ad66436fa168ccf679b4dd4a3de077efc9a3b369c506639adc8a7c6a0add1b16

Analysis

max time kernel
30s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 16:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

QuestPatcher-windows.exe
Size

20.2MB
MD5

0ad7e3fe76d96bc828e52f927c1109d1
SHA1

5c0fe013f1ec98638813513ff750c38ec31a13e6
SHA256

ad66436fa168ccf679b4dd4a3de077efc9a3b369c506639adc8a7c6a0add1b16
SHA512

e184b80387132cb39324ebf828b3f9b8b041d84bd29b71a1403579038a9e266741d03b15c4711386f4796dae63057e4864f3f64c8fc456acd9b89943beff0537
SSDEEP

393216:QMNxXGdUTSmaCayriDiY/O2hMUAUVKbUOL6Fcsc3M01vKxnSa:RhGdYoydEO2hGEKbUeQ01SxSa

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1504	QuestPatcher-windows.tmp
4372	QuestPatcher.exe
3368	adb.exe
4216	adb.exe
2556	adb.exe

Loads dropped DLL 64 IoCs

pid	Process
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe
4372	QuestPatcher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
34	raw.githubusercontent.com
35	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\QuestPatcher\System.Text.Encoding.CodePages.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Net.NameResolution.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-MUE0C.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\api-ms-win-crt-filesystem-l1-1-0.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-N8IBI.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-FC4NU.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Splat.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-P2M3M.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Net.Http.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-GNG7I.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-0B1J0.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\unins000.dat	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-QGAB3.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\api-ms-win-crt-convert-l1-1-0.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\ReactiveUI.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.IO.Compression.Brotli.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-5HNCR.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-3HG7Q.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Avalonia.Desktop.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-T4N5R.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Net.Http.Json.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\SkiaSharp.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Security.Cryptography.Primitives.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\hostpolicy.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-72A86.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-2GSPK.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\zh-hans\is-KCSRK.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.IO.Pipelines.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\MicroCom.Runtime.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-NDU0B.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\api-ms-win-core-memory-l1-1-0.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Avalonia.Themes.Fluent.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Avalonia.Markup.Xaml.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Diagnostics.Process.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.IO.MemoryMappedFiles.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Threading.Timer.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\api-ms-win-crt-stdio-l1-1-0.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Private.Xml.Linq.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Text.Encoding.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-BLUR2.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Avalonia.Metal.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-CDL82.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-2URC0.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-4PGEK.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Mono.Cecil.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-97KR1.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-ID000.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-NKK06.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Avalonia.Win32.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\api-ms-win-core-profile-l1-1-0.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\QuestPatcher.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-TLT1C.tmp	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-08JIL.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\ucrtbase.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-97N9L.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\Serilog.Sinks.TextWriter.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Net.Security.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\BouncyCastle.Cryptography.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Linq.Queryable.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-SFPJP.tmp	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Diagnostics.TraceSource.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Private.Uri.dll	QuestPatcher-windows.tmp
File opened for modification	C:\Program Files\QuestPatcher\System.Web.HttpUtility.dll	QuestPatcher-windows.tmp
File created	C:\Program Files\QuestPatcher\is-ODR7A.tmp	QuestPatcher-windows.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1504	QuestPatcher-windows.tmp
1504	QuestPatcher-windows.tmp
4372	QuestPatcher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4372	QuestPatcher.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1504	QuestPatcher-windows.tmp

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 1504	3660	QuestPatcher-windows.exe	86
PID 3660 wrote to memory of 1504	3660	QuestPatcher-windows.exe	86
PID 3660 wrote to memory of 1504	3660	QuestPatcher-windows.exe	86
PID 1504 wrote to memory of 4372	1504	QuestPatcher-windows.tmp	97
PID 1504 wrote to memory of 4372	1504	QuestPatcher-windows.tmp	97
PID 4372 wrote to memory of 3368	4372	QuestPatcher.exe	98
PID 4372 wrote to memory of 3368	4372	QuestPatcher.exe	98
PID 4372 wrote to memory of 3368	4372	QuestPatcher.exe	98
PID 4372 wrote to memory of 4216	4372	QuestPatcher.exe	100
PID 4372 wrote to memory of 4216	4372	QuestPatcher.exe	100
PID 4372 wrote to memory of 4216	4372	QuestPatcher.exe	100
PID 4216 wrote to memory of 2556	4216	adb.exe	102
PID 4216 wrote to memory of 2556	4216	adb.exe	102
PID 4216 wrote to memory of 2556	4216	adb.exe	102

