Analysis Overview
Threat Level: Known bad
The file https://github.com/quasar/Quasar/releases/tag/v1.4.1 was found to be: Known bad.
Malicious Activity Summary
Quasar family
Quasar RAT
Quasar payload
Executes dropped EXE
System Location Discovery: System Language Discovery
Event Triggered Execution: Accessibility Features
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Gathers network information
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-30 15:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-30 15:59
Reported
2024-10-30 16:25
Platform
win10v2004-20241007-en
Max time kernel
1486s
Max time network
1496s
Command Line
Signatures
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe | N/A |
Browser Information Discovery
Event Triggered Execution: Accessibility Features
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb73de6dedeff944803e966ed33631240000000002000000000010660000000100002000000006b0b89f5839c658cd61bd67c4aa7a5f15d8572aa4cf37cee785d0344235ed15000000000e8000000002000020000000141a651ba53831260355d0d89c54d0e91801b2e7d026f9249a8723b9107cd9eb20000000fdbdf74d85b9eab0a282bb61b93cfd40e4fce541437f5c18d6351064ba35a6c940000000ca43b82491985f325402a86927a77da225fc1bd743767a01d5f5825cebae9ebe8d68085ce7400a7e20862f4598994f181432a8f136c3bc7e9c172cf4fe5bf8b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb73de6dedeff944803e966ed33631240000000002000000000010660000000100002000000087bee9f7319b0d640244882d53613727d6f94a57d78c863736f470b4fe401253000000000e80000000020000200000002b4b15fb157db7753e1cc5072acfb944838b40a1018f171de05da6624b312657200000004218dc4b094b05ecca0d30f224fbdd4f224045a6ae8cf1e31385b5d7934928e340000000bf11bfac09b9d9499e904e8b9e9c5cd4dc1254380eed94629d6df0658d693a94bd7c4322cee2b4eba346b586b9a06f962dd65d25b50296df94dd177a7c8fc910 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5E96D31D-96D9-11EF-B9B6-EE6C25FCE24B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31140582" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31140582" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8045dc33e62adb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "866756229" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "866756229" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6086d933e62adb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747777375325968" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e003100000000005e59198011004465736b746f7000680009000400efbe4759d1495e5919802e00000065e101000000010000000000000000003e00000000001d70b9004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000004759ea55100041646d696e003c0009000400efbe4759d1495e5907802e0000005be1010000000100000000000000000000000000000005e13b00410064006d0069006e00000014000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000004759d1491100557365727300640009000400efbe874f77485e5907802e000000c70500000000010000000000000000003a0000000000e947970055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 66003100000000005e59248010005155415341527e312e3100004c0009000400efbe5e5919805e5925802e000000633b020000000d00000000000000000000000000000022ad95005100750061007300610072002000760031002e0034002e00310000001a000000 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\NodeSlot = "5" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/quasar/Quasar/releases/tag/v1.4.1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa333046f8,0x7ffa33304708,0x7ffa33304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa2287cc40,0x7ffa2287cc4c,0x7ffa2287cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2324 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4528,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,430192009163834773,3243292455474194735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4836,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3548,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5356,i,6492464791485219927,6102891365506208412,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x4d0
