Malware Analysis Report

2024-10-23 21:24

Sample ID 240805-qxyt6a1fnd
Target https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip
Tags
quasar office04 discovery spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip was found to be: Known bad.

Malicious Activity Summary

quasar office04 discovery spyware trojan

Quasar RAT

Quasar payload

Executes dropped EXE

Drops file in System32 directory

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Enumerates system info in registry

Modifies registry class

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-05 13:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-05 13:39

Reported

2024-08-05 13:47

Platform

win10v2004-20240802-en

Max time kernel

505s

Max time network

502s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673387643088767" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 66003100000000000559046d10005155415341527e312e3100004c0009000400efbe0559f46c0559056d2e0000001d340200000009000000000000000000000000000000ab014c005100750061007300610072002000760031002e0034002e00310000001a000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 7e003100000000000559f46c11004465736b746f7000680009000400efbe02597b630559f46c2e00000071e101000000010000000000000000003e0000000000bd401a004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 780031000000000002597b631100557365727300640009000400efbe874f77480559ec6c2e000000c70500000000010000000000000000003a00000000009ef4710055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 500031000000000002597c6c100041646d696e003c0009000400efbe02597b630559ec6c2e00000067e1010000000100000000000000000000000000000074d22c01410064006d0069006e00000014000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\NodeSlot = "2" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4648 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4648 wrote to memory of 1100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff93cf6cc40,0x7ff93cf6cc4c,0x7ff93cf6cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1636,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1632 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe

"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5000,i,5446513625404428759,10286416840033050975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:8

C:\Users\Admin\Desktop\HappyModPC.exe

"C:\Users\Admin\Desktop\HappyModPC.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe

"C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\HappyClientMOD\HappyClient.exe" /rl HIGHEST /f

C:\Users\Admin\Desktop\HappyModPC.exe

"C:\Users\Admin\Desktop\HappyModPC.exe"

C:\Users\Admin\Desktop\HappyModPC.exe

"C:\Users\Admin\Desktop\HappyModPC.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
N/A 192.168.178.55:4782 tcp
N/A 192.168.178.55:4782 tcp
N/A 192.168.178.55:4782 tcp

Files

\??\pipe\crashpad_4648_UQNPRAUMBCUXYLOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

MD5 13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1 c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 42c39b45c252fcb119e23f3933e0c18f
SHA1 0ea13c04e1cb77d2b728ed4acdbf02c8b8f1a1b7
SHA256 aa99c3060da37377eec79e091cb09c21af06d7eabba481bf781ce81bc207b905
SHA512 ca74241956b302ecb896ee6af483b2c3761233a1a7af9454d34fdfb43a6a482a942b86382138a549927e0b89cc1837d887fc6a66c815cd73e30cc4eb6ca345c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7b2fb5abbf2ce24373fdc14eb5d8ab1
SHA1 9a8b7c0569e8993db2c43f280fc50f38c5a5eaba
SHA256 6ea03cd2a6c9b116be92b910da706dc73f892216bff5436f4f08aec9d7d50470
SHA512 d43cbcfb62bef3c21236728245d948d9fefebe9ae9be4480b45f3e71198aeeea2b980b9146321857b33e11df18494aab3f33adef18c2a54828d500fd40a1f66c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 224f6ffafa2a60f3414d889269cf446d
SHA1 5d9b85493aa64f1bf480a2de31f4cf4919b3f482
SHA256 fdf95d052168b9e2b73b9aba215e1787b25c79b6970aae4f7328fa16535a3f42
SHA512 024f365db27cef7a4545aa659d3e5a006fdf0851d37e2496ea98046311f69421187209da66e72a139169c0cd5092238b9b51f3225a99e9be7380ab8d77d73b87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e75e67c0dfa7c510703fb3250e79e166
SHA1 17a0c5d1c04acf54dece3b3d4037d610645045b5
SHA256 3e889b1d4b9d13ac81d4285b9898ac4255f30465ee89cb6fcc775c63602b6f29
SHA512 adcfdf76bfb38c4dec8a95b217422015a9fccb6aec351836521e71b6c74d2ea679b850b935dfc7da48b9c4922df0bf5d448b1d6cbffe93a8e0d836313cd89dd8

