quasar | d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

max time kernel
1119s
max time network
1120s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01-02-2025 12:15

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

10^/10

quasar office04 discovery spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

10.127.0.90:4782

Mutex

caaddb2c-fe97-4b73-8a25-f74523b47c7b

Attributes

encryption_key
78F2A808902EFAA2FADFDAA87F9E3B046FF44F58
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 4 IoCs

resource	yara_rule
behavioral1/memory/704-659-0x000001FF8BE20000-0x000001FF8BF58000-memory.dmp	family_quasar
behavioral1/memory/704-660-0x000001FF8C3A0000-0x000001FF8C3B6000-memory.dmp	family_quasar
behavioral1/files/0x0005000000025ad0-851.dat	family_quasar
behavioral1/memory/3500-852-0x0000000000100000-0x0000000000424000-memory.dmp	family_quasar

Executes dropped EXE 4 IoCs

pid	Process
3500	Client-built.exe
3196	Client.exe
1576	Client-built.exe
3520	Client.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	camo.githubusercontent.com
25	raw.githubusercontent.com

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 27 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1652	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "147"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133828857740591177"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\0 = 6600310000000000415a356210005155415341527e312e3100004c0009000400efbe415a2b62415a35622e00000034ac020000001a0000000000000000000000000000003bb028005100750061007300610072002000760031002e0034002e00310000001a000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "7"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0 = 6600310000000000415a2b6210005155415341527e312e3100004c0009000400efbe415a2b62415a2b622e00000003ac020000001b000000000000000000000000000000460a04015100750061007300610072002e00760031002e0034002e00310000001a000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0 = 5e00310000000000415a2b6210004e4557464f4c7e310000460009000400efbe415a2762415a2b622e0000002eac0200000019000000000000000000000000000000996b06014e0065007700200066006f006c00640065007200000018000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\0\NodeSlot = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1537126222-899333903-2037027349-1000\{29D0C8E8-6959-4DEC-B7FC-1DD81EA787EE}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 4 IoCs

ransomware

pid	Process
4540	NOTEPAD.EXE
640	NOTEPAD.EXE
3780	NOTEPAD.EXE
3048	NOTEPAD.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5088	schtasks.exe
4556	schtasks.exe
3896	schtasks.exe
240	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2180	explorer.exe

Suspicious behavior: EnumeratesProcesses 59 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
328	chrome.exe
328	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
2256	msedge.exe
2256	msedge.exe
1252	msedge.exe
1252	msedge.exe
2056	chrome.exe
2056	chrome.exe
4160	msedge.exe
4160	msedge.exe
4988	msedge.exe
4988	msedge.exe
3080	msedge.exe
3080	msedge.exe
4764	msedge.exe
4764	msedge.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
3196	Client.exe
408	msedge.exe
408	msedge.exe
4792	msedge.exe
4792	msedge.exe
1464	msedge.exe
1464	msedge.exe
3712	msedge.exe
3712	msedge.exe
752	msedge.exe
752	msedge.exe
3564	msedge.exe
3564	msedge.exe
408	msedge.exe
408	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

pid	Process
2720	Quasar.exe
3196	Client.exe
3868	Quasar.exe
1020	Quasar.exe
4996	Quasar.exe
3204	Quasar.exe
992	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
1252	msedge.exe
1252	msedge.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
4988	msedge.exe
4988	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
3712	msedge.exe
3712	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe
Token: SeShutdownPrivilege	328	chrome.exe
Token: SeCreatePagefilePrivilege	328	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
704	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
704	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
328	chrome.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
3868	Quasar.exe
3868	Quasar.exe
3868	Quasar.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
2180	explorer.exe
2180	explorer.exe
2720	Quasar.exe
3196	Client.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
2720	Quasar.exe
3868	Quasar.exe
3868	Quasar.exe
1020	Quasar.exe
1020	Quasar.exe
4996	Quasar.exe
4996	Quasar.exe
3520	Client.exe
4852	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 4540	2036	cmd.exe	78
PID 2036 wrote to memory of 4540	2036	cmd.exe	78
PID 3556 wrote to memory of 1500	3556	chrome.exe	82
PID 3556 wrote to memory of 1500	3556	chrome.exe	82
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 1476	3556	chrome.exe	83
PID 3556 wrote to memory of 3408	3556	chrome.exe	84
PID 3556 wrote to memory of 3408	3556	chrome.exe	84
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85
PID 3556 wrote to memory of 4696	3556	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc819bcc40,0x7ffc819bcc4c,0x7ffc819bcc58
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,17116243970185682499,1932457695847057111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,17116243970185682499,1932457695847057111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,17116243970185682499,1932457695847057111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,17116243970185682499,1932457695847057111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,17116243970185682499,1932457695847057111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,17116243970185682499,1932457695847057111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:1716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4884

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:3940
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc819bcc40,0x7ffc819bcc4c,0x7ffc819bcc58
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1672,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4764,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3456,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3280,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4912,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3592,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:2
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,4360670794490576634,4825974906757766256,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3628 /prefetch:8
  2⤵
  PID:1504

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1524

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1832

C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:704

C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2720
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:2840

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\Desktop\Client-built.exe
"C:\Users\Admin\Desktop\Client-built.exe"
1⤵
- Executes dropped EXE
PID:3500
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:240
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3196
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5088
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /K CHCP 437
    3⤵
    PID:2284
  - - C:\Windows\system32\chcp.com
      CHCP 437
      4⤵
      PID:1148
  - - C:\Windows\system32\whoami.exe
      whoami
      4⤵
      PID:868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnlockSelect.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:1252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc70683cb8,0x7ffc70683cc8,0x7ffc70683cd8
      4⤵
      PID:3932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,3972422580681579548,7660311247867652634,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
      4⤵
      PID:560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,3972422580681579548,7660311247867652634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,3972422580681579548,7660311247867652634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,3972422580681579548,7660311247867652634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
      4⤵
      PID:676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,3972422580681579548,7660311247867652634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
      4⤵
      PID:2144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.roblox.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:4764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc70683cb8,0x7ffc70683cc8,0x7ffc70683cd8
      4⤵
      PID:3488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,9965205249740058897,2051741452356420799,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
      4⤵
      PID:1480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,9965205249740058897,2051741452356420799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,9965205249740058897,2051741452356420799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
      4⤵
      PID:2872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,9965205249740058897,2051741452356420799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:4528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,9965205249740058897,2051741452356420799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
      4⤵
      PID:940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,9965205249740058897,2051741452356420799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
      4⤵
      PID:3772
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /K CHCP 437
    3⤵
    PID:4380
  - - C:\Windows\system32\chcp.com
      CHCP 437
      4⤵
      PID:3364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.roblox.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc70683cb8,0x7ffc70683cc8,0x7ffc70683cd8
        5⤵
        
        PID:3344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,14967996318823257635,15260298220440086862,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2
        5⤵
        
        PID:324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,14967996318823257635,15260298220440086862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,14967996318823257635,15260298220440086862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
        5⤵
        
        PID:4740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14967996318823257635,15260298220440086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
        5⤵
        
        PID:2620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14967996318823257635,15260298220440086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        5⤵
        
        PID:1124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14967996318823257635,15260298220440086862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
        5⤵
        
        PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc819bcc40,0x7ffc819bcc4c,0x7ffc819bcc58
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3836,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4408,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4312,i,17839160540563403450,6879766727409322659,262144 --variations-seed-version=20250131-130103.379000 --mojo-platform-channel-handle=3100 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1084

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffc70683cb8,0x7ffc70683cc8,0x7ffc70683cd8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,8723541442667197511,8963451015149152460,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,8723541442667197511,8963451015149152460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,8723541442667197511,8963451015149152460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,8723541442667197511,8963451015149152460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,8723541442667197511,8963451015149152460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\71f5d227760e427fb13349984e2762e9 /t 2852 /p 2720
1⤵
PID:4520

C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\main.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc70683cb8,0x7ffc70683cc8,0x7ffc70683cd8
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10508643640160785682,643497940966443570,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,10508643640160785682,643497940966443570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,10508643640160785682,643497940966443570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10508643640160785682,643497940966443570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10508643640160785682,643497940966443570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,10508643640160785682,643497940966443570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\main.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3780