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe"
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5388 CREDAT:17410 /prefetch:2
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 216.58.212.196:443 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp | |
| N/A | 10.127.1.46:4782 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_3940_LADBCVTNQJMBSYMG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 412fa9be1abe971180382e812640635f |
| SHA1 | 2a06a946c2c7c8f898da9f4363e67a0c4b44b92d |
| SHA256 | fefa9ad3b8803135f58df57735f201ce2d36450e4cbc2a5a424321da2ef6f465 |
| SHA512 | fe7e89828cd65b98ebf4d18ced5fe0a29a768e01d36729cdca6e2871dc75babec5f243e5027f000979aa16338a590a2b13c1575eaffc4399792fe467c4292c4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c94dd53b1281e9ccd8ac3d125f168d6 |
| SHA1 | abba41eee1eac385bfca10add4e8e3e1f7e69cb3 |
| SHA256 | 8688f4ba2861d9db014a729d0a59651573a0b65c22e5da97b164d77dc3db4ca6 |
| SHA512 | 68dddaf6112d670da490b72d5bc3b7f2dfeee61f71785a68864ec875da9e635383b8b20a6f65661f1a08e9276c25ac359301e4063a6667a187494143a5b7279f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a102e827443cd0ea11dce6dbb7a409ea |
| SHA1 | a75557e4d56c6922f3a87a93b0fc41e4a111523d |
| SHA256 | be9ecd93492f2ab18b06f6519e211e8d8b4b89151646a408caa0f857987ef48f |
| SHA512 | 000f0caca6fa7176f0b834c084d8601e18e726820423af6f2bf2fdaf139de462d455b58eb51f24ac44216abb5a0aff95148e1e775873256f86459d359db36ebd |
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip
| MD5 | 13aa4bf4f5ed1ac503c69470b1ede5c1 |
| SHA1 | c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00 |
| SHA256 | 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62 |
| SHA512 | 767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3aaa3039b13b1b752d3a32a60a09d71f |
| SHA1 | 71bad89303a3b1e090957bf6d04bccc41a461e99 |
| SHA256 | 9b969b65e4570a6c354aef95306250efbcbb136d2ce44649acf3eab2021bb63f |
| SHA512 | cb085adf89926215a4b5321d682d4ee6408776b33e79ac6e88dbb2815cdceae165a88002a242a7b0801baba05419fb080b44651eb40f1df4629a521643c5a4d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813d1.TMP
| MD5 | d1e42db27c211a7f8abb070b7ce7354d |
| SHA1 | 5d3fe6215270214706a4312b91a4f9879f255cc3 |
| SHA256 | 5a3783534b300e767203fe66c5dfbf7f4e34a7b07ff48696bd358ebe24bb4046 |
| SHA512 | 55eaad954dc78e6cdb296f5486d1ed4f66ed5e8e8b10beec402f736aa4b294814b87e4723db9ce6c0ff60775ef3e5133fbf3a236be8bcf2ae2382cd528240305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 56c5c21d117ba8a5845fb263c12edc09 |
| SHA1 | 1f9eb53a92b4f8093e80515e8e02547312bc3339 |
| SHA256 | 48b11eda99c72a960f17add99d9870508283ca366dc051a71fb9387c762215b3 |
| SHA512 | ec45e2db1b8163584bb60243750520700f1538794533e86de386fe4a9d15124c98fc4eb5e966b62250cab446a323d263888648781db8d9bea81432469414d9d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c93e34d2fce75b85a6de5360c44519a1 |
| SHA1 | b5013afe915dfe95fe3c4fbea9b7aa3b9e387427 |
| SHA256 | 4a75c5a0dbb6a6a6feaaa4d95c0b48b1e371ed8e4cd848983223e85579ab4ece |
| SHA512 | 87e1849e5f513f01930ec3448485574bbcc43435887eaf508494ebfaa2d49a38b07358024be187900e6a6d38270d778075e468723810fd2ae16496b7130c0bae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 585b4f388db6e6efac7b10cbd0226653 |
| SHA1 | 84ff995d4f2a21d753278b325fc1453dfd65bf97 |
| SHA256 | d0ee2bae79174b5b1985b84e777852de962bdeeeb0f33f8fe276740288512672 |
