb

SHA1
f8939b5f93960e18902a770a34ae85f4f058af74

SHA256
68a660b97d9d6c8ca00a1d1e001f7755337b67914592665c8ffe4feb6ce6cf5d

SHA512
49a5fe4e6f1340d5380609005410a92ac7bc97a9f0a75de5613ea7d13f8f5396392ab09778e9def3eac993d7cbc7e3dcc4225201a79d3cf5f78ed72d2161c5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cc0d522241fcffe2ce80e9d1369ef163

SHA1
1f07ee878bae14b0397981586cba16c9e4725936

SHA256
a12396c4cf17f1701471413659efa3813067af670cea9ca67621890aaa53b98a

SHA512
fb615236e41798f600be6ec00f25d67461f60a37989b74035b9c2957b1be2bb289f733a6b5cbc70f857227f761a8eda3d6a7c5fd4f9f2868f5c5e5a4e7d0fa2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
8805b0adf83ef16cacb15abb3cd59a20

SHA1
e3085699b6803cd84178b040c978b08b344b953e

SHA256
d52d807febb26c4a298ddf79c1886479d721f92130fde88817f740f19525ed52

SHA512
c06961725ce81f922e15cd13bae8b5e7e2c44f94c219c796495ace004265fcb86e8e0149dd06c2a3b94c80e79766a431e7016a44442d99f30c81cd5f048050b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
0558fd5fe49a5d176bba9f00fb420f8d

SHA1
b701de2829d72997be8d6983755c21aceb974d3d

SHA256
6893f62236295a8221923817abcdab4345023b0350a505807336283fdb8185f8

SHA512
6a3e8a721a1a85fe2dd322433f869f473eb65780013141b420792a1d38389ecc316eb54aa6e9474aa5ccef0ac546194af106f6eb079d7776a4be880584df6f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
c523fb11748b4c391f4dd7c180b47471

SHA1
bddfdaf189df99a33979813e51741d50db38f9d4

SHA256
583ab0050b59e71765fe10d3f31335b921f06869bec6950e45126d11528a2632

SHA512
803624324230c0e8e1cd9698eecdabe0d1613434425edea4feaffeae883293f4dcbb203cdaf29f907b905a6407cc35afe086f19feac9886777512256816d08d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
30825e50fb5c3a6f2c719a5825927dc6

SHA1
8ce881c865b0be6d3d05254cb04fe962e0c05fd7

SHA256
c28ca1a68b9c5fc5e1650bf9aa15e3995f2e2460c26d4f09dfad9fb8e886f329

SHA512
a18a9fe76af73fff1237c934920facd6887d7ea7d2c037acf05af6ae3c19914b1122102bdeed10d5432efc1da0aacf5ff0524f190e002080cc1dd055731f947a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
937d94600d608bf458378c7255affafd

SHA1
976cc0621b88a3dd3bae137b767a9089b22a544a

SHA256
1d92754a26e91e6706c6935d44d2553c5b18efbeb5abc9e9d4e220ee42efe3da

SHA512
7befeb2f063b4a94e4136ad472269d342c4046dc008fdb36179a2c9c74d3a648b14182dd82abb0deae25724a1eb2788598d057eabef6c15a4a79f718aed4df3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Quasar.exe.log

Filesize
1KB

MD5
b08c36ce99a5ed11891ef6fc6d8647e9

SHA1
db95af417857221948eb1882e60f98ab2914bf1d

SHA256
cc9248a177495f45ec70b86c34fc5746c56730af36ace98ac7eb365dbafda674

SHA512
07e62581eace395b0a9699d727761648103180c21155d84ea09140f9e1c9690705c419118545aa67a564334bbde32710225fe3aa92b0b4b4210cb91f0058b1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0f09e1f1a17ea290d00ebb4d78791730

SHA1
5a2e0a3a1d0611cba8c10c1c35ada221c65df720

SHA256
9f4c5a43f0998edeee742671e199555ae77c5bf7e0d4e0eb5f37a93a3122e167

SHA512
3a2a6c612efc21792e519374c989abec467c02e3f4deb2996c840fe14e5b50d997b446ff8311bf1819fbd0be20a3f9843ce7c9a0151a6712003201853638f09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63716c70d402b580d244ae24bf099add