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\main.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffc70683cb8,0x7ffc70683cc8,0x7ffc70683cd8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1764,9925870444450421893,12791951202218514227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4528

C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4996

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4c1f9df21afd4b488ecf2e927677c405 /t 868 /p 4996
1⤵
PID:420

C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3204

C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:992

C:\Users\Admin\Desktop\Client-built.exe
"C:\Users\Admin\Desktop\Client-built.exe"
1⤵
- Executes dropped EXE
PID:1576
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4556
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3520
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3896
- - C:\Windows\System32\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /s /t 0
    3⤵
    PID:5048

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3984055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e91ee655fc370fc76cae70be75eb4da7

SHA1
b1c2a36a252373b78768ff0b8c7c414975f8230d

SHA256
2119db0210675f0217218459520534d0442fb93f8d2ad66ba4b20c8d2a430ac2

SHA512
6295ce62fc97be1ee529b0c4dde9d8b806e7972d89378d527740c3865bae85e089883634ad2c3a72b0f0c63f0a0758645733e9e8d9092fb87bd7cc3e95d6c7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\140e1291-3b43-445e-a180-8c026ecb72dd.tmp

Filesize
10KB

MD5
1c602b44d0bd0bb0054fb6b246c199c0

SHA1
6b8a8ce00df62184ee0b9cc7bf6678b9b816dbf0

SHA256
0e042dad3e7b1e08f5eba2fe4f7dff901413389c68b3f4a55fffb932a631e420

SHA512
3ce11a5c06b5965670663e94179acecd89594c6d07f63d78ab247853349f44d0325a2e86191678a0ce32c8f325edd164f7d6c8a2fefe04955ef56e4bcc7d216f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
31065ddd52d81b12d5db728968f256b7

SHA1
9d32c660ca371788117991fb863762a218963dd7

SHA256
799f3ed9b0cb55b2af1d346de1f93a0f64a202739af5c63434547fba4bff831d

SHA512
8dcd63ae6f290471edfb07b9a5f9db2890110c2cc426f2dbe73b02602fc9e9c79a206366b3294613b7a5e7702e64c65f6c81fbb7d3cff05f14fc0f24c9033b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
358f044a430058fd30d0c970581a0540

SHA1
2c07d64fb3b8e544d36204235a060408c6b92221

SHA256
749cbaf6d38c449513d38110347b410f69b57cd98538993b41fb4f46b08d76ae

SHA512
91187b33ffe88e35ff2adce8f52de794d29e7dcb63150d2722895c7feec0ea53769dacde53782ccf4840e3518d29bdaa958743b31676cc48ba5e0df39f755dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
adf23a8e050dc7ee6238a115b761a802

SHA1
4a7b8eda6625909a9d39a768eb49a4a4aa6b74ba

SHA256
fd8379ba3d4bd4e44eb063865efde4507e081ebd7185dfc8566bb09df170e31f

SHA512
15e9316837091140dbeacd2a053e7c9571a8cc1c6476a85fa3dee2607990e267abbf162f0c63df8d196a8d1792b15ed110fd58a70cefc8fb73c75bcdc9d3a47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
9c2f7712740bf7dd01694cdff8e05ecb

SHA1
040d1491c87177c9985956fbc0238b93dac07146

SHA256
d27495967b5bc2d3c7dc37b5bb7ca6088fe8e5e5b310de392964c798873564b3

SHA512
52730e591bfbad50cfafc4131cae95e69934917980fbc512b9a0c01fb76d58bfd6c4bd53fe99e7c6bfe2820bd956969c253eadff1740027cc3e7bce082cb0900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
1a58519630df1dc024ba96b7d7a90f75

SHA1
441678b79cb8bbc9dfd08cd7dc5e4e519593c03a

SHA256
9d16bafb4b117bf92842b7884e9fdad3a65c19b9f8c8ace806f573c551324fdc

SHA512
ecef3639ca959d4cdf61b325637c108b9bc74e6a6fdd73d3553986b894aa88e548584d7772affade2bef43a67a957c86944ac078148ba6912cf35b282bb2e197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ca46499353c8dd9672bd5518a7ee4c46

SHA1
e02379bba62ab2336e1f5c9198a5236c735a8789

SHA256
b2d17fc0df5d114b35c2db31047d2dae20fb24d1caebb94293040fcb965aef7c

SHA512
617ad0195f9012fd475c38a625018cfdc17dd762fd646efda2c3cb697e7289f04ecf5d856080cda399ef41666de47b420239cd8c4a032247f12c056a04bd4e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
51e4cc7fab8299801acdabd3c1c652c6

SHA1
dbbbe7d1026446a3638975bfd8604d66ab0a2e18

SHA256
2b439a1082335b071474ef99aec585bf1462f0cf2836bc7647b6dbf89b33f0c1

SHA512
3ce10a95bf5d3c37cd5fcec8d31c4f1f4abf2e48fd98ad56cc3496ee3fdb34e9d380583ef480a675ee0f9e2f8b9f26c67b3f2fd05a9f568e040c5102c1902783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7354e4a0fce339d65e6148a0435c2939

SHA1
162224213cd26442d43ee2086454019f82f90a98

SHA256
0e95d66757bbf9156435412b0a79bbed16041510118d7a62ffa537d95aeca46c

SHA512
f914b840a86f62a5dab6109366a28ba189ed0adef2aa4ef0c8f2c94cb6dbaf279917569e64f00c2246fab0b6facf590b88d5da33dca936d68a80ef98213aadc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
1ccb9f2acffe82b068761376866cf829

SHA1
ca87b1d0b174d89258d188b5d31fa6004038f855

SHA256
ca96a375687bab4d7e8e4a96b9fd39709cce41aebf3f8a4433117efc7d0e9a3e

SHA512
64c588f9fc55fa52cb6aceb85276b4433c1d8d24eda35d1f80ce1f454a64a0fd7f8948ad3cf018c04f36b4dd1191f7040979bc26cb22d42aa053f87f37cf4aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
d114ec05e4ef04989983a49539595db9

SHA1
b17190da2f51044bb0deffb1affd90d5e482f280

SHA256
64fcda46085a6354f30932656875a96b37860189697b6dea45290f0083cff8a2

SHA512
5d2b8d54bd750a37d296f30369d35da12653de11e0436e43d6a5de818736a9af1daefbebf5960a87e3cbd42ab6bd72afa2f541ad1c9a783edb1a6e365288896b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2a2434920c6b165b7f84853c8ab32b92

SHA1
c640746d354f1f841e149ae391cb3925bc27089d

SHA256
1a708f951832bce6a912f2823fec6a53ad7b1164a80a57fb9bf69539c7562d25

SHA512
6cdab1a80cd954f408dc8dd5ec9a2544666c63fd51a19eaea00fbc72f9cc2cb8b54fd72cd72ba5f1585a5bf97cbaf2ed6eb06417772e65342f15073dd75b19c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
52bb6b1a8d9db924fcb2ddb45668fa72

SHA1
12996023e66ef0ae44d4e8a36c5d6f1ec78a85e8

SHA256
ae324698ce5ffcd56026f3de4c29ed754e9706f1ae1029a0409b4a3998128b52

SHA512
944d29fee61a718410e5a45bb55008dd2a7b9107380def625768c849b31c325c9592795c53b7d5818e883c791d7c6e271c1691ae0805c557ab9f1d0c2f9c36f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
cfa172a650b84b3abdbcc47097ea7b57

SHA1
5b45943b506c37225942826c102fcca6bb743847

SHA256
74581baa80a130006b3dd5628aa4845b20089bb80a5c5710c459e2708c95b038

SHA512
fd8626ec91e0b48a17bfe1bbf51ff8419717f631109ea2ca39b908dbc06d7628b4ff5d861bee7bc2070685c59a63c9c3759db1cb589299a0cf430a7d3b5dabfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
a76498e3a6de0e9024b5c72efe4f5ac2