memory/4692-59-0x00007FF928D43000-0x00007FF928D45000-memory.dmp

memory/4692-60-0x000001D652040000-0x000001D652178000-memory.dmp

memory/4692-61-0x000001D652700000-0x000001D652716000-memory.dmp

memory/4692-62-0x00007FF928D40000-0x00007FF929801000-memory.dmp

memory/4692-63-0x00007FF928D40000-0x00007FF929801000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 db0d334ad7f1ca46c968ccce301bc6ce
SHA1 a36cfb19ab0fe31322e5e32525dff0d280c7bea0
SHA256 37839f0ce562ef17f4fda90bfe5d9a814148ddc8fa60d608389b70e936a70145
SHA512 8c21b956a0a7626d856276e7d7a7f79d8fbaf2fbeef3250a9d431f87454e25f3f5d403951baa3df73d5a97d1105f9f93916363374a3971a2d743db1588a330fc

memory/4692-69-0x000001D66F8D0000-0x000001D66FBFE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9cbbda1aa50c1393ba7dea1945456c1d
SHA1 3fc3fb6cc3fdd4a75b4728e7c26cca68f315a6e8
SHA256 64a79f98c5451f778a06240698243878e306d9b26f40368c3db499a44b072885
SHA512 78629a2fd80623a55fbfa20bf3ab2c8f9a7cb24c7a8b1666461fa254630a91066ff2452871db84f283691da775d7c5ff22f71c6b2dc24c99b77000e2f09d4c6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5e5603e5668c90e8db18f0388fd85d70
SHA1 d47768ffdc352247af4445feeddbb8e272ddc49e
SHA256 53d0a8d1ecfc8001ba4d198e367a1d8530820258d81402cd7f26cf2caffee5e9
SHA512 f2d44231a0d18d90fe02560fcdfceb55bb97f6134cee26565507a4a198ecd38ade3a49acd3024f3068dcdd780dd30c783a1fe6b8ca54180aaee1316069c42a51

memory/4692-93-0x00007FF928D43000-0x00007FF928D45000-memory.dmp

memory/4692-94-0x00007FF928D40000-0x00007FF929801000-memory.dmp

C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

MD5 299e464a8948afebd6630459eb324c72
SHA1 9d53120b537487e356a6d66a872339eb3a771ecd
SHA256 1219b3a104f3472e3603b767d1abfb13f7e895a22c06a298a431b65ac7f7fecd
SHA512 7bf1e79f223c4201c4839f78d82a4bd7ad568bbd477ffa7c581101784be2fad30487c5a039b8057a154731ab92bb2dbec4ff6d70129468818bbf2d705d53cdc6

