b480c7628b6b371e53fa4e7ef1ef40c34c5ca77a80ef395e1e8c1f9387b30dab

Analysis

max time kernel
599s
max time network
548s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QuestPatcher-windows (1).exe
Size

36.4MB
MD5

e53b5377cb6a95cbb2a63c9859d4c6e3
SHA1

09b22e3de273f44f1882b7dfa9b53d384bd8af0f
SHA256

b480c7628b6b371e53fa4e7ef1ef40c34c5ca77a80ef395e1e8c1f9387b30dab
SHA512

c8187c169e05acd14b8a16fe8b3bf0c3fcf0cfa23c5b14138d198ae00677039b39389b0eb44e09c188cdf730dd716e2fbd5bc2caec7fdf1f00e9f6cf3130b5de
SSDEEP

786432:jm/EohZ7ttU+9L8Z8ffoRaDMge0q65cv9E7AMNq4qut:IZJVLUeFq65tTq4ht

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3052	QuestPatcher-windows (1).tmp
2036	QuestPatcher.exe
1040	adb.exe
1500	adb.exe
3408	adb.exe

Loads dropped DLL 51 IoCs

pid	Process
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
2036	QuestPatcher.exe
1040	adb.exe
1040	adb.exe
1500	adb.exe
1500	adb.exe
3408	adb.exe
3408	adb.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
33	raw.githubusercontent.com
32	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	QuestPatcher-windows (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	QuestPatcher-windows (1).tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3052	QuestPatcher-windows (1).tmp
3052	QuestPatcher-windows (1).tmp
2036	QuestPatcher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2036	QuestPatcher.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3052	QuestPatcher-windows (1).tmp
2036	QuestPatcher.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3052	3048	QuestPatcher-windows (1).exe	87
PID 3048 wrote to memory of 3052	3048	QuestPatcher-windows (1).exe	87
PID 3048 wrote to memory of 3052	3048	QuestPatcher-windows (1).exe	87
PID 3052 wrote to memory of 2036	3052	QuestPatcher-windows (1).tmp	99
PID 3052 wrote to memory of 2036	3052	QuestPatcher-windows (1).tmp	99
PID 2036 wrote to memory of 1040	2036	QuestPatcher.exe	100
PID 2036 wrote to memory of 1040	2036	QuestPatcher.exe	100
PID 2036 wrote to memory of 1040	2036	QuestPatcher.exe	100
PID 2036 wrote to memory of 1500	2036	QuestPatcher.exe	102
PID 2036 wrote to memory of 1500	2036	QuestPatcher.exe	102
PID 2036 wrote to memory of 1500	2036	QuestPatcher.exe	102
PID 1500 wrote to memory of 3408	1500	adb.exe	105
PID 1500 wrote to memory of 3408	1500	adb.exe	105
PID 1500 wrote to memory of 3408	1500	adb.exe	105

C:\Users\Admin\AppData\Local\Temp\QuestPatcher-windows (1).exe
"C:\Users\Admin\AppData\Local\Temp\QuestPatcher-windows (1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\is-0SHP7.tmp\QuestPatcher-windows (1).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0SHP7.tmp\QuestPatcher-windows (1).tmp" /SL5="$602B4,37205184,845824,C:\Users\Admin\AppData\Local\Temp\QuestPatcher-windows (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Programs\QuestPatcher\QuestPatcher.exe
    "C:\Users\Admin\AppData\Local\Programs\QuestPatcher\QuestPatcher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2036
  - - C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe
      "C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools/adb.exe" version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1040
  - - C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe
      "C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe" devices -l
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1500
    - - C:\Users\Admin\AppData\Roaming\QuestPatcher\tools\platform-tools\platform-tools\adb.exe
        
        adb -L tcp:5037 fork-server server --reply-fd 548
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.Base.dll

