quasar | hxxps://github[.]com/quasar/quasar

Resubmissions

16-01-2025 18:07

250116-wqarmssrar 10

16-01-2025 17:52

250116-wfwlcs1rdv 10

16-01-2025 17:48

250116-wdtc8asmbk 10

Analysis

max time kernel
850s
max time network
848s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-01-2025 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quasar/quasar

Score

10^/10

quasar discovery spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/3788-1170-0x0000011D3C730000-0x0000011D3C868000-memory.dmp	family_quasar
behavioral1/memory/3788-1171-0x0000011D3CCF0000-0x0000011D3CD06000-memory.dmp	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
3788	Quasar.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
21	camo.githubusercontent.com
2	camo.githubusercontent.com
3	raw.githubusercontent.com
19	camo.githubusercontent.com
20	camo.githubusercontent.com

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\GPU	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815235983141924"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\CTLs	TextInputHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost\NumberOfSubdomains = "0"	TextInputHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0 = 6600310000000000305a208f10005155415341527e312e3100004c0009000400efbe305a208f305a208f2e000000b75c0200000009000000000000000000000000000000e718a6005100750061007300610072002e00760031002e0034002e00310000001a000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft	TextInputHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000008b11c756af18db0181a127aab318db0137032aaab318db0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0 = 6600310000000000305a2a9010005155415341527e312e3100004c0009000400efbe305a208f305a2a902e000000d88d0200000012000000000000000000000000000000cd97ab005100750061007300610072002000760031002e0034002e00310000001a000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust\CTLs	TextInputHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000008b11c756af18db012df9b161b418db011a30593e4068db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0 = 500031000000000047598863100041646d696e003c0009000400efbe4759855e305a948e2e0000002c570200000001000000000000000000000000000000d3b69b00410064006d0069006e00000014000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0 = 8400310000000000305a4f8f1100444f574e4c4f7e3100006c0009000400efbe4759855e305a4f8f2e000000345702000000010000000000000000004200000000001f87250144006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\Certificates	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople	TextInputHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost	TextInputHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 78003100000000004759855e1100557365727300640009000400efbec5522d60305a948e2e0000006c0500000000010000000000000000003a0000000000753f7d0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost\ = "0"	TextInputHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\CRLs	TextInputHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\CRLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\Certificates	TextInputHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3900	explorer.exe
4232	TextInputHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3720	chrome.exe
3720	chrome.exe
1736	chrome.exe
1736	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3788	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3304	7zG.exe
3252	chrome.exe
3788	Quasar.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe

Suspicious use of SendNotifyMessage 62 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3788	Quasar.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
3788	Quasar.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3348	chrome.exe
3900	explorer.exe
3900	explorer.exe
4232	TextInputHost.exe
4232	TextInputHost.exe
4232	TextInputHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 3412	3252	chrome.exe	78
PID 3252 wrote to memory of 3412	3252	chrome.exe	78
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 1428	3252	chrome.exe	79
PID 3252 wrote to memory of 844	3252	chrome.exe	80
PID 3252 wrote to memory of 844	3252	chrome.exe	80
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81
PID 3252 wrote to memory of 2388	3252	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/quasar
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd70cc40,0x7ff8fd70cc4c,0x7ff8fd70cc58
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4284,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5216,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5448,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5528,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4820,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4336,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5488,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5476,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5356,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5340,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5636,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3308,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5712,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2544 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3468,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3340,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4412,i,12036818293702681552,12933216555673520410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3348

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:440

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap30973:80:7zEvent577 -ad -saa -- "C:\Users\Admin\Downloads\Quasar.v1.4.1"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3304

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3788
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:4356

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd70cc40,0x7ff8fd70cc4c,0x7ff8fd70cc58
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1668 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3064,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4288 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5100,i,15271886500220370025,1632007877404161991,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:2
  2⤵
  PID:1380

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd70cc40,0x7ff8fd70cc4c,0x7ff8fd70cc58
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3116,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,4310204380513727175,14736387167786418350,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3032

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3888

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5032

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000046C 0x00000000000004DC
1⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8fd70cc40,0x7ff8fd70cc4c,0x7ff8fd70cc58
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1736,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,12454808211431117121,14221873903916735817,262144 --variations-seed-version=20250114-180129.242000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:5456

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\52143606-c93b-49e8-8f1f-81e7750525d2.tmp

Filesize
115KB

MD5
89b1b69d61e6a86d55373efdd521adf3

SHA1
eb2be6ba3eca0d8bde37e49fc723daf88e083f6a

SHA256
090751ec05c9a4672d4136415eb04db91d1a3b41f3f00d86dad51c4110527519

SHA512
d186633d6abc21b6101ca400e6f4033802ad916dae3bc1cc8d7b60f2167d17b487e1e6c671a4d0035a385a2a288cd3093059940bfc5c823dc2c6218db5dceef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
46b257e2db3a3cab4fe4e8b36a53c612

SHA1
2327a773bca75530bc9bd7c74ef0ec3acbf99adf

SHA256
e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f

SHA512
6c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ffb5c4427e9f6dab0bf6aa0f680bf04d

SHA1
188256851af618059407bd23dcd7d231c052707a

SHA256
72bb19a3d2dad226bec11d580c82b386ca3ca7805f8859e5e949399af5d6aa14

SHA512
6e4b699fdfa6cd0b708b32013be968069a1341e0ac75a6830b0d946073741cca7bdc75285ebf31fec6ad701e0e5a2104a8d74b16ee41287a1a898eedf89c3adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
87b6266860bcd0c6df8ddb46086e36bc

SHA1
34fd4f3520e1a9414ca7769ecec980aee9ed4d43

SHA256
4a2e9350f9a27ce9e2ebd72a17ee4ae323eca85ce3c174d0492cfad514437819

SHA512
a92b697b1b4e118155610000436498a925b3cc40614049ee074fcb456122516fe11066e543f22e6c0cdc5f01860400e2e449c272e8905cb53b8521caf559b31b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
48dbaee615c6412de3aada3bcab1e289

SHA1
b3dc715bf9c05cf0d506c63082fc6733b12297e5

SHA256
7c62787e9551aac1870fbee741ca23ba0d112409c66959911ccb7aab6aa29689

SHA512
19b712169a492810d6de51d72e8ce26432853582a6980c6a4af0a427235fc7698c0790ad525d043a35a45c8b52502e5be5cdf81b98edae04cb0f71c852d73c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
77KB

MD5
ac2b3f747f6dcaf911ab07b7edae9261

SHA1
a4a092594067d950a742eccf96a61a839f9084cf

SHA256
439c5f4128e6485bcbbcff7abdce9a40716ea301b5489c8918751182e131d050

SHA512
f68529de62fb73f3ddcb586091e436ac7a3f590ceae212b333b7ad2013f5cb81c2a0ffc51165945a757212fff2fcfe37537eaf4f742dfc505c666a609ec22637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\73a9896da2e8f016_0

Filesize
280B

MD5
f74f30cdbe85f2aeb4237553a9ae1794

SHA1
ee044c8fdaa6807041c1253d203ac5da882ddfd6

SHA256
072ae14a54404afe301c8fd47ada1ed2f8a8593e96a414b3b5927d73c159804c

SHA512
f1d87951660af9e3975d934bdab9dd57b086bc1e6395631bf2f79aaf726066ade6b7dfc798695bccfe401c989802a0bcf37384f3a1d3b8651b6d596e14d853c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f61921f0941f82db_0

Filesize
19KB

MD5
b0e19d20b30abbc1bf375eac67663dfc

SHA1
afaf1daea940905278a12d4f8b7f9be3570e652e

SHA256
b14f79804ac2588b6df00893b8abe258c20f50db177d34cf1eb5bb3c11d8dae9

SHA512
bc38f14e7c1902aad92eb91bb445f6059d569d89dae774bc35d34a52e23ffe6013316f4728ba81c636c12aa6e7c293a1f603a97a0cecfdb79c4223a15107489c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8b3fac06da106a1f57f093d3c72da989

