quasar | 41f3c09ef3c8c2c84d99a8ceda329db7deb49289057bd6eb900902cc876f3313

Analysis

max time kernel
308s
max time network
311s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-11-2024 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xd.png
Size

1.3MB
MD5

4e455c84cb6ecca8ee4142754e98ecbf
SHA1

b6ca5e0f9d29d3e8e2c794b6d262a66d5995d4c3
SHA256

41f3c09ef3c8c2c84d99a8ceda329db7deb49289057bd6eb900902cc876f3313
SHA512

b271b094e8dbebe32674bb324e2b6655572063967c76c98933ceb0c5f6cc27635982c389e4855463f43353e258b1dce501de3f05150312046154a8c7ac00de72
SSDEEP

24576:ArLajNhisqUM21DvHun+oz6FkTFHQGubnxFR8/mE0NrmyJB9:ArON0sxMEvHunb+GL0QyJH

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

fcm.googleapis.com:443

Mutex

59328bbb-5585-44c9-b5fe-ee0bb21cb8c9

Attributes

encryption_key
C51EB02ACA42F8853AE88A81382D54F0A32D92EC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 7 IoCs

resource	yara_rule
behavioral1/files/0x00280000000451d0-534.dat	family_quasar
behavioral1/memory/392-537-0x0000019E48970000-0x0000019E48AA8000-memory.dmp	family_quasar
behavioral1/files/0x00280000000451cf-538.dat	family_quasar
behavioral1/memory/392-539-0x0000019E4A760000-0x0000019E4A776000-memory.dmp	family_quasar
behavioral1/files/0x00280000000451c6-989.dat	family_quasar
behavioral1/files/0x002a000000045238-1083.dat	family_quasar
behavioral1/memory/2516-1085-0x0000000000CF0000-0x0000000001014000-memory.dmp	family_quasar

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation	Quasar.exe

Executes dropped EXE 3 IoCs

pid	Process
392	Quasar.exe
2516	Client-built.exe
3820	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
96	camo.githubusercontent.com
97	camo.githubusercontent.com
98	camo.githubusercontent.com
103	raw.githubusercontent.com
89	camo.githubusercontent.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768001177395266"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "6"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\NodeSlot = "5"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0 = 66003100000000007759450e10005155415341527e312e3100004c0009000400efbe7759370e7759450e2e000000324404000000040000000000000000000000000000002e88ec005100750061007300610072002000760031002e0034002e00310000001a000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 66003100000000007759480e10005155415341527e312e3100004c0009000400efbe7759370e7759480e2e00000032440400000004000000000000000000000000000000e49937005100750061007300610072002000760031002e0034002e00310000001a000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 7e003100000000007759370e11004465736b746f7000680009000400efbe575999767759370e2e000000050904000000020000000000000000003e00000000005467fa004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "7"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4908	explorer.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4788	mspaint.exe
4788	mspaint.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
392	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
4412	7zG.exe
392	Quasar.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
2516	Client-built.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
392	Quasar.exe

Suspicious use of SendNotifyMessage 45 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
392	Quasar.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
2516	Client-built.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
392	Quasar.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4788	mspaint.exe
4788	mspaint.exe
4788	mspaint.exe
4788	mspaint.exe
4908	explorer.exe
4908	explorer.exe
392	Quasar.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 4788	4168	cmd.exe	83
PID 4168 wrote to memory of 4788	4168	cmd.exe	83
PID 3592 wrote to memory of 2332	3592	chrome.exe	98
PID 3592 wrote to memory of 2332	3592	chrome.exe	98
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2256	3592	chrome.exe	99
PID 3592 wrote to memory of 2080	3592	chrome.exe	100
PID 3592 wrote to memory of 2080	3592	chrome.exe	100
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101
PID 3592 wrote to memory of 2888	3592	chrome.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\xd.png
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\xd.png"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x8c,0x228,0x7ffc2bbbcc40,0x7ffc2bbbcc4c,0x7ffc2bbbcc58
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1972,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4780,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4040,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5288,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5372,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3328,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5800,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5940,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4828,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4696,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6128,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6136,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5332,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=1148,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6904,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6960,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5748,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5784,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6772,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5744,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6388,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7080,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7056,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4464,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4644,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5408,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3496,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7100,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6428,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6944,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6748,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=3548,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6400,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6980,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6376,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6420,i,18053228836513171367,1292529331608336041,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2380

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1212

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap11654:84:7zEvent4140
1⤵
- Suspicious use of FindShellTrayWindow
PID:4412

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:392
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:3448

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4908

C:\Users\Admin\Desktop\Client-built.exe
"C:\Users\Admin\Desktop\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2516

C:\Users\Admin\Desktop\Client-built.exe
"C:\Users\Admin\Desktop\Client-built.exe"
1⤵
- Executes dropped EXE
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1e117875-a5a2-4c70-a1f6-f128a201931a.tmp

Filesize
269KB

MD5
ba91299b55623aefcab61129da677a90

SHA1
c56cbd8432cc3027d6450ac3a058577ad42bac3b

SHA256
3258a79c4f3c8db0581c1d1a42528d90fdeda25ff6e687baab76775659507b48

SHA512
a5f0b0118cd5f2baa55f81ff37967731c766faf78341c5f1d145d6f8a1eedea5d525bda6e75d1f0f5015bebc9e27d22249157d2715ba5890fd17b4d900564ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
83c1b4edb63a1ce205b79b4637709bb7

SHA1
6ac82e30c2ab081181258378bc8906e534b17716

SHA256
3cf566f8a98521b06ca04de53020e13e05828fdcc9c041ac02d84ee2354388d9

SHA512
8beee6956d92484475288885afd0f73dd9b2e0afedb506b17020dc271819035d2a8c51ad0bcf21ede9ef9ba1e7cbb4ca620685a0ec7b2a1697659d0e399c7a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
72KB

MD5
eefb3b7038040a2b45001d9b00e3614c

SHA1
64f409fcd8dba116aa15366783133833ea2e29e1

SHA256
d6def6ae11d1cf9bc2c244af00ffe3c6161263c26212e4009c613a02c8a9ea76

SHA512
d463a84948b07ac2b1c51f471e21e592f84b249f6a0f58853f3e38a357068b8a6e9d33de1146e187bee9c586bbb3525b7397f2f1b4f2a2c66d784e50385bc121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
90KB