Filesize
1.8MB

MD5
10375af96e3734d4c7f05bdf2ac6611b

SHA1
a60ec2733a46e2fd3049f1d218136825752c60e9

SHA256
7700c843deb469e01823ac7eb2840de33d7f7a69fec90e41320dc5797efb1d5a

SHA512
0f8276409de35ca23067ce5dfa3f6716d093efaf64fd03224c3b6808c9abdffe4aaff48d1f6a131a713ad9e1d92c85d8ce3011628fc10be521ee340101467b37

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.Controls.dll

Filesize
998KB

MD5
1024cd8aeb44da5df2ca6df1874dd1a7

SHA1
974ee9b8e7c5137798e25a1b9ae8ee92373c9163

SHA256
424d9cd6c47ffd039a3284647d62260404c553472d2dffe211a9bde78b2ab5be

SHA512
57b2c451589ffab537fb2b75c7fff3702c46f747ac457a60bdc40c243a82ad15099c1ee5dbd9900afbbd99358e95241b67cab54a2e8623c4ed64d3f8fa86d97d

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.Desktop.dll

Filesize
15KB

MD5
423c86fc9907287970671b45108573b5

SHA1
da80a43bf4765177e6917207a7e5400b021e8105

SHA256
a3958327fb9c1c9d5e6d4a9cb20579b523c422745788be8d2d964e79e76c48b4

SHA512
3fd0fe350d6bddcf9505930b3027b5cc1d0552b62b37b0249d1c8034f032494ac62af3f193f65a78f6e53ce43c6bbd6d12811f5bfcb3c072758ea5bbdfb8859c

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.Fonts.Inter.dll

Filesize
2.1MB

MD5
2fa6ab3629cc62cafc14377f638fc34f

SHA1
9bbf860dc161b029f2f1d728df69412f841536bd

SHA256
cd6f58c2c04de76ff1b74447eb0f0e32659498df5afb76f2ee9a9548d44ef16f

SHA512
ada0264853bfb80319a91213ebbaaa053c296d3467d720e5525baa20fa7db61af36b2c5a09d028d37b015e0e7743e42743906b89844527d834b1904bd924b78a

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.MicroCom.dll

Filesize
15KB

MD5
283cf8958f6370d57abf42bd05868329

SHA1
efe99d4c1f71b4abee658fa96e783772cbe54d16

SHA256
bdf80944f530919660734bf62c980de80d4bde9aac461e3ad58c49b493dd2681

SHA512
9e3b31349000729c9ae2d2642f46e9de2b27c56d59a1e8f631bea3d142882ea26744bd3a956d34d0df04ddf5ad236ec3d9fc0f1c9ddd825a62e185045fbc3d40

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.OpenGL.dll

Filesize
94KB

MD5
3df788f7e824084afc4ac7bf41319b22

SHA1
f0ff8208feb3b2bdd9a6dd77cf15fcaf52dc9333

SHA256
d72fbd3b8823d0ba6b8634d9beac3fc205d1948a1a3b22a80005ce05e886db50

SHA512
934a409445bfa7e0fa1b5d351480d467ee1b951f6e286c6e56366968822cc0343db852987bc501cc7e0225e9da1de3bc506ee48eb9f24ce360daea52399807ad

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.ReactiveUI.dll

Filesize
35KB

MD5
7ac8affb8c7d2f941247b6fcdff4615f

SHA1
02cc65c17208996c0a275844235c4b19f4eeac12

SHA256
94b15eeb4caeeaca146f9a23266353f0bd0ec895fd33370c255eaf8acef8fd6f

SHA512
acfd106d5432efcbb996a0d608ae1aa5670704bb107b78cfdbba75c2913a014dfe670d803f86c94f02bb824868b5e6c09735485e46fe598c8df783f7706cc30e

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.Skia.dll

Filesize
121KB

MD5
5991f4ea3fd9b88ded67347806dfac9a

SHA1
ff88e9bd148711db2d6036aaeef18e2ce8156740

SHA256
a1e9d3f2150aff3367da44a16e38902979c5e7ac1bb23a454f5578c706bf5337

SHA512
3cca6124e856e6b7fe47a2d03ee61d51c0a0cc73113dff2f52fee3f18029a8e2b7a31d1291464a98247fca2fac4ffeea2392da757c006be6c481cae37714beac