SHA1
98a3babcd3a2ba832fe3acb311cd30a029606835

SHA256
464f0f2ca24510abc5b8d6ca8240336c2ed1ddf5018fbadb092e18b5bf209233

SHA512
dfe1a5831df6fa962b2be0a099afba87b1d7f78ce007d5a5f5d1c132104fdb0d4820220eb93267e0511bc61b77502f185f924022a5066f92137a7bb895249db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
06da12e71ee9202a72aaa52391dcb163

SHA1
a9cff9637d0ac81cba014ee6f029b2b0503ed09c

SHA256
75c78cbea50a30bdd05b18f5bee92688c0af297d94793c5e99502118d85c58bb

SHA512
7c5399d427d96725e6aa684e937bfc3c77278c476edaffa6d7cc2b4bfb475302b8b60b3c826e34fc6a5926281b8c03cda1628881d7896c22de91640df2729ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5db2d8.TMP

Filesize
48B

MD5
4528cd8279543fa2b3921fb3f626b2cd

SHA1
32cde11740a18922d769a46118a1203be059db2a

SHA256
0179941b5dcc36364e2d7b41ffc0549d3b4929ded9a9fe942c3d63f0d622c484

SHA512
718f0f73659bf83c1f8a55570fa094d928d59f11ee3d60e316da54ec716ef47f08866aafc013d15c084065c2d2359d60f3409e97d3dd6b988b33e77784d424f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
06774c659780f7acc17a7d35bddc21f1

SHA1
a25d266881a3e1bf47dc5fc90b0adc9aba64961c

SHA256
354604658205dff8b73bd2cc1dd8ff99f666bf298925c3ad7cb66db695c5ede2

SHA512
32ce847ef440cfae375ea4e52e1dbb68a93e96ba5d9fd6cf0136d8cc7210a29ad5a056bfbb31fdbbf4a5fb4a48189e2695ea9c4af34884b1ff109025e17090a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04fa5f04bb87bc45fd5714961828db42

SHA1
c3035a642ef918163b9ed612c6f549af4ab15b40

SHA256
ffa85791d57c0279d6bd648ffe5cd75be1d3c3125d937c71611df1e61285fbfc

SHA512
0393b2caf4cba998ecd37468f005119058dc9a67ea36556146d17dc787f966c9aac1788c1901a1dce430af8554aef78db1721d9f91812fe1f25f8ea3302cb512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aa10f656cc16d036a580048ba0bdac0b

SHA1
52c15a55cc3b56bd1bf5dd0efcd2b66413b7044c

SHA256
166d97573db5472f64c5d066f2b07e6fbff2f1f9d5858fd7757548e334e9220d

SHA512
748fc7d5155285784ecea52d01af8168213210231a698073945b30b4989ae28463a7fee01e24792fd33b17744cd54587f801c5e836c926d700724171bb0000e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d23d625d756fe6eb0a1a930e9acf9ee9

SHA1
1365c0603417a614261699a6c362824036711048

SHA256
8712de949a676e0bb3f307614b9332790e088167ae11a0e861521f20e0713295

SHA512
86a7138d4a89e9149a2b7bf5b479abf314e018511498c43acfa2bb08788cd572801c30d10ec1fb019ef257359d6b8f4f05cac3fdb5698136173973a619d48c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
51b4866a57209648f0ce3b3cf62c49f3

SHA1
4f5e18b982144d676da4854bf02db9224baa10b4

SHA256
b5a66db0eb9eb1aa09a9543676d79f1974c0469d4dfed10bf51df84834224302

SHA512
ec5cc4cbc8eb468195b97269119a7e9440e9e43e756731785440ab8553f8ef3b8af9792b3d729185411f7874dd086a2827f802044e718be849c487efce0cf1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
c4dbb1f509c9944caa79e64efa024b56

