Analysis

  • max time kernel
    505s
  • max time network
    502s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2024 13:39

General

  • Target

    https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.178.55:4782

Mutex

ab76f5ad-f7de-4353-8bc6-3813fdc49e70

Attributes
  • encryption_key

    143C5DA04AAA598C7074C462FBB65D53601828BC

  • install_name

    HappyClient.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    HappyClientMOD

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 5 IoCs
  • Executes dropped EXE 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff93cf6cc40,0x7ff93cf6cc4c,0x7ff93cf6cc58
      2⤵
        PID:4544
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1636,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1632 /prefetch:2
        2⤵
          PID:2808
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
          2⤵
            PID:1400
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8
            2⤵
              PID:1100
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
              2⤵
                PID:4260
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
                2⤵
                  PID:3064
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
                  2⤵
                    PID:1168
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:8
                    2⤵
                      PID:2404
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5000,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:8
                      2⤵
                      • Drops file in System32 directory
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1868
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:2572
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:4696
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:1884
                        • C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
                          "C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
                          1⤵
                          • Modifies registry class
                          • Suspicious behavior: GetForegroundWindowSpam
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          • Suspicious use of SetWindowsHookEx
                          PID:4692
                          • C:\Windows\explorer.exe
                            "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
                            2⤵
                              PID:1456
                          • C:\Windows\explorer.exe
                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                            1⤵
                            • Modifies Internet Explorer settings
                            • Modifies registry class
                            • Suspicious behavior: AddClipboardFormatListener
                            • Suspicious behavior: GetForegroundWindowSpam
                            • Suspicious use of SetWindowsHookEx
                            PID:2192
                          • C:\Users\Admin\Desktop\HappyModPC.exe
                            "C:\Users\Admin\Desktop\HappyModPC.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:208
                            • C:\Windows\SYSTEM32\schtasks.exe
                              "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe" /rl HIGHEST /f
                              2⤵
                              • Scheduled Task/Job: Scheduled Task
                              PID:3964
                            • C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe
                              "C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe"
                              2⤵
                              • Executes dropped EXE
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              • Suspicious use of SetWindowsHookEx
                              PID:4152
                              • C:\Windows\SYSTEM32\schtasks.exe
                                "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe" /rl HIGHEST /f
                                3⤵
                                • Scheduled Task/Job: Scheduled Task
                                PID:4480
                          • C:\Users\Admin\Desktop\HappyModPC.exe
                            "C:\Users\Admin\Desktop\HappyModPC.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:3088
                          • C:\Users\Admin\Desktop\HappyModPC.exe
                            "C:\Users\Admin\Desktop\HappyModPC.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:696

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            529b4fb6ba9ab8ed4081b6c8cbf53b21

                            SHA1

                            2bd8e5c67dc53d45cd746ecfb20f30f761ffc4fc

                            SHA256

                            cf2345a2915b222d789e85f6d8df29431932beedfa593fa896186ecefd6b51fe

                            SHA512

                            0dd15183a9534d8017aac8423146a61f9157b01adb0827b89915ce967fc43455a61bb7966ca69eb76f2ee8d9f53c3e362b2cb632161c6f8f1e854e5ce7f0f943

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            db0d334ad7f1ca46c968ccce301bc6ce

                            SHA1

                            a36cfb19ab0fe31322e5e32525dff0d280c7bea0

                            SHA256

                            37839f0ce562ef17f4fda90bfe5d9a814148ddc8fa60d608389b70e936a70145

                            SHA512

                            8c21b956a0a7626d856276e7d7a7f79d8fbaf2fbeef3250a9d431f87454e25f3f5d403951baa3df73d5a97d1105f9f93916363374a3971a2d743db1588a330fc

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            af6cc8e42b90ef5a2f5445ed89f21c1a

