Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/q...

windows10-2004-x64

10

Analysis

  • max time kernel
    203s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2024, 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

7:4782

Mutex

77ff6a36-1327-4471-bf1b-9c31d72cb50a

Attributes
  • encryption_key

    2FF4C106ECC23892280684F4B5C7841B8ACE7F76

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 4 IoCs
  • Executes dropped EXE 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/quasar/Quasar/releases/download/v1.4.1/Quasar.v1.4.1.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3376
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
      2⤵
        PID:3684
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
        2⤵
          PID:1316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1184
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
          2⤵
            PID:3016
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:3056
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:320
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
                2⤵
                  PID:652
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3012
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5132 /prefetch:8
                  2⤵
                    PID:2724
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
                    2⤵
                      PID:3344
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4844
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                      2⤵
                        PID:5980
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                        2⤵
                          PID:5988
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
                          2⤵
                            PID:6140
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                            2⤵
                              PID:5160
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2245033951818821748,13525292508211533954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4320
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2172
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4140
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:5272
                                • C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
                                  "C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
                                  1⤵
                                  • Modifies registry class
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5848
                                  • C:\Windows\explorer.exe
                                    "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
                                    2⤵
                                      PID:2648
                                  • C:\Windows\explorer.exe
                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                    1⤵
                                    • Modifies Internet Explorer settings
                                    • Modifies registry class
                                    • Suspicious behavior: AddClipboardFormatListener
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5580
                                  • C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
                                    "C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4476
                                    • C:\Windows\SYSTEM32\schtasks.exe
                                      "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                      2⤵
                                      • Scheduled Task/Job: Scheduled Task
                                      PID:5672
                                    • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                                      "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2604
                                      • C:\Windows\SYSTEM32\schtasks.exe
                                        "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                        3⤵
                                        • Scheduled Task/Job: Scheduled Task
                                        PID:1516
                                  • C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
                                    "C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4876
                                  • C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
                                    "C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5128
                                  • C:\Windows\system32\rundll32.exe
                                    "C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtAddPFX C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12
                                    1⤵
                                      PID:2488

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log
                                      Filesize

                                      1KB

                                      MD5

                                      baf55b95da4a601229647f25dad12878

                                      SHA1

                                      abc16954ebfd213733c4493fc1910164d825cac8

                                      SHA256

                                      ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                                      SHA512

                                      24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      fab8d8d865e33fe195732aa7dcb91c30

                                      SHA1

                                      2637e832f38acc70af3e511f5eba80fbd7461f2c

                                      SHA256

                                      1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                      SHA512

                                      39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      36988ca14952e1848e81a959880ea217

                                      SHA1

                                      a0482ef725657760502c2d1a5abe0bb37aebaadb

                                      SHA256

                                      d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                      SHA512

                                      d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      265B

                                      MD5

                                      f5cd008cf465804d0e6f39a8d81f9a2d

                                      SHA1

                                      6b2907356472ed4a719e5675cc08969f30adc855

                                      SHA256

                                      fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

                                      SHA512

                                      dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      33ca14c392c97a9bf4574eb1cfa26d27

                                      SHA1

                                      95f40bdf33f0c2eb19281b781ffa1b48fd1f58fe

                                      SHA256

                                      af5ab29a5711ce5c383eb5b962b21786b654fbd9779727f547f7fd293e64e258

                                      SHA512

                                      173e43d35c5eca4d2591d128d49f3ea49723f9783bee142dd4f875310f3b33d0a6f93d8509440e8e8da3159f9e264d9beb1806f7b03a44fcdb1b0c8820fc2442

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      05bf7ee7d6595b55deceecbee6559016

                                      SHA1

                                      366106df3a825ed13f2fc9bec2dde55ed26c8acc

                                      SHA256

                                      e11b2a4622e743ba54e66cc5f60fe763cc04e8f068e9ef0d1f407d036e01c620

                                      SHA512

                                      d9fb5cc1baa7134ba16e6ab4bb87878989d624d0fc65a503efb8e7dd937d1f6a5591aed71b1154a4e598a7337d6e683f3ec1a349038f34e004db099ba22e5dda

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      66af6c101bcb965b0cc3363c2858859a

                                      SHA1

                                      e5b14c004788dc1cab26948a906711a5b491dcec

                                      SHA256

                                      cfc2929bb9fc9cd234e10bd36e3a29b3be3055756933f26ace0764500f371de6

                                      SHA512

                                      faeb8dddacf6de492ced8030759d49cd2babb31e6285f7a2a5d523af1b1f25ab7c2dc329c4578a17dd2daaf40afeb910396c8027a6487baa1169f06192b67708