SHA1
16e7200d593e311c6e08e9384b8e174c9621826a

SHA256
7f57adfcd9d48d7162365d2968d60a179f19d5779c6a58b1351f7c6d403fcc41

SHA512
322f2bc43d6db7eb939851f45e730be831dd9d01a49103968ab0d5f0e59fcc9c670e2adf8f7d713f83ed4b5c93aff04f884f8f1dd4bc20b634eacb2b7d6e794d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
5fdb4ea049597f1736dbc92ee9105805

SHA1
c01e5726c9ca3aa5d4a8f0f0caa8c4ba9e5849b9

SHA256
8949784a783e4b6e76caa175882dd1e1e0aea15e4de2119bcb2904fa0703d989

SHA512
9ac4056c34f5d56f1e03966ed4867d28860094a2c96f4435d352da5964773a1d5a22610711dda53ecfea91c1756d69790566a568e15aea476b4e7cd88e385a1d

Download Submit
C:\Users\Admin\Desktop\Client-built.exe

Filesize
348KB

MD5
c2471e05301fe2e902209a62c6ad4b29

SHA1
9044cf62bf7ccbd6848921574fcb71b4e7ee2255

SHA256
d064ea472d26c3681dfceae7e57f761d707ad3e6026bc180ce35239b9681a288

SHA512
b8170082c62a7ce3fa2868558ff19bfeccc94dba5c7f3ee4b6c88a3678e8c8b6e1ea36df098793b2f796190a5da59813a58ebbbc79db123ebaa0e18b998624d5

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\Clients\Admin@CCSIZKYM_872C1E3\Logs\11-22-2024.html

Filesize
161B

MD5
5d2aabb33d26e8b11e29f3f0b6f760e8

SHA1
43d8c0e78ea458f35bf1c81ab1f3357d864a8561

SHA256
7b71218bf91ec261d942359c91611592083227dfcbe2633845bc0d902f0b2755

SHA512
ba1931acc6b99989a5110c11db225b5425620d60680c7fa095b7ee4ab88464d1d5aea4c9d9bcece4ef0cc1989fe6fbfad26bbda8ff23d6b51f50e7dad4791df1

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\Clients\Admin@CCSIZKYM_872C1E3\Logs\11-22-2024.html

Filesize
382B

MD5
8e9d9f4c57922ae3283b7e9e648a525e

SHA1
ab27cd1fde581e0f34d582298acd457db09784c5

SHA256
60f3bc05fe3b233177297be60c9e315eab418e0cb43d47af8c8fdc9263a83eb1

SHA512
3a9667f81be8436bbcbab46cc80480dca7ca6cc0c2700254e60417d45dce22035f06bb0516e71bbdcae2de980f0e45cb3909aa90fef64f3b959b39dfcc53380c

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\Mono.Cecil.dll

Filesize
277KB

MD5
8df4d6b5dc1629fcefcdc20210a88eac

SHA1
16c661757ad90eb84228aa3487db11a2eac6fe64

SHA256
3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e

SHA512
874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\Mono.Nat.dll

Filesize
40KB

MD5
bf929442b12d4b5f9906b29834bf7db1

SHA1
810a2b3c8e548d1df931538bc304cc1405f7a32b

SHA256
b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0

SHA512
9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\Profiles\Default.xml

Filesize
1005B

MD5
d86a9b820912c253eeb59e1c9bc0c429

SHA1
765595b2d3a5726bbd71066f7c403f80fb7053a3

SHA256
a4d3b51c816b8e84ade2cd53acee5b90d5faa3259d042ec828787673ba70f65c

SHA512
9ddba284099270d58aec0459405b9a191e5911e57ceba8be911e2b48eb3b58bfbadf28feff4a83b0b6de9300701dcb3da25a9a54ada8fe459204153045b70023

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\Quasar.exe

Filesize
1.4MB

MD5
5d56758eb0cf106dba55475e9bf9b479

SHA1
088e81d1f82b3e063198872f8802bfe080dc7105

SHA256
ef012e22ef53045f48b574b395788c8639f853484bd78f4c9ad63532d916c1f9

SHA512
defd29f745d90b945117c88e7ddcbb8ff5eeca38e60bea9fa2be643818c15f99b83045ff464e08cfeb210474d0897ffeb847f7b4a3ae842bc90c942ce035c793