                            SHA1

                            3812f7516d2c36830f18fa6e552b3be928c7c9bb

                            SHA256

                            0556abd7a3a1ac304b005a27cbc23860a1e68378976a9bae49dc2b42761aea92

                            SHA512

                            77b9e6a3d8713be6361d6d77dcf2dc32c47c944238faa2f5a9470c1c932fe87d9975dc989f2d3f18e59658843faf02ee006bf177bf441ee29f53134c1f5041ec

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            38a40789fb524d1cbafe1156a07ac848

                            SHA1

                            53d98b68dd8025fb3d4eb9cb246c848e1dac2934

                            SHA256

                            4f53ce9b79b3807b531e3f500833fadde3425a431f291dff53a5b25d961811ae

                            SHA512

                            6742461d0e0882c68f4d9683078372ab7c63b7d7a16ac9aaf3e8d3b7ec1428b966f08a31fdb7e35dbd733f3cf5a1e2600fd9d5d2adbb234b3711f832e4b8ca75

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            523B

                            MD5

                            224f6ffafa2a60f3414d889269cf446d

                            SHA1

                            5d9b85493aa64f1bf480a2de31f4cf4919b3f482

                            SHA256

                            fdf95d052168b9e2b73b9aba215e1787b25c79b6970aae4f7328fa16535a3f42

                            SHA512

                            024f365db27cef7a4545aa659d3e5a006fdf0851d37e2496ea98046311f69421187209da66e72a139169c0cd5092238b9b51f3225a99e9be7380ab8d77d73b87

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            f7b2fb5abbf2ce24373fdc14eb5d8ab1

                            SHA1

                            9a8b7c0569e8993db2c43f280fc50f38c5a5eaba

                            SHA256

                            6ea03cd2a6c9b116be92b910da706dc73f892216bff5436f4f08aec9d7d50470

                            SHA512

                            d43cbcfb62bef3c21236728245d948d9fefebe9ae9be4480b45f3e71198aeeea2b980b9146321857b33e11df18494aab3f33adef18c2a54828d500fd40a1f66c

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            e75e67c0dfa7c510703fb3250e79e166

                            SHA1

                            17a0c5d1c04acf54dece3b3d4037d610645045b5

                            SHA256

                            3e889b1d4b9d13ac81d4285b9898ac4255f30465ee89cb6fcc775c63602b6f29

                            SHA512

                            adcfdf76bfb38c4dec8a95b217422015a9fccb6aec351836521e71b6c74d2ea679b850b935dfc7da48b9c4922df0bf5d448b1d6cbffe93a8e0d836313cd89dd8

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            347a291f5706642fe2667cbc84377d95

                            SHA1

                            c208949fe79dc3e906858593c7829798d02f12e6

                            SHA256

                            51b1833eaa3463c29d3e54287dc20fb32043e23684f842b50406274f724b9537

                            SHA512

                            2d9bd3e0ab074ea11e7e8f1e4a8beb04d0aaa5a1a39354b2106ae0b5ccac9baeac75403143bcaf614c90a988af7e7266a09861d8a06eca6813da34ca695efd99

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            5ad38385762000463ecf076b3baa9563

                            SHA1

                            2682c320d1cd7dcac922fc64bd8b231411d3f392

                            SHA256

                            f7c2198ceee0db4237d4b3aa174ec74c20bb8e5fda404da50001a474f85bbacf

                            SHA512

                            4f8f7bef152906b883b79503b2984dad38f5e0d4c480fe4c4f0c76300d2495791ac4e784d604adc790d73629a96d900dd86eba2aedcd7f8ee39a6605912b1c77

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            9cbbda1aa50c1393ba7dea1945456c1d

                            SHA1

                            3fc3fb6cc3fdd4a75b4728e7c26cca68f315a6e8

                            SHA256

                            64a79f98c5451f778a06240698243878e306d9b26f40368c3db499a44b072885

                            SHA512

                            78629a2fd80623a55fbfa20bf3ab2c8f9a7cb24c7a8b1666461fa254630a91066ff2452871db84f283691da775d7c5ff22f71c6b2dc24c99b77000e2f09d4c6a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            b0f73f519c3aeeb069a3780d5fbce4b1