C:\Users\Admin\AppData\Local\Temp\QuestPatcher-windows.exe
"C:\Users\Admin\AppData\Local\Temp\QuestPatcher-windows.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Users\Admin\AppData\Local\Temp\is-O9C24.tmp\QuestPatcher-windows.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-O9C24.tmp\QuestPatcher-windows.tmp" /SL5="$80030,20358606,776192,C:\Users\Admin\AppData\Local\Temp\QuestPatcher-windows.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Program Files\QuestPatcher\QuestPatcher.exe
    "C:\Program Files\QuestPatcher\QuestPatcher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4372
  - - C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe
      "C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools/adb.exe" version
      4⤵
      Executes dropped EXE
      PID:3368
  - - C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe
      "C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe" devices -l
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4216
    - - C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe
        
        adb -L tcp:5037 fork-server server --reply-fd 564
        5⤵
        Executes dropped EXE
        
        PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\QuestPatcher\Avalonia.Base.dll

Filesize
1.2MB

MD5
b975babeee1ffc16f162f3eb6cb6e191

SHA1
9c4d4b70cf9d47e16c5ce911796d3cfb8191252f

SHA256
f44080c695c240be44fd986d9325c8d6b947457693b7b7cdb7f65020f4940f4e

SHA512
87c28a8109790789ad0ff2270b7b8fae55ef0eb2194b0375518432ea6d323de8f18a2dd6aaf0e6384c4a5869a0bc0b599053462820019465e57d77e937864c99

Download Submit
C:\Program Files\QuestPatcher\Avalonia.Controls.dll

Filesize
605KB

MD5
f442b5b66da5155c5fc862aec0bc0026

SHA1
b3005b246cfc0e08153b7368ff8aa86746cd0cf2

SHA256
8e85b28615ca61218f9fd954e80581a306a493e04648ad695e246a51d3364a0e

SHA512
67efc5b6799438b380a341bfd25a3f0b0f1e3e8ced5b685973bf6399d1205298f1d3e06f430d7bd3880301860aed96f5b9075c6e0636be8c460d04fe9626ddec

Download Submit
C:\Program Files\QuestPatcher\Avalonia.Desktop.dll

Filesize
6KB

MD5
6b60079bcd74ca0b95573edf992a5873

SHA1
a5b8019dcac4ecde7eaa808c2766e13e9db8e693

SHA256
a2b3961f78cd81207b2e7ff85499953bbaed9c1a08fb607d5fce9e839213beb5

SHA512
1fb476d3693148277069542702b688491242311afc4f48c477a721654a667825ac41d5e386ec4d33ee0d66d45190ba1e27087d9d1ea1a72abac38e86094d61de

Download Submit
C:\Program Files\QuestPatcher\Avalonia.Fonts.Inter.dll

Filesize
2.4MB

MD5
c3165836445765781539decdd1b22422

SHA1
7f99da34a8cc01ee73136449dd1017785f73f278

SHA256
f222f2bae10bad6c73a0da30258377d8819cd32ec8972cb30bb09076058dce17

SHA512
15ee00ac86e1b1c7cb11f931c947107d9b6ac889a7ff50faeca3fa32cae871f75c44f746e45e750d6e1031eb30f69ae31e11e3feec1c1ede714941a5d78e2fc0

Download Submit
C:\Program Files\QuestPatcher\Avalonia.OpenGL.dll

Filesize
45KB

MD5
b3ffe0c81a0014588cef19bb16d65ae7

SHA1
07b8098c599fd5de6b7e278ae01f2c6af26e7b7c

SHA256
fd917c4cf5d2f34c5251d759887d4d81fbb23177595651c547d7c082382c9bf6

SHA512
463b278b3ed8b8260676b98a8c191b03b993fd3c42872543957961cd7eb02057399d5abc0b5230523852aaaab24811e00ad97717411ce3dd8704a6dd1fa0766d