SHA1
94dd3cbd7f6a47950330b4a1553ef2cfe17a9d87

SHA256
e6bdb1dcb9591e8495c304e266bac5a1929c9ae2a62e33e23ffd5e0a3691d44b

SHA512
0853daa9781890688ac5c34c44ac47c88e7052bbb427a2e6e99840a4e4736e5b741443ad0770a1f850953a57d907d44c66d0fc663d34bf0c5e3550e6bd59cb81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\511d3a50-4c7a-423c-a4be-7609d457ff76.tmp

Filesize
1KB

MD5
807f963f599b071def7f23c80dbccd0e

SHA1
cc4cbefeddfebc9a1b0a851007835332d95f2e79

SHA256
b7644626f7ea8284021a1d4a76c74ba6669df27806a68209a4a78fb56d03fc01

SHA512
15fca55bd1374daa7cadfab205af4a53340f06a98bdf0c28ecd599b7d42bed1968c3b16ed1fcdc249e612731bd920a4a0527877f33fb114f3f05f281b22ba7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
21782c4732b81ea9afb8826ef93fe22a

SHA1
8298cc9e96319b84a655c7375dafe8eb3887132f

SHA256
8a931e861270491757035361943bcb366604f082dacafb3110eb7bc6c28ee50c

SHA512
d494725d62d583f2ca052455f9438961c8d091c12bc8bdd03ee6dd1201a053f3acfd18f14fdbeb1f4c5b34a5c473f8dbfc4b8b67aa0ba47dafa61746794d660a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
841e739db76569f9b2aa4a5ac407014b

SHA1
b7c07d4e48602743a6f6a735e1e2b3408c85e4ef

SHA256
7456f4595bd492a4afe87821bbdadff2e3b872f103d123835720440011cf54d0

SHA512
879e890ef62644ea09eae83a90bcc64bb206c087e82016a06ef1ebe2cc1164f2e9f17378c6db2ed3b85ff705f71128f098c802aa5aa79946a85d3a4af43a2028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5bc5a8db78aea3be6a9b085ed4a72f06

SHA1
091cfa9d91ce91229ed89044d254e2f75cb65e5a

SHA256
ea51e9d962537c0e8d5f60a70877afe0fbf2e3376aa471b747a7382c96dec5fb

SHA512
55cd934915d22dfd9b2fa6f992ad22548ec12948d8b7643911c4b2b131629ba1df874cc3b454af1edb908107cdca436515993087864ffbf42acc520e611f7d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
59c759d7d6e4f9b4c5271982e2aaeb42

SHA1
8a2598e469b37ba5492624d95b4d5a6053ced9cf

SHA256
ff2ded7dcc42283587193f3523603883f81caf2472a1b4c8cc77a457133d2620

SHA512
7d94add29e127e7a21b8847cfe8fd8f06c14b6adf04c755dd3a1d6b7163830811bbb0c3032fcb910fb22bbb9d0d8e750de753a1a3f01371c5d2117b408e33b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
57d0725442288afbf83c0478bc0d8095

SHA1
560c4cef4ca62a4da779061d973e8cdd5d23133b

SHA256
f7b719f72f65255ad7d6c97f3f16a03699530f24c84842f16c24c6261ee5866d

SHA512
15703c0f742005440308949bef138c7d48097afce97362fdeebd1e496b435aaa5beec5674d4b072888713fe13a2e66d33758f7d77cd71039e719d9414ce36880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bef3e85744f570e5ade4138ed82ef9ba

SHA1
130acca5b8e1ddca06a886253b55f3f920912082

SHA256
7b3f7267c2ab22d3c16d35558d0df5b0dc8edbde883b3ec7e2cf39b0905179b4

SHA512
70cd5e718974dafa5a6235c47ab6d4ecbfd2d96852187e3422256000b149c983b4e303be076e70a4d22630ec8cc3e35bc1bb8c4e3e3c6eb8422fca766e40b481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
acd87ba6d861be85e0150a81c318a051

SHA1
f39c75f5d362b7fb254e0b06017e977647e4c74e

SHA256
ee33ff94a905d5563d0268ab0145608426f3d4fd607986539910932d0b139842

SHA512
df55c88352e35114a309e9052c5f114a079e8ab7ab39178fd6b07a0266af88faa583170c107fea24845d6fea078502f45077fda7f7b982b47599b4590b9e3a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1102edbe3c8e4279b6191eaf0426373a

SHA1
766a0bbfc281d70580eb909fef9f5c32cc27e06a

SHA256
568d26d588d328272f2e706f22ab62620c52dc9998ebfb532600549daa96f374

SHA512
a770b92d168f9879913a95b1c4a2b6112c7ebbf82b49cb18338bb0fc10fb497ab808d922690c65fd4e302f61fade6f4fdb4a6f730205a96e5bebac2feab9522e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c098ca24ca9b848088b364ccf3cdee22

SHA1
4cf5b3dcc8d64436760fdc77507a0f9207fec595

SHA256
2a00049a3c31ff2e876223f8ea4795c8e2d6972bc6d296656d4432bb9bcf2a50

SHA512
ef50bc8947e6556ba76f5cfafb06e3bd24e8a69f8512e8ef8cb26d63a69d31acf159f78487e412b4c1b52e81f76c123f970c29f5506ff10252ffba16905c407b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
719cdbd304563fada49a29f67625154d

SHA1
e64202ba40fab43d1c8b2e2179511baf324502db

SHA256
df7eb4ea366e57dda1dea64725766c9e6225794796ad4182f1d54294dc1df56c

SHA512
e5755263f27c54f04b7f394efd09b4f66764197c5ce5128380a8523d73e217cd0996d812f75f4d5eb128157c691734acf02f880ae30d48b0b514e7e0ae3ca2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e30070f1c4137f72656f2dc65ffb453c

SHA1
3c3ced1fdc3aec65e9197a0e53a8a10cecd4dd96

SHA256
37705ccf1be58161b1f9dcb7268d03935f8400c4e9aeb5c61bb59da73f603913

SHA512
001e4d9419e98487d8d4f55d0c842fbf643d5d6d6adc68f26ea517823e66cc8ce2a54476b644f919a45e39975a5f4577e4eeb1025202f06889776228b3d8fdc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2177868bf5b46b277b54bae3272468cc

SHA1
07e3402cfdce6466e6f257097c4e6d7ac1ef0909

SHA256
5fbabddb810eb4a205d258ba3441ea4eae5f663c3b701ecbf5ea997f18f5b061

SHA512
0d7e099d0c6ad6f3fcd371b5d8106caa64025b7c798764c27b3af12628b3baf9acc1318217398e11b2bf52e565de6f4ef037da8729f95241e3ed7955e1c1af52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5342283ecaa0e293a9b97c2d82943ee1

SHA1
64b2c6f502b43fade9f5f4fbd260c5568686d28d

SHA256
4982c59ea61d3287ae3af16dd59bce4a35646d61e19db15d3069be4a245c48e8

SHA512
0b01dd610a664c4dab3dd0f1787b436c25a153d38e03977eda23ab40efb6e623048e3e4bd24d9ef7ecab1bf8691201959ee82b1a6417f3ee2fc4db3d6a8bf243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
32e0b89b7d016cab9ee293838db4e715

SHA1
7d7ac19fbd7648d7b2b0766fcc3addd15da1a27a

SHA256
d165d9817f3b3ecd001639a084047a1591feea440f0915fb303be61b761a0b1b

SHA512
7f3b3bc0f7213da43b58f20048125b098b72d14fb7ae49ac832a9e0ef1cd94eaebd1dc4d93605cb3bc1199ea5eaa0bccafc1b2916b429327b63628dc6b42ceae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc4e0b165e49c6ed9c57fd080342a344

SHA1
be3e844c8e8817af35ddcd57c843f2ea9acef59e

SHA256
9ee96f3a73f3338f02495ae0e85322d8c2bcdae1e665218bccee116bbb473de4

SHA512
25e2d93c842207eb031e6bf3fbcf370dfefd087c6d981a13440dccddae99404d73c35dcd37ad8f3004001feeac4f1e1e26646af30ed3d060f3426b1c1dba98a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5466d8280cb1802abf9e9d7c9e87c57e

SHA1
95e4ee0916d101694faae9fb09d261953d06d127

SHA256
8517f72a448a17dcfcba01109cd47b9ac1d054c3fc0e09b70b11055514cd660d

SHA512
3e94197ea59c359dc618f705a108fc07574ea03082075eea8d59044c98752f38fbf1a01dee5c6ee1d6c937957899b2937d99c7139c25fc67c81edb74af73b210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d0dd7b53a232c5ee07ef9c1e155efb4a