memory/4692-111-0x000001D66EAC0000-0x000001D66EAD8000-memory.dmp

memory/4692-112-0x000001D66ED20000-0x000001D66ED70000-memory.dmp

memory/4692-113-0x000001D66F670000-0x000001D66F722000-memory.dmp

memory/4692-114-0x000001D66F5B0000-0x000001D66F5FC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0f73f519c3aeeb069a3780d5fbce4b1
SHA1 dece0014c856867e8f554a211359074d709c4e0d
SHA256 38dc09d58b4549d71b7df32c25a076428bb6293d03ab53b354da13f1039e60ed
SHA512 b161a1a5869ab4fa7830a266ce6455c9656ea30fd1de97c8ba4a5247c6f4464ffe20c51b4bcd878b668101fe392a5abdb5da273718b148f07e8052738fd7b1be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 af6cc8e42b90ef5a2f5445ed89f21c1a
SHA1 3812f7516d2c36830f18fa6e552b3be928c7c9bb
SHA256 0556abd7a3a1ac304b005a27cbc23860a1e68378976a9bae49dc2b42761aea92
SHA512 77b9e6a3d8713be6361d6d77dcf2dc32c47c944238faa2f5a9470c1c932fe87d9975dc989f2d3f18e59658843faf02ee006bf177bf441ee29f53134c1f5041ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce83634ae731eaafd29dc921bb4babb2
SHA1 088f801b024ebe90d349df5a7737c0195ce40a4f
SHA256 b0d18196f2760e8446c6a0508ab9a68a79a60bb41ff253826b60c4640aa22c2e
SHA512 b03f02ff67cd22aaacf88ab07e52289dff41fb122047f4d1800218e1aac75745c7ef4e0c662ffc13f1e862bad46e16bd72f86a95ee5c1ad03d1ba6a557037f85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 38a40789fb524d1cbafe1156a07ac848
SHA1 53d98b68dd8025fb3d4eb9cb246c848e1dac2934
SHA256 4f53ce9b79b3807b531e3f500833fadde3425a431f291dff53a5b25d961811ae
SHA512 6742461d0e0882c68f4d9683078372ab7c63b7d7a16ac9aaf3e8d3b7ec1428b966f08a31fdb7e35dbd733f3cf5a1e2600fd9d5d2adbb234b3711f832e4b8ca75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c00c2cfa106aeca68d48a6fbf617dfa
SHA1 45411efb61c69589dcc9941730dc047c114fdad2
SHA256 44fe4309baa0b14a62878ce46f60fed903ef7cc3f2677b1fb85855354d5a78d1
SHA512 f0426fcc49164bd781b35a45353f90d6c0af22f8739bfe45b6307cc990270b631f9333bf265bc93f7997c0ed459fd0b6c307da00aa762cff41cdce9a9ee06a3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44778e74d85822fd455e6941b9743473
SHA1 0bc890148943d9205a8ba91245ffd952867271f3
SHA256 d363b89e66a51459a049d80538383bf4bb96424f165df4d6c61db94aa233cde9
SHA512 7aeab92ba160375da9b3c4678b2ca2d16aed38cfdb18da04fc18bc89dd7d276ef36e142b50b05715caa271ddb27dc339772611f076d55684e4fcf8e03a970697

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 813f9be7e29e53f395c08274645dd57d
SHA1 d47b359739020ed0716f865d15353f41a0ac3620
SHA256 2d70ff0bed1d338ce324b1039d07f097efef29184b491f0f0152aa28ace8b7c2
SHA512 38de97eb19581bc7aaf1fc12ec3b84a309e37f96f31f8d7a5ca7613b21d7cd04da1e9a5325b8556b63318c312d2c8e8358ddde683b5286286496f707cc2cff48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 529b4fb6ba9ab8ed4081b6c8cbf53b21
SHA1 2bd8e5c67dc53d45cd746ecfb20f30f761ffc4fc
SHA256 cf2345a2915b222d789e85f6d8df29431932beedfa593fa896186ecefd6b51fe
SHA512 0dd15183a9534d8017aac8423146a61f9157b01adb0827b89915ce967fc43455a61bb7966ca69eb76f2ee8d9f53c3e362b2cb632161c6f8f1e854e5ce7f0f943