MD5
175ae59852e859968a4f0bedff6dcd23

SHA1
4fa058230a195b89c5df08371a56e5bf11bd8508

SHA256
b35f99052a269d2c0f893128321d237f8888b3c8211a98c7ca3e8ca34df5a93b

SHA512
114cb7d1535731bde3758a3e0782b9fb45c85debc1cc6a1d25ae67d0452ccccdf2fa13053af29bc74152981743afe206526dd2b8a94e516c119d60615f0bafb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
411KB

MD5
a1e299521fb9f1675ef1bc62194b97c8

SHA1
b480ae7bee4a5eeba9a7866ed1f5cb008a94cf1c

SHA256
0b3fe0a065160253b8e6c7e08d68245262c57e65015a125711ace1324c6d5e1e

SHA512
caf8b78d508b531ef9c4d5bb8b0d2dd73234330e5c1dbcd56aa534c714548d072bf11066a2c87dd3feb952c3141cb4556d37de902e6482c33affdc4ccb5ad5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
67KB

MD5
2f515d358925f12cdf4cfc1769f8d7d3

SHA1
afc838d75dd8258f6b20e5e3456a7f09f4dba34c

SHA256
9c3fefd1ba7a821abcdc2f7a477ba07ac591cf79733be4d35ca5dc6e453aabc8

SHA512
e301168470bdaed2aed88d24f64aaac71ae02d964653498606781525d960ecbabe5948798c1e9481b6efc2b1006aa2efa3273ea2bc6b73efb87bf36e7897c649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
106KB

MD5
d0ef90d95134a072d91cb6bef3c24ae5

SHA1
391596eea5a4158adbb575bc4f820a44a7f7da34

SHA256
996d9625c94b4602f86356ec7635cbcad59060c0586ff019c7448df6a2b4cde5

SHA512
8e8d19d018e414dd60526efccb1da44b42f0dce6a97348cedda81f659e4b9b08b9109811fe5b1dcbc0d9bb9f8f135edf91121a6505d22f8c1d978bce4f52cf29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
95KB

MD5
a86388edf26d4237b328c9908adabf80

SHA1
53056b803a0411e935fbeeb81a6216a67818f59a

SHA256
7d0e578f84d20bf44a2511e3b26ad96243561cc92d32d1b86ce523d7a12c5fd1

SHA512
f3bf9b06350c333a4f80fdb6dc0b82ee78f2ce1d1ed740eee8cf6f60a1804589e8289daeaf87174ea54c2dce5a3adff4461919d811b2bbdb19cdf3e4c4efa4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
30KB

MD5
fd4270527836d0d1c8955e094db342a8

SHA1
cc27117d5e2df1e043b879ce281810d7cf4df628

SHA256
26647f9a013499805632e8013c3d04b6840db909491b505051f13d725a307eb4

SHA512
f77a9516cbfdc03603653b24724c7c65c610d48756fe7266d5b57fa9ff1653c1268f6ab499d15b2568f18e02e3f1acbcd0f26c03bd0db96691a24f755ecb54e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
52KB

MD5
11c9d79dc12de1fec71c2e215dc0f48f

SHA1
f689a280b57d80018dfdb951fc8235061508eca6

SHA256
3772af99724e8f1ddd26580f9a252731deca02cfd81847e2f4b4b8509f57ae43

SHA512
39472b6651a6ee5d5f87d5d7316df7126f240b2f0d7f921fef10c5fad286bcdefd4d7bef35fc762c3ab34d2f96ce3c6a3967a3c69372bfd5962ae7bdff539696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
144KB

MD5
c8fceeec58f0c86040c70ef86008c263

SHA1
709c3a6683ccc603f4b1a13c77f5cc8ba1b6f168

SHA256
e910cd3efb9cd2ada7d840e0a6748d3dea4b799959d7520b67717efc11408bfb

SHA512
31f71d57d19885a4e893eb06023a13974f97462c61f8a8ca8f2e154563b5f907e80bbc8665a10cf5911efb48de26bf9d61c6b1f5998dda1db04ec6a229a1c4c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
98KB

MD5
0d3eaae85f9c41f8b4527e63b7ff8e5a

SHA1
76afd14aea012e5313719fc1a9e6966f46fd4ba0

SHA256
7178b0b35a6c8fe83f96eecf74f431072f5c0e5dd1382b1151d4f905bb17bd25

SHA512
8ac9db0b923b2c417306a7fc1dbfa7076756a1ae93d196df57f3c0d51c4052055e6ac5c4d1fa72c964a2a6872ed991a9186442c45221654d439ed650ea5338ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
49KB

MD5
9c03982e4ed2efc93a65fe9fdd3b5991

SHA1
d7c31690a7b4b861f7fa36158bd5fd336ed7c459

SHA256
2b23bfa90d84307a27d61b1d4f3d9b14141ffa249d0cefe2ba3b68330cbe5f97

SHA512
d2e6cd7a605c2a377a4a5c80116273c242cdc1e5c6b36683024d12af59a7dc518dab826a39bbc665a822baf53d817d60d019803f3816abeaa9029c4b67bb3f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
98KB

MD5
885160a52e3e4c9b312ef785ed13d18f

SHA1
26b8d0055bcb7c1b2c1ea3381e1b9310181191d3

SHA256
3c6aef0559031145c7eecdb6081209b85114bd8387dedbe8416dd2d0fe19c9f4

SHA512
8eea5831d45bd2127132b281bbbf5e73e1802f917cb18c311cceff527a7c164875acdefb9c4ece2358c92b1166d2fd4420cafc6f270a93b40dddb0f0acd01832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
20KB

MD5
6a352803ded366a4db555d1d76439c71

SHA1
c0636ec5d31088a9a5870d9643d043cb848c8a52

SHA256
6ee3c63e0970a1c4ef3ab07d1b823f1ce02a49767c63a6aa1be56815e6c321d0

SHA512
5ad6326be2dc60e6fcb1c0164c084086bf1d5ef846e3bc92f5a93995d759859ecbce28aa9dfd1959e517ea719f6050b991a431f06bc9fa09822c4991ab3ee0c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
16KB

