quasar | hxxps://github[.]com/baaslaawe/Quasar-RAT

Analysis

max time kernel
611s
max time network
618s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
28-11-2024 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/baaslaawe/Quasar-RAT

Score

10^/10

quasar discovery spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 3 IoCs

resource	yara_rule
behavioral1/files/0x00290000000450e1-543.dat	family_quasar
behavioral1/files/0x002b000000045251-2565.dat	family_quasar
behavioral1/files/0x0003000000044406-2800.dat	family_quasar

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
6996	dotNetFx40_Full_x86_x64.exe
4228	Setup.exe
5348	dotNetFx40_Client_x86_x64.exe
4100	Setup.exe

Loads dropped DLL 28 IoCs

pid	Process
3772	MSBuild.exe
3772	MSBuild.exe
3772	MSBuild.exe
3772	MSBuild.exe
3772	MSBuild.exe
3772	MSBuild.exe
1812	MSBuild.exe
1812	MSBuild.exe
1812	MSBuild.exe
1812	MSBuild.exe
1812	MSBuild.exe
1812	MSBuild.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
6868	MSBuild.exe
6868	MSBuild.exe
6868	MSBuild.exe
6868	MSBuild.exe
6868	MSBuild.exe
6868	MSBuild.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
44	camo.githubusercontent.com
45	camo.githubusercontent.com
46	camo.githubusercontent.com
246	camo.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\60e01557-c700-486f-9463-88c6209d2972.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241128011109.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 37 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotNetFx40_Client_x86_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotNetFx40_Full_x86_x64.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1669812756-2240353048-2660728061-1000\{2DC2E0B5-BA88-4A1A-A058-E576629098CF}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 182868.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 931227.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
1288	msedge.exe
1288	msedge.exe
1944	identity_helper.exe
1944	identity_helper.exe
2832	msedge.exe
2832	msedge.exe
5376	mspaint.exe
5376	mspaint.exe
5604	msedge.exe
5604	msedge.exe
5376	msedge.exe
5376	msedge.exe
6608	identity_helper.exe
6608	identity_helper.exe
6456	msedge.exe
6456	msedge.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
4228	Setup.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
4820	msedge.exe
4820	msedge.exe
2656	msedge.exe
2656	msedge.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe
4100	Setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	4720	7zG.exe
Token: 35	4720	7zG.exe
Token: SeSecurityPrivilege	4720	7zG.exe
Token: SeSecurityPrivilege	4720	7zG.exe
Token: SeRestorePrivilege	4732	7zG.exe
Token: 35	4732	7zG.exe
Token: SeSecurityPrivilege	4732	7zG.exe
Token: SeSecurityPrivilege	4732	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
4720	7zG.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5376	mspaint.exe
5376	mspaint.exe
5376	mspaint.exe
5376	mspaint.exe
6884	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 1064	1288	msedge.exe	81
PID 1288 wrote to memory of 1064	1288	msedge.exe	81
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4308	1288	msedge.exe	82
PID 1288 wrote to memory of 4780	1288	msedge.exe	83
PID 1288 wrote to memory of 4780	1288	msedge.exe	83
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84
PID 1288 wrote to memory of 5084	1288	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/baaslaawe/Quasar-RAT
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffaf05346f8,0x7ffaf0534708,0x7ffaf0534718
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4236
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x138,0x130,0x108,0x27c,0x10c,0x7ff62cd45460,0x7ff62cd45470,0x7ff62cd45480
    3⤵
    PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3597434640771828465,7596302745433392192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1568

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap14215:92:7zEvent32261
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat" "
1⤵
PID:7104
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3772
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp9d93bfd4c23c49bea93def60dde025f4.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6496
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp72b83da734cc4e17a01a518f9d6a2552.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5132

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Quasar_Server.ico"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5412

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat"
1⤵
PID:5572
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5644
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp66c4715572b345bba417ac5c95d9696e.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5736
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp7c56f6101b774922bf5ffa519ad83d62.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-debug.bat" "
1⤵
PID:6088
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Debug
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1812
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp5be9f2aaf1d048409f9cdc5ec7dedf22.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3076
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp46a2f4d7523b4c019c0f94f200d494b7.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6220