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e23a66c8bf3df379e26e59f1ae5f51d3
SHA1 ef42bc4ae873ced657e00d78c745067cb8a85f76
SHA256 663cf25e0272a97341011c21bc0f35ebe3496fdd25f7732cf6dc1284f4de4ef1
SHA512 9b845ec9f21b055851858b9e30a4439ead5a89f32413c085c804cb01494a102889cf404a3d7764c32e50bedb3ef7203d6fd26e1f1763b8156927c31ee859275a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 610ffada52b170ca1537410f0d5bb5f5
SHA1 386d6870d0b35b0313e13cf007ea9916f8257d89
SHA256 a92c7ae7198d65c108922ec5ded0fa382048e175aa6c50dce33b199ef63c1b07
SHA512 a9926dfe070de4f7b72875c6d4a0809af2d02c4941e5513e76c63fde6aba73d4dd903c64a0e9fa90a007536d7dbbc0971d2542ea7017f0a9d1bd2ffa40238a0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c04d036d15250f4dab6d4c22f61ee519
SHA1 a452057a018b5003c6dcf1dd8a346fe30f43cf49
SHA256 0e0accfbd997f13b7702fb5ae10dea0ec2e0bacba02dfcf315817c1c8c591ca4
SHA512 d96464fdc2f47705ce67c9bc2e2d5835ceb76efd385741d21e29bbd2826a8abff0a875e73f8877c739c585816f9e51742f81c45da4b000ad883ca294ed215a10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb251866080e8d4e16937edbe1616f2c
SHA1 1a2745cf8d80ab5f5829a6e859624579a3068adf
SHA256 9b4cd50cfc8bfcbdb224972d23c6ac8affc4ca0d7918fb9d1a5907796bda3445
SHA512 46da5cab7804ae7148c33142ddc9053311005688bf8bf128f2703aa74d2e6fa1fdd1a397bdad0ca51fe7f9dc47cfcebcd293887accbaaec2b45579cda765bd6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9225eb394b2ace4464634b6520535671
SHA1 dcd0580442318f307250628f9ae9ea91d4f56df7
SHA256 c33f682be4c76050664798e1c2ee81db0e28f1f1b25e6c2f065d49d08f5510b2
SHA512 f07751d46e22822ce53ef0fee31f0e69a20ba397980c421e3914339ff845a5ef926ab9e69021c0e54112c1b15580424b22fdceebd4cbfb42f790cfda469df572

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 970802a91c06092e82bb49c83e05793f
SHA1 f5a9c2e9fc882117d6afa1a8041e73530550b818
SHA256 628e90f881f8cd7845111bdcf837628b0ae381d8c928c716a09443ce161b4083
SHA512 6a08e0a73c8bb4543ef2323e88da361055eda2ef95c46cea27cd663cafa3e13ccc33c0b3cac115f5a77c6c9a3c9f9f537f226a8e69a84eaed903f15377cd8312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1836b33a14cca3126e5ada8e4754213e
SHA1 6594572c4b7c1b3be6c471f4c5f09719aec9b5d5
SHA256 c5e249ff7345e1ba1113ce7f2ce064544cdbd12c912d303558778f270fb38190
SHA512 4b71946190f3a94ececd660be3b1bd1491fa5e4df7049ac948545578c8cb0c8ded05f0c2b09a48625b3d04729ec0a88a019d563f8de2c2690e33a4df0fe4f0ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47b69a9a77cd8212ec6986ccdab41fba
SHA1 cbb1145bd8c91c1f4cf4d7424aaea23aa2f4772b
SHA256 f341c2823027fea1a68c9f6ae765810bbe097f04d881d30f8aa2abc57010430b
SHA512 110f7abe73f9fe34ca526f408aac364750591be43a58618850d11c967e25a2a176aeb3f0daedb77c4e99dca473b20897b86c3869f98ea16ccec3276c82885c7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35da26a6352c07f5ffce1294c1aca3da
SHA1 494a108a520bd44a65339dcbab60c2ba8718a3a6
SHA256 58b060e4f6dd31bc96f6f54ad527a9f4281355f9c88dd65ac310bc6f435ca720
SHA512 201439498150a094eabf1ed9a8feb91324c6370b088962a03713bb52f371822540233308534e3b2938e0cd02cbee352c711732532c56d268cf2aeb0224bd8117