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\Vestris.ResourceLib.dll

Filesize
76KB

MD5
64e9cb25aeefeeba3bb579fb1a5559bc

SHA1
e719f80fcbd952609475f3d4a42aa578b2034624

SHA256
34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993

SHA512
b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\client.bin

Filesize
261KB

MD5
3e1e36fb99f3c37e11d4edc9009b36df

SHA1
50b7cbb60530980870baef13e4f04ae2e7e4e1e6

SHA256
42b02f1c1118c037f18aa331b8b21a159ba4faf412b3bf319cec6cd4eaaafb9a

SHA512
32491ca1299d6608c4b3cd3af5646c76a6669101d6cb7ab1157b7b1d912190726c1dc2698ddd872b900214046d7c521a93542dc65f4394384c4b39cba394ec06

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\settings.xml

Filesize
430B

MD5
c66f9c71b325c88e4a0a37ec2f4477ff

SHA1
ee2d0c5e2ecdf53c3673f167d2c5fd9f3498de8a

SHA256
ebceb1e061f55fdfb57fa685bf011cf310a06f63d14b34a52031a16380a0d236

SHA512
bf53d0f2de9c11c8c2c44cfb180c236d9d56bdc49bfab74757d00216be5b5619f7687799013e871c1668ca9312da5a323a7071dd70e6d7a77e8670130b9b88da

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\settings.xml

Filesize
428B

MD5
b1fcf219d523a59135c1cf986211d12f

SHA1
745dfdb007cbcc18cb7605edd227bb75428d1ef5

SHA256
9af92da16a6fff27bd9ef54b15dfe914795fd5b6215d5caa26c95396503948a8

SHA512
9698f0d1a213751d95cb43b6c8f31b8bfc0bc0290c6cf8af083d61fa0af6194bd53551b9430e317cf626e2f3e6614723644ad41b1ae800d468a0bca73e289a11

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\settings.xml

Filesize
51B

MD5
8af01757cc429d1347430084913566d1

SHA1
e4ec570a0b1a5c99e0613da232eeff4b42ffaa75

SHA256
f1a33cd5b1c9368f73b8ff144bed026664577317df27baff774b2bd2acbd52ef

SHA512
3edbca5a661d0fbdd0f8aac994b50e3f844e1d6ee6bfeadf0d8aa89fab1b7cec69b9f687a704c7a989726bb676604e2cdb75ca30441e94a05fdd4027ec9a494a

Download Submit
C:\Users\Admin\Desktop\Quasar v1.3.0.0\settings.xml

Filesize
186B

MD5
e4397315191a16f36f9df90f89a964eb

SHA1
9a21fa7c3ca56799aff50589ed3fd8c628d8109f

SHA256
96db05b77c19b1b8a49b32c6c364ade11104dc51c6ae89df3cdba7af16178ebb

SHA512
a2cfa60b0b3bb0e56926f5dd1c47b36f3b66612f6f027119a4a3356832d81ebcce247b08880a95e28e74d04b346d657fa81412778da0cee7e36c6eefb5b1c1df

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.3.0.0.zip.crdownload

Filesize
611KB

MD5
ac17f5bfbdc14e9d9e8100d64cd9094d

SHA1
dd5b3afeb326fc02a59e3eb667abd68e2088212c

SHA256
30a4ec904324aab10b9f77127944ec98e8e1f222c893c1862f3bed4970ead8fb

SHA512
733a79e5326f6a09b5c4b4fa648bb967cbdf5ec00b389df8a12ddc0c46bd326e4ca7ad98e61b009a373ac404828444094498408b5683fec4e63251900ba3621f

Download Submit
memory/1624-1303-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1299-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1300-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1301-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1302-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1293-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1295-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1294-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1305-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1624-1304-0x000001F7213C0000-0x000001F7213C1000-memory.dmp

