Analysis

  • max time kernel
    38s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 17:37

General

  • Target

    https://github.com/quasar/Quasar/releases

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies registry class 17 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quasar/Quasar/releases
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3ab646f8,0x7ffd3ab64708,0x7ffd3ab64718
      2⤵
        PID:4472
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:4888
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1664
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
          2⤵
            PID:2404
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
            2⤵
              PID:5020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
              2⤵
                PID:3560
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
                2⤵
                  PID:2332
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4272
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                  2⤵
                    PID:1536
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                    2⤵
                      PID:3224
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5828 /prefetch:8
                      2⤵
                        PID:4588
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                        2⤵
                          PID:3884
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:956
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                          2⤵
                            PID:5268
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16372396661487160422,17167707224655337775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
                            2⤵
                              PID:5276
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3464
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4908
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:5480
                                • C:\Program Files\7-Zip\7zG.exe
                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Quasar.v1.4.1\" -ad -an -ai#7zMap15215:88:7zEvent3660
                                  1⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  PID:5596
                                • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
                                  "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
                                  1⤵
                                  • Checks computer location settings
                                  • Executes dropped EXE
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  PID:5964
                                  • C:\Windows\explorer.exe
                                    "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
                                    2⤵
                                      PID:5468
                                  • C:\Windows\explorer.exe
                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                    1⤵
                                    • Modifies Internet Explorer settings
                                    • Modifies registry class
                                    • Suspicious behavior: AddClipboardFormatListener
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5560

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    111c361619c017b5d09a13a56938bd54

                                    SHA1

                                    e02b363a8ceb95751623f25025a9299a2c931e07

                                    SHA256

                                    d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

                                    SHA512

                                    fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    983cbc1f706a155d63496ebc4d66515e

                                    SHA1

                                    223d0071718b80cad9239e58c5e8e64df6e2a2fe

                                    SHA256

                                    cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

                                    SHA512

                                    d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    1KB

                                    MD5

                                    77a0ff346e1a6499f9a989f08d4f7baf

                                    SHA1

                                    a2991941296311a3f6313057508d9c7f11b1ed5b

                                    SHA256

                                    df651c1a1938ee95811eb3225da48fa2983ef179525f63bfcb4853b16eb9a64e

                                    SHA512

                                    9a849e0618e42e43b3d6f2f5e483dc1229556b90bb3a5aaf2856bf68a6b80a8916a426c969b870851d0118a09ae90b66ffefd8e5ee7dc430a0b6eae153a35f59

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    788373d71fb5fb28c4539b7293f60798

                                    SHA1

                                    4119b49f5af7242a75967bad0920d8c59afd9ae9

                                    SHA256

                                    4d5dd29ee1c2ee62f120863be36ef2ec07c5fe9a6a3171215b7ef62b4729728a

                                    SHA512

                                    d53cd3817ccfb84846f8d7e9b90bfc6c736718aa0c77b1b425e7e4b67b1db380d421efd58a5363703634c28406c1bc89d6e02d577b34c12a15626fc207f2afa3

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    34c691e7e2cf9747f739b4be503fa2fe

                                    SHA1

                                    94a7f6a97744230767a6a6b2cad556be98410b0a

                                    SHA256

                                    297d4e58fab9a71fe60c2e85ff1bfab77a7cece1e4468459c1f13221f8670c5f

                                    SHA512

                                    be8aab37688f88b556e39d189e5298f9cc9a2bac2d19634ae3f533338190041933b5eb8aa146861e94cf244e71f77787d68e1c7f0722222390e470e91d03f6e1

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    872B

                                    MD5

                                    9c13f8bfe65aa8def0615beabba44dc4

                                    SHA1

                                    2013ef81822d9a5e0ca787df3b257c11187b078c

                                    SHA256

                                    e5001de706083c67765a51e4c5a292d842c6ed7381506c2b24f7618f99c8deb9

                                    SHA512

                                    07e06e678bc876ea380994f9748d161f01f8d1d7b760f91eec14fbd11455ff3c0a49c0bf7052751f50b459df3d7f911404e5983b1da3039e31899ba3eb68fb59

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b46.TMP

                                    Filesize

                                    872B

                                    MD5

                                    ac5abdde4322b8bec66d554eb5297565

                                    SHA1

                                    c21a99d6e8f98b0ea6b4a674894564fa81662ef5

                                    SHA256

                                    c541953d1933404c44a0b6d93a9f01c375cd132c3305f2cbb3e0d552fbe243af

                                    SHA512

                                    5379a5e91a13c835399962e924bb8d85f2fcd45b8e97e5645e0068913b85b101b40b4916b5f918f225b49b8bb36623c601172850b3df6374408f8efc3a42ed07

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    11KB

                                    MD5

                                    0b3074246dc2bbdbdf53de86cad52a7f

                                    SHA1

                                    c4faadcd0b31a33e19a5609cadd502c3f33247f2

                                    SHA256

                                    6cf06eedfe4cc2c5e19b0102843c55083040099737acedd82cd025ffb69c9d5e

                                    SHA512

                                    b90d128f33b0c0320966f749196e3b8681dc0643ce89502ab1e5e1bcb51572ab0287377ea2a54d033e7de2001ea3ec27d9d31a66860725c39fe6c8d4b06cb45a

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f564de5c-ec28-43c4-abfb-d3dcbafa31f3.tmp