                                      Download Submit

                                    • C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
                                      Filesize

                                      3.1MB

                                      MD5

                                      e07566f921c9d19ff1dd240f7961de11

                                      SHA1

                                      13c097847ca6bbe720efcc1ec22483402e26615c

                                      SHA256

                                      38af2fe41f362fb0d8361a21d7775ab59750dc66fcd057a5dd4cf3cf94d43592

                                      SHA512

                                      d1adb1cd3f878c366858dc46f5d9e6385ed7c4f1a0c86018612010e118ea8d6e379173a3b620302ae2cf5633b624abd603e892d6bb38cae31b896b6f1f49094b

                                      Download Submit

                                    • C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
                                      Filesize

                                      1012B

                                      MD5

                                      42d9bf9aece15443a1d557b92ffb363c

                                      SHA1

                                      5eb269c686554618f556ed22ca69be4b424961a4

                                      SHA256

                                      d09ab866c2ce84c7b3c053b7963f54e59ddd1cd01536c712dae1fa05fb1b5529

                                      SHA512

                                      7994f4a35a0ada9f8567e7485204d74fc27ad763d918ef25ed29e29ba9208ca7c9ed46b3232e3ac5e04423f4c9d71234c7502b533a8b9d0896edce2facc9c15f

                                      Download Submit

                                    • C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12
                                      Filesize

                                      4KB

                                      MD5

                                      9aa89442a451ab19c24f50df83140852

                                      SHA1

                                      5adb490ede59084a4864d6c31ee8e0da2b9a17eb

                                      SHA256

                                      852c264d9db7aa345c8400b3e84c8dfb71738b7a732bdabbc8de2e573a2376b2

                                      SHA512

                                      5a3b0d94f37f2bf109aec33fa12d2059e977a2821d55f6653db32ecf2720b9a1272b6aa04e1662a7c984c61b06b7cfb437e6655a2a3860e42acce3f043ff6a28

                                      Download Submit

                                    • C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml
                                      Filesize

                                      372B

                                      MD5

                                      fca8b1c002395cf5d7ecf1a357f34319

                                      SHA1

                                      3795bf632d1a619814301b5226d958ce78a0ab12

                                      SHA256

                                      0ac0e8ff8e7d2722ee870e3e227f844d16ee41250a16ba0b2d3e1537297bdc21

                                      SHA512

                                      5d38019d282afd8b8da9d0acf0c2e622c3a889e0f7e457d08aeb6324192b7ab904ad133c6336fc24555a00c9654a8d9d21fa7211299d01b4aaad028a5739483a

                                      Download Submit

                                    • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip
                                      Filesize

                                      3.3MB

                                      MD5

                                      13aa4bf4f5ed1ac503c69470b1ede5c1

                                      SHA1

                                      c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                                      SHA256

                                      4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                                      SHA512

                                      767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                                      Download Submit

                                    • memory/4476-273-0x0000000000650000-0x0000000000974000-memory.dmp

                                      Filesize

                                      3.1MB

                                      Download

                                    • memory/5848-105-0x000001E75A550000-0x000001E75A5A0000-memory.dmp

                                      Filesize

                                      320KB

                                      Download

                                    • memory/5848-107-0x000001E75ADF0000-0x000001E75AE3C000-memory.dmp

                                      Filesize

                                      304KB

                                      Download

                                    • memory/5848-106-0x000001E75AEB0000-0x000001E75AF62000-memory.dmp

                                      Filesize

                                      712KB

                                      Download

                                    • memory/5848-171-0x000001E75E630000-0x000001E75E68E000-memory.dmp

                                      Filesize

                                      376KB

                                      Download

                                    • memory/5848-172-0x000001E75E170000-0x000001E75E18A000-memory.dmp

                                      Filesize

                                      104KB

                                      Download

                                    • memory/5848-104-0x000001E75A2E0000-0x000001E75A2F8000-memory.dmp

                                      Filesize

                                      96KB

                                      Download

                                    • memory/5848-73-0x000001E75B110000-0x000001E75B43E000-memory.dmp

                                      Filesize

                                      3.2MB

                                      Download

                                    • memory/5848-66-0x000001E73DDA0000-0x000001E73DDB6000-memory.dmp

                                      Filesize

                                      88KB

                                      Download

                                    • memory/5848-65-0x000001E73D880000-0x000001E73D9B8000-memory.dmp

                                      Filesize

                                      1.2MB

                                      Download