| SHA512 | 04679b4798b75b9f1648681cb8b0585efc71bdb449bf8f838afec4149f0c7b29f008d6ced419dbdc166e3a09668a2b2fc2bab38864a1e73d16ab5a9c7f38cdbb |
memory/5548-221-0x00000246B2A80000-0x00000246B2BB8000-memory.dmp
memory/5548-222-0x00000246B2FC0000-0x00000246B2FD6000-memory.dmp
memory/5548-223-0x00000246D0330000-0x00000246D065E000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12
| MD5 | a93ef6b3e18287ff0604bc41f4a47a02 |
| SHA1 | 747ec2a8613c0b60820a4e6987a8e6da7c105bd4 |
| SHA256 | dde88985c3c1dc8e9693d5117d9158d0488418c8a0942a8e9b3b13a06a208bb6 |
| SHA512 | 6816b0ecbdba46acb56b24607b51c10fd866721cd9efbda23daa6ba908e02730b03697d5348b535b8a35d0df8431fcfc538c1b72678315b459997bce08a3471b |
memory/5548-267-0x00000246CDD00000-0x00000246CDD18000-memory.dmp
memory/5548-268-0x00000246CDD70000-0x00000246CDDC0000-memory.dmp
memory/5548-269-0x00000246CF730000-0x00000246CF7E2000-memory.dmp
memory/5548-270-0x00000246CDDC0000-0x00000246CDE0C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 30322550d9f9c54f345ea1c71f3b2e8f |
| SHA1 | b5a3cff2995147279c2bbed7c03b2280ecb286e5 |
| SHA256 | 4e7798d8476361378f8fbfb0442db63c7f6bf7e1830d50808bfdb8a58700d8f9 |
| SHA512 | 261d1f5bc9c8a369f815eb846c252f54681f70862153bd49959411450870207b3ee240cc9016533c27401922527d561cc1ea7bb23708e4a257f071d010cf55ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 453e77fee1b2a7c1786bbfe34383471c |
| SHA1 | 04c6d86aea9154a2f102cd06b65b0fd83bf604f1 |
| SHA256 | a689b61e1625e880c6ed49bfb651f58cb317b73066609f4cd738b00b612ec036 |
| SHA512 | bbd71fea6c506eaa12977789ca0b4a2c12af937330b51b48e3c64c4a78c864bcc285b6fc43afd98e1a976d39f6c85feeaa007107388957d62a68970e2a702e92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1bce0cb3-a30d-410c-9b01-c8f7d68804e6.tmp
| MD5 | 94d585ea8ab3d4e5ee1d7f4c4d85b97e |
| SHA1 | 7a1b478074a7f0a630ebd41942f031d5e1019b04 |
| SHA256 | 8369eaf1ecae1c08d6f1ac3ab881925589ad16221bc73531c3104e458aef661f |
| SHA512 | 6b1b302e1fb39ebd4b5b5bfef6c4554f2df249f93ebeca4e8461e0ad738df9cad6b400956c94d99c8f0f4221b4e6a3ede15c8f4b66b60118b98385832829dedd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43b80a4583b10ace1d0a4d1209ddecdd |
| SHA1 | d470d38f5638d10c955b851b4800fea4570ce2fb |
| SHA256 | ac8175a52d96a623ee478636a01a1f89e43c8a8a6509f059c99e8f95e95a829e |
| SHA512 | 8c1d19ce05330ffd2e5a52dcf82a14e196747275fd04c1595fb631d89063b98ab78b387391004f68c163ffe3645045f76edc20c4a39b6ea1d540edf2e970e65b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1035b98ddb99a29414264b74ff3fe179 |
| SHA1 | df5eb658f16710c6597c23a19876906127e71993 |
| SHA256 | 9b58f47612bf48bdad4fbb7b438760ccc7cb8a0bf3d4d819d250d34a663aab17 |
| SHA512 | 1ba3803d7989f24e496da9aba88e88e456d5b4053b69212718eb904c2ebf28d498080158436f54a557af3254de222f6a2cdca5a50b59bc6e8a6d6c594bd13033 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | eb9d3b06980bf4a084456cbae478b21a |
| SHA1 | a67ab26862be5cfba679c7677bd168c8d55339e9 |
| SHA256 | e3e0794d6518140feb504cae92d96c7b6b329ebf156e423f373f512dbfdc93a4 |
| SHA512 | 800d54eb55f7c2e6d55207cda4b8068760284b4a3392d2d419ec7504cc9da0c157005a6243374d00f82e4316e28a1e4995b5b56dc76b14927727a0d223d77993 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4549a75211b7435d0f5ec3fef814ade8 |
| SHA1 | 0792dd1e4803567d24e673ee65469654a590d31b |
| SHA256 | 6e268ffe55dad82916d1fb23d3a38a584b3d3133e6b453a770274b6133e7ae7d |
| SHA512 | bd68ec5fc745c40d359d4b9ef8c9e1e423d5c2a0397776ca59cf6339f6a272bf7608279fc068cdd1fbb35752a65cdddfeae2a638ce264a90f5cca90b611c3093 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7e752b6b9d6753cf0ed75e2a7ff5965 |
| SHA1 | 39346becb12dc701b2b2c548af02d8efb67d641e |
| SHA256 | 8bebc61186470c7d2d9cf70274b3748a14e1fc5ba8bbf9e5c494b3cc2378a140 |