Download Submit
C:\Program Files\QuestPatcher\Avalonia.ReactiveUI.dll

Filesize
16KB

MD5
73f84ad23b8958625d0c43a4403d65e4

SHA1
372d181fb83fd403d6275ca3293a33c096c61b3d

SHA256
15da557fa2be0fb41e40e86094c1cda2910553c4be61cd7c2dcf64fc158901ea

SHA512
199cf3211c428e238dcbcdb662112aa6a33065b5f9dc677602ee3b3be86598c171a288beb1dd51ef81954768871e7ff06f232cad14def766bff6da54f6bce856

Download Submit
C:\Program Files\QuestPatcher\Avalonia.Skia.dll

Filesize
73KB

MD5
92a7fec9a0cc542342b80338c9be09f4

SHA1
5c3e13854d60ebaead560f5dbaa26d3a539e7932

SHA256
7999ea35f9241d7c81d62d5ecc06a90c1eec3e1ded28d19a21021158389bd315

SHA512
a32e977bef22212b57b19a5dc7e95bd2442f5d7bb4071248c069fc17b209c14ff59b8e8654f393473f19857218b7ea357eb22d0ab313f915f1a3a00d16ca51e4

Download Submit
C:\Program Files\QuestPatcher\Avalonia.Win32.dll

Filesize
404KB

MD5
cebad238e73d69215677d0f14105c952

SHA1
3f803a100939bfafe492e10f03db55a25f4c6708

SHA256
7e6a068bc46bee977d43b2e1f8bf14153e9d9795a92226233f8fedb2116b136e

SHA512
f542ea40687115726b27362ce1e0955ebd42ec3cd61eba3cff38a2d0c6fdb918b9fb9b1d56ed0aef43e2ce00b18b4c8c722c0c680ce84b05a04aa3b4f18e78f6

Download Submit
C:\Program Files\QuestPatcher\MicroCom.Runtime.dll

Filesize
14KB

MD5
c27b01d179ab856b42e910496fe749f9

SHA1
448412817480d6e20ae7eb2ff9250c69ed4ebece

SHA256
59839e18e46b06ab23b633944ae3c3b552a300c5da389da870dfa980bcef93c1

SHA512
30416fd4bf5554e6b575aff59787ae1078bafa529c36cbe51b05026691851a0824ab648d4d4d2ca4bd26ddab680eba95595e9cd80ee63230abffce799b36dabe

Download Submit
C:\Program Files\QuestPatcher\Microsoft.Win32.Primitives.dll

Filesize
8KB

MD5
6c732b80cbab757aa251537c13466657

SHA1
cc3845c89ab9fd984836a48cd0eb76f658638cd4

SHA256
a7ed820ab441119b5ae1d2d4e84dd395e1b0d2b19c8d3c85aa87cc144ea1da75

SHA512
5db884396b8f97358d8ea3ff41518535b8e0229b175b9a3ec6a93316364d07173fd3932756710184efa717e811eb071f7e3b4275bea226dc1becdc5aa411a09a

Download Submit
C:\Program Files\QuestPatcher\QuestPatcher.deps.json

Filesize
81KB

MD5
73b73151b28399574d0dc7e94fdd526b

SHA1
5e7f9e8dc9b77fc1e97dbc47c9b7d73f1d127f8c

SHA256
6b84a81bfbbd92313f99aa5854f13e4940427ac8ded2a547d0a4ab50a55e6b21

SHA512
18724abe6ed1f83aeeb38b2b94be05983e3e5887e716fc520845a8e4312b42b92365d7569111fc85a9c9106358a10fdab4bcdea8ab96b067c75efa55841fe5d1

Download Submit
C:\Program Files\QuestPatcher\QuestPatcher.dll

Filesize
732KB

MD5
d59032414372108035109b680d278eb5

SHA1
5fa375f96d7fd7c3d223fe3f0e7cc55c9e995976

SHA256
4e293f3756eebfcebd5b941bb7fa92ca6b100b64c27d8abdfcb6c364c752631b

SHA512
ada1c8ffd02667fe796141e306fc4f378243c7ccbd46c64568651e73b5f338ac48a370269aca5afd0d09b43fd10e526119e65d8ffaf330834ff065519bbe4a7d