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat"
1⤵
PID:6316
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6368
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmpae22a091180c4a90a39e64cea570c07a.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6448
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp0ce17860b7a441c48ac7f580cb867402.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat" "
1⤵
PID:6620
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6692
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp208e45ecabe147a3ab7be70804e37ebc.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6740
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmpbd447c5d1476460d97cb902e6f71a2a1.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat" "
1⤵
PID:4564
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4796
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp4dd1b0201cdf49de82ee6eb6d5f2452e.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6496
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmpe33dee15c9ae4f25b6e6dc696bfba6f8.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat" "
1⤵
PID:4860
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4792
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmpe5f14a0627fc4195a33e228e616d84c6.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3492
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp1ea2e58c52dc49ec8bd5568e740231e9.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\MountRestore.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffaf05346f8,0x7ffaf0534708,0x7ffaf0534718
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1292 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:6540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:6232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5932
- C:\Users\Admin\Downloads\dotNetFx40_Full_x86_x64.exe
  "C:\Users\Admin\Downloads\dotNetFx40_Full_x86_x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6996
- - F:\3b9fc0d9906a24779580374f\Setup.exe
    F:\3b9fc0d9906a24779580374f\\Setup.exe /x86 /x64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1356 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1620 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:6936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,8938494502482770343,8862815089344111689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Users\Admin\Downloads\dotNetFx40_Client_x86_x64.exe
  "C:\Users\Admin\Downloads\dotNetFx40_Client_x86_x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5348
- - F:\71d06f230beab8e79b17\Setup.exe
    F:\71d06f230beab8e79b17\\Setup.exe /x86 /x64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat" "
1⤵
PID:5972
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5260
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmpe108bc6e430946ce81a0ea2785ce5b41.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1840
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp0f59d0a76b0e40debafff2576a243303.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6132

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.txt
1⤵
PID:6988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat" "
1⤵
PID:6448
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4032
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp9f1b31e63fb54b06a71603defa156858.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1568
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp65be214d6abd49c3a0d81b0d0763f38b.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6636

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat
1⤵
PID:6560

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap8869:92:7zEvent17804
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4732

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat"
1⤵
PID:6268
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6868
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmpab91a1dad8c7414986d5c54039e6ebb6.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5896
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp84100c295e43413bb8401d9768f5cc17.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat" "
1⤵
PID:3684
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" "C:\Users\Admin\Desktop\Quasar-RAT-master\\QuasarRAT.sln" /t:Build /p:Configuration=Release
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5740
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmp21a844aae8f942dea1cfa004e957070a.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4864
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tmpd14c0d28de084cd48882381111a564b9.rsp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2061f7f8995a481e9d779a7d07d8e403

SHA1
0011710c44ec76fd5d75a1b91bcc4a3775f5da2d

SHA256
c29bba01ebdc26ae67e3427b0535fa84483b1378f2200e5f658c65c83e1d717a

SHA512
1411e940b141c3a31ce660f15f07b55614206ee4a7593aa49bcfb205260c17831b06c5fe26d9a5e7160c7c18a64cfd9b63c14097d67575db3cf247d63d41cbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0987cf473ff1199d46ef2e39000fae11

SHA1
6cc0b094d46b8e4f421f4fa33c45b585b16cdba5

SHA256
f73ece4d26c749b1cd1fd4f13709e661b053b8e2cc668d7f03a89e68fbcd786a

SHA512
cb2a370899b1024d7c74de7ac0781fe4fdb24e9126c9584b5d6f1be002ea99aaad161ba80437a5ab05317c048fb9c10e0e39a23f807b99f946a87686fcc8f59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
2a7032b3b07243ebc9cb61ef9d4a5811

SHA1
6c38743c3475aa93042f1b7cd00ba1eef8a849cc

SHA256
59935ba5c44cb8f1d2a8940f75c63d113538a1cb941106ce54af211c65d75436

SHA512
0dab353490cab301e9cd95ae32f64ef990fcd0a17ae04446b3af434aba0eef80cc5215e128a82df7bdb24d5869a98d4a8c76fd08597ac0121686b9d813cb67f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
411f8e02110af0a1030c6f2d0a05f221

SHA1
86f1d29ab99e825be7ee876928d3a703b249037b

SHA256
dac3d3bb610db461004c9594accdea557e18e301b6304c39ea89bc22b72956e4

SHA512
f768d3b3fdeec474eaf58ddde818511dbe2aed53b35c830506449091de5845c567b91eb728acaca5ccdc7bd1b834ca2d32845ebc5156181f2552bb980fdbc241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d8a7d6883dd9acf793733d762ce2d5b7