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e59d74e684260e4685315993e24070c1
SHA1 3ae89c966f18719876d121cb4430e03d797ac434
SHA256 119ad5ca54025748f3408b8cb8a77775897ed3eb2300aecf26c4c54ef8edd800
SHA512 ea3962834e480f44cefa6b8727939fd7a5715832f2dc30299ab5001ec833bf007120564100768d5b84165ee4deb101a8a7b72b22f7a704c5c12fc296128baca9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e9b40d5aae93c9a98aea0f35d25ccde
SHA1 c2b44b77c572929dbec35ea4c290c4a832b78533
SHA256 d2941b0381156694ff5aca86cb9e968f50e3cdbfcdb82b810bf801d4edc4a72e
SHA512 7e6973813f8a2f180b3ba81526f2162d0799abf938772df701e373ebceb99e24f5bee48889b76ba2de6019f75c699a933358379af5ffc8e3db1dc6287e93388a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60eb95513787db37a0286f2e0892ba7a
SHA1 a928c4415a1e3b6297a581d68d433cad9907f520
SHA256 4baeffba4a1a09bdd371f834f0a6cb3561b03526c1bf6999dd8503f6291ef894
SHA512 773ba209414aaa37826e0ae8e6222e84b98b4793bc9ead8c7f756380f7d2e4d4d1d32813c4d7cafe0e960e232a06a89e51d2fe1308ce9ac3da43dbd3421b28f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5248a288748af4e4ce85daafe1674a25
SHA1 6b08455f10f90f6b00ae9df31fdaadc3ded45efa
SHA256 3718627d51faa9fe8e9d800aea91d2656813e8d70e35d0cc14d540f59d0c9ebe
SHA512 d8d9dc162f569714334d71bb82c6f20272a64d392d8876048b8f896be55c8a767341a0b743ea4fb4259c0954b6d0393c90a98fe53f5cd4be19d1ddddcd101609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98f0e994e7cd7054a8061c7f8fd36979
SHA1 fdbc4837f9d6438c0c47a577ae464053fe14bb68
SHA256 1c7f9e9952f040522958c1e1794b4fa1498d3b9840376a0c1a6d684ee53a43da
SHA512 0f7091b628b7f696b0b4d3ff7d9e7d4595958c98db572b7ace1c489fcce4afccbbd9a909f423a2d35bdebef5d9de2ee09fbec0dac7c783d0dbc65199d3843edf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 532bb08d6b5ddad12327e004b7798a70
SHA1 1d4d503569efdd1fe9c9649cf2b0248aa0b86c5d
SHA256 632e4b4ed6001f835c6bb30388c3b953fc158f355babd05f750b395233ddfb37
SHA512 506e51d0778798fee4135d97cbb60c73451a6bd8877b804797725f73d746f14d0505c4197d20586ba6e20dc0ffe5d6a4420c0580cde4ff96f74012f10c7192e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a527ae18568abdcbdfaf52beceb4a75d
SHA1 6f122db77c7dbe5101632a42a7f4b1dff4732603
SHA256 c507b520bd7743da219850cf2214a11c52816b4148ca84c744d58d2e2115798f
SHA512 198e4dfffba6ad5c1eedab14985c63ba15099fbb4dec00d62cf9cffdd31cb181bb7efac21ee6bebad37ea35fe9ec56943a546a29fe07ce1cc369a1405ab3ba39

memory/4692-345-0x000001D672DF0000-0x000001D672E4E000-memory.dmp

memory/4692-346-0x000001D672950000-0x000001D67296A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 194cbb5f6a0dcfbf0a7a716a11f7dd90
SHA1 d1a434c1e2198e8e2b373c3d674596ac8cb97768
SHA256 c545be08d7d831d82b9057bebdc5599e722b0a68df58dbf8a9a8976cc0a1dc1f
SHA512 bc127a339d59989412d41668a3b66298227b86329a66690a3a3d2f1bcefdea1d330bb5e23fed528c52f4c78c6cbe0b5237fc097ea02b9d86c6c629ed10a6cdf4

C:\Users\Admin\Desktop\Quasar v1.4.1\HappyModPC.exe

MD5 28ac126d9a1ee8f1265f4722e16660e3
SHA1 973b057b1915d4662a742add67ea40eeb0bd1b46
SHA256 d49f5eb7241cef8a7b226a28312a8f7be72ede00fcb812ffadff679fe75fd424
SHA512 9e7d11a1ac57663e952c9abe09d04cc73b39663e861ae31ceee1b5063153f468ef4224cabd69d8ed6c898f8a320e4c509dd429f0919a85038e0811b162adba7f