Download Submit
C:\Program Files\QuestPatcher\QuestPatcher.exe

Filesize
245KB

MD5
a9e5d3252dca9a91f7580503b608fb98

SHA1
a9a62908b360928a51e4368e70adb0bc3c6efb49

SHA256
c374c846989c3167544359077c3c44d875a9866ce94da90bb3878f633aa274ec

SHA512
c7afa4702db6177e93eaa73fc1a17c42d8142b4387fef6c5d73dec31ee5ffa65c06891f1e3697ad5b6556db9b0128e7729c2a83063f769877cf6fcc00fdaa9f9

Download Submit
C:\Program Files\QuestPatcher\QuestPatcher.runtimeconfig.json

Filesize
1KB

MD5
abeee8b2576d2a6e7d80971b660a1b2c

SHA1
213e6c45fc4cada8a01a5adbc337dfb9adca9cb8

SHA256
14886875a288ea5fef2c2fc7073664e919cd95003bee0b71e1fa38fc44af864a

SHA512
873bbc6c0180efcc115b7048bbfbeb901dcbceb8828b8e8f4ec689abac69440ac1c116b6622df96ff4b10e9128b2b0a4130941302590de8ec78baa5d30fa4484

Download Submit
C:\Program Files\QuestPatcher\SkiaSharp.dll

Filesize
95KB

MD5
e9e7a3d240dfbfc13cf0da665ff9ef0f

SHA1
e72415de4205da7d768b1e310f764f0240586121

SHA256
f2b74631129cbc8f8bc24c8daeb86a5ba48625d0315d596bbc45e9bd1c98f2f9

SHA512
d82a97bb24c72de6c00c0948ae84f504fb27ce2c103fe408f34d9bb982063f54301a9d17f2f2678297e0e7a9f9f42e38ff924edc360358bdbbaee07a041d601a

Download Submit
C:\Program Files\QuestPatcher\System.Collections.Concurrent.dll

Filesize
39KB

MD5
58fce99f306b57dd148494fd8a0cfc67

SHA1
733993381845bb2dd97c88f3e2cf9062cfa4f6ac

SHA256
582e43e0795e8d6bbd20935b2495967b9001f543506b80e8362e823a5df49fa0

SHA512
e50a25dc1d643842d5da6b01aaadc3efb8919c3711bcebbfd1804ecbe07ea8cc5501762184caca8358e8e328f4b17c1249682eb7c3bffcffada5e4f707705084

Download Submit
C:\Program Files\QuestPatcher\System.Collections.dll

Filesize
59KB

MD5
58b2423e9749a3d28a91585dbd024606

SHA1
abcb44f73fee32663e4a9d72b4b47f6f66df762a

SHA256
879de050426c0ab5313e2172bac7f98e73ec02c8ceecf3c574a86552c7102a37

SHA512
a9b326cba00bc924f16f7a0d14c56b0a9d17ed0cd5f0e8f117fbe555efb30c9363b42fcc49fab60a7135e2d4cd24d5d2fa66884446b9815f8828630955e79c4f

Download Submit
C:\Program Files\QuestPatcher\System.ComponentModel.Primitives.dll

Filesize
15KB

MD5
9771d139e083fb1bbf9a397cf9afbcb8

SHA1
3cc1c37fe889dd9766bc819acca304632c4a986a

SHA256
e23a934cdae87340fb9367be599639e68ca5223e078f5c5505a663dc5368bb2c

SHA512
0b9d2a4e359f45d6a6e20f2d3166f18b9eae6214c10527be661083a7c11da17d3702f6721c2f3dc9e3c04a9191877de57dd30cbd36858bb07eae7e37c64b69df

Download Submit
C:\Program Files\QuestPatcher\System.ComponentModel.dll

Filesize
5KB

MD5
02baf6ec8e4a39c943a78143aada60a8

SHA1
87b8afbc61e5f942b6bff9ae248d049668daec39

SHA256
7e4b16fc4beac003d245f46f197ec0437391ece80f8320deb04590214792da71

SHA512
405df7e1f240916eb85ef954c2cf98de07e6bbf53f60b16ff3fed377dc04920d7fc4f4e41ffbf2175f681e574f00cdb7e9586a974b9a86dcc79535f545eea26e