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.Vulkan.dll

Filesize
172KB

MD5
a6074c3acddbee391144e152448fe609

SHA1
bcc26380d16044e4fc399798194a12588ec99623

SHA256
af5d6083d39711073da6178dcb17a16e59906facf8910158a36f8b92d1e543b8

SHA512
02567d48d8e222b96ee1ccaa2d82163c8d9a6342be32e81044debf54661073c3f816ae87f3391d70bff6789ad83c310fb7dbf301db17a04b8d6c4cce3c3a7d18

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Avalonia.Win32.dll

Filesize
699KB

MD5
63096e6ac6696ae751b948c048a010b6

SHA1
62a987cfaa16eac32ea62455bfb86e1699330728

SHA256
9afcc2274e64cd699a3f9bf1a5c9aafc45f2dad2638bb2144e4713c7de4a0e94

SHA512
122bd28c2250cf0cc47681297ef3dac9e207b399e9e6bec97a572987741e8c39f3c0d4f2e8d3c53e963bc16158b49dc71cf682447d9a6d8128919f162df86252

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\MicroCom.Runtime.dll

Filesize
14KB

MD5
c27b01d179ab856b42e910496fe749f9

SHA1
448412817480d6e20ae7eb2ff9250c69ed4ebece

SHA256
59839e18e46b06ab23b633944ae3c3b552a300c5da389da870dfa980bcef93c1

SHA512
30416fd4bf5554e6b575aff59787ae1078bafa529c36cbe51b05026691851a0824ab648d4d4d2ca4bd26ddab680eba95595e9cd80ee63230abffce799b36dabe

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\Microsoft.Win32.Primitives.dll

Filesize
25KB

MD5
ec5d0acacd99ffd68db813b11f04965c

SHA1
aeea184fa29cd03087e92d25b47eeca5da0ec09d

SHA256
85eb1682060abd5b680267b1f4a8fd3f9141919781a7a4f259f50ac99c1cfd5e

SHA512
c19c3b504f16015c4dfcbf4f3ef0ce2652c661823765b7fc9d709fd844831c1c03aeb3fab9b12f850920cfa632c9c969ec6f466a13ca9ad96c69cc26d5fd2e80

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\QuestPatcher.deps.json

Filesize
92KB

MD5
35b0d3194d50e2ee6f5819885794e4f3

SHA1
59d155d08c45f9a8a02c53b42a0547f914583581

SHA256
e163d1f2d6b6fd50af31bd66d71c4ded9e1216f8ccdb0bc7dbf3d3bfa80c1857

SHA512
7915c0f4a9ee87279585e56456828e8b83e013f9c68fdec3473ee433023c601425e323c81a6e74b3dca26df4cc36b40b5345d781ff9fb83bc92272604d3a99a7

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\QuestPatcher.dll

Filesize
831KB

MD5
60f07b771c44a6923a05f919a4fffc15

SHA1
a90ecb459ea024ff58ca7e30e928d3ef42f83304

SHA256
49ebf77bdaea584532dda3384e61bff9b72779b2626679bb69df2d1c0ee8dfd1

SHA512
356f48d535067f0ee2adf2677109da48a6193e60f1c9f8fa351f821d721d7d7b91e73a3f6ce98c0fffdbfbff75e1de7e33b9b5ff7d0a3448c6810a76c1835237

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\QuestPatcher.exe

Filesize
248KB

MD5
92f0391d29ca8a66b121fc1506b36bdb

SHA1
e42f6cbbf17bd117ac88d476d1ca83976d818e86

SHA256
b3d78c6225ede94023df2e72c405f822f31d726c3465ee05d6fc060612048d8c

SHA512
f6d8a2170a5fefb48c5677a6d424879a2cb00207b6f5cf965b5ceb532db9f633c5a5ee4ebbb3674fa14a1f91e4e2bdcebcc19daad756acc52c0c2aad8a861457