SHA1
caeb892c92588480234ad6effdd3467ae3bf75b2

SHA256
901bfea6ad8aee799e6c0db3b437e3d5a61abd381d0fa9f47eea9e970769a4e6

SHA512
a11cb5bbe99087f1039062e90cb16ebadc895f709727c39300e2982b80edc207a54baefef7dc6ca423498649980902c852cee988a3b4f802b0c64569b9b65edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63f7bd617a789094bbbbf2fc37d07541

SHA1
eb042deb14378a90dc20013284f91c993dbd5e7e

SHA256
2e7a5370d96a774e2367839b0e5483906f9c358d7c225c15882c3469b19d4f62

SHA512
e7634ada64ebc245c89b14452f498948b84d548c1c06245f2e0c030adfb58bac63ef284b699ea8f88d2f8ff1875fcffd168d02dce654afe834c7c8661817dd47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
751f63b53cd1cb5d48f1807245482740

SHA1
fdbe4124618951b9253fdba0900b57da2ed6ba2d

SHA256
18514e53f7a0a3a66b3d69d8e00968090414ef406121a97a7d89b8ca8868329b

SHA512
abf55844fd37941d828a9f23560ac7ab665856ea921be944c1114076315662956aa949b4cba99c4b07605f0cdfab19032fde5c88084a0ff866cfb0174838c9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a54cdedd8e858f77b4bb4abfd1ddef0

SHA1
0a9589a1449ebbc0cccc3caeac8e2a0c3261d3cf

SHA256
69065aa0c1182818fabc7cbf4aac73fa376852be92b7326a00988ee8fc780f52

SHA512
0d02b0920576bf3aaa05af0860aae4422c1fe756b64bced60c7a6b2e9149540baf278a0b6bc57bb0b84fb943c9abf3b1527c9a5fe50beb88db7d340921cfff68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a8c3ca96ddde49ab26c68e8c639eccd

SHA1
45cc970fbf12a512f714e94f1fe98702b2807bd3

SHA256
42bcd045d86b315908518fcdb4e6a008ae08bf49ca9b92dd2f4104064a2f7bc8

SHA512
9dbe3b2e49f8cc3a5cb6ad37eacd2e5e85d30dd9b38fa0f76906fa74554a0a3086aec1117ba1e167ee357accfe9616a658c79170a12864c38cee73059f943f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5631f97cf98ee225dfebe948515999c6

SHA1
3e56d512ab7b73d946be3e7a76b706d106a07ab4

SHA256
30270f9a9ca2eea52a665ccd10de06c5088bfc84a50923dccd809bf9d2905440

SHA512
068ecf6a95dc439af50f085d7b06f57dd656674389c01e503bf5022ccefe38487df669e2be470a8b8bb92d1186fbf97a2d82b3dba6b0c6587c0af312e51d2ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b06a8030486512ad959e39e1b79b38b2

SHA1
c7b7231520bf2590ef9437fef3c86a5de742027e

SHA256
c290d57642155985d65df1468fce9ec730cfddf6ffb1b8bf495d6a183818776d

SHA512
746e4bd46d6b409f2996ff23161910a65fb955a590d45d82fd5dde07a5234b14d6a46cef9595d07542e993e21e87ca6932afc809b842bd5c284e1417303422ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e949fd94c7bea399c62ad2c7fb824576

SHA1
6cc7cb494a2cc71f7af7caecfa7e2942f539dc6f

SHA256
6e421196add68cc94726afbf8897eaa2803cc56a2b3ffb242b13add40c3e0f2d

SHA512
098c892c2b0b5a6e9c811ea7e8559fe1b9d57161f4ab85044414eec264ceb5aff753b354c524be35c52b1030c257f04a29263c45a9e28c896bafe59def6880a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b237202cccb9ac9d002670503c6a0fc

SHA1
2ad7e49d2f6fb1d004e2233b980b4ec1d79f15ee

SHA256
5dc8c206a991141cbcb767dd7b4868701ce3cc64555183b4811027f3789cd9da

SHA512
6d53c95d78b36040d7125cbb8669d10938a8a479e3d370f7cf395d35aea61892558bb8eb2404e30d9d4d6d364a1ffab66322983149b1c09a383d9746b3070d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6187c7e118c092c2023d790d82141d93

SHA1
103421b6a3cc9a67f5f0d6623587e3dbb47b0363

SHA256
60c7be241097b8f7e395c49b1de02d1fbfbf549c3c15202010875ff2759dd06d

SHA512
72ec8f469c5ecf8d8884fd57dcac8394dac0b8f42835d3e3b4844442d58141c3b86f1987867a60948020d9033679b5e67d8b4d6b6df16b4b8fd2ad615a5247a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
375d865237f5bd069dbc2e2bf2e65037

SHA1
e7fa6ab3d139f2a1761190c561d4fbb5c2fe6a4d

SHA256
7b1a5f3ba012333bc3e31f2a835812afaff4dd4e54f63b32ae9615c3086d2685

SHA512
4d385902b1c7a247eea147863ab6f30064ed550acb11e0835fb5affc2075b0f0b9d2fd36b908d52ec80c1c17dba92a3a01a9882c0d117ae880049cce1987189d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
367a643148fa59748bcff40ce6a0d7ee

SHA1
c9d289b40fa81bc94174a555234510427a39cdea

SHA256
d58239a544bc35ceb166f5d58f931d8d8492978fa860e6cf5efcaf52b5c73809

SHA512
169057eaebc296ff7373059df982762ffd39324caa33ecd1a419295abe51631288fc332ee7d53924370435e690b1ab927ad6461ce0572ee60bd40dbeef9dd8d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
caef332b126364f2054fc806abc06673

SHA1
eb8f5ae4a766262425d2bd100219fd11af66f3cf

SHA256
245e99f47801ec77f0b172b75886b6cfdeb41a8cd0a1529789f4a4950e078c4f

SHA512
72193c0e6234fc2a6ae7c66a8c5e301dcc632c25a5a7cbe60d3403e2076f13ca687a874a41956e7f4e42fad0236946db43055d282a15cf6602ec0d216e65a2d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b7676078ad817d0fd1875f901bafcabc

SHA1
de8a9c50da71d398cc1cd2ae6ae70e6ddebaf906

SHA256
6b755394dfeb12987ea2e3dfad19f264ae904e265ad6de946d59e5149f6f87f8

SHA512
c09acbf351d2ffd71d3cfebae99411b9b7ea5eab23e4569c99bb2290d4a8beb4a58a06a439b40c9e370edf39f93cbe721a81c672b6abf0b0548e280a844fc35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
694f414b7497774d12ad7569d6da41da

SHA1
09eaabbcc5ebc4cf76ccaa760e945508900d6d64

SHA256
7f4c5bcc1ead5a9f4aba8b94a698318df8a0c916bc549dfefc365fa180154c5d

SHA512
779af6f7b0c80bd11f0e3ee70f6c6bdb5575ec05c09a3044781f8ef64b6844ca5d4c0d9ae5ee64fefe375d411258d86388c3b133a2fb1553f381bda74228695a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
59ba4f527361fad0d51c7330e575bef4

SHA1
8237f5986b5cf9292a2aecf3182a62ffdcd03d38

SHA256
b8e19109c636eb0bc93ea5821d0f5d833ac1b0f340b105b11576c72452a97122

SHA512
af180c5ada348aef07a34dbe6f5ec9620852f9183bd9061b740bae8a0aca3580c5c9751f4837cb110fb65516a1e5140601a975db1eb5e64932b11aef22236f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
67c399efd38d53a9d8eb3b8ac0acf620

SHA1
c8fed296b0b2435986bf80754f1030761f4d69b5

SHA256
ec41c3a6ef194165e0bee90c838c721cc943e705b2fe7aec53bbe476dc5042d7

SHA512
cfb0774b0cde9dc9241dca79bb766414e5418bdf192c212ebc6ae440eddf3c0c21e4f8eeb91bff326a4f051502d8e2161b3d5376ef966f3639451d08ea3b9921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
ca3135e51f437a25e1626af5d66dbf4c