Download Submit
C:\Program Files\QuestPatcher\System.Linq.dll

Filesize
84KB

MD5
b5ad4fd2db9a31fdda9009c0c9c0aab2

SHA1
eee572e0d233cf52971f36797ed443ed4f281283

SHA256
b4324eb340dbcea8c0877717f7bdae4faf2d7614c35e78e2c04118a21de5e96b

SHA512
a8548433d4ec7a5dac6517240ba11df1a72a554b6c6eaeb00e3b1b60d6038b96e39c46bc1a66eb098d4a3bbfaf1e775f8cdb21e297664d5dbaac695aee26cffb

Download Submit
C:\Program Files\QuestPatcher\System.ObjectModel.dll

Filesize
30KB

MD5
1bc92fa6fbd9681eee6bf35ce2bae3d5

SHA1
424d5658fe9df5d212f571bd9b8e94ca2909934e

SHA256
040a58631c05c4d0d3efb47fa6b703c1df46e729394f79f6cf8dff6d02a7edbd

SHA512
3550d6fddeed856b92ce0ba1840f72d04e02ece1315bc4e81b035c02d6fd818c3540c29b4ce1d448f55915735d956928ac9ba53427d76a9f5cd4997e6fd1193d

Download Submit
C:\Program Files\QuestPatcher\System.Private.CoreLib.dll

Filesize
2.5MB

MD5
5caf87e6d7b468df745697becef3ea28

SHA1
011a21da6ebf043c4495c3c7d1ebae2bcdcc6098

SHA256
e73934b01b3d930be8eff248c0a099f0929fc883a06bfbfbcdd5b51a9a828898

SHA512
59715894a3bc085fc18e6c147667207a2d19d9ac08a1bccd6161bbf0a58f91eee8891c7cdf5abb84e7e21c175acb4ca23bd9106606e32f9800ee8cf4ec5dabc6

Download Submit
C:\Program Files\QuestPatcher\System.Private.Uri.dll

Filesize
80KB

MD5
dce08e5628631f36d6a09b6c8dc1526a

SHA1
bea0e290b46e18bf02dd84f4ded08bb5e22fe26e

SHA256
9cb6b3d4c1bee3651dd797559704fe4b8491a1ecdc55ede49f32c39134a1295d

SHA512
e5f79416b3399302b58a7283606e5826e50b8e055926aa4cc82071a76192bef45c306277f1aa4a9f5bf42c0f716a511359b41b228320d1313ea0d6045bc16554

Download Submit
C:\Program Files\QuestPatcher\System.Runtime.InteropServices.RuntimeInformation.dll

Filesize
10KB

MD5
079fde4b8d8d9c66cf46bd55424887d7

SHA1
c1de6cdb9c4d1d2612b43cc55a539c1bafe99401

SHA256
b78e75b13f5c6b7442a18f137e9ce20efcd0fe43dcc162e46eec70fe887e020b

SHA512
8503ea9a5fb6bc39d3404a44882619b2667eb6f2130568d03e01541334803b0e9bf785f905fcbc8d436915085091d7e0d8c00142fb8a5bbd94702fc6116783dc

Download Submit
C:\Program Files\QuestPatcher\System.Runtime.InteropServices.dll

Filesize
8KB

MD5
4362716e761947578ecfca473666d1fd

SHA1
b32c2960706041b4e155f82a796d3c02847f5cda

SHA256
2610b10956f0cb6421597f662ce913ebb7c3f9240dcb0811a115ca0dc7faaafd

SHA512
77446145251c27a19c7072ae6e555f0bccad8ea01c01dce172085eed51bb65f70ed35fd98f32d6ea1e62875a457845a93d584f0e0fba50f09e3cc01f90102a5f

Download Submit
C:\Program Files\QuestPatcher\System.Runtime.dll

Filesize
15KB

MD5
93faca87a68a61eb3cffe40d2bc9bbe2

SHA1
6beb23bbf462ed4041025a390923fe78709656dd

SHA256
e2ac0794b93c57484b7fdd35da43edd18efc3caae4745caba9dc6afb4259b0c2

SHA512
8d4811d9669438e6e89f61476fa4fae0f4f098f8cc9d34fba8e704139056a6757c8cfdf27726934fa9f18e79e0a6d5cfcb8911745291cc65f19a11654b1e5cc3