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\QuestPatcher.runtimeconfig.json

Filesize
362B

MD5
5c8522abe2c474883b9eff4f7759c265

SHA1
c8e92f71b100bbc59ddf67f053037ccef13ca94b

SHA256
d6d668a958cf3b7d210112534325b9f565625c9708f32ecf06721a0150ca7a05

SHA512
24d8160e65b00454a2d8a5ecca0b5d51493f53ce1d7e583bf65d6db96265c156672d891983d741342e5fc24e7e3f7eddf8edb8cb590459bec59e0337c4ac69ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\SkiaSharp.dll

Filesize
427KB

MD5
1c536817f9929b39c1ca8ba6b831dd10

SHA1
d99ada12cc19e8f6abbbcb0b930dceb4b3648a64

SHA256
fd58d57ff4ae221b385449b90bd582b9ce47e56727cf024bcee53660c5bfbe6e

SHA512
720f22fb6af654898d07a751b8c3f1c74dfacdb2769b32ee99ee68be04ebec504cc4796a3e94b7d5c2779284fdb73749fb4b4dab307d3bee4c20c219bf640961

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Collections.Concurrent.dll

Filesize
241KB

MD5
ee80410ab6f7e4ccf5af69610b88c961

SHA1
6136cf0f7af46a00867631e83c912f1caa9924d0

SHA256
1adaec2435191bbdcb569bf6847d8dadbbd8311e8d4a197a8e589422184673fd

SHA512
62038bb7a1482b61e8465e6586ce041d8fb43600cc97a4fe9360b5a7d9808493f7e4d846b7fd83e9adbfa00e83442208bf4955cb8e5afb55b8c892021ebe88e9

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Collections.dll

Filesize
258KB

MD5
1ea34151310783585a8326fef2fa355c

SHA1
19f78734d779a14da4b09443395a57bab652353c

SHA256
61ef7ce0cb1459e2d58af1795dd0bafe8c925def4620d7ef756ba8ea9c51c0b6

SHA512
8c42c677026fbe809fb70de051ff84b31653b07c5d0610358721e529f13563173729793e77f96ef0d966221e1bce1a863eeba7e65463a0b9734d5e5c798f95b0

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.ComponentModel.Primitives.dll

Filesize
73KB

MD5
1f9a3b96f29e4d2f255f9f415202545e

SHA1
5c7c07b718c0f6f4bbfffc2f0b15ec5ffc71a18c

SHA256
0c7fec8bb98188024e540b5b07138dc687a64a7bd7bcb0184f94b883ccc6573b

SHA512
88a435ac1f0ee381e8ce873d1b59bdf34c94b9c081c83421ab0960954463ca44a8dfcc1899fce4ca9ef3f1b04a7e2f1534b0c1a2e3d03213638f00b7e7942261

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.ComponentModel.dll

Filesize
18KB

MD5
acfe404d1f4fc2a4764cb8730f694669

SHA1
4b226ed287bdf7ba97e7920a0a63d72984da8737

SHA256
c3bbd79cad9fc5a8131a2a80e452eb517b470d7aa890bb0d9daa85733705dcea

SHA512
8d970290bb05e05aeb94b109b326c354b9f5c60a6df276d3de48ad7ff3e5f11ca8ceabc9898595b30aea3b2a776f04457b4a4878f7abaede11a18c244cb935f8

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Linq.dll

Filesize
525KB

MD5
c17bf3e01c0c6cdd92fa8f7a9c443a48

SHA1
1c2c87c078f55fa89aec4577d1e8767eff4633ef

SHA256
393c29bb232d566b91afe4c7d6294d54997a48d43901043a9b499d62ec3f014b

SHA512
9509a361b4fa345ecac9ce0ef69026eddf2054cedccc5c7d7100c4be31dd02697521e665e91e05e6ccfb9d9a46bc521dcfa77f01220234b473df5e6d133ab39e