SHA1
78613953bb0c391e082276b22c56b1ab4e88c91d

SHA256
8f86bbe3f9a968aa686a6d5bf119d4e5ef3ce24b0e8a8e881136ff2a8ec30c63

SHA512
ffb462080a7e5e48706f918eff24fe4a96eaf32e6fa133c1d269fd88b568c6ec9fdc43a54d4f658273d3cc2ecf58eaa3b0cd7cf7e019371488ee8af592f893d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
07c370e03430daac94c80ed2e93bc872

SHA1
5a1c05e787a7f26ae5fdfae5ce0f6c21b8ac5aaa

SHA256
444d6f3152a984f20b9a901ba533fd2613fd205fcb47b88f0d56d5bf0a7c1397

SHA512
fe8c82f46052f703ff587ec140192af58c3773ebb2f303d95ef1676ffd23f7100f0b6d72fced34808a6545a463c73f39588e8f52b446a455901db465559b2b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3e33fa36d3d6ef6835b59bba62bb7356

SHA1
41a9b72a2999977c4c129ef94d241db3def3a858

SHA256
c834b4dcc319fe6b64aa469192fe82a677d9b5a86d4103dfdd3e4c4269bb0e25

SHA512
dc71f6bb65bef25a976820e5c8136d068144c760395ca0401d33c3d2ff58f59de28750fae498eb2ea64508ab1c70add632bbbd131d640e8f9290b062b6bd4de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3fa80db6780d8b6a3d342d36135abf37

SHA1
38e409db8054348c7c84fe4691a5187cfb1b6681

SHA256
8e6e2c5b0c8091d4731ec0d1cc84ea5c408b815a3dfab57dad89b04de9f361fe

SHA512
25b4049bbb6604822ac3acb1cb1575f86233e4666d3a644007c112703544b8a4a6c01a71baf2f368f3e5136ce4fc08ea6a2522799ad05018802c69ba6a79aab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a3d9eae0e0e3f76c4ad1bd5e945d2116

SHA1
1d3f5430e001ca464862ec1206840e87b3e93ce3

SHA256
cc5ac5c3eda7d17ad77d2cbd95ddf97f02d917a36d2b04098b42f481073ed851

SHA512
722fae6c89569a340859fd9e0f1200061ff79fcc720053d63d31a4ad3533fc1e4790c62e7fe89537efc9b3780a134d54227d62e2e473aadb4447f51d03f2480f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
432abb9d8ff7b5dca015a372c4cbd995

SHA1
963cb49abf966843488e22f5ad7166ea8563daf5

SHA256
8ebd869227b4007870457e6f6d36f1206437d3b8f22aae57d68515778fce6c06

SHA512
bba56e2af54d308c97905dea952423fe5c26e269d67e595aed51baeb6dcbce6fc325b5b7ef5cce53c15e1a37d87329bd003d88e152234810c81e0b03fc997666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a5aff4154c85d4fda13fbed29e5c71a8

SHA1
c0312cd6f70b0e39b42596c2e5bdca7f5d5e2751

SHA256
0b244d328022426c87df681aad3e75210b23c17afd4097959cf3cbb2cb4b6750

SHA512
2007d20528b39c6068e22d251e0129919a829fcd6ad61669a76d95d92c12659321da7956990819453fe948320f87d65c729e95cf1b443457a77739759a2de34c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
472560fb9f8cceda570198f0a7023800

SHA1
b05170c4804e13d33d54702bee7951819391a5ee

SHA256
abc30e4d42ae71585aca88e92651f4839e84cea7b1a52de2ff48f2e27b2e68a3

SHA512
b78a0f85997807766dfbdfa7ec38bea7b28ef6b87c154b9a8e7a6f75b9db12339315d001d8f2c8e0768e190ddab7f1c48ed47d80586cdea54113e693c3a51f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
fcfd77c84662e887ce963ec3b292dfb1

SHA1
1772db0afb82c054f2c3e0d2bb3961215347b38c

SHA256
dfbedc61a53bcdaae54c5c19f89c4c235de17759ce0309a312c75ca754151896

SHA512
d4ec3cd28456898b9a652bc1a87d04a88e840eb7b3385ff2dc460eb2a599603deb2b5218e98fa64aca33a2605d5b6368c8e357f3a63c69fa66923c6c43dc4aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4fc2d46e73171567ddf3e5d9b5f1b716

SHA1
da6ca92caf32ac4a7953ba13358d87f441446602

SHA256
0537ddec6f930d6d6777a167b13b686a71f9534c2d97fa7cfa6a37d95e6cf20e

SHA512
82fd2dc66b48828df3d6138955dfd28de539cbd14e5a9ee03c0ab8c1df26d854af70b36669dc9b4f402e5c4b00aa74fe37bacf5de9d31294e477f54a063b894d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b9a214b7c9db94a72d85bff08db01c74

SHA1
025742d8f80d9519778ad07eb93a5bf6fd6e96e0

SHA256
763281857a35183bb864e47fc00383f72b5935f079c34f3898384c31eebda7b4

SHA512
cfa2c8173206857f299b2017c15229ee3fcdf0569b24f081874073dbc007b4eafcbc3785b53acb66dec89220f3f714f2afee1bc965e0d3c3dfc37174a4f3860e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6473b1d950c62318c21b427190c99dcd

SHA1
dc7f91192a20e1a6a7eff96b3d638d07e1136c87

SHA256
7ae71037d89fd7659279647d5a2d9abda346b04f8d3ac3f29fd24d2fd0a4600d

SHA512
f6c50e4e261c24dfa74393041f785120a0db0da5d4b19d11361172804bf82db5f3dba9700edf05c8584607fc7147cc1efdea2fd4e5ff6fb2ea50358a0b5f51f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
01b20f3a64c9e0156941c010a4c856e6

SHA1
97827f9d816c7786a94e5577ef2cac2f1b4fb3e3

SHA256
2c63790bf9b4638d6dd700571ebe9f0ad65a05bbcacbe633f5342f2e99a62d94

SHA512
d29f7b954725edb603866b57aa256b1c6b0bc5070140590e2fdea26a5e543779a5371478b17d148da40cec87f6945bf3b6cdce564bba5ddc0ac8978c73acc48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
99560ca0c19696ee12c080272dc77f73

SHA1
e94aeb5fb394a12758510bf130c4258fa817f370

SHA256
f8d3c525d5f1ba5185e6333fe31a9d5e2ed215d690375ff4ba52faa80270e7cf

SHA512
91fd53d4b26a4664506f1b4e0b102c1d47939811af14372075471959778dcfcf7057cc8d06bb41409b3388c225ff4f8addc7059811bf7f502ac1ca21f36939e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d4f2d9bea8bc557f392c7cbd7827ba09

SHA1
2e8728f0cd815ffb9a5ff8a6fe2e9746f6682083

SHA256
b52855aac30fc1ff4b0b014794d1304f8fa000a26e23233c91b6fe1a3178a723

SHA512
ae9bb14223bb869824b5900ca2b25a3b31cd39e3f2bbf0c02edff6db7bc1024298df0a4c71273ffd8129d0af62ef95938a592f6f117e0deafc16d716b42fc439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9bbb863479dae74e9719824b855a4ae9

SHA1
dbd3ba41a7e1f739d9d432bf8bf200eef57510df

SHA256
67e287c242c6ce963c4d10ff4d129ef80eb65a7c666a533fdbff629f6c038131

SHA512
23203030b79d9e688444fbcc1f7a505f02bb0ccb317f3c31e1fcd22105f878eb9daaf8948873a286d977615b8e8dfa7a92f6c7bed8b7c0d90bc0cb80ee1b3000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3cfa8cde4f6d8d70063a0477b6c05a6