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-523280732-2327480845-3730041215-1000\6e40c34c4a45d0829945e2c834ef77ef_a5c5e2ae-85e3-447c-9e0b-c9a7b966d823

MD5 faec054882c494a395edd3d9654ebced
SHA1 2b918c8da7a7f846afdcb07bead37ac1b538243e
SHA256 85987d738a7918ac6edfd37d8dd5b3deaab144d3d09a568ca9d58306ee5f4627
SHA512 ef4cbb1127a538f05e92c4b6f0d123d9d9b3eef301f8a7cd3c97a7d2b51a96de3e020d7c645f1550bf6440f77d890ed08c83962c32a729c48ee83ac94bb2778d

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 ba3e748d12a5add54e5ae232dd398f39
SHA1 40dabd6adb750296c0ae2c19a1e27c27ee287c3b
SHA256 cf8b3fcb710e90b524ebf882d9af174ef69338163fa8a048a8e9c86cf2f5b516
SHA512 ec6fc01f79aa2994cfb342011488f069b6bcdcc4b5051f51a550fd5949e4987ceb602c3a9179acdc530093c754dd5bdeed61addf7589be732185a36d15d69630

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 7de1f7dfd99511fd37275e53a225b53a
SHA1 6e5c4ca03a5379fd8bc319dd76d107a0d82fb768
SHA256 acf6f60d1906de182e4e5c3eed1d9ff1f49c106ca7cb2a3fc5037b3ffab4c435
SHA512 5b5f8bf444b1622b33967c00fb8ea15cb05a47e6654f42b2a88e610583f863ff70e6792832ae98ef6f1ecb1ae2727c7b3b89433ad9a35271ab7eb444772cfbe8

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 86565fe5c1b85fc841c56f0aef67d0fe
SHA1 3c94ef2d0279ea6c894a4c3c27fc764d6f211fa8
SHA256 e81a1f2cf4126d858ee6769fd56e0fb39365e5cddf6512361ad383e107beece7
SHA512 65942e123d74ba588992ae4683b559387610e73f6681e44dd482963c119aa61ddce8a9eecbf287839a05ea4f96b479a7e137eb99a8eb96c714e8ce9ccfaae40c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 347a291f5706642fe2667cbc84377d95
SHA1 c208949fe79dc3e906858593c7829798d02f12e6
SHA256 51b1833eaa3463c29d3e54287dc20fb32043e23684f842b50406274f724b9537
SHA512 2d9bd3e0ab074ea11e7e8f1e4a8beb04d0aaa5a1a39354b2106ae0b5ccac9baeac75403143bcaf614c90a988af7e7266a09861d8a06eca6813da34ca695efd99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 efb9f4375e8e985f314c84205accbc66
SHA1 d4152199841784f2d4b87b0588b5e5ccc1deb344
SHA256 d69cda4be5f6ec41a17a1c5781b4fc10af5c40db04316c57764e9be819d2987f
SHA512 30f9eabf7294793a68402d82474b66c3e96ceb6096926237b5752f9a22f23ee46c46d0856901433d1338b728acaf7718b0d7136b2fefcee00808ad33675b1391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43ec14a2c4e9acd1a9f95a2ce799494a
SHA1 8e681ea8ec09394337c0bade70eefcbfd7461828
SHA256 4c2ea4701464f15177afb1ebb377b922522af89b56e805ff52433cc5f7e58c56
SHA512 273d950ceb7adde1f2c696522781e9858ea9b6321294856a13211a4ee1f0b855fcc30f0f247c3b557be00b5d5122a2f19429afc7bb3b4221536b162bd57aa1f4