SHA1
ef0acd292f5ea58101424144463040d49a88a6ea

SHA256
1ac230976cb67e8d1df2f71a04c01bbd7f28bade92f826f23761b2c0e68e2211

SHA512
af5258e8fbac76b2e5de73b4d1a103eeb67ef0e32217f6a93e9f616a02826e4b1f5d50e8041a3b5160725ded08749554e24e098746c67268952b6d0dda0fa3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
b38a5142fec233984709989f10fe716c

SHA1
6ef3afcddc51d9d77c3480da979dec8dd7f7503a

SHA256
89ba13d4007843f1cb0f59789adcb12e383daef99dc0216c21393980f0fdddce

SHA512
0ec210ca59b99cfe8c31d743833f39f2a47ea261a78264381fc9f946ab29d30885856f91ee75007dda5036541fa7cac453cbfd9e6cfa1720f5718a4cd8add4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13382885753592318

Filesize
2KB

MD5
6e22d446087268973d01ed9e53d189ca

SHA1
ec7eae49542e30d3ba35d7d6be5230953a529524

SHA256
75d9ff167d712af24279221f5adc03772366f4dbcdeefa093ca994fedb669124

SHA512
8299b9c162d0ed402d9a2fadb9bd392cfde9842e70a966630900a6959bf1f3a6592eeb214c8ea83fe2905e7bb86b013f7605b1d241368b6e53a266419c043130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
078af1a96958aa30391c5033cf3e3034

SHA1
6d84c10f5393218f5dc7a1cb1ce19cfef72e826c

SHA256
dc601503b205318ea4d1dff89e47557cb99f833d952dc39a2cd28334a867f38d

SHA512
a78ebd492518db63105ac1817207b79a10b9b30f1a137e4cba88770445836911dd87b1bc655e5777930b0abd0795ef4d3b54d3132003855fd82fef406d1fd188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
90211841d5e7e32a15bee40f16790fc7

SHA1
5ac05d4e533e4840561a77972c725fb0f84532d9

SHA256
a18c9ab744c46958b83d3b1a8ffb33b9a86470a58a0ad44bd0ebc733a9180930

SHA512
443892de3b6179c87964ba89f9fc7f89af8439d5db653299198b182b4310e26c3bacf3804a430a5ee155cdf10c4d0f111357133fe06ee318814240d6e45ae439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
2172295d6d0dac28bf6c2cfdbe5aba39

SHA1
36cd7e0ad19d49bd036f385814bf44a100fb10fa

SHA256
595d1affe6ea4b29f6d825f676f4015811a59eefdc3a6ec0aa7a5c73adc9472e

SHA512
1777d88cdfacbafc31d96d89e9241a76bc6cd8102e052fc660562d3ca97ef672b878fbe60d1415f59c111731975cd9e73401fa576c699f76bb05379e0bd070a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
cc44733c462eb308014b30f66ce650bd

SHA1
b7a78cfa568275e0daf3fa1bce263578736f56fa

SHA256
2a4cd2f7352d8b068cd5549bdde791cbc120399cff69f4cf3966a51dda5760d9

SHA512
d00096ca3336313b829b2f536ae402e3830ae6cba6598c448b5180775acdb2bd5bfbad2d541ccf62fc17a48e7c4aab0db9f7a2370fc9e9be9bb53ebc69baf907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cc5a910b-15ff-42cd-8446-283ad4c24ff3.tmp

Filesize
10KB

MD5
15c60bb45bf990bc4e5e93e4a7e2696e

SHA1
1fbb60fb565160a7b60beebbd4af0c8719af2d42

SHA256
b68fba89e5a1a49bf7d36f64315a38d4a7b6691f46b514c8070a9db7a4054005

SHA512
fb0bdfafa37be4d4d0d913eb23239f9e94ff6200a5c2c5480c748949b3febd4c5828f1330f246c53f9d8ddd07dac27f5fc110388d0da8de5393879d3ebfec7ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
14KB

MD5
f64e38cd2726ab39d77369406bb80372

SHA1
880d9a6d02b2ed1902edd88238af578c6f57f909

SHA256
28d7d4ed969f170118997616d42ae928f9dd336064c1b1a2c4d5822e69a30755

SHA512
8262a0769cda593cfddd3c6ff7693ab133232c28ac58e49ca1b81d833f11be856118f040a38ddc8ddc9fe632f00ff769ef1bc543ff1c63626132bae6320abca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
14b60d0b89dfd45531c74d51126b4eeb

SHA1
f299e046f90eef24c834765df8638f3614283564

SHA256
5fbbe9c251ed8aae8ea7efe8287d3eb025bd5d3bf91b12f90056fea889b7f7b0

SHA512
9a2947a76066bb731fb0417a05d57a049b6194ea735d373dca70b297d79924e411941648d1fd644aab4778a372498d3f7b3a6c8f7f0b44024ffe3cfac95fd038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
87e150ac07b8c2151e038afacfce0d3c

SHA1
5033fd042296cf1c3e6e40a39ba34355858cbe82

SHA256
da491fafbf84f8b2e7552459a8da2f392effda03ff28442efb6418691017d87b

SHA512
406ff08e06776a0a217b868aaa0ed53b931a20cb75ac5286189ec9ce066f8e46092f9e6f906aff6184b6975f267d57c55f919396dee632bf88f131a66439d28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
1a8cabe40edcae08a357b4a16dda4a10

SHA1
4b3349549b90a58d3c17a6c89b939ee86f0a58e4

SHA256
c60784437a928ba759bffe7356835da5681631c44441f76a8fa75a90cdd04911

SHA512
daa250e896b3ad9ce750d13632836c3da3eacddcc4e25b904d5ad8256161d48a3785371560320e0c7ec60b642c3b5d661e9a6ead9e3c06727c46bcb7f6a0c6d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
b6774762a5a9b0f72d6dfa87e1b9fd23

SHA1
9b26b79984724ab6d8b11d058bfe9b49ae973954

SHA256
2813e2150c7a7d16f736ebcde335bb6e0f00bb3048bf18ea737c89e1fdb93947

SHA512
3e26802aae96b1e4c23387139709dca418443af4881cb3d610baa91a3f40b7c7e6f34b39e06faa6af911fdc312d4e71da38f8362f7c3413899d0336af9a3ba3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
47f734972662661bc2cdb1eb6e992c5e

SHA1
e589afc58b7c3e983145d077268fce49b186a53b

SHA256
1fe542481a2f291e281d07fc47c51184fe6a4ca4e78005095eb218bc0ab859f9

SHA512
4859bc1c31becef31a3af92a2cd759f58ecb41b78bcfca4ce563ac2d9954fa3b0b2a7306ca3f252485d29af9778f8263fc485bffe93e0d324e00a66363800a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
6e0f678c83ea0f396217d5ac2f82c776

SHA1
754f4010c4fe015063599a90209d10bc8d132055

SHA256
25a9916527b626fffebeffcfde26398cee46d2ed7bcb2b15d384e7df14d83401

SHA512
2bd89b92ac83459946a9e882b6dc5f89f3ada07fa61dd267745a9beea5e03a1e4e5f0cbc199249bcb395c4899ae8fa6aef94308a7dac2cf998815735aed73712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
52ccbd76fcb1eb5ed01f72dce576636f

SHA1
0b69787abb90f642df366e9f66123fa18312438b

SHA256
0de85d337e7631bdbf53c427c935b3a5a2d697aec3cf6ada5bb62750012e34f9

SHA512
9dd29cd2dfd20b6f1ad104b98d7a6218344859184954e30998b3db9cc48419a794cf3e1178e95aedf59cd75bd8b7667536a5ea43bf95d2e16583033fff6e048f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9b0716b2b4b4884f5d6be8cc92d89cf0

SHA1
0b0ba39603bab2bf9fd62f8d9568ffd498570c54

SHA256
3d2b6f2d8df126415d219964b1cf72a25a89dd76805ad03440982f9d433bee4e

SHA512
64463ba4b138f2bb01a4cdf3e22f54cf57023aab2d41caa07144e16b4025d178c7fa856ad623ccfef68a74b660e8fb621a95b35b549fc49fc307742b14cba798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
4d47f2298e27f4c4c6409982b7eda58b