SHA1
e48f25d739ddd09e90d4126072ecb8d096102d6e

SHA256
f3f7840c53c76c1ed44eda4f010aca52651820708eac34cdaba56b4fbb9aaf8b

SHA512
f778719be0d2eeae436f56c7d68a024f82ff85acc655d729d2cea545526cad31603643071cb154ecf0864228c77bacbb9948e26f9c45001e9b5dd7b35191f19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6abcda844576b628cace7adf947d1551

SHA1
a6f7846042ed15f151e612657a1f82f28256dfae

SHA256
1260eb57bc1f3a3040b925f8f6fe663554c8b89dc2ecac1c285fa59cca4a38d2

SHA512
65a76be48fd201133f31404c592d79330a65fc1929e8779679c14df8a8377405ca5ad79cd93e363d300cac53be7ff926722a99abcd93cc510e65fcb21e35bad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1f36417331296a32560bc9341d478ac9

SHA1
bc82a5aab54cde0ae830971633efeef1d30d22d6

SHA256
4354d8166f6b5f7da6f5ef1d021ee09870f4b4e16c438b02e8e80e297134d8ce

SHA512
426b0b7f83528ff2e35edb9345d9b0c914efc2ce3c3b6da4809a7cbc9faeb6693fa63076e2b007fece2af0b4bfc3c92e3527578ed8ddd730d61821f92b92ff8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
78f7858149e7e91c0647d7af497da659

SHA1
ffd307ac08807f7e11e77758fb13d23fe4660caf

SHA256
2ced07c25ca33364d560fcb4840be6b1fe4fe544e56425cc9c25d6c22768010c

SHA512
99aeb76997c64bee8719615adf51371e1c089bd3a571157f28481b77d5c9edb17db3a9f50d9d52f25b9af84af19dc5b1f3b2b978a65d050b0801bff4a6177583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c381a4b3da7b6373c52a89ea39e9e14f

SHA1
0730ed8b0e4fb366bdc0158b921e50130d5291da

SHA256
5f61c048539e108887906538912fd9154adc36ce8c5ed152a0c12de441674046

SHA512
1b822a117497f41de3d5d6a98f437c59779b79a3a5714ff2a8590cb24651dbb795e57975e48469ea916b57f941ffd18a586297b34562c13d0cb39966a00a7761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
382aadb5f1a93cc44f6d35b1e7b85b86

SHA1
2584479d8f23a4f14327f99cec6281813046dd21

SHA256
1da19b1d7d7e22be11ec59b718e09abb9fa5368f79454800f7bb09970565fea8

SHA512
90ba386599d7c6f7b548186729b5853384094fec07dbbef65599941ea7f57f98444d2ba97b676ff88ded1f57c1da53c384982ddd06cf24746fefd96932b98dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02d48ade9d2712fff392d3054fe904cf

SHA1
b32f183f62e6cd8e331ee8e5d101501b423d670c

SHA256
3a47bcd3b7c132baedade81f03b176fbd33d9e3f4548774bb659e60d0679db6b

SHA512
41bf008f5764d7c657cef37c192b18b868ebea15f51e70de98d14094d36b02affc02ce8c5d72122cd35030c159bf1da9cdfa2d31a868b8cf2aaaf67bb01f5c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
71ecb7062243f5b28ad3ab40b1f5576e

SHA1
8c0ee859b6b46e04e2e6a9bd4e113989505956d9

SHA256
f8b3b8607262c1d7a3c58e46cf1c972c09a7647f44650de68a90a4c5780669d1

SHA512
20b0824fb9d443d59dc00c03b982b2b03c1d34c28fd3a0c4c167d7e7a06e55163d784688968970b51606a7c73aa344dba5162feae43d1552bcf779b9bc358606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dfa1b523933d6e1a2ad6558eeaa7fc87

SHA1
01edf6bff4d69220a96e4a93c34c733b1133b670

SHA256
56e9862ef2efdc5ee2d1ee8f4ac35829f86deb78b1912a32f5c41cf5bc2c19c3

SHA512
d09164f36d918980155b77126d00e4fb875ec90b7235d02f69bd2efe14e98c3f776aaae8279b1d1b118837bb5ff94e9b9c7a40241683bd29183b49332ffb653c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f8439a661c85dba0120e64a339861916

SHA1
d6942522a3b5ffbd45c361f060a748fc1a1cbce8

SHA256
46e2261a2181b4424ee839961781d0931f54376854258d193c14fd39b6893ff4

SHA512
ffad0bf736feffeb0d3975896c9174f97c66632c7b53b6bc30793afd3b03284dde0e8be92a47798f0e18457c9830b1ca4f1ef98d5f58eaa075abf6d94d619c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4e50f7413f994a3a8494cc55842d53e2

SHA1
fd596cd95ba06f7ed571dc5daa7eae7a886d5c42

SHA256
f57889e681e588b96e77edaa2595197d42e28f70983aae8aef0a740cb3630087

SHA512
943d94909a4114ca7c53cf05d50b96bc6ffdfc05e3f56615e706ba5df883b967d897728a36b188b1c065a8448c7b1df0d75208251bed5556486ae1fb637aee53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8a70a37a0ea9e09ffd24ac9bafa571ae

SHA1
1246415f338129be6d8e74552cd1c9d7f5ee0597

SHA256
0d271445d81f47defc9183932e898b04f31cfb274997d84a94aebd740fcb4b8e

SHA512
413f75d0234cbbc3aade009188c60886e3f7f0467b5a3166e36b44a239693e2b26490dbcc939468e0af18454ba2e16409d35605b74fe3998f9f2f2779c050468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2c0903cbaffd6dfa0aa9d289a1bb7dcd

SHA1
d9e0946a9bfc7c9c10f4364ae9a095c05818a538

SHA256
05e083860beec1f6864abaccd92081449756f854e8123dae883470b1c85705a4

SHA512
f15b68bd534a187d6d121fc30b60caeee6a4a53e22621d679f7359444767387b55c5576d03c5008ced2f952cdd35b67ea4354bec4fb60c1c2365e7166f6edde7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8124ab43f57554efb1e9ddaa994476e9

SHA1
eb4babef9f93754557d86b4b232f6058a09f816c

SHA256
82cddfc3472a81f7a0056490b6b29f10b8ac07d8c99d27b9f19174131c3c4409

SHA512
49beb0c6eac0abc49ecdd0b6f9b6a51f05d6e43b7625e89e9afa454372e1a153c76e2aaea0dd111de1b0a57b03819858a4d5e8253739420921222b49b18283d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b553cf128f23782c6886954d90a4b2c8

SHA1
ab35ba69e672c86bf1ee6cd479fe0b6da515e7da

SHA256
ecc8550b16027efb2f5e5a5e4ce1ac27c5ea3d5520ccdebe9256ea22a24c673f

SHA512
70a056565a95642be35c5159fa60beccd0c9eea0ae992b5984527a11928bc845d14cd565dfb338151b4851dc1a391e24d81f331d062f5ced9d128075f9d67e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d67f797032f1eefbea89f1e5f870677c

SHA1
935e589c40714649edac883e81f5ace00b476602

SHA256
4fbf9654e39078fb618de8951a3f4fba8c3bdd4a40d0eca85c3331a7cb0050f8

SHA512
66d51a58e10ad358b42c63b7531f4ca35dea55a695cc0384d46d1286bbe4c4d8ccb3c9d814a7dbadcfd1e143dc4e71db01c0b344e251d06433dc0167b48ed751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2d2d03351330d2a802c0d82c4db2e835

SHA1
6fd3dd0028947584b7585d76f4a7cd7cc790a8d9

SHA256
c66982315b169db01773a90a8dfae8f8f5f29f8ebfdb9467eed48f3b415d9bfe

SHA512
1132ea6413bc8e789cbb2bdad25bb04966c9a0854bd2f8275c0a8b17367e90e9cc1d9cb42fb4898775473902e30afadab1ade582caa15eb14d1a970c11e19306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1f5a0ec8fa540fb73f690956198a715d