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Numerics.Vectors.dll

Filesize
15KB

MD5
309039f112697e308d056d2158356900

SHA1
189c30bf34796eee0235e32b9bc700beef02f8d8

SHA256
64b6b0276153ed01ca5ab5f9025b77f0eb7b128dc70ef28772ea5f4908040982

SHA512
0e948dd2a3bf9afa3a023ec11f9b084d8644f8992ace329ba5c3f7272d70f98a09344e9bfefb83581970250f558d86702fa7e55bf7da4e80af07c94d768772dc

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.ObjectModel.dll

Filesize
89KB

MD5
521cf966b382e1eb5d9d01428228daff

SHA1
ef28980f7ae17d97a3a75dd71bb7ef0c3ed27735

SHA256
73591e15ecbfa321b9f465f9456570cde89dee15d124151fd19757dfc8ad8467

SHA512
254181f918f52f1d1f78345d63bf25c048586342025a7667f123a15ad82c5631b1ee8665c6678c98b2d53d81486ec0ed972c893bb0f5ec071d147b98e5ae0b93

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Private.CoreLib.dll

Filesize
10.1MB

MD5
7c5ed0c3e2ab441a064d45fa52283271

SHA1
505a8ae8540487c3a13a29eb48512d07f0d3bd28

SHA256
b2f486b07e0ec96526cedb244c6ee71f3fb41dffe71dee7dfb03f7d3e2731c3a

SHA512
eb2b02f4c4b1fa2f2d885cca0b1c05d060efbb5d14fb69828daa29c9f0e02fa9c045aaf463f9de180fc8b1defe249d52ddbdc342896ef85517946ca1c31d2e58

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Private.Uri.dll

Filesize
246KB

MD5
1f2700bad871c050f72716c0caff7458

SHA1
b2998ea702adf8ee08494e33d89ee03816bb74e7

SHA256
9dedf16199cd1080bb1e13698dc8ce32f2812c793b08454bc90b73a9035e4943

SHA512
99c9bc15b2ca677a5a6c963c81af4b20e6d2128c0a117c3d6d23c6fbbb0a2616704682a61aef7f9c5ce350114dc9669f993495d0f940b2115025d63318dd72c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Runtime.CompilerServices.Unsafe.dll

Filesize
22KB

MD5
0cd66cd03167de27eba44176a20b1de6

SHA1
79f3403535ac862911ecc216499325cd0349ae22

SHA256
6c14b33f85e1f559d4fec82c188d7377b9af11d24f17da66bc6f30fa72ed59ae

SHA512
4027eb337fcc5271de79fd72845edfe65bd1d27b3d2c027e4b789d58a511a9584d0893a6d17c04c3c4209a7720b661a4916edc62b39f700ec1ac334ac1abc336

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Runtime.InteropServices.RuntimeInformation.dll

Filesize
31KB

MD5
7bc6da57f4a287de416b8df0c1eccf44

SHA1
355db90fe8b41076042315e3f8e967a3608dd2c6

SHA256
49314e6c92f60098842088cc69b2ea044f28ea571983191b6154f327302066e3

SHA512
c9b29f0dc2be91d61ee4aeedeb20f8c2526e0ced3a191e565ae118769101b83174af091edf9892fc10a39a199b6fc6b4a46a54e561bf24f76d74d23b0a699166

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Runtime.InteropServices.dll

Filesize
50KB

MD5
268a59245835dbfbfd3c23bf744d39d5

SHA1
55874a6b8eec97204791fe1dcb081e85e50ca1c0

SHA256
0cd3306a5380e59b1c61b16461dd8a0a76e58d677e7da1ec3741bb64efa25aaa

SHA512
6929a0f97b645ae062f6fde1f8593aa3aa4e89f14bc9a253718615477fe79d5de60aecfe4c33b32b0579719ac2ac241a5b243d3ca0063acb1cdeb984c858756a