SHA1
46c1f0e88d3b2546a6cf3018d39349dec52d699d

SHA256
2c3cf5c980bf08199f9601641db6c49ec86f1355d8397050cd5ba4eefcec8fe8

SHA512
68cbd554880e97be6d20b874e43cb8efa49e9bbcb89777d0444af0ddc42a259da83308949a1725e57916997ec5c3476d9c1fab6706279258dd58653f02942879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
cc8eb8f3297bb484eefa49ba904fcbe3

SHA1
3b896748def18b76a3c656171dfe825367400bfc

SHA256
34728315012f3411e1e23e6f8238ad803666ab5e4059f38fd39eabd47a261c00

SHA512
eb62110bc95b430cf8c21fbde0a5cf2b8933ce12ddac1f350c4cb3feae6f741280ec542d1c3a16099d20bdc7c6fbd202c310a39be2afc3c310399ed836a859e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
9da21bac5a426dc1983b20e53347440f

SHA1
5e0d35015fd5ef3455e910c443300fcdd982b88b

SHA256
fd1ab2276fe4064d4412b62f7f5a3fa388bf9c596a47b4bbd9cffc10dca0b4cc

SHA512
829f620dfb2a38552260c696270b56d22f1519ca61093b5280b4bba46b97c0e8528b67ef371ae026c11022d847a1a5016b3a8e63b9c55fbd5b048b9549355235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
68bce8d822602ed919d569185e5e8676

SHA1
cecda147c8b5b77ee5d888664a71a8656c3d9136

SHA256
5a30edf38e20cb0f40f7bb66a76dc502a224c988d6829cc6314b9074b02a106a

SHA512
70d47c51d34c9f8d91cce4f05b12efd0fe8778ecf087a870d88570aaf6b629c2d7bfc9b5ae420e2a2f00e15159bc47b6466c9a0cdb6601d9680e97d8232f7ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
2082957317ae998a3a9249add5ce484f

SHA1
88525c98033d6319169788af647131467f91354c

SHA256
b412e30798818b94ab08d4c57f25e6a76515286f2c4231f41fcdd2e698920eba

SHA512
a5ed44410f073d953ab8d48723b93c23b159931ae1c4f8f9ba2f82bb7812fc31cf56af775a89e0857a47add05e5935bc85a7bcc7d17e7bddbf3460743cd8142e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Quasar.exe.log

Filesize
1KB

MD5
ba188ab8514b037519a2ada3cdeb9a05

SHA1
518b6ee233a773b20230ebc226d741961b9bfdb1

SHA256
25effb7a46427c841cf727d6445ed5d8bcd128fdf767080ec1e10dbc8a40bee7

SHA512
fa2ea4f92834e14c5e09ff81c286c1ae7da9de68748a4dcc68da1ee214632386a24b204f4bd6ea71f17ec30d1e0fe8cb456c0c95ee65a07b87c2bef89c6bff08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
153968a22a612aaf559dc116efb0e23c

SHA1
2b267abd6bbe02f613aa2d274367e1a45b29a819

SHA256
5f45a2b9a694ab5a09e548e5f9551beaa511aaf442233b095058e873122d1e87

SHA512
002f9e7ba7d5dc6475bab2a988dae57bcf68b1783063b885fe15db1f8ac45a43b39dbaecac726b8b802ca314ba965c9854bcf03d6eda35bb70e249cfc55ac687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a601b552ccd89aa0664605b0f0dfcd3f

SHA1
65208b0c092e54cf60bb91434b2352fbefbe17d5

SHA256
129ad764ad7fdf54ff2952464330af6b1848485ccc2f5c8b046a5d7241aac864

SHA512
82af287434f2475ef1a764366291889ea255372b43954fd4e428f2deb3059ea007edcc5b479b35eca7769e1756f147053506776f07f452d11e4fea198bc0ecaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a79a8b6bb1efdb6a94697e30241d1534

SHA1
6f1be91c7332ddfa89ba56822ef18a8c04903697

SHA256
64199672d2eae7ae724007534fcaca9372884d630ca788344bbbe3fd320ff52e

SHA512
7ae42dd6d60cf0080ecf6131877b76a9877ecb9d15b29a951dc8e4a9bb52e97039dcfdddab4c7b419ef4bfb051d274d9b13b2acf7de729af05e53cc1bc94d3f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91f91bbccf80116fb991856b11b90fe1

SHA1
b401b2b144b7f840cf3501bd1c2ce0cc82bc0df3

SHA256
0395159e70b6b267fb05e772d8c187528bae975f79beba306b55a2f5a8c9aa8e

SHA512
b03be23cb6771dc67b357d05ac434b39685e45d8eee0bba202829d5dfa48e0d9976b3317534614c9c702d8b86920ac3a500cb12d9fbb039445fe24067aad2670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21a4cf2cff1a749ef649c3065f95486f

SHA1
626d1184f88d174c1c94898f56dc7869cd9ec782

SHA256
d3e8f32c88d787b9f9558afee57ff554358b13acb21ec0b3f59af53df9fb7306

SHA512
0e617af1eeae3c6f08bdd4171bf2992c5f5bb9e542ead957d636d830e21f125e495b42d6795ef2938971df703570785ddb243eef4dcb5324ec27f72c0c04f974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d763118e5c17ca9e403cec64d8c63800

SHA1
26a16041504d356d4cd27034c5035075497262bf

SHA256
51f76d28f992875644fbbce0497122cc342bb2ef3ea70276a706ecd760c97a44

SHA512
9c9b430266df02c08c342c7975459f6008727a59a3060690e05dda94c40075496b54fc37c76c859d892199653fe6d6f0af421c0d4add10b4ae2353f6086c80db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
769a6a4424dacf44de8f8bd0ffd7e2ed

SHA1
28db7ea63e4d403e532cb130049c5f508518bb02

SHA256
472b117b3918a1a19050515fb20691376f4d0313304ca2f9ef27e31ec84ebf57

SHA512
f87beb24491df24a3fbfe03c25daec51f3007d07e0bb9f001507b3eed8627e099ee6040e616a52645bdc8c362ad1de752c5160e88ce6211f304e7e97a61768bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
72ce94c540217af16903e17c38849bf4

SHA1
c3ebef626ce56400ce6ee4387b145a485e922f9d

SHA256
7dc6733e3403b85237a99ed8052844c88f9d975bdd5584f17bcf00ebcb7a800d

SHA512
513a686c9b5e419b844ace71b9e249634264406abf2f6c8926bbc15b808f3c4bd5a720ca5a7ab26bdaaabbf737a05e5ac58fb90148a08b2f26f149076f25689d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
14556f7c5a300de8165aad7c21d5c9cf

SHA1
829ac0332d9faec8af66e624b2b69e7d370007b5

SHA256
ce9233f9e18b2d6fa9a9ebd69e7e07a8066ac6d59c222f4a2c90689d4255a953

SHA512
63e6636b0affed6eac52216262096933b29fd871f68fb049e8731d9efe1b4784e22c065e97caeb29eef4efdde97f28019072f3c9ef9e52209be08bd2810ccb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
f37dd869fa9198c418dc1c92a8679e06

SHA1
2a1ebd54a7426d66b009d274e9885b37fd226042

SHA256
3705c38a30010f473316f27fcf1bb5d6d256ae27bfa5cf042cfec0e25c22408a

SHA512
5fc2d60f8afd1aeab4abbbaf1f08100dd6dedeec8f6eda51627673ded0f4ccd0c30530c9eb157429edddd1c976c9ef63a65ea1c7962a39834a11f07e7aa7d860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
762B

MD5
1c96f9d4853866ac74a58c526b51f993

SHA1
6f62cdaffd76711433be21eaf4eddeaa311a9bca

SHA256
24cc9e6eca7a68e0d913d17489bb292285ee22e8c5775ddcf3576223e259b83a

SHA512
5c6baeb5f44df049b29b68bf33a3b826ad1acf1da625eb103045b89cb40141cb5f22181ef3f3fca919832de6af838be688e187d41216e6959441a22a7d67e024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
762B