SHA1
bd370d7ac08e20ff88fe11ebb18a8ff06a5c6780

SHA256
0a87bf9144954ce458fdaa9f7861d72ac4666701ba2ec34fbec5bbe8812a889f

SHA512
1f20815857a7c92c8ab9a813848ccf1a7d64b2c5cc98325bcf2ceb2800018d9a4254134e0dd2c79c3d4993a8ca5631042abfe1af6ab99145fa31ae9ca092f7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6332cc8858639dfcf35186436912ac8f

SHA1
ea5fce56d317e9244cd3716fc7f9d74b0d35f2f1

SHA256
e59c2d7f9cc0a81191f9d3dd7682d38a580e00e8b6e4fe7ef1a99d00f94161c5

SHA512
680d8c7e7bc8cef4c87a00b610a75dc3ce82596098dac5beacb098fca7db17108fe34aff504b8cf955a6493c25233b0a879ba1991f9de7a5cd2d806d6b497fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
33b0a9f7f0f3c64daa2fade1af0a2911

SHA1
d5d7d297c44fa8f534275010e028bfbc2188fee8

SHA256
31d7a80477fc4688ba1e303655ec623b77d8b0ab316f5182098b9b3b36e520de

SHA512
b22f6666f1275828a49b02b50e8e678a38e10db7dfaa730fe331080e0ac5e4ff8aeb76ebd7617f75c95628393b345ee4e23bcade8f4157efce9036d8bac9992f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
319f67055457bc9353dd4dd5834e5654

SHA1
ed7fdce4fd7be00411e08c7d1acb55366c74442c

SHA256
3abc7f80e6c9332cab4145e62b8a3b155661863456228fefea8ca1996661bd69

SHA512
d29c980d28fe7743759a86394d9e5ba639210a73259529063c58cc82d9c0eeeca6a45b2a00a5c952728d81c86b43dd479fa8edf5ebc93223d33636bf926f9d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ba007dd9df8d0051ab8b180b01796fce

SHA1
7b8f3899c91be86ec9097373f4b706a31cf81666

SHA256
330d77083c06d2297cd4e80afb7a0943b84af8fb1e444cf568b1cb109a05410a

SHA512
f6cc50b3b278ccad5ee358ea35359eaed40cb5dcae8a5ad80c5bb220945131084de2ba46c8c80f9d38ad69deedf53d4c6a927f4fbe85a77808a956822a52cb6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d7664f5de4184678cbb4b0f8af7d0f66

SHA1
ae7e3cc676cac4f4f7235421a265df180a15ced6

SHA256
3d2cdfb07131d3dd8e132a34f6ca251efa0b2e1f2019576e4dff168993db6ce0

SHA512
6cf70ff46ebae825fc58da921e68949034c42662ca545cf34c7b6756442d77fc2d3ebd85419ba739d2fcdd943d6d1d9b128eca1b422626c5afa4731c69faac23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
313dd8c63ef4089db9463b772f9b8820

SHA1
399b4c68d3feddd67cd4b624d39a80470f2be54e

SHA256
c8278d93af8c34a5dad35f89781987d96ae6714c5daefd107e208e4a1631a1c2

SHA512
6feed99fcb94b5c4604d7e22bb1e90014b6ee80c6fd8f77f2b1a77633c4e9e09bde448fb8f389fc53f36c4cf12489c7f37ae202b7053378cd08fa086aad09cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
570B

MD5
2ec5615c2aa59885cf77b7b4b7cd0279

SHA1
aac56cb5c698e077761519989cd96030ab9d4786

SHA256
33b7266d46b3e29fdbd5bc90a92d4360e7b331056387348c23d5c1a7d91ad4bf

SHA512
4e6fe6028c4515311466aa492b435ddc61912960178f94c29199d245c7e7cb94189ec2d18d09fba44f5c5a42aea044340b31da99d297198e96954c4ab631929e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe586359.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
147de30426a88a0a0c4abba6561698d4

SHA1
efd4f650918af2168f5e6f90fba9dc6a182c420b

SHA256
f4559dc6980db57b11c0940f32ffad5f53d40057283c2370b7d1f27e6de3b219

SHA512
210a631dcf623f3d63de838d1e41db9ef7da822b41b52e090ec4fb81cbe9345f24ddd370c1cb45a0b3bcee4ddf25a51dcccfe334f3dbce28a9df88aa60a2ecce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3df3e6635759db8eb989b1f6c12d4a41