MD5
efe01dfc0c1617c2b62ba18eb98c136c

SHA1
a5cf0e931e5ef6ea8bcc558a42ac40aaa4841ffa

SHA256
2d1360c21d3bf234b20311e565f207aec1f403e6f794a6e7100482655779d724

SHA512
1edba1db257631738a01c4c310e64e3f8960d50350e7b98374e0dc74603cc5ad4c54d5f62f62db91322ea5d6622fca0cd3c341c0f97329eb3c2aed0eaae9ca63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
20KB

MD5
01544cec8ea1384b58d63e4c1955b9ea

SHA1
bda9a87449eee2fd053b56a7844e00b1460eea52

SHA256
f4d9c14f01e2caa05f3aee0e1c6b4bd282584365271ae8d484bb9c074e6b039a

SHA512
f45d85a0230e51b1942ffc2e133512b622ce0b07e4687e1227a3fb4feff3d269a75d7253add58b158eb03b88972117a38ed38db5bd225d2dab39255e004c713b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
20KB

MD5
b2442bdbe1833cafcea521d6c61ebfe2

SHA1
1a4efcc6c95879a3dca4b977eeada5a87a070ff4

SHA256
3253fade0ab13b0b93dd0163d0809c7ac0c0ec7b6b7a0ed2916f763636cd77cb

SHA512
a4a5881ed0bc829583a9f914708e9e8b61793aa0f895eba7617f796dff16cc46702a27385a341da6428707d7fbb37534b969e843fe508c3ba948677c04e52a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\20a7db1a5a35b3f4_0

Filesize
3KB

MD5
2cac230cd84c5af446a7f1f6c223c0b3

SHA1
d06a2bfff5daaf93c182944e18faa34dfc8e01ca

SHA256
4bd3f6fbd62d45982070abcd75b8a4f7877548aad5f49624ebd043592ea7c5c7

SHA512
6d97051219f8b978401a0bdcddc7b3aa2e38a1b258701b1c8880bc76d7ccb5e267ddd5a754fa97b3f56bc67125ce360c1bd38bfcc79dc7c1e636d5bb976f018f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\43d7c480e2253ef3_0

Filesize
292B

MD5
5309a0cfc1026ac19483d1ef36f27f19

SHA1
33ac84253b94e15fe3a16a44526442559188f7be

SHA256
9ea032e5e4d19ffd6d6ef2f78c3c95eacf4309b258c9283b2a5c3bbb60f282ae

SHA512
585ee856c7631a23987d3cb9a586f9fb49f92c412762a103873cbb2e7cbc6a06fce1bf16d8ed41fd840a1754ba12d59ff834960a73443fac11f477ae442b30d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\666d95e37f266d41_0

Filesize
34KB

MD5
236f72eefe6e826c821952a254768949

SHA1
88223a3e58b00165b271d8e7e155072fba3cf7e5

SHA256
db7246e88bef19e8fa3cba8c7bc9150e06a42db18ea79231b64c9d4067011646

SHA512
0c19ee74116575fc5c1b3db0e4089a48d2bd15b65495d57cf762f51b7b2cce9288c80242f5bb80483d191c85f479ac7177adca288b0367c4d208fe45e159ff1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\760a3e03dd30f8ce_0

Filesize
352B

MD5
420092341822c84e9e87bbc782f5521c

SHA1
baf043e47f33583d75f25871bf957235dfab273c

SHA256
29d25a6107a57f5572eea4683ad1b21e0a1f7a9f5d5970ac78501dcd0da04486

SHA512
0a7a9ffe854a6c4ddc569ed275c2b18e18d1ee532eff879741b996de76ec12936243ae35c5d03064dc18d9e16f7de777aa56e743bccd1ba14ee55970a33578c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7dac979e0029e3aa_0

Filesize
2.1MB

MD5
3d41fd428386d3b2390a2b9edb40b343

SHA1
b318a151006584befdee5b02196f25f9077254e8

SHA256
d3e73e17254fbf46d940ef9563cf84639024892058ad78deb66e6a482d56802f

SHA512
d965fb80eb2137d41bfeda18fd8d1549a62bf6386f0fe0379695365cc4ad4bc3d9df8495c9c42d4f89ddfff2870f6610485560c17977ae4c825d9830143e318c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\974b9fa6b727e9f3_0

Filesize
61KB

MD5
caba191e0dd7c99b6d4150d368448313

SHA1
be166afea179f893e46421108b42045b5851faad

SHA256
ca6586ce4b67ff6d68f15fb8f422f5a4ad94502b98829d9cf1963a9348675723

SHA512
dceec3071daf197e7d65e371e10cc87148196c12e61fe6a08f3535822b58213fe67a759d9a1bcd0642ee36239ff91f7e7da8a003d9b18b9aca8e19d0d7a6169c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b47efe3467872299_0

Filesize
282KB

MD5
b964cbe4c2504457ae38afc67865d7e1

SHA1
23b56c558d72d79aafdd99a3608bfdfb360c8752

SHA256
3ffd2381a4a8d9f7e7bf8e065c26e459366479c8b2fd4f6fa20b0579d33e40fb

SHA512
f32ed6ec2fa56cf1059a83a5dc9bf59b47a7e0da1cff9ab462dae68dfa91bb448111ce40fac0eb163a1e6af3cf197f0c6057abf8e813765f9009d10e7f9e877f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b60da5c827352a27_0

Filesize
55KB

MD5
c447bcabedee78c30c06df2a9688b0c2

SHA1
872660bb8b399a167b48e3da0c63c048368b619c

SHA256
51ddbf1b653266f902604d7a93119eb799b03bd07512609a116c87e409a44881

SHA512
ba00707f9034c4a551bf4364da0657d5450af04b1bf48ed570bddec287769abe593ee3770d6ae3185bbee6de0a2cfed4dad9bf26911f7299923e49019b792be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6577bc289b81243_0

Filesize
297B

MD5
8a640ceac96f9d7bbf45daa4465e3e52

SHA1
0e51ee612c00a93d84429b4260d3c762b39348af

SHA256
c75ee0b2c75687e2896b68979da56ddd844a26f0b0f5e74e88a770112cd995f7

SHA512
a2dee752a97ee7a3e8b94c56915067d613138e5dd03368365abcdd104aea9e2a96c022ae0ccef61bd1802246e0bf290f50bf22b7cf2629c1e8d2644045f9a1cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c190e0e1c5d2c2ff_0