Download Submit
C:\Program Files\QuestPatcher\clrjit.dll

Filesize
1.4MB

MD5
85ce04582025325b5e38f8d4302feb12

SHA1
fd61e76c72739d49ee7a4884ef96b1afbec1cd7e

SHA256
ef61ee3ed1e3dc1399ef769a4965a80bee495c46458b29cae18bb41379d7435a

SHA512
d4c2027cd2fb1fcc697112cfbc50742fc2683e64071951e14ec9825873b1ceb08a5842db683d206945bb787e1c28a3147748824877b0f17ebb77ea0407481314

Download Submit
C:\Program Files\QuestPatcher\coreclr.dll

Filesize
4.9MB

MD5
27f0945dd6598e491945b13d496a740e

SHA1
e945b17814c433ec4bbd67c1d1f1b225b576d7ec

SHA256
2ec444fff50a2c2c9f387ee46ad3bfb971880d6f3739152689d9e55552c4cbe7

SHA512
da464ebd841527f0fa579d866b3f00268a2deb6f062d2f41fb51599c24309e7afd67cd01f882d9188a44877ae3bac72a842909eed4fe5811254ea64236978c33

Download Submit
C:\Program Files\QuestPatcher\hostfxr.dll

Filesize
366KB

MD5
7a6cb049ef08bae6b0ae2290c7bb382b

SHA1
cbb75f6a400723469d36e4a105de5f79169dffdd

SHA256
0146e0888c21e8fbe66628bd664c08e0283aa2f5eeb00752aaabd91b4afd1b76

SHA512
ef2553ce60b5a2c3c193e325ae9412ef817af3de1205acce449a2050184933c1928d36313c33e5ffd3d7ce73b73e59fee4b7d3fefe0f8a9c5929fb87307076b7

Download Submit
C:\Program Files\QuestPatcher\hostpolicy.dll

Filesize
383KB

MD5
7fdc2fcd16097614a67cc60d6a6ebb3b

SHA1
2cbd3985b7c2017ec4e1818a192db4979eb4c68e

SHA256
f786d5839f5f409b4028b304e577688f1cc115cd5cd5389be41e4531ebb3d244

SHA512
ce7d939dd110b55a1d087d0dae91bedf014718baa3a6eb60c2dabebf9137d0e1742b4a7af0815885487225887d563aa3ec5126f69dbebb516e85c9baf5aa0a3b

Download Submit
C:\Program Files\QuestPatcher\libSkiaSharp.dll

Filesize
9.1MB

MD5
0c8068859d2a240b9faf5c51544fe666

SHA1
f8a24d7918f1151f8d10dd606c73e5cd530e30f1

SHA256
4157658aa5b75683e01953df4bd5cd1cc9ce313f4eed026d5fce31f80f4ed7ca

SHA512
53d3c4d4f2d9cf24f6c97924c4ec33865e7a7bc8aafd39b0b65515395fb6e14525da435017e6e943f9dfd00a8ef319b880b73197772fe814b06ceb32f9185fc3

Download Submit
C:\Program Files\QuestPatcher\mscorrc.dll

Filesize
143KB

MD5
83e9392df1682a9655db98ab65231d91

SHA1
d54f8eb699474b95c2e09b4f3eef2ef688404367

SHA256
f0e1ee0df485bf507117d704f313b4ea1d73be14a500b6de2d636e5dd3816099

SHA512
8a4042ed32a39a76cb8fbaabac50e31e04d0e085c25baba10e234e47a7dc57705b94ca8f0f8e33665a3e0bb0266416248c435f78f09319fef2825cae6960ad0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O9C24.tmp\QuestPatcher-windows.tmp

Filesize
3.0MB

MD5
0c9b9839c2352997c7233de5ff0114aa

SHA1
3619582f33c584ef2e7f249b99172c2dd84b1018

SHA256
aca97bd2db781bdd0159eda5525b8285836882be5a66ee7f47d5309db4abfbc8

SHA512
c6c0258cb3d9b65cf53399c3a8cb0859c1d838bde4e1699f6b07ea890947cb8605fdab3acdc84a053058ad363d007988ad0f62696c72537ba690a876d9e256d7

Download Submit
memory/1504-9-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/1504-6-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/1504-471-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3660-0-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/3660-8-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/3660-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/3660-472-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/4372-426-0x00007FFD4499A000-0x00007FFD4499B000-memory.dmp

Filesize
4KB

Download