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Runtime.dll

Filesize
41KB

MD5
3c99eb88f752b9d377c96abe31b7cc06

SHA1
3b7bb82e17facdbff666243e57d3b19b2565d09e

SHA256
787ff92525e6f78436e27c144bf888ee9714f07bf0add7eb8bfe1f7326e31810

SHA512
07b15fe4a1576e5346fb05f69276a11f9f94f9cd9131a25f8062631c276765c8445912025b9c633b81e5d4544261a8b5b664b87a679e6613cc91c4e21a6917dc

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Threading.Thread.dll

Filesize
15KB

MD5
42eaeab968f6373477713ca452cfaaeb

SHA1
e0ad261919f5810907b3359e586a00ec80a94804

SHA256
b25c3dc708b65de0393f7e450105a71b480f2a5d1f8cf0e8c8580e20a5fbcbb0

SHA512
26757c8388b3d2751138f136d25110af43eceaf4cd2f01d5d2f113e7990f0cb98c3832b767e91f283fa215394c278365ca19c5c397641f105b325b8088063fb8

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\System.Threading.dll

Filesize
78KB

MD5
b754a2bfd575abdba9f77d1d6bf6980e

SHA1
1d21b27b5112887ab72dde91691c69d87c8f3282

SHA256
6daad511bb06971c76a7007d31db88013876a9bc07b899c78536770c1d901983

SHA512
85b9a08d7ca1279ca2ec579fbe48e9e5e4bb547d865baefcb37925d31453160e681e2a4b46231f6b315cba0aa5892bae4fc98cf882a708d1a8e4fb61a721f0ca

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\av_libglesv2.dll

Filesize
4.2MB

MD5
0c6d7ef9f90b40fe51e67a2ff9f38244

SHA1
d6cbf5d5b9957028d75d2456f1209b2454072367

SHA256
caff1be1faee32f7c5bfba9162ee617c347aad40772caa9a1aff794e3a191420

SHA512
b4cf85ea6be1c8528bfa6126a81faf44132b6978a07cf01af729f68807c7db6ae16fe71eb74135c9db9fe7696094d89330a94217c953b2ee5cce9be4a4e33373

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\clrjit.dll

Filesize
1.4MB

MD5
7b4375e2d9212108130aca9438b204b4

SHA1
8ad0a3c29a02429fa4233e0cbe09897eb3960a46

SHA256
c8c62d5043e1e16089b85badc0d41daa4b8ebcbe8608435783c07679bacd159e

SHA512
fd33720895ebeb0074727a38f467209cbe763600476687f42e9727486133b9293f8d18c016ca14991d1671ec87ab09f8722645c54b1e326282e480f801f8b264

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\coreclr.dll

Filesize
4.9MB

MD5
3f517cd4d560ff7c81ca4e0acf375a96

SHA1
53375106ad45031329a0fb075c0d3193c4a8fac6

SHA256
64e1c7636e731bb9dd30adf26526ba69a64786f0d4c6979265cb5575ad1abff2

SHA512
c7fba2ece43b3328f5a041407ea4d729bdbccc65869e7540c7ca1ab558facce9e434812c362131cf9d04573d3edd5460747debc175e45bfcef281546c94476a6

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\hostfxr.dll

Filesize
369KB

MD5
9d67514fe36639b7eda307fb46d27178

SHA1
b8ba4ca6bcf2e5740b7e0f7a077fc72b1248bafe

SHA256
ec8f92f2bcc5f6ee94605b7883e663236f2a2f578f4e610eae9934cbd4266fe9

SHA512
4ca3bb0167f7f2512bfb1cc69b72fbdefc4d3ed7679ba7abd4b8c60f42df2b95f6b44550f5a14c5843305b7705634d9b26327d87bb24f2934abb5ff94c54aea8

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\hostpolicy.dll

Filesize
385KB

MD5
99627be8353e7b34ebdbbbf965470601

SHA1
e60681e3f81b4dcaf304e715878ed9f3984a1baa

SHA256
b54e1acf51c3a876c68e99ff17c5a585af264cfc25f57d6913ea9bd85fcb25b5

SHA512
bc162e11bdf84ecb7c0da3f6ffdab3380958c8b9c86e9dc4cbf03bc8fe3c5b2d958e11fb373d5944418f687f7f559c1dbeca36b37d1ae4472bb8b58420a7ad6c