Filesize
317B

MD5
245e5bd7b878c47bb93257b9f930e4d6

SHA1
6acce393be836706a02ef9ca2961d22335050e8c

SHA256
343862a7862125dedee0a1b389f635b7582682a7873e9c27f47230879c80d6f9

SHA512
574c86a34efc3af73b3f827551ea72ebbcb0168c47d43ce229bc9a39b7f35f5cd5740b02c88d8096bd064287fcfd5fe1f9b525b441124a7c796023d205d845a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c923600cd91c37a0_0

Filesize
1KB

MD5
760d23d63cb312bcde1328a9164c667d

SHA1
8cb0fede8b91ac7fb3963124409859255905900c

SHA256
34cd41b152d84ae469d17907362c3f4425328be4b5e5378fb5766f3f71fde9ce

SHA512
f853d83e4f5e8b42a52ea0a1543f5747851952c96ff632d8430f025c23177f04745f3696ada539d29e82fb9620958a8074585082af57319d2d718cf841412bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f261bba42f57cb4c_0

Filesize
352KB

MD5
c918f799e15bb67a53b8168327b1e7ed

SHA1
a11063d13d282db44a18d9b4dba62012764bae41

SHA256
7d8f597d85931574d963dfaa807bf4218896d7294b0cf5b9418a8ed3a368fe59

SHA512
1b488144657fa051d341d2fc9333ccceeb4f49341d62c218a60628653400a095c020ef2bb460a719fa72ee4a588c01695c8a248c8b596b75a05278006e29bab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9daa55b3767bd9a_0

Filesize
3KB

MD5
ff1409509525c1857f0b0ad87b8658af

SHA1
cdea556e88b4c5444492328d3e34147ba1f4379c

SHA256
0ca09cc42d29f2e86b43fc83945ba0dd57e042a3468663a866572a90f60925b6

SHA512
782d7b8b7e54ee2a5a2949b508bb76a752d59ddf37bb5ab2385bce205d4c7cbe0d7abf118aec335a22547d0e1a71b9b25693180873cfd9c5ee6c89ec9e0476f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1fc6d2e149121585091ee3abf60c63a6

SHA1
1b4715c4a0cb9278991326faa98a2c020f6e0e18

SHA256
a43c20ea8bacfcb87e9be1ba3b4a0d228055a7620c671312e793f504b717254e

SHA512
d7fc8485faaf73b57e738fc9bed42f495d0add8f4a873bac71a6ea634181dded067f61a8ad013b0d4d6069fd6c2a5422d26d158a6f699ad88e00cc0adc5ea538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dd28403f84e83490482ea6932742265b

SHA1
cd0e311daa388f502895fe0f0e2115478c185de5

SHA256
fb74c43a21b592d7fe33c16d8bb0eec7a698bb3a9014cbc00ef9c34ad603a946

SHA512
644ab96af0490d7b701f0252ac009a1bc448efb682f12722aae4718b2259afc0359e17099445876d54793c6a5e14375015bb696a0b84cb492c4069d6df853c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d6f392a088783c7166324167a3e3e3b5

SHA1
13060f47c5506f4e58c632d9e334668267b5502c

SHA256
807d6ff9aa42f8458b3bd3045f8470952ed1731a76f198f0ffd075b3fdbc2ddf

SHA512
4ea52fc82549b47f56b6ad7355bdd9115edda044ea385cc3f03f1889da666cf35fcf92eea3175d61404702d15fd5e07a3bf193515d47adf292247c5295625177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
55ef6a02efb82b45cd732974299f3f0b

SHA1
ccf74e0aed16dd1112fbf2e4a7bc277eee79bba0

SHA256
de21dcdf8afd43bfa4f24514d2345aa725c409983fa7339ab345e30e835d74e8

SHA512
37598ca5cffbea97541db1d13feb7daba69f06eb8e43783b8a5634f12cc7541688eb91613027b602921229486ed705e67f245c8641168553f95d63b10db308f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
661029e259c97585f93e67b9b1ead096

SHA1
bf78e487b43b831be05cbe12d7de881f70ed0169

SHA256
e514730d309b35b1d3be45ec46c8a12e2fa8a1e07d40d69c239b631f9ebe234a

SHA512
0df73e57639929d3ce43b0278ae381aaba9c50015b0a8277979bca228e5f36b131c37d7eb3c14e4970edfd52d1e6ffdbae63e992e165d8f64a94f39ed8db56b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
703e79a2929527f279616056dd339294

SHA1
0831158f04e3bd2f8cdddb76c1ac263c24f72ed4

SHA256
87413af44cab34e8d3d0064c089ca5d99a759626b9aa3790e19bd8378af2fb4e

SHA512
98bcbd2ada44535b8b2c9785bd82c973604de337c5642ba0d6c044a69b439684cdc205d19900e5bf7fe76f345e47d79e666894f7c79f0e82c60a24a3938d2d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
05cdd362ac579831e9aa20ec56414a21

SHA1
18b67bed6699ddc4f7c3c1e3ca7fadb99ab6d6f3

SHA256
6106530a7fbb7da4cc60755fb3c6e0c309933cc7da6c2ca9e5f17c1731704405

SHA512
400fcc0fa960c986b0ba6523f4eb64f9f663293227d8a616993e496e0b8b7fb5f1333d3fad40ea51595fa5246b64cbf8a2d0d377675cfc296598ad4b18ed6414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
176dd8d78f23641cc66ccbd407fa99cb

SHA1
f355e2afbdf67c475b23a2072593ddbcb9830f1d

SHA256
7ffbf8e52c4350a3755cf60d4622a1c376c02b13ef1a00d147648597a5c2bace

SHA512
16f722929bfb5305dce1c8b50062dfd293991c2e675abfafa5b2b58c6f8e2ad0faca0eb41846e962ae851da8f33fc9acacc75078c43b2c76dfdedd0e75352dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f795d802c36d71fd16276343c56eef27

SHA1
674a32dda2b5a9b1f6c4bf6dc9c5d02804c3d76d

SHA256
133097d7696b1a6ae348926b8f0dc6208a9ccb381eaeb2fb81122bb51be0659e

SHA512
beb93406f40bf82ae068c221de8fcbd4c479d31cc4761c487eb6d44f6bc563754527a78d58a81a61e63b386d15b3a79457a637dfae059fc20dcd266f11821583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
291f1fd90915881d15f162cb711a9149