SHA1
996763f02e58dd7579a965ff0082797a0d227c0e

SHA256
96af3836fc9e7152913aae962d84910c5750ebacaa352c21d65187e27cc8c436

SHA512
09bcc033600414fc28a4d90989209e8166175ed2abcce0bbdc6f5e6c94f85b7c58ce29e4f806a37534852892ee663089585dcd087672c0b2b2e9d8da42ffa394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aac23fc43aca6df31a1f8c8845b8d0fd

SHA1
562ebe0c5e88af79438866a98f452fd519dc8837

SHA256
3a0f9c56c780f616c2a19c1e6f00edf9efe6cbf398b0396a9416df072176d290

SHA512
8707a61f54facdb3f01840457a3e404306efd3667c1e80c55dc8f3383945cbf8270b2becf893d4ccafe5a057709b1a6789dea42c883262f9231ae0ecf8f8c6dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
683cd2d4725ebf35d8fac9a78137738b

SHA1
07fcf99e76c97892aa8428b651e502a336adda28

SHA256
9aeca564f28a444dcd4b27bc1026743f9aa1c005e6d8561f12f82e44f7608b0c

SHA512
95fc060814269b888075e081a3996818bd8586d8ef4d04e2156bc9b336a8596433173b146141469bd64b1e24668936bc0b43901ae61245ede0c4285178576053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90c3e44acb8387fd548946270f2aae11

SHA1
6e5021fab7a78ca9f71d1ba031a32fc69d988810

SHA256
a020708097b2f011afe2d4ed55eb9013f7f6d209b4bcf425900a563b510b5a73

SHA512
7ec0f6cb09e8fac668897826a73d634e369376b3948f486b80d7baf10b1492b57e2f3c606c4d74bdc9086b52a4cedbce5d242fbcfaca1998a29449ae302e0af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
01c4b665849e878edb5e30e98342a885

SHA1
991d412e898ea001a17ca679a8ba0c923e4ed816

SHA256
460db9790962ee864f7d19b7f8b48b4e87204fc1c0c3bbb4422dc19c407e4588

SHA512
bdf058f7e3d925b9726b5883aeb7934a79ee6762c552fa981d13a9312783678135db1c6398c97a672858d3ac207bfdd1d668a196fe39e389a18af10c5e590177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2301ac3e4bda08c42b13934ff6d78deb

SHA1
8cd3ac0f578ed3e93dda868544538c3cec4e5326

SHA256
bdfe81bfdbd88f30de1b482b14f8b7c7046d17e37c6c6cd654970e09654201c9

SHA512
adc7b40ff586928b43abeb5dc8f291692b8c8c6d69e244fe707379f4e57860928ef16b76091b5fd10221c164d1816e2732fb18d97188cb69bfeac62e0e1b5e31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
405380289018d04eb19c17fd5bfef57e

SHA1
9b6e802aa508b4dd8f9996d7aad6fa50649da48a

SHA256
9359447e2c1dbd386880848d477c26852ee54122131366101f74d9677329f653

SHA512
d053271b71dd3c4a12d81b52e9b1d26e28dcbd3b929384aabab6b0e5ba766f401dda9b7ce42deb955f3be809d661352b032320fa233d9a2285bfe9e56fcc716f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f8d67d1f38d8cb443393901b1a432f3

SHA1
f35700d834c20235f0d688e4e11ccf75fe0c649c

SHA256
fbe1d218d49c9d6f56d1fd52e61e60b120d517609713ac7ff8ce7f40f2b304ce

SHA512
aff64326b0f348143efb6da90f579e004eb294b1c2ae4af01cb66b40ee6f7c4f27d58068026703713fd6b384a7b8cfc23e3d8a8ad2fd66e61afdca2b2cc3934f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
e1e9262f7cc41472c2ef952d52cd76e1

SHA1
5bdcd05409c44a69f1ce37044db8594f31e13e79

SHA256
4d4d144cb7b28581651a31d657dd2752dd175d5c9395420ad6cbca57b086a79e

SHA512
aaf5fe223ffa58eadfaf7c9d4a473413731f744a70956f6624d85aa3a01e19ee5195aa4098189fad91a9aee8ad7c6a26616c42d64f6f27c966b1004f766c9f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
8917555c4f47250f0334cd8b89435c2f

SHA1
b66da909ace8c0cc21af62f4f21a83b7f75f952b

SHA256
8ccd123499d6938a468e1eb16b5a2a85bee7e98337045d0057fb166c0032fb8e

SHA512
f504f7fc284672c344e4153add715f94692b80df685d21b8c1756bc465d5da4d96db33c72f97bf2afb6cc189b669966c44af0f18bb7bcd55cfb277b9114f4add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
078b539d13eb4463670abfb855341a94

SHA1
bd6727e2d8c93724e8c9ad01d92b7ed17a3801e7

SHA256
f0f8758c24b1eb83ca1029f4aaa20f40625d94e3fc5b1ff6b98958964a75d4d2

SHA512
d4d0d7bbe9aaf331415919079f896afcbd7a177258d6e16a285da3306032530cb79975d72eabe833a307edeed983d0ce317c5b5710348c5430b9052cc5713f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
85c4664b6afc0c65c6136b3d9be9e672

SHA1
8eedc135c1c6cd27541f037bf8e0e8d5ef3a3db9

SHA256
fb707570a51c2fd0b83b262a07ad2d7812412ff92f47ee37937297e6e72a09d2

SHA512
5ee9ab6939a7c9cbea54b58b6c13c06d3e4a2c1cc0f96d7d5643861cd5c50bc701eb53f233466fbd830408fe33dc2739bf08a0b36824159657c8cbd1a4415d9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
d99eebd62d11d1859a72e8f2fd7506d7

SHA1
318073db645b6d9f944d441d2cc23511c57e27fb

SHA256
027eb3ca48484ed7d3f679933159bdb43f5de76048b3ff40386c96d0b253c1a7

SHA512
d8f704fd7d28884d915d9fb4c1cdde45d8f53b9c3f800b4a7fcadf317685cd3211733440b69f224b5ae6e34f27d13a69e48bcba8fdbc2497d81b8cfb23cd4f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7b8cc4482bda72c0d9d7195d00c30729

SHA1
6e70e134eceecac1ff248ef512edea78e3533dd4

SHA256
538b71108f27f416699e32155e2c9157608db1916415c68ab04d94dcc472e81b

SHA512
aab38eccb9603388a4bdc246886a8fb81ccf1ae07127fffe92eeba77d84ff57d91215b2862d48b5292e76e41b13e8890c00c4c39681be5609127dee66ae79d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1e5661e91440b52631a7fa7a8b5133f9

SHA1
b041f654f6330da632c458b7f975c3aa5b01d4f9

SHA256
6a07ba64997a0309486a5d1333a6936651ab67d7e04ab76df01929340e9d5860

SHA512
4587a6f27013cc1cfd262bc817b18fff5fc45917ee49d640c2a5d16f158eccee5f78b8f083526ac6a736ff3aa5661414ad229860ae695f744d841cdd194396c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
42c83d362a6d451c7c92345e65bd79f1

SHA1
c50be046e92a4b68cc4632555c4159163e04e27d

SHA256
66f97db830b352ac2e5c84aca386ceb526fe34bbf195c53dad5031f937e82e74

SHA512
7bab610550ac023442bea8fe5cc03a047888c8df8af510073a6acb9b8a4d2a752ce94066f3d4efebb1af521a6eb21a66b47f003f10f0c6aeb676d856d892bbd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
1ca3a0d4644887137105e4ff8d7d1f04

SHA1
33af4e25b81b6781cfc0aa2eb15c13e624a7a4e1

SHA256
ad295e2710853e86bf9c0d8c5e98d577ec9c69852f4d141d7eeb26816f544221

SHA512
a3948645fbff5037e896964c6c6f58bd6bdc09d326304db8cee9ab97be6b9c910d02285ad7251056e92184f65e373ff40f18fe55f701ec4cb70807bb7e13c9e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
c158d557454b05ef4ebd5c91f0a364f4