MD5
e7573f8c3239183688cce7e419f6ee11

SHA1
9919b02a3198b3f070526947e33ab6b59845df1c

SHA256
babc5297b8f9cb8856d202c18d8c72dba2112bc1e7dbeb5c335d4012cb82d299

SHA512
219e408c011e9d9987ff9a67b8d2514b975b648b88e769a8586d15eb7552c126d246329815af2f3585b04ff2273b9e8f1d5b17aef624c443a086ba3ab9c6cbbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c9feeb0b12442a95837fe18faf8354b

SHA1
05da0b11c3f0d3de8dd175a11cc99c52ce766c4d

SHA256
f5f4af4a001d1e0f41d5e2db7c78dc08504e9a425c4937c5ce7ec20df62ef857

SHA512
349bc4f13910d27fe30205ffad9cdc3c10bb072e07b0a167ba35aa8e1e21dbd4e6d6c1ce1c60359bfde7716a30bec0fcda69defb9d268583b4dd243e3446db60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d49b9392f87bd99ade20ca764ad3a5c3

SHA1
66e4589ba0c5b91692e9d8313e9853a2dd35562b

SHA256
7ce49a157462cc6081cfcfcbcd06f95274648772d08f62645405dd0782b94eae

SHA512
7d61ae0f8888c169b8c2aacaa4045a2cf71b19ad108354f0c495f9909e6a5e0c20f21cf5b0361caf55b6b8ef377545d94afd06562076aea5baafe8ca736cef67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13bf4f4f046cd89f5c6cf8bdf0758f0f

SHA1
7bef5473120123b1a21c5c3de0c27d4ea96767b9

SHA256
94e61b823eaa0ccf82777f8e04a9788e9a3583febc346e4f98a3994ff92fd39c

SHA512
3744b58b86c57283e87eec2bb5b498c4ca09e1931bf9f3ef861549d6f57a75d5d1e1ba3bcdd266dc0e770b613fb5b8220544d6ab2134d3e8e7e856de2f03c5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
843dcaf438e35e8098b4ba00ef79d889

SHA1
ac0355a6628f1326791954edcee7ecef93fe97a9

SHA256
86c6e81cd7ee2f84ee5554fa4c2e8a20793a05f8c21b3de9265416c19d882afc

SHA512
53d40ce80a304b084d951e34d912e6df4994336eda10b368f390510a01434dd6c940ef731f83f204e9ca550297f1f1e24375488ecd6afcbb6542bb97a294cdc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
721a07e0cb2b0832d0dfca806b0ce1c7

SHA1
07f99204b5fdc20b769cf6c0658253414664b7ae

SHA256
f3fa5cfb2321c6ed04fffe7df09b9a2b81aa05e0604a22ed10d10f301b77f91f

SHA512
c6c94716a8707e54f0c60dcd2424a67d726a3f1ac3bf52307f79fa06629856cb39acf56b0b353bf9e5cf1961d9ab6dcfaf3ca02ba9956019bf6d10d2229e4565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
952c867b84a839de7be1eb320bcc7505

SHA1
ed95c19a2bf7d8b92fec925a9e737825015dd3bf

SHA256
c1c02328270f496b6b74cac8a73082373617e8bb378f174bc67b0bb2fac7dfab

SHA512
968ce49a5e1f06e7712fc7e61c0fce125e3e68ac516d8916c5b75832c7402e514cc9e6f4308d2a43be09ae77b6f6b11732c69c22d8c80afbd13ddfdebbe2984a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
853ec3f6f382467212a2f3515134b4de

SHA1
6b68133a857adf63730099dc95b1e883d81746bd

SHA256
f89c8332cd4016a78fef1b38b8e9ca53a2217c374701da8ad466dedfb47c12e1

SHA512
80850035d11666fa7a50eb2415ee0a5a8e9c90d4d1e86337e0e37e9074b36d9875028f7e648183418cfb35b5d2003e78f72bd2d03dd040c1cd2cc684fea74d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
815f9adfe792b859656cea953cd94b23

SHA1
8fb79d92095dab28b6507e9a3503d9c6988e8037

SHA256
129eea1cf71376a86ad005cb32109aa2f4eaec40babf0b46e418a894c31af6ab

SHA512
42c07b50fe6bbe80002e46aea6ed1eb9fe979def8d52a9c948530718ce89b7d35fd3f204bbd3b0fb1dffaa2234fbc531c6b570d0ecbc895b3d225034c1d44a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
950f3477c8d79014a79e072d78d613bc

SHA1
229d4ca44bf27a17de461b7d30580e6a05eb1a11

SHA256
5c2104d060c0a4b1bee9d4ba325ef66f3b744d82bb2a00ae6e03a818eac160ad

SHA512
82a2d44f771154a538230fa9b5fbcfcc9351fc4a40945ef86ef0c34f6da3445a9af483e1bb1dcd8e37b8c30be8f570eaec22c62d913bbe14b1f5fcdbc6e865a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
366df114095d9134c8419b861d9bd540

SHA1
0a2d5ad7857abb326020339408e283a5ba6c3c04

SHA256
14b4cc122a15ce287f6f7d1a7728a7c5e1d7390bf46054ea9448f59c2dd39f4c

SHA512
1b1005678b9c0c0dcefb0d540b165df1c8da2eeaebb7de87a1a586cf8a09715a1a0d80e77523eae2d4948b43ee8d6ec6868fde9a35f655b0577f832a9b2990fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfc739dcf3a996ad3dfad6d040937f52

SHA1
6393d70bf967f95f7192354f1f04f87c2402ba5d

SHA256
a31901fbab3cca94b00f7ad33fac2489f16cb75822e025132efa6dfac58ae4b2

SHA512
1878bfdfaed9bcebfa1e5415158416dec443c0c4880c40a61ae4fcda8b7f74c49ad873d777e8b1f6ea1c52c5c8fcdbee2ca9107eb53a2e466cbaa7ff6ddd5056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
475ef7b01adb7cbb910e659e29b8db81

SHA1
3e9269dd3da16a5842860ba601d09342de89ce89

SHA256
60cd31d3233dd890841a0a8bbc2eff903a70cf21766af4bcf452a5138042fa55

SHA512
da251e1970e890df0cab30e70b79b62b92fca2520e9ba5e51dbf24f1d05d0831c85988a51d0665beec776e37c4df5422be0eaa8fa403db93d6316758f02a5bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
991ef05a1be446829105ab032e2a9473

SHA1
29a2fe31ec3b598d69164216b4b8baf3075339c4

SHA256
f7a41fd1a13ea135326796f700384d450ae5e9387f7c754193212a3b41f24a4e

SHA512
088e8df9200d4f9632c6326dc5f20de2217da9230790118d03c92847161a63899d066155482da9fb40774ba73adc73b01db79129fb95ed7fe6a3896fbae1b24f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f568bf4a-ffa0-46fc-8dad-c300b6ea7ace.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1fcd4ec36722574fbb8d0aba3a3b2835

SHA1
0b5a4806e75592ff88ea7596e426ab6e36ce3e52

SHA256
3c4472e893f45f2288f1401b586f6a6d60f1e630e760254ee51401abb6f2038f

SHA512
cff07fee00c9429659a2b42662f5c78014e734bf1ee5d3e1e7d162b4f5486cbcd54958e616ffa631006651bfb5a1c4af03c260ed2199332fd19fff3e15c5613b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8edaf3d858ce9e16d8220da6bf4400cb

SHA1
d81dc7989116c0b3e5d1dd68852408015f52a680

SHA256
6330f1a650af1c5cb509c77daa464ecbcb04b21a31bd0538f0bb517f0a427a10

SHA512
423994fc78811bfd2ded5900d2aa3ab15b7ac569a1195ad191ff2c21deddf1e6cf61cebc0f04a44141266bbf949668c9685a6ce22477dc738abb1fb62aaf31ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4cab879c6131f9268a66e98094614d7c

SHA1
22d52e542fe16db164133acd19fea46dfc393eec

SHA256
72ae799b068577521bdd49edca7a8aa782ba201e240ce1f8c0c7bf1b369a120c

SHA512
001eb5a0ec1498f201b738f8a697e00c309a543dc86567adb31a5d5b6d65cd0f6959421029d16dc413ecdaa72aed619c0f01a83cc7598b46fbd4c93d66b067a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
928b98251e6ebae6dab22650691143c9