C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

MD5 b370d51d20afcc232de0d297740dcc97
SHA1 31a5d9bd430437423d439626e4a86d842cb903bd
SHA256 dfd0b9fb92dcc5340721878da96f456b9f52b5e71168df57fae4bdf95ff3e19d
SHA512 86d59f930bf31e2c1377bf314da7baa4d92dd38b9fefbbb3b1498386480290185c19660e798334d0e81d4d89f1d123879d35e4a970f918f6d913cec253a546ae

C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe

MD5 0735d03f8c1a7d6b9cb821b225609025
SHA1 e2210103608856d2ee7e6540cd85a8ea8b6b87ed
SHA256 af3888838c7fe4eeeb3be52b3a4104fda2e8f1e6a1fc9e7e58f501957529efd6
SHA512 560fd6ec90ce3fb9008faae5683f483e0fc48758b98f8bcbb8f3c816d0911f744e81995409f54bb41a6fb12eed41837027c192a9846c359d64b1eb8b31b68b25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ba7376b886a751ab0882002fce17c7b
SHA1 62b6fe522657b5791c33ff2487cf5cccb72b6df8
SHA256 c8e47401fcbf45f9b601f8923b47aa8177de033b1893e8098c57ffcdb99d5bb4
SHA512 0dc96376688fc820834bd4a6e4e5ec0f003b214b7215b46160538c92ff0531b93e3fcadeb384ac91b9d2b5470bdea4868e9f592dedd34a7d1b2dbd85c7473be0

memory/208-560-0x0000000000970000-0x0000000000C94000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ad38385762000463ecf076b3baa9563
SHA1 2682c320d1cd7dcac922fc64bd8b231411d3f392
SHA256 f7c2198ceee0db4237d4b3aa174ec74c20bb8e5fda404da50001a474f85bbacf
SHA512 4f8f7bef152906b883b79503b2984dad38f5e0d4c480fe4c4f0c76300d2495791ac4e784d604adc790d73629a96d900dd86eba2aedcd7f8ee39a6605912b1c77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47dfd874e1f01d8536d007a7f57ccb2e
SHA1 43687fe5d82efa4ec0db4fd6700f27df5118f9a2
SHA256 423d1df9ae18ee03dec17b1edfa8d7cc2a2895cf2337a15e8904e70757427f32
SHA512 35c8f4cb7d7ca21761bac54ad3577dea079b837f83f27d2aa3565680eed76a4d7137b592e725889f4197641b9c002ea6bbd6fdc67355d8caf98f654e2089caac

C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

MD5 18c426164762dc586e22f124a698a19d
SHA1 f0e24dad24d3b0be2d38474a567d0c176514605a
SHA256 2b093ec45e57e131ce359f42c6efa90d34b749354b29a1290542a8c0e4c2cfac
SHA512 72986bab19d75be46a58eb34e56a9273af7968ab6c18162e59227c7e581bf73eafb7b42217d9b738e8e78bb7e59816f029184cd4a7144c71169a5da3f845809a

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HappyModPC.exe.log

MD5 baf55b95da4a601229647f25dad12878
SHA1 abc16954ebfd213733c4493fc1910164d825cac8
SHA256 ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA512 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9b1a21aa51117fd5dbf2cf32bfa0f0c
SHA1 3a9ce0d1ef1474677ffc666b98ff152c8b942b32
SHA256 0e2d6269834e7d48cbaf35d2bc400374083197b3ca2fd85bc9b362527d5363be
SHA512 14fb91d03e122389873242cd9c05e696a587bafbc301c20a656cf73b33518963270ac7165ff057b7dce79a7af64a387f0f6e4b0ef509c2d669b327b5911a4123

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0844e08a0f3203c922f7a53d853785aa
SHA1 cafb54839eceacf43c573d6c80c08c2d40b9dec7
SHA256 d7037ef169550a4ba99e56078b3688916f6b8ad34972e72a205210320fcf7172
SHA512 a636c929ec9523387fc2b3ac90e7d6954dad106997789428b599e0d77b8a3e837247745cac59a73f0bffd80e810bd77878fadad8a8a2d46c11512558f0ccb05f