                            SHA1

                            dece0014c856867e8f554a211359074d709c4e0d

                            SHA256

                            38dc09d58b4549d71b7df32c25a076428bb6293d03ab53b354da13f1039e60ed

                            SHA512

                            b161a1a5869ab4fa7830a266ce6455c9656ea30fd1de97c8ba4a5247c6f4464ffe20c51b4bcd878b668101fe392a5abdb5da273718b148f07e8052738fd7b1be

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            43ec14a2c4e9acd1a9f95a2ce799494a

                            SHA1

                            8e681ea8ec09394337c0bade70eefcbfd7461828

                            SHA256

                            4c2ea4701464f15177afb1ebb377b922522af89b56e805ff52433cc5f7e58c56

                            SHA512

                            273d950ceb7adde1f2c696522781e9858ea9b6321294856a13211a4ee1f0b855fcc30f0f247c3b557be00b5d5122a2f19429afc7bb3b4221536b162bd57aa1f4

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            ce83634ae731eaafd29dc921bb4babb2

                            SHA1

                            088f801b024ebe90d349df5a7737c0195ce40a4f

                            SHA256

                            b0d18196f2760e8446c6a0508ab9a68a79a60bb41ff253826b60c4640aa22c2e

                            SHA512

                            b03f02ff67cd22aaacf88ab07e52289dff41fb122047f4d1800218e1aac75745c7ef4e0c662ffc13f1e862bad46e16bd72f86a95ee5c1ad03d1ba6a557037f85

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            f9b1a21aa51117fd5dbf2cf32bfa0f0c

                            SHA1

                            3a9ce0d1ef1474677ffc666b98ff152c8b942b32

                            SHA256

                            0e2d6269834e7d48cbaf35d2bc400374083197b3ca2fd85bc9b362527d5363be

                            SHA512

                            14fb91d03e122389873242cd9c05e696a587bafbc301c20a656cf73b33518963270ac7165ff057b7dce79a7af64a387f0f6e4b0ef509c2d669b327b5911a4123

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            1c00c2cfa106aeca68d48a6fbf617dfa

                            SHA1

                            45411efb61c69589dcc9941730dc047c114fdad2

                            SHA256

                            44fe4309baa0b14a62878ce46f60fed903ef7cc3f2677b1fb85855354d5a78d1

                            SHA512

                            f0426fcc49164bd781b35a45353f90d6c0af22f8739bfe45b6307cc990270b631f9333bf265bc93f7997c0ed459fd0b6c307da00aa762cff41cdce9a9ee06a3d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            e23a66c8bf3df379e26e59f1ae5f51d3

                            SHA1

                            ef42bc4ae873ced657e00d78c745067cb8a85f76

                            SHA256

                            663cf25e0272a97341011c21bc0f35ebe3496fdd25f7732cf6dc1284f4de4ef1

                            SHA512

                            9b845ec9f21b055851858b9e30a4439ead5a89f32413c085c804cb01494a102889cf404a3d7764c32e50bedb3ef7203d6fd26e1f1763b8156927c31ee859275a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            813f9be7e29e53f395c08274645dd57d

                            SHA1

                            d47b359739020ed0716f865d15353f41a0ac3620

                            SHA256

                            2d70ff0bed1d338ce324b1039d07f097efef29184b491f0f0152aa28ace8b7c2

                            SHA512

                            38de97eb19581bc7aaf1fc12ec3b84a309e37f96f31f8d7a5ca7613b21d7cd04da1e9a5325b8556b63318c312d2c8e8358ddde683b5286286496f707cc2cff48

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            c04d036d15250f4dab6d4c22f61ee519