SHA1
156c88e76c58000e5ac7d152be2cdc62dd50cafc

SHA256
f2b4f65f64e04287b00fe52bb0f201df4e91770db46852dd114a3d4cd1c695b9

SHA512
e8e12eae2a6b033e589b9f31d994b78024fb74d049cba1cf210481d34d1d4d43c995ccddc3cb225f0e05f3952996b7708b7945f0c7386a973494cb966381643c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
7257c2ce5d187f3360d33d6125a7e49a

SHA1
93f11ea841acab0433e650a2341751685063afca

SHA256
c325c7e16f1563566a1031fb5cb4fc54106a543881c22ab4a4d383b27c568687

SHA512
cebe4004a6f51c3ab879539b6b47a5ddef0ad3eceaf353c55ec5a2a3dc07fe2457d1a5d7425992832453185ff86f80212a6189c0586f6bdbd3c3ad00e6eb88e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
c8d1f09bd94bf3e918d75c946511b0db

SHA1
c41b91e4ba4dc500c08a37508f83e2542afe423e

SHA256
25fdcf38542c001ad089907b8a77b0384365ae1208ec598838917b29aae7b525

SHA512
f832ff7753bff6deb9f4502ccace02c249f8025cdbb9ab90de7d8ea8117112a9cb0b89353a57764ab0e4e06205628a55f219cbf2c030623ee78b49f89546c3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
1d43051d59cf95963f90c4b0f93e96fc

SHA1
b5055413243d97e23207a78cdb8522f23444c57b

SHA256
9fd726daad93d7ddbd791af10a6d91bd3edabd1dcde83e7b712cbbf781831a65

SHA512
452539e7e793e0527f542439d96b5ab8ec213be5a39aaea5e7687034296544594f2ebd9693b9f7d2bc030c5f0873de9cc4f171765bc73d1d93f483e9143f6851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
640d7376219a63098be185e5c6c72718

SHA1
cea23f8d4acecbe89f460a0017fd4ee78aadfb70

SHA256
08972b4157d093f2700d1c9a755c94ee73f73295857949bc0582d79ae5fc2da8

SHA512
e88b279e56b508c01cdda9fb39d6ecfffc5b68145fba2ea4f61669a0b43d9eda824b392b8c02e522daf4fe530ecdad47cb1ddddd3677df19633f2f8ddfa0edf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
5157226fd8941b4051e568693771ee39

SHA1
c314ebf11fb730cb3af6343401bd3ad60abff5ee

SHA256
560216ff45e6971ab54ffc927c11fb46ed85e4df7699f78bb2230c3c7aae01c2

SHA512
c693d74d2d962582afe82b67cc0e2cd68e13d5c97dc790f27a8c952b7462c4a3808a8325acc827184a7f19da4e5b62f6c2f630eed6e0dbe5be5da991fc4af4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
903679b400cb17e72004a2a634196c8c

SHA1
b579fd07a07312f5959c9813a5b18a64f96433e6

SHA256
7dbc1f2362cc405516e27b30c9d7494127398ed82a9cb56250a0bd8a9ef5fb5f

SHA512
a0042a55c07eefe70f7b9a40820b1ca14f94965750550daf04bb4ed4569e64134b773b4dc8c6e8500fe2146daaa273805aba1d8327106003bc2687a63c9ea1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
8dcb1e4d722993fefb7a5b1462092420

SHA1
571261598b1a9e589920cf1aea280fc615d9fb4e

SHA256
634934ab9e2f8752e65b4f3dd0ed6eba8c4535f2681e104a5f472d86cb8029c2

SHA512
e05a023acf61b5e9885cec53f3b61312cfb07d49cf7057a1a8d46f3cce3a4689646f6cda9d2ec7489fe75a2f08dee9e4be7545ba9808943ea18dcc7e9e0958ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
f250b4035c7b846578e0939a6f52ef23

SHA1
5a48b5c0e1a33bfe7a45f05c5c9b31dd1904ab2f

SHA256
4445962ab3ac06185e1ab10ad8507c51684a60db9c2bcf4f1204e61aba4414e5

SHA512
2aa5116970eeb03138042cfa59b8bd9b7200e783f905b6089a58b8a84dcbe05c604011a8d6aae5461f6fef4ec4a2882b70832603c921cd3208c33dc85ffea9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5996d44f3ac4e24e3c53b028fc1bc2ca

SHA1
628d557814e93fea2b50445ba19ae033d6990749

SHA256
5415b7f2a0d3c4856a3d4c9a7e17573a83249ffc0961415f1f195f656caba324

SHA512
10d785e349d28d3dc3999e89723267857d453c3e121f1aed901107acffbc2f3df008a749632d0a21e22f45156e2d755673d7432189100534e21b0367f2a2e57c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\f0417ae7-7e88-4d7b-8100-ebdd3c26c877.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.2fwzsz3s8s8x4fdd2kw5suv1f.tmp

Filesize
9KB

MD5
24ebdb1228a1818eee374bc8794869b7

SHA1
79fc3adb42a5d7ee12ff6729ef5f7a81e563cd2d

SHA256
92a7d7d3b0bfac458ddcef07afcdad3646653ba7f4ad048fdd7a5ec673235923

SHA512
63764d99a0118fac409327d5bf70f2aa9b31caf5277c4bc1e595016a50c524cd6c3d67924321b0fcad12cd968de1a62bd292151e35fd907034efd0f40b743d6a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.5z9vvxe2o12m1eaq2so40zq9b.tmp

Filesize
1KB

MD5
4085b7b25606706f1a1ad9a88211a9b7

SHA1
31019f39a5e0bf2b1aa9fe5dda31856b30e963cc

SHA256
b64efcb638291c1e1c132ed5636afbb198031cee44384f3ecf67d82b73accecc

SHA512
9537559523839e3e708feabe8c04f40236add7d200ec36bad00c10a69337a15001103c17093dcc0d8cadb4713d911f39a6411624c1db4cbf1ea1af272a716168

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.e9l0rozio8rfavo_qmvjlqe3c.tmp

Filesize
2KB

MD5
530f1945913c81b38450c5a468428ee6

SHA1
0c6d47f5376342002ffdbc9a26ebec22c48dca37

SHA256
4112d529734d33abda74478c199f6ddc5098767e69214a00d80f23d2ea7291ff

SHA512
3906427ffb8f2dfea76ba9bb8cac6bd7dece3ebee7e94ea92da5bbdb55d8859c41260a2bda4e84fab7e1fb857ad12a2e286694ea64d00d0aa6cab200fbbf64f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\a436db08-5e71-407a-b0f4-c39fa6105556.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3720_1099492769\99de2197-e9f7-4a85-975a-4193d819fc60.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3720_1099492769\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
50179c84323d46df41dde7df49c69b84

SHA1
a5eff95498f7f764b8741963db53f9713bb4e9d2

SHA256
ef9704f47a08332833d3ddfe999996623c6208c1936da382570a0bf1c99ab8eb

SHA512
ca92d3aa4e6bc4c14c2c9392b8b12da6101e4196540b59be60194b4749e901ad257e0b7dd0cc9d9e5a6fd39aa21f194a32414086cf8e365938178388e400b1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
1480043cd28b1a7fe2681d2184b7a671

SHA1
7a43cacae6eca2d7fae61b44cc7ea803299dfdf4

SHA256
8ad73b2a49926bec5cb75e9e8c36feccecc47c06496215991b0cc7209c13c2d4

SHA512
a3a81934866ae20746a7902c4f06eaa9e319f4b7632cebdf0c51500861770ca447e48a11347c42ae6752350524d98ead1cbc087f20780f43133579e877b12a58

Download Submit
C:\Users\Admin\Downloads\AssertCheckpoint.snd

Filesize
514KB

MD5
d3e21962e27346cd3fb5eacbe94dd547

SHA1
ed4aacd0bc4f5d9e326461824634dcd9a4d0d898

SHA256
9ac6e612198babaffb4f36521dd6c2ed9d90756abfaced6c49f67ce82054bd02

SHA512
308e122164d397d2769741fd87674ca9045318298f83f874df3d03b10b12dc9fa16caf5c6dad35b9b2e8d6667baf63e6214bea9822bf50dd371911f27dd6dd89

Download Submit
C:\Users\Admin\Downloads\CheckpointLock.3g2

Filesize
589KB

MD5
4a7f865d63585d06a02b5305fd6ed829

SHA1
39501db30f78f4925ccda8a8993c81a1026769e5

SHA256
72ff8d6bfb34dd4560a53769d25f97a883929d0260186928ac4608e0fc0f56a4

SHA512
a6b532a4be165daf2dae79be8d401cd6938ed24b0053c2aad1ef5986a2db37605ef30f5983b3e89e0d8cb07126a04e1555100781312169b323f9b067384779a6

Download Submit
C:\Users\Admin\Downloads\CloseExpand.dwfx

Filesize
776KB

MD5
856fe736c117a3062b79442445e1a226

SHA1
aaed5f14f0296c9067f38af33504766c4f6ea8ce

SHA256
8409430408baf4952950f7cc30b8f1f17fa9808d65c3e1d1534f1313a6d07b52

SHA512
a206c3f035fa4304bdc528d0ec6ff64ca65614cf8d8e3e172cfc1f707ad356567145ac4a1fdc95b8d9f79ed6d31fa6cd1467c9c4f876f111ea93a1a4fc10cbe6

Download Submit
C:\Users\Admin\Downloads\CloseInitialize.xhtml

Filesize
794KB

MD5
c69b8d838a541ed61582e47315564e02

SHA1
29037536f30a67e6bf6bba0dd257dd01c9635cf7

SHA256
fbc338e9cb66c1d111547f436b473db1c388bd3dcdead77ca3f54dbaa56306e2

SHA512
80f86ea1ff7e553d72b374569b7a8670113c9e1f75086a661359f76303166185959ab216cde166b9d8e8506bdd7eae00669680951905c8c77af1f9f24c270c8e

Download Submit
C:\Users\Admin\Downloads\CompareRename.csv

Filesize
551KB

MD5
73dfb12aa16d9c00f73dcceaeb0e0105

SHA1
dbc205081cea3691670c26ad65dbf8d4053ae428

SHA256
26efe9d0a444e49fda84916450ae1223de2bd97b9501ae9e08130a2868593259

SHA512
ede90a4a0eb09d2b284e26e1b278ea8d9d874b4aa3cd7f8fd26282469a421753bdf6eab06fe52dcc6bfd9e6fe428cf23b786797e3c994177c498d779b69bc147

Download Submit
C:\Users\Admin\Downloads\CompressOptimize.tiff

Filesize
944KB

MD5
c332047c49b8f797b2a005966e9134a4

SHA1
fead5c4f89dcb19c77554e41ebee92b81010ba23

SHA256
b849e3218b7575d17aa03bfe0594fc38eaa3fe5c9f6e34960a5015a3605ee31c

SHA512
186ef9c7ae1f25e68b8483938aaa40cc771ebe140ede79b5eba0c86a9b14b3db0abb99bc4ab133e54682e957dc35de59c676e0728fb32d1000fe80bbf5048b1a

Download Submit
C:\Users\Admin\Downloads\ConnectEnable.mht

Filesize
458KB

MD5
7f7fea32a4d9e78a60753d3f3d609e0e

SHA1
8aa2145570400f542fcc795e9bb4c1c142ec6d4d

SHA256
a7b34f549b29ccccfd89b179bedf7ce4e87c3fb946bcf5685e9fc443eabee0df

SHA512
2f88f9e624586b26569ba1e80a7cfd638a96d34fc157f4f22a6978c88bc61f6f840d5d9a2466095c0109001b61863ed910bcd57da0e030f8599bd682a6024f3f

Download Submit
C:\Users\Admin\Downloads\ConnectMove.vsw

Filesize
383KB

MD5
5b53af2dfabe33d2e467550dca3b4941

SHA1
1e35453940e280b8fe73afa40b7fdb1eec7d77bf

SHA256
758f60f636cf3a587b93d7688ae34ac00404d901af8177d6c51d0c1bb87e8b06

SHA512
bd4f13259fb32ebb32fe839f66edda484c31a3a56b29644bacaa59e9abc1173d1fb113972e98466630ebc2a3d6351b9e8ff89ac946e22df4296b1b02d0bd8647

Download Submit
C:\Users\Admin\Downloads\ConvertToOut.htm

Filesize
532KB

MD5
5bfad27636495d7fe4d8ea65505d42a6

SHA1
901ee8db3ad77df43038081fd557ebae1b191b37

SHA256
cfde383ab3f3291d039804a37926b48e8959a49a0a7642f0dbf119ccc568909c

SHA512
5b9af023595924ca428be4b9bbdef29354c76ad590b01d5d39fa71629c3d6f090d8e64476cefda3015db1cd22ab9bae1ce0749cdebe9ba92f808aa01a80c709b

Download Submit
C:\Users\Admin\Downloads\CopyExport.avi

Filesize
757KB

MD5
42b96889153dc4c02d46d6e1e66c96bf

SHA1
94daa5785096d8bad6dcd65493884d179bc2af96

SHA256
8c470e4db9cc3a8f9cc9a9ef944e5ff692a93774c6d72b0e595ce7953f426423

SHA512
afa36e51dedb4b7d7e7b4614c12a6d88c25ad99d46697b61d9936123b30a83c8a7c4ce365d2e8fea54b05062c4ac414d2edb2188ba1f8f85f55a47c9b4fa2599

Download Submit
C:\Users\Admin\Downloads\DisconnectLimit.ppsm

Filesize
345KB

MD5
bca1b48163bc977fa6bebe0df230fc3c

SHA1
a6f13f3c86e690647b9e8f2e6a312ff8ceb504cf

SHA256
661a1248e0fd1d0daf02bf13486964b2fa628b3b7610f1a029086ed9096542a1

SHA512
3b96199ec02e885905efb6b1edf7f49539fad637ef53a9e516384ee20d3efabad9a1a6ff91552929067e97a1a0fc00c2cd9c8526abe0ca9121e8ba69d9928ef7

Download Submit
C:\Users\Admin\Downloads\DismountRestart.WTV

Filesize
476KB

MD5
552a5eb41dcc477f0bc99d75b590bbc4

SHA1
ea856e27d871a9dcbdc56f68a923090dd7b7624d

SHA256
b499a8df81f7098b06b0b71dc9e0573e19c9ff88b8947b6e6bd5f0e0bd1c8533

SHA512
b1a1aa8623e6d26fa7bc1ee88431fd84d8bebbdd61c9bede7fb3dd7ea9785ba1ef1ab65bb7cc127b51e7cddda9b35371ffb1714f75791c06dccb9dd3d4c8c52a

Download Submit
C:\Users\Admin\Downloads\ExportGet.pps

Filesize
495KB

MD5
8cfc3b746fe799b8e44bae2705731860

SHA1
23db031c8dc287aa46ce2582514ac33d7ec515a0

SHA256
5768fd73d59b6b011afd842b318b668a66623ff3296e86e2be20c207a0d833a9

SHA512
1ae84b708d8635e342b7252f40cd211fbcbd14401bbcd013d5c134c136b433a714d7c6fbd01029cc70b2b4879455aa58d84b792773adccc005dd799519401ca8

Download Submit
C:\Users\Admin\Downloads\FindSplit.lock

Filesize
701KB

MD5
a7d24edebd20553e181d8aca42974a44

SHA1
3e461ae860712a08b91f8b51b39c3f9d6578eec0

SHA256
48eeb9db123737de7e02d04f93ce7a8cb0a112fa2d39fc81064fd2c359580c94

SHA512
1412ec99b3ee66e412f2f6c67be05b8696e6fee357f2c872f6f8306cdba85c01d1bb17b699769004dcebf819f734c4f97ffc846ef5ec1d8b1a3f76e587a1610e