SHA1
fa23ea143f8384c5775fc36301fe3baa7d55db55

SHA256
747ed92303bbd95a1b74b48d3def19d2df0b6558a94f3bb0d676a9b366f716bf

SHA512
4201a04280a2e18a134346543a55a18d6f6fa3ab7de16325dc278e3076c1927a1a88d2104739fc8a2b461d8416776948e069f48d971dde586bff464858b20a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e689751fa679270f90d50aaa4a08db2

SHA1
66343a6e03179154fcdcca7053ad3ba28ec34841

SHA256
1f6e63b92ce3228a238765ffcb77cd633aada9953898306b3f3a8b0c8b21805e

SHA512
4c0a389d04106ea6f477a33817bb0f33a86cd25cdbc6f10ad6d5b5481bad0a91fc71fdaf38f2a724086ff08cb26b7303c8b34019f9488d52b78fa70cc3900924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73e0175eafc7f5789cb8ad72bec75c07

SHA1
6efa506aceb6a0ee7606f781c497f565e6b170b9

SHA256
8a045bcbd451f56451f22a01f7cdb76f8412e68693fee9a17f8723585c9e69e7

SHA512
c682155d618915a5134155ab2be2dcefba5e7b6bda2617d271fe9e288d1f91e841edb5c5a75d54249ebcd40178b4e1be82d0a4680daada48ac4474ec2908377e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ac81e677599f2fb737da9f372510b99

SHA1
4f5dcd89ddacef32abb276a8c7602b306afb8ed4

SHA256
507294b72d58abc7dbfb1f79d2dd0fe095c24055cf155f7250d62879e6dad8b7

SHA512
896b68893a683202c28849b2b186a2aa93166743008693cf1c7bc4e2263f17e86a0e50d3ce3df5d1730f266f99f9447447cba6b1c5bf84cbbd62bdb007c0aada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cee6538bd91081448e69203ccb544b3c

SHA1
5d57153a04a69fdb2d49da30a8fe1293397050d1

SHA256
f800b8b2a6c322da7a28933dca1445822cdcdb0888a6ce9712d67e5e3fc1c322

SHA512
2d0c13aea73fec64df29a106f391777463ffc24a4aa09dd3aa771b54288bf9fdf168b2279aa448660fc459d9ca98da2cbeefc350ab697541bef3b8f6689ea076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02f17d41f476c03dc8714e6586a2eb49

SHA1
a431fcdc75c99187e3601726598b79add069c4ab

SHA256
32e371d8dabc6eb458dd20bc1a4e3e4ace33d3ac74d43c8f64e2141f93a4b0ad

SHA512
30c1698e78b82d54c51fdc4f36cc013e6208434cc2b900c06a7cdd27f52568d3eb15139b9088c174587ad39df46581f3b8172b63241037fb9b067cdf654f388b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
268f487393c527cd2d83e309ebee654b

SHA1
801bdc0d42ccc88eb0ba3751d8b2af92e647a09f

SHA256
f58e521e17a9ec0f8804a62860ac62fad0675daf239e523162228f65ea7fd64d

SHA512
5a4f5d3634c515242af7cf1ddc2a9b32ab5590d36b4afcfc8a88ce66f2a9cb6fe9d32a3862715ed92fcbf64ad85d90467a823b1a94304fbb095aa0400c5e4f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21372ec06965327e9145b49a862939d8

SHA1
db9ce6e538a43f2fe4453e0aad39794b2a94c5a4

SHA256
902384a086a73c741c7ca8603cd015db777d6c3fcdddadf713f37abb76c6920e

SHA512
5b3276d90d90d709a2835dee24e135346eefadadc304d0b7b4e91993cdf97e733f7811f9f5a32f0e59a90f2c05f6651edbb9c66138e3d1483c4002d4ffcb6003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b7ce0696943450513aa7a11ae811c301

SHA1
d92713a2ace0ef26c409b63ca2ff09402bdd9816

SHA256
bd47c53490ee953b589f6c58e6a3a5c7c94c9f9df6eb8db67e046845822d2828

SHA512
10c1eb54bfa8f6be8224c363bd3d757e970a634c51f7a38b74e3ae8181a1a0a07603fc5693f855a52c55e2684753e725181f9c8a8d79d3779d89b003d2ad8c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e48515d70ac21f9c1997e4a7884ddf3

SHA1
45c247e318d4deb7228cd5881a52d76108ef0e15

SHA256
777e32c758d289d5564fe28fb844935bb33b3f49fe4dcc81d0a4d6d6c19e2d69

SHA512
6293bc7e90c22ae7b8af058f2a8fc56a57b1899f224d8a8776c46a9528d3ba433a507392376ff26e99bd5d8e754448c601cf784f712fb10cd6109e13a4a27705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
243fd9a278ff495ff01fb933ed3b0137