                            SHA1

                            a452057a018b5003c6dcf1dd8a346fe30f43cf49

                            SHA256

                            0e0accfbd997f13b7702fb5ae10dea0ec2e0bacba02dfcf315817c1c8c591ca4

                            SHA512

                            d96464fdc2f47705ce67c9bc2e2d5835ceb76efd385741d21e29bbd2826a8abff0a875e73f8877c739c585816f9e51742f81c45da4b000ad883ca294ed215a10

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            610ffada52b170ca1537410f0d5bb5f5

                            SHA1

                            386d6870d0b35b0313e13cf007ea9916f8257d89

                            SHA256

                            a92c7ae7198d65c108922ec5ded0fa382048e175aa6c50dce33b199ef63c1b07

                            SHA512

                            a9926dfe070de4f7b72875c6d4a0809af2d02c4941e5513e76c63fde6aba73d4dd903c64a0e9fa90a007536d7dbbc0971d2542ea7017f0a9d1bd2ffa40238a0f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            9225eb394b2ace4464634b6520535671

                            SHA1

                            dcd0580442318f307250628f9ae9ea91d4f56df7

                            SHA256

                            c33f682be4c76050664798e1c2ee81db0e28f1f1b25e6c2f065d49d08f5510b2

                            SHA512

                            f07751d46e22822ce53ef0fee31f0e69a20ba397980c421e3914339ff845a5ef926ab9e69021c0e54112c1b15580424b22fdceebd4cbfb42f790cfda469df572

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            eb251866080e8d4e16937edbe1616f2c

                            SHA1

                            1a2745cf8d80ab5f5829a6e859624579a3068adf

                            SHA256

                            9b4cd50cfc8bfcbdb224972d23c6ac8affc4ca0d7918fb9d1a5907796bda3445

                            SHA512

                            46da5cab7804ae7148c33142ddc9053311005688bf8bf128f2703aa74d2e6fa1fdd1a397bdad0ca51fe7f9dc47cfcebcd293887accbaaec2b45579cda765bd6b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            1836b33a14cca3126e5ada8e4754213e

                            SHA1

                            6594572c4b7c1b3be6c471f4c5f09719aec9b5d5

                            SHA256

                            c5e249ff7345e1ba1113ce7f2ce064544cdbd12c912d303558778f270fb38190

                            SHA512

                            4b71946190f3a94ececd660be3b1bd1491fa5e4df7049ac948545578c8cb0c8ded05f0c2b09a48625b3d04729ec0a88a019d563f8de2c2690e33a4df0fe4f0ce

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            44778e74d85822fd455e6941b9743473

                            SHA1

                            0bc890148943d9205a8ba91245ffd952867271f3

                            SHA256

                            d363b89e66a51459a049d80538383bf4bb96424f165df4d6c61db94aa233cde9

                            SHA512

                            7aeab92ba160375da9b3c4678b2ca2d16aed38cfdb18da04fc18bc89dd7d276ef36e142b50b05715caa271ddb27dc339772611f076d55684e4fcf8e03a970697

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            970802a91c06092e82bb49c83e05793f

                            SHA1

                            f5a9c2e9fc882117d6afa1a8041e73530550b818

                            SHA256

                            628e90f881f8cd7845111bdcf837628b0ae381d8c928c716a09443ce161b4083

                            SHA512

                            6a08e0a73c8bb4543ef2323e88da361055eda2ef95c46cea27cd663cafa3e13ccc33c0b3cac115f5a77c6c9a3c9f9f537f226a8e69a84eaed903f15377cd8312

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            35da26a6352c07f5ffce1294c1aca3da

                            SHA1

                            494a108a520bd44a65339dcbab60c2ba8718a3a6

                            SHA256

                            58b060e4f6dd31bc96f6f54ad527a9f4281355f9c88dd65ac310bc6f435ca720

                            SHA512

                            201439498150a094eabf1ed9a8feb91324c6370b088962a03713bb52f371822540233308534e3b2938e0cd02cbee352c711732532c56d268cf2aeb0224bd8117

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            47b69a9a77cd8212ec6986ccdab41fba

                            SHA1

                            cbb1145bd8c91c1f4cf4d7424aaea23aa2f4772b

                            SHA256

                            f341c2823027fea1a68c9f6ae765810bbe097f04d881d30f8aa2abc57010430b

                            SHA512

                            110f7abe73f9fe34ca526f408aac364750591be43a58618850d11c967e25a2a176aeb3f0daedb77c4e99dca473b20897b86c3869f98ea16ccec3276c82885c7b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            0e9b40d5aae93c9a98aea0f35d25ccde

                            SHA1

                            c2b44b77c572929dbec35ea4c290c4a832b78533

                            SHA256

                            d2941b0381156694ff5aca86cb9e968f50e3cdbfcdb82b810bf801d4edc4a72e

                            SHA512

                            7e6973813f8a2f180b3ba81526f2162d0799abf938772df701e373ebceb99e24f5bee48889b76ba2de6019f75c699a933358379af5ffc8e3db1dc6287e93388a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            e59d74e684260e4685315993e24070c1

                            SHA1

                            3ae89c966f18719876d121cb4430e03d797ac434

                            SHA256

                            119ad5ca54025748f3408b8cb8a77775897ed3eb2300aecf26c4c54ef8edd800

                            SHA512

                            ea3962834e480f44cefa6b8727939fd7a5715832f2dc30299ab5001ec833bf007120564100768d5b84165ee4deb101a8a7b72b22f7a704c5c12fc296128baca9

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            5248a288748af4e4ce85daafe1674a25

                            SHA1

                            6b08455f10f90f6b00ae9df31fdaadc3ded45efa

                            SHA256

                            3718627d51faa9fe8e9d800aea91d2656813e8d70e35d0cc14d540f59d0c9ebe

                            SHA512

                            d8d9dc162f569714334d71bb82c6f20272a64d392d8876048b8f896be55c8a767341a0b743ea4fb4259c0954b6d0393c90a98fe53f5cd4be19d1ddddcd101609

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            60eb95513787db37a0286f2e0892ba7a

                            SHA1

                            a928c4415a1e3b6297a581d68d433cad9907f520

                            SHA256

                            4baeffba4a1a09bdd371f834f0a6cb3561b03526c1bf6999dd8503f6291ef894

                            SHA512

                            773ba209414aaa37826e0ae8e6222e84b98b4793bc9ead8c7f756380f7d2e4d4d1d32813c4d7cafe0e960e232a06a89e51d2fe1308ce9ac3da43dbd3421b28f7

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            532bb08d6b5ddad12327e004b7798a70

                            SHA1

                            1d4d503569efdd1fe9c9649cf2b0248aa0b86c5d

                            SHA256

                            632e4b4ed6001f835c6bb30388c3b953fc158f355babd05f750b395233ddfb37

                            SHA512

                            506e51d0778798fee4135d97cbb60c73451a6bd8877b804797725f73d746f14d0505c4197d20586ba6e20dc0ffe5d6a4420c0580cde4ff96f74012f10c7192e8

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            98f0e994e7cd7054a8061c7f8fd36979

                            SHA1

                            fdbc4837f9d6438c0c47a577ae464053fe14bb68

                            SHA256

                            1c7f9e9952f040522958c1e1794b4fa1498d3b9840376a0c1a6d684ee53a43da

                            SHA512

                            0f7091b628b7f696b0b4d3ff7d9e7d4595958c98db572b7ace1c489fcce4afccbbd9a909f423a2d35bdebef5d9de2ee09fbec0dac7c783d0dbc65199d3843edf

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            a527ae18568abdcbdfaf52beceb4a75d

                            SHA1

                            6f122db77c7dbe5101632a42a7f4b1dff4732603

                            SHA256

                            c507b520bd7743da219850cf2214a11c52816b4148ca84c744d58d2e2115798f

                            SHA512

                            198e4dfffba6ad5c1eedab14985c63ba15099fbb4dec00d62cf9cffdd31cb181bb7efac21ee6bebad37ea35fe9ec56943a546a29fe07ce1cc369a1405ab3ba39

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            194cbb5f6a0dcfbf0a7a716a11f7dd90

                            SHA1

                            d1a434c1e2198e8e2b373c3d674596ac8cb97768

                            SHA256

                            c545be08d7d831d82b9057bebdc5599e722b0a68df58dbf8a9a8976cc0a1dc1f

                            SHA512

                            bc127a339d59989412d41668a3b66298227b86329a66690a3a3d2f1bcefdea1d330bb5e23fed528c52f4c78c6cbe0b5237fc097ea02b9d86c6c629ed10a6cdf4

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            efb9f4375e8e985f314c84205accbc66

                            SHA1

                            d4152199841784f2d4b87b0588b5e5ccc1deb344

                            SHA256

                            d69cda4be5f6ec41a17a1c5781b4fc10af5c40db04316c57764e9be819d2987f

                            SHA512

                            30f9eabf7294793a68402d82474b66c3e96ceb6096926237b5752f9a22f23ee46c46d0856901433d1338b728acaf7718b0d7136b2fefcee00808ad33675b1391

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            4ba7376b886a751ab0882002fce17c7b

                            SHA1

                            62b6fe522657b5791c33ff2487cf5cccb72b6df8

                            SHA256

                            c8e47401fcbf45f9b601f8923b47aa8177de033b1893e8098c57ffcdb99d5bb4

                            SHA512

                            0dc96376688fc820834bd4a6e4e5ec0f003b214b7215b46160538c92ff0531b93e3fcadeb384ac91b9d2b5470bdea4868e9f592dedd34a7d1b2dbd85c7473be0

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            47dfd874e1f01d8536d007a7f57ccb2e

                            SHA1

                            43687fe5d82efa4ec0db4fd6700f27df5118f9a2

                            SHA256

                            423d1df9ae18ee03dec17b1edfa8d7cc2a2895cf2337a15e8904e70757427f32

                            SHA512

                            35c8f4cb7d7ca21761bac54ad3577dea079b837f83f27d2aa3565680eed76a4d7137b592e725889f4197641b9c002ea6bbd6fdc67355d8caf98f654e2089caac

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            0844e08a0f3203c922f7a53d853785aa

                            SHA1

                            cafb54839eceacf43c573d6c80c08c2d40b9dec7

                            SHA256

                            d7037ef169550a4ba99e56078b3688916f6b8ad34972e72a205210320fcf7172

                            SHA512

                            a636c929ec9523387fc2b3ac90e7d6954dad106997789428b599e0d77b8a3e837247745cac59a73f0bffd80e810bd77878fadad8a8a2d46c11512558f0ccb05f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            99KB

                            MD5

                            42c39b45c252fcb119e23f3933e0c18f

                            SHA1

                            0ea13c04e1cb77d2b728ed4acdbf02c8b8f1a1b7

                            SHA256

                            aa99c3060da37377eec79e091cb09c21af06d7eabba481bf781ce81bc207b905

                            SHA512

                            ca74241956b302ecb896ee6af483b2c3761233a1a7af9454d34fdfb43a6a482a942b86382138a549927e0b89cc1837d887fc6a66c815cd73e30cc4eb6ca345c9

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            99KB

                            MD5

                            5e5603e5668c90e8db18f0388fd85d70

                            SHA1

                            d47768ffdc352247af4445feeddbb8e272ddc49e

                            SHA256

                            53d0a8d1ecfc8001ba4d198e367a1d8530820258d81402cd7f26cf2caffee5e9

                            SHA512

                            f2d44231a0d18d90fe02560fcdfceb55bb97f6134cee26565507a4a198ecd38ade3a49acd3024f3068dcdd780dd30c783a1fe6b8ca54180aaee1316069c42a51

                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HappyModPC.exe.log

                            Filesize

                            1KB

                            MD5

                            baf55b95da4a601229647f25dad12878

                            SHA1

                            abc16954ebfd213733c4493fc1910164d825cac8

                            SHA256

                            ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                            SHA512

                            24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                          • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-523280732-2327480845-3730041215-1000\6e40c34c4a45d0829945e2c834ef77ef_a5c5e2ae-85e3-447c-9e0b-c9a7b966d823

                            Filesize

                            3KB

                            MD5

                            faec054882c494a395edd3d9654ebced

                            SHA1

                            2b918c8da7a7f846afdcb07bead37ac1b538243e

                            SHA256

                            85987d738a7918ac6edfd37d8dd5b3deaab144d3d09a568ca9d58306ee5f4627

                            SHA512

                            ef4cbb1127a538f05e92c4b6f0d123d9d9b3eef301f8a7cd3c97a7d2b51a96de3e020d7c645f1550bf6440f77d890ed08c83962c32a729c48ee83ac94bb2778d

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe

                            Filesize

                            3.1MB

                            MD5

                            0735d03f8c1a7d6b9cb821b225609025

                            SHA1

                            e2210103608856d2ee7e6540cd85a8ea8b6b87ed

                            SHA256

                            af3888838c7fe4eeeb3be52b3a4104fda2e8f1e6a1fc9e7e58f501957529efd6

                            SHA512

                            560fd6ec90ce3fb9008faae5683f483e0fc48758b98f8bcbb8f3c816d0911f744e81995409f54bb41a6fb12eed41837027c192a9846c359d64b1eb8b31b68b25

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\HappyModPC.exe

                            Filesize

                            3.1MB

                            MD5

                            28ac126d9a1ee8f1265f4722e16660e3

                            SHA1

                            973b057b1915d4662a742add67ea40eeb0bd1b46

                            SHA256

                            d49f5eb7241cef8a7b226a28312a8f7be72ede00fcb812ffadff679fe75fd424

                            SHA512

                            9e7d11a1ac57663e952c9abe09d04cc73b39663e861ae31ceee1b5063153f468ef4224cabd69d8ed6c898f8a320e4c509dd429f0919a85038e0811b162adba7f

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

                            Filesize

                            286B

                            MD5

                            ba3e748d12a5add54e5ae232dd398f39

                            SHA1

                            40dabd6adb750296c0ae2c19a1e27c27ee287c3b

                            SHA256

                            cf8b3fcb710e90b524ebf882d9af174ef69338163fa8a048a8e9c86cf2f5b516

                            SHA512

                            ec6fc01f79aa2994cfb342011488f069b6bcdcc4b5051f51a550fd5949e4987ceb602c3a9179acdc530093c754dd5bdeed61addf7589be732185a36d15d69630

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

                            Filesize

                            921B

                            MD5

                            7de1f7dfd99511fd37275e53a225b53a

                            SHA1

                            6e5c4ca03a5379fd8bc319dd76d107a0d82fb768

                            SHA256

                            acf6f60d1906de182e4e5c3eed1d9ff1f49c106ca7cb2a3fc5037b3ffab4c435

                            SHA512

                            5b5f8bf444b1622b33967c00fb8ea15cb05a47e6654f42b2a88e610583f863ff70e6792832ae98ef6f1ecb1ae2727c7b3b89433ad9a35271ab7eb444772cfbe8

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

                            Filesize

                            1KB

                            MD5

                            86565fe5c1b85fc841c56f0aef67d0fe

                            SHA1

                            3c94ef2d0279ea6c894a4c3c27fc764d6f211fa8

                            SHA256

                            e81a1f2cf4126d858ee6769fd56e0fb39365e5cddf6512361ad383e107beece7

                            SHA512

                            65942e123d74ba588992ae4683b559387610e73f6681e44dd482963c119aa61ddce8a9eecbf287839a05ea4f96b479a7e137eb99a8eb96c714e8ce9ccfaae40c