                                    Filesize

                                    11KB

                                    MD5

                                    e05045c6522cf2cab175467ccbdbb219

                                    SHA1

                                    e5151c02d3434242a7948a5815d1dd813a2d2d33

                                    SHA256

                                    8a04b83a246441bcbbee5bce2c704748e676f8a8a1bec674c19741e08a44ac1a

                                    SHA512

                                    2cd0206b6e1682e05bfe430628ab2ae779ff6bae13a2da43381a671855ca79ae6a19f23938b73b63ea6888526fd5736639fce58a43ff34ba1e0123928ae30e56

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

                                    Filesize

                                    3.3MB

                                    MD5

                                    13aa4bf4f5ed1ac503c69470b1ede5c1

                                    SHA1

                                    c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                                    SHA256

                                    4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                                    SHA512

                                    767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\BouncyCastle.Crypto.dll

                                    Filesize

                                    3.2MB

                                    MD5

                                    0cf454b6ed4d9e46bc40306421e4b800

                                    SHA1

                                    9611aa929d35cbd86b87e40b628f60d5177d2411

                                    SHA256

                                    e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42

                                    SHA512

                                    85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Open.Nat.dll

                                    Filesize

                                    68KB

                                    MD5

                                    cc6f6503d29a99f37b73bfd881de8ae0

                                    SHA1

                                    92d3334898dbb718408f1f134fe2914ef666ce46

                                    SHA256

                                    0b1e0d8f87f557b52315d98c1f4727e539f5120d20b4ca9edba548983213fbb5

                                    SHA512

                                    7f4c0a35b612b864ad9bc6a46370801ed7433424791622bf77bf47d6a776cb6a49e4977b34725ead5d0feaa1c9516db2ca75cb8872c77a8f2fab6c37740b681f

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.Common.dll

                                    Filesize

                                    62KB

                                    MD5

                                    2185564051ea2e046d9f711ed3cd93ff

                                    SHA1

                                    2f2d7fd470da6d126582ad80df2802aabd6c9cea

                                    SHA256

                                    de930a748e4dc08c851ba0a22afce8dcfd0f15f23b291f9306c8ef6ccd7460a2

                                    SHA512

                                    00af241c1f89b478e66d758db26ed0a413b690d695abf91211b5cbc3985133632327ea0fc41140bd61d02271b6aa278a8e8f539d8ca6ce94972aef50c1a9c868

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe

                                    Filesize

                                    1.2MB

                                    MD5

                                    12ebf922aa80d13f8887e4c8c5e7be83

                                    SHA1

                                    7f87a80513e13efd45175e8f2511c2cd17ff51e8

                                    SHA256

                                    43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e

                                    SHA512

                                    fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe.config

                                    Filesize

                                    176B

                                    MD5

                                    c8cd50e8472b71736e6543f5176a0c12

                                    SHA1

                                    0bd6549820de5a07ac034777b3de60021121405e

                                    SHA256

                                    b44739eeff82db2b575a45b668893e2fe8fdd24a709cbf0554732fd3520b2190

                                    SHA512

                                    6e8f77fcca5968788cc9f73c9543ce9ab7b416372bc681093aa8a3aad43af1f06c56fcbc296c7897a3654b86a6f9d0e8b0fe036677cf290957924377bc177d9f

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\protobuf-net.dll

                                    Filesize

                                    282KB

                                    MD5

                                    abc82ae4f579a0bbfa2a93db1486eb38

                                    SHA1

                                    faa645b92e3de7037c23e99dd2101ef3da5756e5

                                    SHA256

                                    ca6608346291ec82ee4acf8017c90e72db2ee7598015f695120c328d25319ec6

                                    SHA512

                                    e06ee564fdd3fe2e26b0dec744a969a94e4b63a2e37692a7dcc244cb7949b584d895e9d3766ea52c9fe72b7a31dacf4551f86ea0d7c987b80903ff43be9faed3

                                  • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

                                    Filesize

                                    4KB

                                    MD5

                                    4aef76680bfbfbae3e0f9e3cc3c3516a

                                    SHA1

                                    1b6c819d87935f3cf303c794444bc05a8bfce016

                                    SHA256

                                    896bf877309050441f73eea4548a6438cb747ca10b490441716ad186ec3d7810

                                    SHA512

                                    d40a2ca64e88123f3a99745d92627e3d641bcf76e48a78d1334f36b9c0f86b459ca62b3a78320361c09d1dbc5c32e75e846efe7935d9267214a4398e4d34ebc5

                                  • memory/5964-254-0x0000024A88DA0000-0x0000024A88ED8000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/5964-256-0x0000024A8AA70000-0x0000024A8AA86000-memory.dmp

                                    Filesize

                                    88KB

                                  • memory/5964-258-0x0000024AA6640000-0x0000024AA696E000-memory.dmp

                                    Filesize

                                    3.2MB

                                  • memory/5964-281-0x0000024AA5820000-0x0000024AA5838000-memory.dmp

                                    Filesize

                                    96KB

                                  • memory/5964-282-0x0000024AA5A80000-0x0000024AA5AD0000-memory.dmp

                                    Filesize

                                    320KB

                                  • memory/5964-283-0x0000024AA63E0000-0x0000024AA6492000-memory.dmp

                                    Filesize

                                    712KB

                                  • memory/5964-285-0x0000024AA6320000-0x0000024AA636C000-memory.dmp

                                    Filesize

                                    304KB