Download Submit
C:\Users\Admin\Downloads\ImportConvertTo.tiff

Filesize
626KB

MD5
26a166f467bba8fa0d9615c048d4e986

SHA1
ccabc1c6d40025259275b6a4c123f0f74e5e4982

SHA256
ac1a07d3248679867dde862a5fabb101718ce1aea46fc32174b7696c00619ee7

SHA512
0f9563b7bf246044b1ccd4b4e57777670042d1ee0b94daa65e6d4f11af51278e58b343d29d7a5a39f614f1b9bc324c4cf735f03d64fb1ca7e0a069c140b12a36

Download Submit
C:\Users\Admin\Downloads\ImportGrant.txt

Filesize
869KB

MD5
fedae2903dd42cf0e3f359cf718dae6c

SHA1
65a51da24bb4fbdcd3ef2b2858d0c1512672424b

SHA256
8c64c6b25fa7479843b7d3a7f194ee40b064d6a5019a9d0a0bd60ba2a96d6d6a

SHA512
07356a6c21550ce9d39541fe66a64c62abe5d924995305bc03c0377f797a6617765deb0ac6d8ac1bbb70d0369746aa40cfd7bd00866b020b50823b881d968a98

Download Submit
C:\Users\Admin\Downloads\JoinUnregister.reg

Filesize
682KB

MD5
ef0a88cb48d8305788913ea5f4dd8dab

SHA1
94fc85c593c9c8c93a1a4af21f44cb87b2dc0f8e

SHA256
7743da6486d6da575310847b03b1d1ba21a5da4fcc240eec82af3380a5a438e0

SHA512
f9ebab050af5a794e8ba35ade12ae8228454730c195f61cac55f02d0501401c6366e9ca754a9897e77ce952028e7808d5aeffce5195913af93fa1bd0bff734ed

Download Submit
C:\Users\Admin\Downloads\MountCompare.docx

Filesize
963KB

MD5
c622ed69dedb5c47dad91a6311988cee

SHA1
775aa5ca4aadf9a2eb0987030c50626014f1d2a7

SHA256
8a81dd6aa8261636968470e942487f414bfd3c85956feb346a4efd8557251320

SHA512
745207bffd718301a5bbcd9df56450bf7d0b3226aad58bfe9dc5d326e97d9ee0677aada4345910f3c08416568465172dd4e6774d1eeaff9037df1c2fb6294f66

Download Submit
C:\Users\Admin\Downloads\NewUninstall.au

Filesize
439KB

MD5
85493f4d9c0b929dac5aed424d6525ae

SHA1
36fecf0bdae671fd757c61773ab6060997655de9

SHA256
491c99c1221a4e92d956be8a51205c4c40ed39d9c07f5da829c7f2f54b4b27e0

SHA512
569db8762358290da86237248b366ae643873e683f81c86fb9f34148df7ddd61975de869025252178fcdffd2a54f2eac526252b4ef62dfc2aaab63a64cb825ff

Download Submit
C:\Users\Admin\Downloads\PingAssert.dwg

Filesize
364KB

MD5
f1a7e8f3f307cfc9ea5e3f3c8d04b0aa

SHA1
73dae44e462e5f3d357d06aebcddbd91740f3227

SHA256
06ba4a9b01394dcad79f29f404d10cfc630fb4b8f81a60203f99ed201df6d79c

SHA512
502eeb3bdae578f4501a91d886ec8795545294a79a638c3420a9f7a142d96a0593e127424938fb9d40308cffb779da2c3e4c32048a37fe21055479b187b77e85

Download Submit
C:\Users\Admin\Downloads\PopCheckpoint.vbe

Filesize
1000KB

MD5
c7dbd32cc883d64a1051f49f34dbc046

SHA1
d7efe6eb4a93899a7bfe3b8ab85e2b079e0e40a1

SHA256
a57a8c83dee40041dda61b9a342c8341b0219d7265df2762f1b6977ad8233105

SHA512
7f3a5ac77a1e02867a14d51c65997b980a33d94aa1c6bb33f8ea043467d3815ee2652ee5fe974d18c4cc2c396e008f0f74ad6ab73334485e22f863466af6b997

Download Submit
C:\Users\Admin\Downloads\PushCopy.lock

Filesize
981KB

MD5
1014f68cb5ecb7802124c3f6cf34ee57

SHA1
b7c88ae33f12e98b9e817e01b51570719fae934d

SHA256
a4861eb4fe24b6a35c3442469461540b7c714f95070816ec7125f41258da7de2

SHA512
2b2e154ee138bf8e344087112d0d167504258498438a727d32b4af75a8ab9fc29686b3c6c5affb806193ca7254728d16d77633b4d1cf7e3a061c816fb91a41b3

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.7z

Filesize
2.6MB

MD5
d7e183e137d332c76973fe0b7032524f

SHA1
5dac0c4234be01409186615005cd52f28402a85e

SHA256
38cb6dfb1889a0e30d657bd32e0cdee4c5ccd92ea20769dff0b05951c462bbc3

SHA512
bf30a6d1f9f6b5a0fe71588c3e8d3c95bd8f95659c7262e90c38353410c1d2f6a749967919974601a9dffba4abf3ff17abb2d22f5e39c11bd86f423af6e1c9b9

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

Filesize
3.5MB

MD5
5c8c36f31b6e385925a92e032c9f09d9

SHA1
55cb4574b3980f89bac83a29ff68eebea682ca5b

SHA256
b7d4753c6aa4be2aa542289225257d42bf98fd4480998c8fec8949b6d1774962

SHA512
10479f4ac30a80433a89988030b55f6ae9fe1307a7189cc5a897ea48aa4a25732b1fe0ac1c9824121342dbd6b34f93b724d1216aa20b40ae1d26b1d01cafa7fe

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
29181f355a0b593bd26cacf6767b0ef6

SHA1
122a7d8093d1df10af3ee22b7e6a0d9bbb981115

SHA256
afa8784778135464421ea46822af2dc2def57e936dac17b19a96d137b7b76f69

SHA512
89d435b4447d520ae6bab209726b0330c7c96f3ef44b1c09474c94e09fb1e192a25d6fc26436b9a39f1d947db029656ba362c8735e1583dd225599b979d9c214

Download Submit
C:\Users\Admin\Downloads\ReadExit.txt

Filesize
906KB

MD5
e1395cf3ced2558628a47153758b8205

SHA1
66ac5f4b87153adc7fc63ed339e5309490a36548

SHA256
40f30c0c46ef4b0ce96ef5f1202cca7b60a66264f0bc4bce92c71abfbd5268ad

SHA512
0b46335b9d1240abfb68939dd28c5b12c7ad54824f5819ac8bf7d57947366379c0ef093023c1d060a045847c93a7c2dd6bf5b2e5c2b9889d54e2ad74c30013f9

Download Submit
C:\Users\Admin\Downloads\RedoLock.rle

Filesize
402KB

MD5
a3e028e3d79bdb085375b57166b4476c

SHA1
ac882fda2a5c677e91ea05a2a24e671387c550d4

SHA256
bdb12256f8ee8c9f2ddb4eee2210bbbacf0c413a034b4f693a6be18392212c4a

SHA512
ba133960a246a06aa0b99e5f695f138b51560369b6e5d437e52534f07f212e392d92715c10e0406fd761a1ec0d99379e8857caee645f54b0e0e85a4bb8941b98

Download Submit
C:\Users\Admin\Downloads\ResetRestore.3gp2

Filesize
663KB

MD5
dfe1e5d65a97222e252c60aa38591c3c

SHA1
2249ea7528dee9991f5376dea5da45bf89e754db

SHA256
c0d1c535784fa7c110428dc526ef4b65a316bda8ded13e9defff3d37617f4442

SHA512
05aa90e3dcafe0f90bb3514be41c26593e88a2d66193934338c82e7bc3cbb66d5086d506ca86fc7e8b15cb8a3d5c6c81f5189e9ea823e10ad4f59c55f076ebaa

Download Submit
C:\Users\Admin\Downloads\ResizeNew.png

Filesize
832KB

MD5
f751eca857042b277141d668c0ec6cec

SHA1
7d3d85333d8ad574c0d7963bd1f697a0e72328a8

SHA256
ab42ca9fb04c7ef5e76bf348c983b3d3fca9f561f3612b95acc0091f226eaa74

SHA512
05aa096aefcca9243ea65a93d55ef466ca5a453f096e2bd56865d9330eeb77d90b46bec057d6c172909dbdb938c1a9623ad7ee3e99aefc80c6df5d55b50956e1

Download Submit
C:\Users\Admin\Downloads\ResolveSkip.M2T

Filesize
719KB

MD5
2ba13f618323ecb4cc13b72ef1c212d3

SHA1
d518ec15d28266475fa3edb4f4c521b4792dc127

SHA256
2f67e66dcc132928b6e23cd88a7910799b5c9b1910a447abb387ae746cb50c37

SHA512
73ae71de0f703a75c6052ab62a5c228359024b5303bbf0d19e4f7ae05a958c41dcbcccd235e48226ebd138f88482feec8a5bee4537f4067d9b1f2c79c491ae82

Download Submit
C:\Users\Admin\Downloads\RestoreShow.php

Filesize
850KB

MD5
3d8272f5fb5342ba995a5dafad961744

SHA1
c73e98de31bdae024c280fea7f6f4881c4e9697b

SHA256
db9bffb1dcc028dafe6e8c3b568c2a55dd501c11d09a72b996c2890e70f9fcc5

SHA512
f4b0deee3aa9b09e0d9f21226cf4d0adad6657f7bf45768bfed71d2af520e118116ed53979c045d0161331fa319ee7109083c99567181d571bc140a782db9723

Download Submit
C:\Users\Admin\Downloads\RestoreUnregister.ex_

Filesize
645KB

MD5
05bdce33ae40136f927587ff326d8207

SHA1
52f0a58fd834d4087f6002e776a11f1956beca3b

SHA256
a4a711980c82939c82e8d981175ad8d55da8003da381332c21c129d09d81f1b5

SHA512
71dd4600dea8a7ece776d0a7ce5ca179895b52a6b4baf23d040153e1a4b7587f1899a1d521c0b7ccc83cd32e330f37b7b55440a5542044ff7ff73d54253ddd58

Download Submit
C:\Users\Admin\Downloads\RevokeRename.M2TS

Filesize
925KB

MD5
d2e3f1d9b657f2f1da8ec2835b1489c9

SHA1
8a3855885e75abd0eedb69bb9807bb131c81dce4

SHA256
8263510c69b01db4bac57a4eb26f32cd5130dd7b6ddd4bd9a7391268cbea23b2

SHA512
406a4e17a6aee36df663780730608851bcb03b667ffd2fe0ce1771a5b5757238bcc61c7c3e6b68ae800a4a1651bf5b32d47a5d2e92e1e23bbb843d82c1d4c605

Download Submit
C:\Users\Admin\Downloads\SelectLock.vssx

Filesize
888KB

MD5
5e67577b987f7dbae93576813ea60bad

SHA1
01a1486703f4ed75082215a800939fec1ebf894a

SHA256
cdeab1afdc5b3b16efb298a2db5e905b999aebcfd6e03d4a94e61ad863c3fd4b

SHA512
acb0cbaa4b841bfa4f00d2912cc752a7606fc84710d2a17220ee22ad5675a129cbbede05da30e3d6d4333929c8ea601ee52187cead851a0bae4fbfbef20578e5

Download Submit
C:\Users\Admin\Downloads\SetUse.M2T

Filesize
738KB

MD5
6749414b880b61bdbc4723affd46de8d

SHA1
2779e4580e548cbf08d5b362923a6f558753280f

SHA256
f992c59823189ca0e0b7253c636cb55d01295875b787203edc692fe9f019625f

SHA512
283b8dcaca65781756c3847d3555b1ef473e81592be061c93f4d5ee25db5e9b016335932ccff0472dc1e5b230ba5bd590789f0149f1257227f82d966c9afaeed

Download Submit
C:\Users\Admin\Downloads\StopGrant.rtf

Filesize
607KB

MD5
663c7950901a9ed86994a73b64adc82d

SHA1
a82a144c624d5a4df72796bb2e104bc5f270609b

SHA256
e695c2baffbe8e9aeb275448e1e76f9e0e14026c5d8dc89389534f346c6b2311

SHA512
f83b629af903f310f780567ddb7e4bac62721ddf1e76a7ab7c445309de036d2b1e838806c5e046d278469f4964b94bd3798fe47e7d2326837bcb8eab3891d027

Download Submit
C:\Users\Admin\Downloads\SwitchInstall.xla

Filesize
1.3MB

MD5
e094f2283d5c4828f5d5f27ad15c2927

SHA1
1f69490935fb1b965db93d22e31646f6d42f31e8

SHA256
4551e5e0bc3d449d097cc73aba04d11df460c9f0fc55545f3ec58702b7fefb98

SHA512
2598e154919cee91fd1290aef7b765776278122093159a2fb6044ad48fe29f9fca172d5097a1ae3bd1311b8f5579129d1bc902aec1e9405183e7ce990a99c8aa

Download Submit
C:\Users\Admin\Downloads\UndoStart.ADTS

Filesize
570KB

MD5
f0384c2c3867b0bab71823ada8082c1f

SHA1
3125661870a9942c4d4f27c8f3cfc096ed9e69de

SHA256
9d44949248ce6fbf4e2a2573fa1f867cead0f80152a224f3df65fbae3caaff0a

SHA512
0a90a493e00a509bf02d72c89ddce8fc0ae2b41db8a75ba8f657b06d68ef8745e2e30bc4584fc18cb971a2331e6f8cbc500f56ad6e71c44de492fbcf058c6b96

Download Submit
C:\Users\Admin\Downloads\UnpublishCheckpoint.wma

Filesize
420KB

MD5
59bb261d61cf7ede7729df90dfe62b60

SHA1
531ad324e870ec741f097ee2778c56efd1653f50

SHA256
7e7811490f8dfdb08ec4477b2def568cb4155a60f949c1d134201854a555db05

SHA512
931fc7f18241dbcf5e95ab7dcb30d74f422340a02ce6483de8220798c56bc2563506882cfc2343cd1fb8eac04c1ae4952308e2e9e3db3ce87e9b3807a42866a3

Download Submit
C:\Users\Admin\Downloads\UpdateAssert.bat

Filesize
813KB

MD5
34b2d01c2dea50b2ec20e6e44941b56b

SHA1
362e457be9ebe8e3e1620ee2186818543e72aef1

SHA256
d7a48aedd095f0aadacebd8cef5d6815c64799dbbcf59d77a59b84dfb4416d60

SHA512
e10d31346ebfcfc86509d1febe8eac204f7b0c8022e65ef1952a75ad81cdbd6c255c057f7e5c747b9d49e67a836bf9f0a0dac09d52bd7bf6871e338d493f6d39

Download Submit
memory/3788-1171-0x0000011D3CCF0000-0x0000011D3CD06000-memory.dmp

Filesize
88KB

Download
memory/3788-1172-0x0000011D5A4F0000-0x0000011D5A81E000-memory.dmp

Filesize
3.2MB

Download
memory/3788-1192-0x0000011D58480000-0x0000011D58498000-memory.dmp

Filesize
96KB

Download
memory/3788-1195-0x0000011D58540000-0x0000011D5858C000-memory.dmp

Filesize
304KB

Download
memory/3788-1170-0x0000011D3C730000-0x0000011D3C868000-memory.dmp

Filesize
1.2MB

Download
memory/3788-1193-0x0000011D584F0000-0x0000011D58540000-memory.dmp

Filesize
320KB

Download
memory/3788-1194-0x0000011D58600000-0x0000011D586B2000-memory.dmp

Filesize
712KB

Download