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

                            Filesize

                            1KB

                            MD5

                            b370d51d20afcc232de0d297740dcc97

                            SHA1

                            31a5d9bd430437423d439626e4a86d842cb903bd

                            SHA256

                            dfd0b9fb92dcc5340721878da96f456b9f52b5e71168df57fae4bdf95ff3e19d

                            SHA512

                            86d59f930bf31e2c1377bf314da7baa4d92dd38b9fefbbb3b1498386480290185c19660e798334d0e81d4d89f1d123879d35e4a970f918f6d913cec253a546ae

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

                            Filesize

                            4KB

                            MD5

                            299e464a8948afebd6630459eb324c72

                            SHA1

                            9d53120b537487e356a6d66a872339eb3a771ecd

                            SHA256

                            1219b3a104f3472e3603b767d1abfb13f7e895a22c06a298a431b65ac7f7fecd

                            SHA512

                            7bf1e79f223c4201c4839f78d82a4bd7ad568bbd477ffa7c581101784be2fad30487c5a039b8057a154731ab92bb2dbec4ff6d70129468818bbf2d705d53cdc6

                          • C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

                            Filesize

                            371B

                            MD5

                            18c426164762dc586e22f124a698a19d

                            SHA1

                            f0e24dad24d3b0be2d38474a567d0c176514605a

                            SHA256

                            2b093ec45e57e131ce359f42c6efa90d34b749354b29a1290542a8c0e4c2cfac

                            SHA512

                            72986bab19d75be46a58eb34e56a9273af7968ab6c18162e59227c7e581bf73eafb7b42217d9b738e8e78bb7e59816f029184cd4a7144c71169a5da3f845809a

                          • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

                            Filesize

                            3.3MB

                            MD5

                            13aa4bf4f5ed1ac503c69470b1ede5c1

                            SHA1

                            c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                            SHA256

                            4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                            SHA512

                            767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                          • \??\pipe\crashpad_4648_UQNPRAUMBCUXYLOW

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • memory/208-560-0x0000000000970000-0x0000000000C94000-memory.dmp

                            Filesize

                            3.1MB

                          • memory/4692-69-0x000001D66F8D0000-0x000001D66FBFE000-memory.dmp

                            Filesize

                            3.2MB

                          • memory/4692-114-0x000001D66F5B0000-0x000001D66F5FC000-memory.dmp

                            Filesize

                            304KB

                          • memory/4692-94-0x00007FF928D40000-0x00007FF929801000-memory.dmp

                            Filesize

                            10.8MB

                          • memory/4692-93-0x00007FF928D43000-0x00007FF928D45000-memory.dmp

                            Filesize

                            8KB

                          • memory/4692-346-0x000001D672950000-0x000001D67296A000-memory.dmp

                            Filesize

                            104KB

                          • memory/4692-111-0x000001D66EAC0000-0x000001D66EAD8000-memory.dmp

                            Filesize

                            96KB

                          • memory/4692-63-0x00007FF928D40000-0x00007FF929801000-memory.dmp

                            Filesize

                            10.8MB

                          • memory/4692-112-0x000001D66ED20000-0x000001D66ED70000-memory.dmp

                            Filesize

                            320KB

                          • memory/4692-62-0x00007FF928D40000-0x00007FF929801000-memory.dmp

                            Filesize

                            10.8MB

                          • memory/4692-61-0x000001D652700000-0x000001D652716000-memory.dmp

                            Filesize

                            88KB

                          • memory/4692-345-0x000001D672DF0000-0x000001D672E4E000-memory.dmp

                            Filesize

                            376KB

                          • memory/4692-60-0x000001D652040000-0x000001D652178000-memory.dmp

                            Filesize

                            1.2MB

                          • memory/4692-59-0x00007FF928D43000-0x00007FF928D45000-memory.dmp

                            Filesize

                            8KB

                          • memory/4692-113-0x000001D66F670000-0x000001D66F722000-memory.dmp

                            Filesize

                            712KB