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\libSkiaSharp.dll

Filesize
9.0MB

MD5
26d723bd75b5c6591dfde18b71281920

SHA1
47c05d42af2968f83877bb9cbf744c938489f466

SHA256
2ca940b7c4621ecd27d2f07c5f46fafa0375f493692cd4e6e1e66c07fbc8109a

SHA512
90bbdd48588616177354402b91a3fac363f8eb7959af570e6cee1174eeab950077b71ed47645262daf0957ced5b90b3aa5a7146a5d04d52b5c7975a5d31c5ef7

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\mscorrc.dll

Filesize
143KB

MD5
81556c4545ec2cc21ad218639a0c003b

SHA1
e80ee14ab3eee7baa7ff86b07ddd64b38788d4b9

SHA256
214186149ddf144e9fb1935a7b39fa9393d188cca6558ae580f3dcb3465aba5c

SHA512
99243e57988b7758b8537a43815840509b37cceb3beb4b8e6a8086acb36880d5aa63a4496e16c3bad34d2d8edaff7a240e6ffec9f60488b6a31d9a957b4ca7c3

Download Submit
C:\Users\Admin\AppData\Local\Programs\QuestPatcher\netstandard.dll

Filesize
99KB

MD5
6f476f66a2c6228da38fe6c7ed7ca439

SHA1
2c13aba2e1a19f00c98a1ab82066512b6b555375

SHA256
78798868341e36fc9b782ab9313cc7035c5173509552f4bb95b44a5d0d044b23

SHA512
c3e5132101845d821d040abe97ee2ea07d04135adfd11e880d08000c8b03ecc7853af7cee5bf18c07361f29c5867d9a7120f6f1d4053f624e25f6021c8e03367

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0SHP7.tmp\QuestPatcher-windows (1).tmp

Filesize
3.2MB

MD5
a55ed5acd549d243abb2b62fecb3e4e9

SHA1
dbcb2864177bac5e3c6562ca1dd35f32fb3bce5c

SHA256
171761cb6d33791fb1f152d56e5fc2cf4f93c4afa6507bb39e903440bfa3dbc6

SHA512
0f0825b748f7bcd6c6bbe4dcd9b1ff1b784240cbff9bb6ac8e1c9b792eb960a893270335d7883fa868da17fff9b9221fa024dfbaeba4adb3b28d1001652efe40

Download Submit
memory/2036-610-0x00007FFDA1D9C000-0x00007FFDA1D9D000-memory.dmp

Filesize
4KB

Download
memory/2036-692-0x00007FFDA1D9C000-0x00007FFDA1D9D000-memory.dmp

Filesize
4KB

Download
memory/3048-147-0x0000000000180000-0x000000000025C000-memory.dmp

Filesize
880KB

Download
memory/3048-1-0x0000000000180000-0x000000000025C000-memory.dmp

Filesize
880KB

Download
memory/3048-641-0x0000000000180000-0x000000000025C000-memory.dmp

Filesize
880KB

Download
memory/3048-2-0x0000000000181000-0x0000000000229000-memory.dmp

Filesize
672KB

Download
memory/3052-6-0x00000000015A0000-0x00000000015A1000-memory.dmp

Filesize
4KB

Download
memory/3052-148-0x00000000007A0000-0x0000000000AE3000-memory.dmp

Filesize
3.3MB

Download
memory/3052-640-0x00000000007A0000-0x0000000000AE3000-memory.dmp

Filesize
3.3MB

Download
memory/3052-149-0x00000000015A0000-0x00000000015A1000-memory.dmp

Filesize
4KB

Download
memory/3052-589-0x00000000007A0000-0x0000000000AE3000-memory.dmp

Filesize
3.3MB

Download