| SHA512 | 5c5272a8247bddf36bc02ac0ec9e944409d54cf70e1fe38a0a7e5441fd192c47f3459be97361dc1dca7a3ee9edadaa8f69e6f0f8c2c320b0f60f84e3ae8ef261 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 44051413d17107e60db3276a463ef260 |
| SHA1 | 0f7654bf73242dc6189140fc3976042ad6262f53 |
| SHA256 | a757a1ebc56e579527f56586bb7833a9c5ed70b3a557ea4ac59df23a1b99bdad |
| SHA512 | a3a7faf354fd80560ddc634658ace8fd88c2a75fc4705b4d78e694e05226dac8867f8836e97c3232a928401696db43b8d2a480c5cb71a23cef8ebf28f4e1b5fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/5312-493-0x00000190C1B40000-0x00000190C1B50000-memory.dmp
memory/5312-509-0x00000190C1C40000-0x00000190C1C50000-memory.dmp
memory/5312-525-0x00000190CA220000-0x00000190CA221000-memory.dmp
memory/5312-526-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-527-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-528-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-529-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-530-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-531-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-532-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-533-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-534-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-535-0x00000190CA240000-0x00000190CA241000-memory.dmp
memory/5312-536-0x00000190C9E70000-0x00000190C9E71000-memory.dmp
memory/5312-537-0x00000190C9E60000-0x00000190C9E61000-memory.dmp
memory/5312-539-0x00000190C9E70000-0x00000190C9E71000-memory.dmp
memory/5312-542-0x00000190C9E60000-0x00000190C9E61000-memory.dmp
memory/5312-545-0x00000190C9DA0000-0x00000190C9DA1000-memory.dmp
memory/5312-561-0x00000190CA0C0000-0x00000190CA0C1000-memory.dmp
memory/5312-560-0x00000190C9FB0000-0x00000190C9FB1000-memory.dmp
memory/5312-559-0x00000190C9FB0000-0x00000190C9FB1000-memory.dmp
memory/5312-557-0x00000190C9FA0000-0x00000190C9FA1000-memory.dmp
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
| MD5 | 368401d07edfde4a97b091015ea99bc7 |
| SHA1 | 7995af9656c1ed515e1d26ac3dfa737bb629fc39 |
| SHA256 | 6ad86133d37c7d9091abeacf45815cdc9b52ee286479d99206b62d1d0fe90e7e |
| SHA512 | 16d023569f069fe406e9bc44156816c76575bd9d95f3f6ec732047715f15dcfd97a1189903aa2732c82472d22681f1df1c043d0bd7258d8ca8104eb6beb9c66e |
memory/5548-575-0x00000246D20A0000-0x00000246D20BA000-memory.dmp
memory/5548-574-0x00000246D3870000-0x00000246D38CE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1045960512-3948844814-3059691613-1000\d03c7f8a21f316b17024a87d76db2642_a4172161-d53d-48af-8f36-a00b057e74d4
| MD5 | 92036e6f7a34a2d52957e77f467b8367 |
| SHA1 | 80136e443dd74b941c5c4fed9f60e869e33e65c1 |
| SHA256 | b0065379c2e16a0c69e73a88b08c11b57813d728f4ba09648b75639d4feb4327 |
| SHA512 | 6c32710f95920614312a7c4fc3f4dba49924f017a74b59b467c5b15557bc7c4f06deb682b86772814e0607bf3f7f3bb9a25ee387e995726f57137649ba5ba55c |
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
| MD5 | 38ccb91f06cdd472bb0fa8b2ee1f6bd1 |
| SHA1 | 51490fc44d9149a5660c0eee7e9ff8f246f776bc |
| SHA256 | 4a1433b1c2b8f925111bf3a319f8d747a2b1595ddc980fa37e5022e57bb6b13b |
| SHA512 | 3a56de11055382c1577af1869e35731236774ca0de6cac28a3d6614a9d99d0c0c32028f6829c7bc6672b917bb6ee30b870d6363a3f4976aea0d69d8f057e9fef |
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
| MD5 | a1b8c6a7dc5072c25c582a6e9d9ba709 |
| SHA1 | 61abd3c9f553dcb96ed85c115309c1d45a3b82bc |
| SHA256 | ccec603a7282ce665a5421b246752f96d8248ce5eec1d51dbd8319bf2f70c2df |
| SHA512 | b2513242860f00607089741c85e0750676d165da4f3c86b36fc1ea894cd4f9eec210578488f90b85cc4dbec40e7d4e41f43d1df1274eaa0737a0a14053f8d13c |
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml
| MD5 | fca8b1c002395cf5d7ecf1a357f34319 |
| SHA1 | 3795bf632d1a619814301b5226d958ce78a0ab12 |
| SHA256 | 0ac0e8ff8e7d2722ee870e3e227f844d16ee41250a16ba0b2d3e1537297bdc21 |
| SHA512 | 5d38019d282afd8b8da9d0acf0c2e622c3a889e0f7e457d08aeb6324192b7ab904ad133c6336fc24555a00c9654a8d9d21fa7211299d01b4aaad028a5739483a |
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
| MD5 | 557bb7b3d831d254ea3182604e8d3d71 |
| SHA1 | e68ad12ee0ba89a3979fc8a1e5452414f7ce7ddc |
| SHA256 | b895704ea8bd7a49f14e1594d7b84426542c8de5db7a30c65a7370c9fd4fc7aa |
| SHA512 | 9865a3d54d3b8575ecd2f9af8d696da744b106330f65d509fac00c2c11ad083a9be1300948ede82249505b5da74115341ddb2f1736436d88fb27501abcd8e6dc |
memory/220-728-0x0000000000100000-0x0000000000424000-memory.dmp
memory/828-763-0x000000001BF60000-0x000000001C488000-memory.dmp
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
| MD5 | 310b7dd54798abf74eb765b9df19075c |
| SHA1 | 5a6e92dd9641b3b65a075a795ed73c1ec883b730 |
| SHA256 | 570820e25fa5e23504298c41ee1b2b5e6ed478b3de6bcdc27873cfd1c66fae44 |
| SHA512 | 886087c28ac6e3c1c640a97f4daaf42eee63dc39bce60a4e034757dbfc60c4872abc352855f3820d4894661ef11e981dd67f0a6387fa6ada2940e1f93c35fb64 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log
| MD5 | baf55b95da4a601229647f25dad12878 |
| SHA1 | abc16954ebfd213733c4493fc1910164d825cac8 |
| SHA256 | ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924 |
| SHA512 | 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545 |
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built2.exe
| MD5 | 2ea684329dc2d012365608490761868a |
| SHA1 | b409de5ebb383034117cf7ef0e5a9ddbca3986e2 |
| SHA256 | b1ae47d11742fc000ccc6266886ce9e83badec4f44516a4e414fee9223d40998 |
| SHA512 | 40372e57ad76eab13ca39eec80d11e3038e6346c4f411551b2f59f01f88cea5553ea654de660a51bb15888b314ce810057500a2ede64cb07e11aee0822dd6dbc |
memory/3044-860-0x0000000000DC0000-0x00000000010E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Quasar.exe.log
| MD5 | e07c3925c4e8b60a8ea6300a1437ef3a |
| SHA1 | 101e086eed0ac5cde21219343545f5042fb1cb12 |
| SHA256 | 98dd0707ee1844d0b0ad3f44d21c9bbfd1c135e18ea22061c9bc4e0e45736156 |
| SHA512 | 8ba1327624a4225082e608d9f7689796a5fdfaeb042f9870164436ff0022e94379e8b98774665e3ccc73d8cc1d3c510fbabd10f39b0f164c4fe3310570da5b8d |
memory/2356-888-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-890-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-889-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-891-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-892-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-894-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-897-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-896-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
memory/2356-895-0x00007FFA029D0000-0x00007FFA029E0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1045960512-3948844814-3059691613-1000\c3515c0cff664fffcf3f1889f9e5ebd6_a4172161-d53d-48af-8f36-a00b057e74d4
| MD5 | 46219c1fcf707aea671af71ca1192130 |
| SHA1 | 81b5beffde2d3b1cc026e52d195e44f369960cc9 |
| SHA256 | 1905919490282158abbfe54762d5e1bc7ab64edb03b4f75ecb541615151642dc |
| SHA512 | ec33d8f8ba87272cb432739824f3abc360d2be969d02d4cf6c4c46f7edfc7198a7d57c077f645c40592d34e966a5e553c159e7d5e4dc891159e001592d7e1ced |
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
| MD5 | 29ef08faa6cfbe0148d5c9290ae32937 |
| SHA1 | e0400cd314f368d6d205b80be15c583736892a7c |
| SHA256 | 5b4022e843330519fb8efe1551dc9f8d4663a8ba46e91676b21b4d671c8d147f |
| SHA512 | 231daf817f0b373e9b4763b55abed4f6244f7a7847fbfa29a5432da39779682126a2050bed34ed5ef69f09227557fcb690b5a3c9c176112783cb0739c17fbcd0 |