Filesize
4KB

Download
memory/1992-921-0x0000000000250000-0x00000000003BC000-memory.dmp

Filesize
1.4MB

Download
memory/1992-953-0x000000001E090000-0x000000001E0A0000-memory.dmp

Filesize
64KB

Download
memory/2828-20-0x00007FF8EE5C0000-0x00007FF8EE5D1000-memory.dmp

Filesize
68KB

Download
memory/2828-15-0x00007FF8DFF70000-0x00007FF8E017B000-memory.dmp

Filesize
2.0MB

Download
memory/2828-6-0x00007FF8EF300000-0x00007FF8EF334000-memory.dmp

Filesize
208KB

Download
memory/2828-16-0x00007FF8DEEC0000-0x00007FF8DFF70000-memory.dmp

Filesize
16.7MB

Download
memory/2828-13-0x00007FF8EF0F0000-0x00007FF8EF10D000-memory.dmp

Filesize
116KB

Download
memory/2828-22-0x00007FF8EE260000-0x00007FF8EE271000-memory.dmp

Filesize
68KB

Download
memory/2828-8-0x00007FF8F53A0000-0x00007FF8F53B8000-memory.dmp

Filesize
96KB

Download
memory/2828-14-0x00007FF8EF0D0000-0x00007FF8EF0E1000-memory.dmp

Filesize
68KB

Download
memory/2828-19-0x00007FF8EE5E0000-0x00007FF8EE5F8000-memory.dmp

Filesize
96KB

Download
memory/2828-37-0x00007FF8EE630000-0x00007FF8EE8E6000-memory.dmp

Filesize
2.7MB

Download
memory/2828-18-0x00007FF8EE600000-0x00007FF8EE621000-memory.dmp

Filesize
132KB

Download
memory/2828-7-0x00007FF8EE630000-0x00007FF8EE8E6000-memory.dmp

Filesize
2.7MB

Download
memory/2828-21-0x00007FF8EE280000-0x00007FF8EE291000-memory.dmp

Filesize
68KB

Download
memory/2828-35-0x00007FF7F5110000-0x00007FF7F5208000-memory.dmp

Filesize
992KB

Download
memory/2828-38-0x00007FF8DEEC0000-0x00007FF8DFF70000-memory.dmp

Filesize
16.7MB

Download
memory/2828-17-0x00007FF8EF080000-0x00007FF8EF0C1000-memory.dmp

Filesize
260KB

Download
memory/2828-36-0x00007FF8EF300000-0x00007FF8EF334000-memory.dmp

Filesize
208KB

Download
memory/2828-12-0x00007FF8EF110000-0x00007FF8EF121000-memory.dmp

Filesize
68KB

Download
memory/2828-5-0x00007FF7F5110000-0x00007FF7F5208000-memory.dmp

Filesize
992KB

Download
memory/2828-11-0x00007FF8EF210000-0x00007FF8EF227000-memory.dmp

Filesize
92KB

Download
memory/2828-10-0x00007FF8F3ED0000-0x00007FF8F3EE1000-memory.dmp

Filesize
68KB

Download
memory/2828-9-0x00007FF8F5200000-0x00007FF8F5217000-memory.dmp

Filesize
92KB

Download
memory/2832-1182-0x0000000005890000-0x00000000058A2000-memory.dmp

Filesize
72KB

Download
memory/2832-1183-0x0000000005DD0000-0x0000000005E0C000-memory.dmp

Filesize
240KB

Download
memory/2832-1185-0x0000000006150000-0x000000000615A000-memory.dmp

Filesize
40KB

Download
memory/2832-1619-0x0000000006240000-0x00000000062DC000-memory.dmp

Filesize
624KB

Download
memory/2832-1620-0x00000000064E0000-0x0000000006530000-memory.dmp

Filesize
320KB

Download
memory/2832-1178-0x0000000000130000-0x000000000018E000-memory.dmp

Filesize
376KB

Download
memory/2832-1179-0x00000000050A0000-0x0000000005646000-memory.dmp

Filesize
5.6MB

Download
memory/2832-1181-0x0000000004C40000-0x0000000004CA6000-memory.dmp

Filesize
408KB

Download
memory/2832-1180-0x0000000004B90000-0x0000000004C22000-memory.dmp

Filesize
584KB

Download
memory/4540-1041-0x0000000022E30000-0x0000000022E7C000-memory.dmp

Filesize
304KB

Download
memory/4540-1043-0x000000001CFE0000-0x000000001CFFA000-memory.dmp

Filesize
104KB

Download