SHA1
15d44073b80251df221d578c9f9114c2c1fd397d

SHA256
e2806727054cd3140e3b6c8a37af8b71e118982827363c7dda22b3b8f3bc316d

SHA512
152e411d2f320abf4f885eae7b39a1ad181fec33e54e8a4fb3a538e881484dceaacfe07a187e16000419dad8e6ba6bee65bab5d8f0750dd02b4ec5689e430c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0830159696717759c1a462d976e1e6cd

SHA1
11e35ee165086c0a8521e19e36b2e521d7d0a0e2

SHA256
dfc208635bb997d8436e22f04a5d435802039f259da9a58968ee190ff932486f

SHA512
e827c1c77e4b999e39e8f341d125f8c4b9b3021648bae5234038bd6d55c67627b79f57aad524ca61fa7c967f935d24ccb02504b822591a37df07673806fc3de5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5523cbea089ec83d81d1e3fbeb496a74

SHA1
8e4302453de713661be96355e6304b5d0050558b

SHA256
19fdab3ce3ec8d7bc6a282e74756195d4af957b879f00c56c94dd0e3d6f0e798

SHA512
520ed5d466882083e655a0f308d3cc2f9ce97e1b31fb61141aebdf6bc79ccc0e42e96ffb55027d3fe0e4381b0ec61c10b0eec286cb9142b032e0503c6d07d5ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
78d01846fc8a2411040d88f8ac73e3a2

SHA1
6f8c66ae6d3167bb53e3021c4766a66ca856cf31

SHA256
208a16524a89b527a5d158a110b4b8b714c090646f8274067380cd8553967f4f

SHA512
0941a57fe876f17b2db33a310d04ca9f0b89cec3ddc145948d7b3ae6ec1ce481cda40b7392edea2231488514d6683df563b146cf8238703e58ce2b943b98f769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
80096cd17589f2a7608891b1c5c741fe

SHA1
b5fcca874e6d4984770061c8894f2305bc65f0d1

SHA256
b1560e228fa630acde6171ab657ff61a169d8ba62dcc34bc0e8e631f4179c631

SHA512
6fce73245e00b3118004c542ba7f62136747a2e924f185c079b96223f2cb2c0e44d1e4f89ec97bb6003adb1935d09b55b492e496e1f30d6e66132b1fa62d0cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d30d08c9a60d595c9be420e4d7a076c1

SHA1
e9f2c2bcb8ed1206bfa40fd618005587d4308f4e

SHA256
ffdc8a9dbb315f2a76904d79c4b4f494ff0b7f6767e6199a0838a39c029d6dea

SHA512
c637dc4b117f85409a2fa1b5a1b153cac6ed3cc5da6250d598f95604d211c6a1d0d3bdb531744860746a330c59232f5014e38b739ed6c0d858847bb169486221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2e3eee996eaea74d8e08d3e261911a7a

SHA1
17b740a3a187ed18ac44e1bab142cba816defb3a

SHA256
c7063b61f5eb7b98fc87b312bb07208947ec7374ac058d855e170ada4471bfaf

SHA512
8cc7c43842897b859430b3d07582bcbf39267fb79aa8521283098ea275fb7c7b2102458e9cfa7fdfb77056c732e55e7804c5b192810398064a9dda51f798f294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3ee512f6b39fd59a667dc0c4c207cc88

SHA1
243fbbd454eab707595573083966688d70852ab2

SHA256
036d3bf04dd3ef3c6c784b29c4592aa3fe8509353ab7e07bd54bd881d79cd827

SHA512
24e9c49debb5cb36ad6ba138af14cb897d53e22d0ada47dc00fc4df865819eaf2d3ece8e44aa9dbead5190051e3524953c9b50539465809794d19c85d3e6d7bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b1a2102c4838736e602bb381a75ff083

SHA1
4e0d73169f5fb13492b0d54b3d6f31d41ca6692f

SHA256
573cdaad8a632b2ab1671677a5de2d3a3f7d827d6c1fe75fff9696e85f113cf2

SHA512
f88f996bde522f6f52d9365bb3d53016a2fa58a637f1359ebb953a1600f7eb59b0fa116c3cb573c182b7675280e82200494c093475d7f21d53c39a86931335ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
859e0cd50892f0c1d31ab2f5b9fb9e8c

SHA1
7dd2f9cb15411d4e42a91d0ecb2a18b7d9f925ae

SHA256
a36678f2561aa3e717f3fc3c06cd28ff8ad55e5d5484a6fcbde23bb2570a0b58

SHA512
f7b072459c1b02191fa82bd1896a9dfc0f021d1746aa2c20aa5c3f9ced78f11ca8d52b5bea853a7320937103f475e8d2fa44b60a77e4c3003eef5acecd3e7b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9368c92eb03cf9d0ff469c698903f3c4

SHA1
5323cdfb7cdecf8284433229bce84f262a4e7a79

SHA256
55ce5651d598131bafd4f86bdabe10fa6821f4dbb8f305b00d614ab1162f934a

SHA512
a75f1b67515a00c4a37e8cae9b5c73d33ec97ae527715c03955f617dab6b9e6d717585a5ec3163e1c7e4fb34c16391bc55b4022eb91f4a9affa9fd6779fb1429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe2fb98ba7e1323e06fb00fd8adee02d

SHA1
b16282d861f5eb684fa0596382f6817b72798ed6

SHA256
6fecb69dc8c60fb261b8947fd7ca1320d669bcd5856bc67e422ca99612fe2411

SHA512
df5405db48f2e69faafe7da75cb178191cc566dca0e7498c881c802c48c877deba4e236d20f5fcbe1c8ddb61ec8a4bfb87c9661c89d7dcb8e143a33877f27c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6527144db7113073abd1a9f3a7626661

SHA1
99c48b0ca7348ba619f6bd041171e72b4c7761d8

SHA256
cec67269a45f63777ab3584f3af741772be479e1a846fe2695c9d256500c10a0

SHA512
c47d1f567e5af7966ec2c22a2139d72fb22f159b8911c915edbf53dbb4572cce4e1f02c3ac5de0f373c4b032bea2167acc0398ce48b436986289e2aba9ebcbd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2a3b1f3c24dc04394237c3e1dc8346a3

SHA1
d4a2e2a883e03f3d29ca17f6e4831a1fdffaeadd

SHA256
62f8a380055741c158f9def1cb67170e0d2f6c3dc39bd0c741b207e15200a022

SHA512
7808895af4ca56e74dcc93779eb69381565ee303fe814a5b30f9cb0dcd2c2d6fa1b787fbb7b440b36f321a78430f79fe51cc48d71147e49d2ed7ed219076f1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e2387adf36623d32e3123331357a0aa7

SHA1
2c26c9afabc63e82ecc93a7f251aac9af31ad9a1

SHA256
1841420f49f96eefab9e48317ee9b4a6072f10d210d69c704338be4db717c16c

SHA512
44a69893e9dff926a7808972ce46b6097f51c2522a1fbcb30c3365fce17406524c720e1f187786e7cfdd2da869c915509f4b0836d57e23f53259d1e74bf9e621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7b7822ff821b6427728a0b5287080ad6

SHA1
7b1aaf7ddff54a3aba131fdc844f3cd5922bb9cf

SHA256
437a1bf7226c11c5b361b9ce2a6b324776bec78c1e3ee87b3faabe7cf85594ec

SHA512
8fabf0d27d5043b406f9c01ee741cbbf0291266c514952b695fd9cbe67b911954ac84696b58a1633b5b6f5c218624c29b275002d7aaac644768af897fb91c839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a358af85915685791e2856745f32a838

SHA1
833b6a2c2fb329c0626bdb53a133ad08eea72450

SHA256
d841dc323b600457f8e67f532c231595f0de180c2e94911608d9e5c625b14e56

SHA512
3f325a84a90e0b3ce2cd661006e551da2e9b2153ca4c9d51894d7e735bfc4812a67355499641809b132609517ac5db9be3f43a1b71a20d46e60baad3ad78c9c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ac270503bfb81bf6bd520878d10e5db

SHA1
2091a5e64b37884327095986daf7f8d831eb5c0f

SHA256
e01412012f68633d48452d012fea3cbf9d2891c92ef6a16f9891deb935f3a3f2

SHA512
32a2c1680b51b81dc605298b8a4f3a0e39327fd8efdf0dcaf571ee409446cf1c6ae3cc504264019fae42dd2defbc1bc7e37d5b219d66c6747ddf13b77263f60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84834614b2d6b7a4f7bed1278f4676f2

SHA1
503d81bc1cf7fde171f7153c58d562dfe286d0f5

SHA256
1e733a2c4a4556a70079c0b84ef23700eb1cea72c7bbd7f50037bf3d277ae258

SHA512
1e4019cc92194ee60d62210dce72beb18dfd3827261e22bed30e51c73f3ae4e6f01d53e783813400131ba14851f65b46be9adb50a3920835b76c93ef05f29418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cab4808ded316c0a3b30acd4223eedc4

SHA1
8917e3bb72d97f1d1347077ab905acb570bd7a83

SHA256
1542aba89cb1bd2a11cd524cc83ac08525f43f843d1ef6f973ed82070d429f58

SHA512
36893e2337f1357559f4eb39ceecd9ffceace61d6e5c0654978153b5c4717d194740580ee028f9c7912c98645f83ff8d8fbbba6ea4e0c7ad10b3960bacb59ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
226616ef0812814e0266f46799ac9a78

SHA1
bfa395a1d5e98f93beaf8eb636ee7016f69e9ea9

SHA256
d1e7083e0e0ff1bc213d3a8cc656c142295d3a0aca648f1559d622fcb9a52bcc

SHA512
537f250b9c7095c7a93f4b17da007f5340f4df84eb0282872c7fc3754c0461809511de132cdc58f7647fc41a51e74131810da536f19fdd0ae9b39697485f184b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
467e8b8e57150d9989525f4f3c5a8dc7

SHA1
410cee49e0cbd09e5ea3017c9658fcfc2e099f31

SHA256
2dc254e08b90595b1e56eaaab8aa4e6b8b6128c01a9c6e17177c565cbe0c301b

SHA512
25643c3ab3a4e87261a76b83b7b1f539067423eaf91e47e42e44805e2e6fc4c22f89d797232fad00d0a147904bec403577777b049110260bfd92ed327fb99854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f64e3585711cdbb47f3a31cdb6e9a8e3

SHA1
0e7695b67da336b48ef896f169341ca0afece224

SHA256
754ca335799468ccdbf0a70c3913dcaa1636bb4230789dc66c4b9f2526ad48ed

SHA512
dee09f64cb87d354b7237c8b1937174cf35dc5b032d76591c63a3698a59fb0f9f02004959365ada0e8fb5c6adc0b1b148d93cb69797658b729ef7c9b6111f066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
597abc14771d6859ec85fa58260c2e76

SHA1
a5d6a2c5f0feda1e98ab32d3c2ede5c102ad7abb

SHA256
2dfe60675e4f50e97fecf6bd5b70533811aab8601eff125766a33228719a98dd

SHA512
d650fdc2549160303374b3a4488d8605838b3bbc650da45087fabf6416bdf1f630550dd6ba95acb90c4634a875ba46c39a7751aab119b5049589e9d5080a89a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8a9ed0ea5281f87019067e2d4f088cf0

SHA1
58a12411160a5638273e2b1e637a807507bc7168

SHA256
0c8078c96dfb2e1409a629b33d6a16754965c9bbd81f76b2a1c4eebdc05489f7

SHA512
92caf90f5d41d55f22e713163382b75a6dc0326ae45374fc34c11a832cf5192c493c00b273d999b4bbc7dc4197fd9e04a599f0ada80f7866ab2db873a90022de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7fb15481ff0acc5793d161bdd42092ea

SHA1
928c7ff51d06f1936668b2c9c54493e79bd5e075

SHA256
6fb46af538b142547df18bb041280587e7b5037d62170b20ca8e6a39e932ee8f

SHA512
c0a708c245bc31d96aff9963fd797856c742268c90025e8936208719925f0b3e831d445e07efe2931c3b24a6f82764e0bd32dc6c8529325dd148a03f915abcbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8314ef34f73d82f4e124ba9eb7f5b21d

SHA1
13fc97cec2c5c8d37c6ad9c2dc65f6c2d43dc152

SHA256
90a91fe016277614bca21f97595bf41a10794b8e014d7b9b14884398f2b522de

SHA512
2b712601bbc53099c271cc572f3f0a88dfd4db5654a98295b405ef6831aae0a2ef308c46b01db3b28b53ca33550a56b8b2185e12d526b1b6a0ff617ffcf7904a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
803864e788344c3e8780555f82a77c74

SHA1
8905c60f3621a7514295d3a234ee7f9c148ed274

SHA256
d6eeecf209791321545336f92a10c4a5b74920b7ab07c198eb0ac3cff2c4a700

SHA512
8b5501f983af5f156e4f128234227fba30a77730c5774adb3a4adb803b2951feea1286efef65521b5ea5a3023d0765942b8b0357dc21b8191083dfba3804d927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fb84d036d82742bea38d410e7c6663e2

SHA1
c9c4974f1d04d4d5d2f3b74932b0324635213d2d

SHA256
ed0ad486dda0625a763e317026aa44791ab6d59aa4b9f1edebd871125b61b453

SHA512
be5c2f793c75ba0cdd6d1097ea97e4073edae534ddf8c92aec34d2629ead7c2c30acc8c0a50ca318cd9c6ef83eefc4efd04f7178ab47640ff1fa53e187f7577c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
59cef85f67671996a57a481b38d6cfe0

SHA1
22e11d848e2f05d11fc5e733fbc029f26241211a

SHA256
fd19acb8aa01ed0e8fc791c5c5cfe2b94f92cc5702db1854d1b16ae6c5eef08c

SHA512
52180f2485c9b318ad2aa5d237fb212b95cbc33752eaff085d3ce8058c97cd50da9360d9034e64f79244f079b6b1cd740ffa184559b7370225c2632799c6bdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f185ec6ff628e329be860eeb482cc4f0

SHA1
ab5b591f8308329073b88b3687bccbeb4b4536bc

SHA256
ca37256336c85463e698ccdeba487b6caccf1f69c5495350d26bf1e1972a3553

SHA512
2750e94ebbde10444685ef56566e3864b7fff433e2a5712c619ed0eea752c92a5bbfee985bfbd75ab7264e4de81028181a506123c6e0d61f968423f8133a5726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
088c941eef6ed957fb6f82d235c3ca6b

SHA1
8a81d7f553afaf3d2ddfdd85c3cb2d821ddc05a9

SHA256
9e833e5db27c4b122b8ee2220f54732fd7072857c60ca8b22bd9f5c6650a5ac2

SHA512
9f82fc00578a6f002a8ad34ec21683f72b8917a667676126904220a971dad863066811d890a8e45280d3c63bbab3fecfa0e0bfa1b94b4436a452454a4970417d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe597209.TMP

Filesize
140B

MD5
91e0e26ae956084770e8dfd94e74ece2

SHA1
783a46f8868b0109990e575e23b7c9fbc48c6699

SHA256
9d7fccf5ffa9b0ec2e66f61011c5509ed7e6f4b294e7fe1b94317c3be1e24e5e

SHA512
b821642a27bc0c5d9214584da1df0a6ed48c2896dfc620c63c99707b1256b07701126e133e9e9d5d9e2d64a5b4bec005e852e05c7e9c33d7276a353e4990a8ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
07ddffe3fbe4ffb83e17e72f53c3b505

SHA1
df7c5fe6389314e61beb5c3771656d5de15023e6

SHA256
d6653de45a8554128468f1fd3081657b6197b3b34580fe484d4be20149b04c52

SHA512
a1ffc5e8dce1919e6b99849c35c70027f8feced769c1f664a8d122b40f755d3514613a4ae47c5bb22ea01042e786dde7beb337eb544933b413dcd2834c2a3c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
01d61a1475d44b91c70812fdf7d0aaad

SHA1
bd782dafba7fd0fc6778c5624cf6974092e6dcc3

SHA256
3b4e46f8ce9f3250e0d90173af3f2453945bd8c2c1c66caa4a24e68f3415bc3a

SHA512
d715cc83656bba920d24ca7784276aafbfe229bf709c452cd4a1fc97f69ac7dac59f3885a81cb86232c2552018a6ae5905f79cb3b21da9ff258dba5d5c890040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
076f491f65cc5f0268bd62f5c9d1a1bb

SHA1
c1f10d8e091bddb2ee436ff8ccc502f822ce6dda

SHA256
2838f93bba326d9b07ec2b2b85d80cc674a9e907db4d7665f5dcc28e38d7817e

SHA512
16dbb265cc2d980e44b5b1989e1afd3bb709342d5299527edb41ba79f44ebb66cccee684c7a13d004862479c4242f8258d9807796c3591a3559760a21d8caa99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
a469c5f07b16da344ead155aafe1fbd2

SHA1
a362b36ff2975d94f96bcdffefb97f28c7e54845

SHA256
3269a7cceae2d40a322e7858874aacc3fd9b774c1b5087a23e886311ba34ebea

SHA512
7b85e6e77f739d72365c5460c5ca90f1fb9d25b447a604fc85cb0237940436dc2f3d9693ee69b1043f01800ceea6bcb90911a94ccb65bc4bd8a483c526f1bf73

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Client-built.exe

Filesize
3.1MB

MD5
428300a9c3c4e26f01e2a665f5dbce59

SHA1
f68a9962551a30e3dd52860915e8b22c6f431898

SHA256
31032ab12bfc6b7ec62e47760738f673361daa8874987b2a65e923f5a33f67de

SHA512
7c92489a7b5ab34c0868ef50bcf940e3459a740c7d549a94e49b77b49f4c606b20f2e4c6361654bc0bfe4a26d25735cb57203291128583c071658ade27c94da4

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\BouncyCastle.Crypto.dll

Filesize
3.2MB

MD5
0cf454b6ed4d9e46bc40306421e4b800

SHA1
9611aa929d35cbd86b87e40b628f60d5177d2411

SHA256
e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42

SHA512
85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Mono.Cecil.dll

Filesize
350KB

MD5
de69bb29d6a9dfb615a90df3580d63b1

SHA1
74446b4dcc146ce61e5216bf7efac186adf7849b

SHA256
f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

SHA512
6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Open.Nat.dll

Filesize
68KB

MD5
cc6f6503d29a99f37b73bfd881de8ae0

SHA1
92d3334898dbb718408f1f134fe2914ef666ce46

SHA256
0b1e0d8f87f557b52315d98c1f4727e539f5120d20b4ca9edba548983213fbb5

SHA512
7f4c0a35b612b864ad9bc6a46370801ed7433424791622bf77bf47d6a776cb6a49e4977b34725ead5d0feaa1c9516db2ca75cb8872c77a8f2fab6c37740b681f

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

Filesize
1KB

MD5
9ff0156b877ca032726352b807ee73b1

SHA1
f8264fd9fde169f775458dfc48fd2f7b31a925be

SHA256
88f7b0d021671b83e7b530b9c09b28ad53a9b0b3019656480dd724742844f5ec

SHA512
3c3b4e55d2fe4720113fe973538aa20838cc8f08362f2740631f3b0b0f222f6ea146706d249dcd61370f8ee49fca1d6b5944fe54468a6a139ec37faf8ca172e2

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.Common.dll

Filesize
62KB

MD5
2185564051ea2e046d9f711ed3cd93ff

SHA1
2f2d7fd470da6d126582ad80df2802aabd6c9cea

SHA256
de930a748e4dc08c851ba0a22afce8dcfd0f15f23b291f9306c8ef6ccd7460a2

SHA512
00af241c1f89b478e66d758db26ed0a413b690d695abf91211b5cbc3985133632327ea0fc41140bd61d02271b6aa278a8e8f539d8ca6ce94972aef50c1a9c868

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe

Filesize
1.2MB

MD5
12ebf922aa80d13f8887e4c8c5e7be83

SHA1
7f87a80513e13efd45175e8f2511c2cd17ff51e8

SHA256
43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e

SHA512
fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe.config

Filesize
176B

MD5
c8cd50e8472b71736e6543f5176a0c12

SHA1
0bd6549820de5a07ac034777b3de60021121405e

SHA256
b44739eeff82db2b575a45b668893e2fe8fdd24a709cbf0554732fd3520b2190

SHA512
6e8f77fcca5968788cc9f73c9543ce9ab7b416372bc681093aa8a3aad43af1f06c56fcbc296c7897a3654b86a6f9d0e8b0fe036677cf290957924377bc177d9f

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Vestris.ResourceLib.dll

Filesize
76KB

MD5
944ce5123c94c66a50376e7b37e3a6a6

SHA1
a1936ac79c987a5ba47ca3d023f740401f73529b

SHA256
7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

SHA512
4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\client.bin

Filesize
3.1MB

MD5
f4d16cfe4cad388255e43f258329f805

SHA1
fe7cc6c9eb76b5ad97867b46d053fae601fd4a2d

SHA256
8fb6ae3496d4ac025eab443d3e322b0faa3461d25b54093c9205d35746e3250e

SHA512
867045eac0f7765e6bea51e62bc4ed68b1e81ce6c2843d2e08714eb391a8ac94c2571c09828286252248400ea5c12bffa50a25c8ec5ad9e6d0bb836320ec188f

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\protobuf-net.dll

Filesize
282KB

MD5
abc82ae4f579a0bbfa2a93db1486eb38

SHA1
faa645b92e3de7037c23e99dd2101ef3da5756e5

SHA256
ca6608346291ec82ee4acf8017c90e72db2ee7598015f695120c328d25319ec6

SHA512
e06ee564fdd3fe2e26b0dec744a969a94e4b63a2e37692a7dcc244cb7949b584d895e9d3766ea52c9fe72b7a31dacf4551f86ea0d7c987b80903ff43be9faed3

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
96c8dd88e9edb12c0ce8bbfc87a520a9

SHA1
679f0b5924df6e4c7d954d0e701589027e753b74

SHA256
26459e72ae93d9894b34b212f192e93a0d4fc5c417be1ce95eba675d472d91f0

SHA512
c87cce5c83d3720483e1d718169c7672c1500feda727069bf22f275272e216d370736909d84aa4f67a0542648fb7820f0bfcfe1d63e887ea0e034b5356b86488

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

Filesize
372B

MD5
81d0d47d4aaee99e4e4eee625c7057bb

SHA1
073c15cec2fefb3003c9d17af7730e018bdfe6ef

SHA256
d913a4ba1154153fe45f5251112a206d70ebcda47152c80c14548e4a634b1f25

SHA512
d686edf8256bf57f5b252d6766fc23f6fdbe80eb46cececf0ff9d666e3ff08d5a1a399bfafdec1f1a5366102ef8181c510162683bf48a0a366cff73ee2b8691a

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

Filesize
370B

MD5
c8df946112b49d7da46f98e4339dcc4a

SHA1
bf23aba74b26df994461d31c2923aa9706e2cf53

SHA256
5a79e70d2dadb58e3d0acf9e45356b2239a27e3b0395f8e299d6d9d1d02177a0

SHA512
e90283cd243e5136ccdcbb25d1109cfd986af89011f42707dd976307faacd433b4fb8d0d884ab8547bc9338cbbacc523b61a5253660695d7b6191ace33e971c5

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
memory/392-539-0x0000019E4A760000-0x0000019E4A776000-memory.dmp

Filesize
88KB

Download
memory/392-541-0x0000019E66B10000-0x0000019E66E3E000-memory.dmp

Filesize
3.2MB

Download
memory/392-537-0x0000019E48970000-0x0000019E48AA8000-memory.dmp

Filesize
1.2MB

Download
memory/392-601-0x0000019E65F50000-0x0000019E65FA0000-memory.dmp

Filesize
320KB

Download
memory/392-602-0x0000019E668A0000-0x0000019E66952000-memory.dmp

Filesize
712KB

Download
memory/392-604-0x0000019E667E0000-0x0000019E6682C000-memory.dmp

Filesize
304KB

Download
memory/392-986-0x0000019E6A190000-0x0000019E6A1EE000-memory.dmp

Filesize
376KB

Download
memory/392-988-0x0000019E69CE0000-0x0000019E69CFA000-memory.dmp

Filesize
104KB

Download
memory/392-600-0x0000019E65D00000-0x0000019E65D18000-memory.dmp

Filesize
96KB

Download
memory/2516-1085-0x0000000000CF0000-0x0000000001014000-memory.dmp

Filesize
3.1MB

Download