SHA1
99feddb1a3c6097e662646338c0cdcd0d056e8ca

SHA256
40a8d5119d14ad2c4f48dfe9cb1a81f97b05dc8f41dbd8934d98a403aefb3620

SHA512
ff2cbca12307dcd093e830995c4c2b98bd5f349abfb518c1ecd5ebe5dc23026b16f4db2d6e6e9cd0cf27143d53f900d544c309d824e3f3d1510e68c2d9731fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1d7d6b01f9e56b36cf4e18a486cde3f

SHA1
f02d36ee06bbe8d86a5806b9d5c59dc9af1a241c

SHA256
f51571cfa83f2942b6c08718cbd166dfbf58923a8b551a829b7dbeb194a21ee0

SHA512
7ab5659f074c34f5c18c115f4daa2da2f4e418bfe52d3c0bc9e2fb944c1f1821efe6bc9c142fdbae30824298e9f1f73b55e1503cb30759d36f4e922d22db6bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3fe33c71ec1704020bc2f7839ce9716

SHA1
ed22c28ab575d59a38b7a5b815d3850c245e6aea

SHA256
158a00e8b4eb92dc81c5da4a65f31470cd930cb7aa227de65c71c56effc51587

SHA512
d0e32ba1f79df59fc9973a0ac47522f500c1e06f6a3ffeed27d7bc20c6b0890ed7c727b04612bdd47f63edba265a8adb234cefb18550f783481131074a62cf60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Client-built.exe

Filesize
3.1MB

MD5
80edf7bc883cbfaca77ac79de7297988

SHA1
bc9d31e2f26b5d0696a5055c2634b4886f139862

SHA256
485c7c15036da430abadf77ed754a7cbb59be29c04075dca3bece1d4204a45a2

SHA512
3e20c57cb9b1a225f7ecee3cdb7292ef3a6e62f0d2b1d30c3b8ae511743ea5f2ec803497678f7debf5f6ea3425c0764a5a1ee285522b500d8ea462404666ec09

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Clients\Admin@GMTYKXRU_872C1E3\Logs\2025-02-01.html

Filesize
992B

MD5
c4dfe072566e08e4937b52671410d932

SHA1
c70670ab354db0ec9f8eac8e9ba931939740267b

SHA256
7c18749d6c377f70db95acd3f72d636f3f1d886039866523e3045c15b6bbddd7

SHA512
a0458647988a3f88b3d40ff549dc21cbbfaa88dd11323e96327d4e625655cc80c24d8e18a071ae39e07ad1b6cc9fa7d911cc6c65c44061c5bacee236d821a1e7

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Clients\Admin@GMTYKXRU_872C1E3\Logs\2025-02-01.html

Filesize
939B

MD5
62449047b8a0f3a8ced67fe12c030e84

SHA1
fb7751d79ecdbe33a4dbfa871380672a59f263d0

SHA256
8b5f49a0bb6591a0ce34d7d97dbf8d0a6cfa57018448195972d0e041eaa0d0dc

SHA512
c4eee062f7667cb527171f9c5b6dcf1fc0f71b864cb1e2bd9e76941c750aeb9cbd7b7f1034bff44c3c15203f548cb02a688b922339d0f2ccca2a13fb037ce7fb

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Clients\Admin@GMTYKXRU_872C1E3\Logs\2025-02-01.html

Filesize
1KB

MD5
7e0974570ed455d9c64456fba059cf90

SHA1
8851663e59baa6d13b9196925dcc7d942096b698

SHA256
4ac838125630c7140ba0f9aafc79b84a70a4f5d1439271f8b27b668954df3be5

SHA512
5aff25b35c8f3db1c16417b2d763612fe1849181849627f16d4a56c579c5c22747ca932b254c60282c34db6ba63af118c01c2f88cf4c602f3d5081a28650fc53

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

Filesize
505B

MD5
9bcbfea440a55f72d7f2c2e530b523bb

SHA1
6824d1b86ddd88cabd39358b3c8b2f2a54091b01

SHA256
82387b6f3b0e779f8c898ff8dd99ee85d185797691cfa0f37ba8218f197f46b2

SHA512
f311de1de6beb65578324f2469784d78f94fa833ae2de4dc05d61a5a7c92f172cb8eccd34f55568728b523da508326080e9d241eb36e51323a539735fd540ce0

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

Filesize
943B

MD5
b65c076201a2f6ca87eaea92a496a4dc

SHA1
463e677fe8de502b93f361d2b8c830a3418b59d0

SHA256
29b6877a7ef1227dfdf8cf58e1093a9dfdb36fa601e4aee9f3a758a88e234a26

SHA512
01940468815a13e6c05a695fa9be07d2e814d1a89c1f40d0700a8b16de72a9c5c00e829674444074cf4016d037cf55ede2301055e47f2d4a40e4d630e03fe695

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
8d40d0e3d3481f7afcbf942e69b9f6e3

SHA1
d5fbd19f59ab61bbab08dd40a639f27fc7828172

SHA256
a2133d3ab0143770663975a9d829d9a06a1bcc611b58f175cb6f153c69385630

SHA512
d788d334ac9076bd638fec766846fac4427d28679cb196897e75375de47cd0cfb7050c6a484c10dec6bd5eff6e62aef7e9213617c1f738bad491b5f4ab2c77f0

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
421B

MD5
27d2c422ea389c8fa9c2c68260634ecd

SHA1
be4cb88a6abfdc8475d0fa156c6fe1a0661e457a

SHA256
354996585187dae068911b4abeb206e3c248f4e2c08c233c08482c195f556398

SHA512
c34bc477cee51ea58943c74e6d7fe812efd147da268de8821b283741feccbd87349cfcb923b5f08b3988d7b7cf77357b891a1dca04566aad210caac1e4f4cb0a

Download Submit
C:\Users\Admin\Desktop\New folder\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
371B

MD5
482b40c0d7aa8a3d1bbf44e34b4d2ca5

SHA1
d6d24c92b01a2d8a1e9cd5a15669443091f1c7a7

SHA256
40adac53b3488585f0bd0dfc919d7d145184d4b78ee7641d721bfdf141571c31

SHA512
64774f6c520ba1b99c353d79747e78d07dce9220ba9d4a0d81d8abd6d593ef32941b73d7795e1666b0777571bca194d9ac7b6b4394c1b2bde32387ea4ee2f813

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/704-660-0x000001FF8C3A0000-0x000001FF8C3B6000-memory.dmp

Filesize
88KB

Download
memory/704-659-0x000001FF8BE20000-0x000001FF8BF58000-memory.dmp

Filesize
1.2MB

Download
memory/2720-663-0x000001DD33800000-0x000001DD33B2E000-memory.dmp

Filesize
3.2MB

Download
memory/2720-760-0x000001DD33230000-0x000001DD3324A000-memory.dmp

Filesize
104KB

Download
memory/2720-694-0x000001DD319E0000-0x000001DD31A92000-memory.dmp

Filesize
712KB

Download
memory/2720-693-0x000001DD318D0000-0x000001DD31920000-memory.dmp

Filesize
320KB

Download
memory/2720-695-0x000001DD31920000-0x000001DD3196C000-memory.dmp

Filesize
304KB

Download
memory/2720-692-0x000001DD31860000-0x000001DD31878000-memory.dmp

Filesize
96KB

Download
memory/2720-959-0x000001DD31B50000-0x000001DD31B62000-memory.dmp

Filesize
72KB

Download
memory/2720-759-0x000001DD374D0000-0x000001DD3752E000-memory.dmp

Filesize
376KB

Download
memory/3196-861-0x000000001BE90000-0x000000001BEA2000-memory.dmp

Filesize
72KB

Download
memory/3196-862-0x000000001C630000-0x000000001C66C000-memory.dmp

Filesize
240KB

Download
memory/3196-957-0x000000001CFE0000-0x000000001D508000-memory.dmp

Filesize
5.2MB

Download
memory/3500-852-0x0000000000100000-0x0000000000424000-memory.dmp

Filesize
3.1MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads