quasar | hxxps://github[.]com/quasar/Quasar/releases

Analysis

max time kernel
44s
max time network
47s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-11-2024 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quasar/Quasar/releases

Score

10^/10

quasar discovery spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/3836-190-0x0000016360C50000-0x0000016360D88000-memory.dmp	family_quasar
behavioral1/memory/3836-191-0x00000163611E0000-0x00000163611F6000-memory.dmp	family_quasar

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760432492705988"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeDebugPrivilege	3836	Quasar.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
3836	Quasar.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
3836	Quasar.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 2448	5080	chrome.exe	79
PID 5080 wrote to memory of 2448	5080	chrome.exe	79
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 4716	5080	chrome.exe	80
PID 5080 wrote to memory of 3120	5080	chrome.exe	81
PID 5080 wrote to memory of 3120	5080	chrome.exe	81
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82
PID 5080 wrote to memory of 2468	5080	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar/releases
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3adccc40,0x7ffc3adccc4c,0x7ffc3adccc58
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,14531709563696188438,12125003138370551945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,14531709563696188438,12125003138370551945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2052,i,14531709563696188438,12125003138370551945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,14531709563696188438,12125003138370551945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,14531709563696188438,12125003138370551945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,14531709563696188438,12125003138370551945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,14531709563696188438,12125003138370551945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3700

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3740

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fbd2b72ce286bc0be189ca8f249bfb35

SHA1
e341999426ee9d38d0b0fa7c59ad12f0cefa93d2

SHA256
17527de0efc4301759eef6e547043bf9c912b186e2384705ee3ceeaae0eefa66

SHA512
45ec5a9a4c6fff52aaf2d4735e9c08b82eaea21dccdd548509b100cb11f6c956283efd21a747462ac3ab97d9b34fa5b8153ecf6549b73170616cae59ebea7f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c675f88e494f74aef6a8ecef5b52255f

SHA1
e0f1481015dc7e3b9879b96efdd6aaad82aec33b

SHA256
c2d0d84f23ff1adf785d4896ee70f71769e3ddd56bcb94196c242309143e6a62

SHA512
f3db168c1a495a5d9e91a8b560753e3d5728662fa5d958a6178f704cc8efc9bcd89830d3946ecb3119096e6e72f1dcb426f37c4b8d2730a63f7ca0b6ace1e471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ff5705167b41c973168c897a78ea841

SHA1
ba2339e4913dcaea3c503cad0b5cf8eaeb2e2abd

SHA256
27e0f03e827a2e878a41344151b465ab440bc51381b498f70413d03cd443fbdd

SHA512
3e05b968b80fd5e466edc52d4e2d891f58ee514e75ad292346bd89eba8ea2c8249869eaf0abb3724d2b5334d7b6244fe133fbc51ac2c7e509f5d7dac79cce918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3e8168ed2be5024814b8b2a88e7305c

SHA1
162b8cdd0e7d147652058bf2ad2b5480b82f5c1a

SHA256
b215e42665d82a4e550509fc84b88f1e0475c2acfc90b6a0afe59b3fd2f5ecd1

SHA512
9159d52bc167042cdb6d86c997718f0784a85102a70c10d7d54cc48e3c38d4a5d7af50e605109f4ef290532b6d019b7b89d947d4d2a99ea255a2da0f377ca2c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7f634d021182d57da9f4c500b148b34

SHA1
657a3c6932ae64b4ad59db31939a27687155ae47

SHA256
daafdc204ae83bb738cfeb48185303aab71dba0b5c5045d076d299cb5d580f8a

SHA512
2ab58ed43d16619f0c6c1543859835f42771b0528532c71fa2313044fff0f40d5a7a505b3d990b38a33db066b3745eb94c372c9a5520a2a8e64a81c0adac8491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69aa21259757a95e139dec87a4b4f5af

SHA1
f42c6c1f34795322c73fa9393d76529b6d16de33

SHA256
d964c25ee8888f8ff5d08e8de4453e86724e16ebc8aa935ccfcb5002d73fc265

SHA512
9dab23aec4ebb880388ab413ad1101406ba4599cd34d22afd8fa35da4c8cffa4261378892855877765235345ce85a3574aceefe865edc6009b4e84992819ba31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
620556207182cdc6ab10d370cdeca0fd

SHA1
1b2a107bd3ab2365c567fb6beafb0e8976de9ba2

SHA256
eef4ed2c481b82c6651c1f60b3a3b36345dc59651e892c770326c972b465cd9a

SHA512
aa4a28960400d843809fe13bb2c55800df16004b6147af293ed6c097d7bb78fbf232c7f862c5deb9498dd7df53a4d43c5b8ba84c01c24b5b79fc4316991398c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d36c11098049ca123d52f0b9aa6c00d7

SHA1
60f95453d63061b7c7288ea23e640775d52ebf54

SHA256
cd7b163dd9b3ddcc978ce8c8ea4464a43b63f8a9746df9079df1c5a84d30b634

SHA512
42c6187eeafadc02cdb4b4e5317617b9d25fc745367b350118536abd096706fc041002aab595da0a4059e1dcc33e905738936d7479cf272bb2a976735ac44ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d300dc75e5a8fc173671ad2f8d4b2257

SHA1
779b99013a88624dae244fdd651648ec377472e3

SHA256
e26b417bcbd100262eb408d5ba84ac5cc49909f66dc4216f7bb94e5a3d8801ff

SHA512
5ebd824a73e751cde1d9a0d5d62349c2bb666c25cf0d9eb5171d428bca4904707d9412d5dc28666572c3692c459848c0842413c373ff448e10b18a9cf38e9edd

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3836-191-0x00000163611E0000-0x00000163611F6000-memory.dmp

Filesize
88KB

Download
memory/3836-192-0x00007FFC36490000-0x00007FFC36F52000-memory.dmp

Filesize
10.8MB

Download
memory/3836-193-0x00007FFC36490000-0x00007FFC36F52000-memory.dmp

Filesize
10.8MB

Download
memory/3836-194-0x00007FFC36490000-0x00007FFC36F52000-memory.dmp

Filesize
10.8MB

Download
memory/3836-195-0x00007FFC36493000-0x00007FFC36495000-memory.dmp

Filesize
8KB

Download
memory/3836-196-0x00007FFC36490000-0x00007FFC36F52000-memory.dmp

Filesize
10.8MB

Download
memory/3836-190-0x0000016360C50000-0x0000016360D88000-memory.dmp

Filesize
1.2MB

Download
memory/3836-189-0x00007FFC36493000-0x00007FFC36495000-memory.dmp

Filesize
8KB

Download
memory/3836-215-0x00007FFC36490000-0x00007FFC36F52000-memory.dmp

Filesize
10.8MB

Download
memory/3836-217-0x00007FFC36490000-0x00007FFC36F52000-memory.dmp

Filesize
10.8MB

Download