SHA1
bd7de76c04c71e60a2a83a9ae5c3360194adc4f7

SHA256
7b7e886eabbb44bfa587a33ab132a67af5a710c633a2d507246c7dac8f288df5

SHA512
610206866267054d477aee3386f788f3724752f3fe6592e8648c90000d2b7a4209628c4615ea6867c20bac0474b4eeaa8ab56eaa3213d96320802a305544e548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b887aaebcd306c385a5b9e80b9cdc2c

SHA1
0177db33bc93ec4a6cb99a93c0544be6b5620f0b

SHA256
8be9be45afdd15f7b2907326437c5ec6ce392ec00bc83ce4876470b250283e12

SHA512
f60e8b11ea04b7dd920ed53db7e2ab038b507c8fe05b648bc095be3f7793a76eb328e8a51783f4d7f83e46b9932985c94f3f125306d62a13d347593d9008556b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
217c26d618ecf5baa641179268d0bbcc

SHA1
61ee3680b584ea943b2ed49973448a81682d2fb0

SHA256
4dd05d6ba54df8b794b1763043ed82bd3f54d6528226d78b0855ccfda0fe823c

SHA512
9b437af3dc1c76441cffa0887d2ba5fe72e1d21815fcb8fb1ae2f984743866c5b979ae5517c28a8afb127f68266deda3514683afa94b6b7e6f627205098310ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fe8dbbff568811c9ab174772a5449155

SHA1
056262e1a99e2a511bf032a8e1f356f5f7ce77aa

SHA256
78516effe50082a26f8615ec33cb84bf356e42e55fbdbb37da4cf36592b9b6a7

SHA512
da5add18573255c64f4537b8927f3193b4f96203f0b1aad0a3ab26c349ae2a6ba9cd78c51d701cfe8eeb8ef5f56735edd227524242d7bf0c364e30f421d33a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e055b31d902462931e8609c2d9785785

SHA1
e6fe609b7fb2072fdcadbe6e46024ba66e52a33b

SHA256
d39998f9642d828642e1f10ca5b70ad1265b69871355c0049c75f749f90cfc12

SHA512
4730716447d13936cadb78ebd8d0d3182761c2714508426505d05776e8c1442560dfe5eb2d5dedf310c9a0eb1ed55481fcbdc3582a4b9c15c91a8a1b92ac66ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6cdd8a2b862ddf8bc0e538e3728b4a30

SHA1
6416c58d1d4f6385cc626616f9a1dd57f7d8e541

SHA256
b05cefb2e234b931b7ece2dfdbc2f9f6d51962fa8e652e9b62270f1acd290d75

SHA512
f56e57ea044532d68a0defb82ad1021239ae647061c28052a93ba1a7ca613b7daba90a68b7ed15096f706195805e0e9db6d1463b3539a1baee0c22fa9ec09252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
902a5bac2f2be5b9801db1608ad06091

SHA1
00fa25dc19434482975fe1c55b03f6aba82edf8c

SHA256
1a4ae73d04da593a3c45f63cc6013d0c8ec9f7fde11cb9ea3f63e3cf133a0ec6

SHA512
60bf57310150a00215d60d08eaa9ec5783e96731046e996426103fde6f699d22a7df76fd7fedc795e34834cee6671070fa0a69012a76bade241da4455959d05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
baccf52e4d0ee61dbe430e34bfd7aef4

SHA1
e7e5ca04ea146fa44c2a9db8cd4c283e98b0f7ea

SHA256
4893c8665712f3ffa25ef46ce08d4b9df6549dbb7e6e62cf1b21d03284448b3d

SHA512
90b8a48a077ebd2fa71517b156ad8267b37cdee0cb3dea3a168f2fa1b9259b24e0306db81c5f6c2cad10b9f3a1220421d4d10adb3c836e94dcdbabdee0c3a782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
05ebfb2612c0f7443d59d03e1b9e1a0d

SHA1
627b38f8857eb05ae02b30c75e3afcbc28f4240f

SHA256
2f33c9ebf7f367f8998092f1d46a002ed3b1c4d8ee42a4b9ca9ae68f437a0fc4

SHA512
566ecad1946d33f31b59191158ff5c6f6034611fe1c2fd18d3f480b93bc90d94723321ba15b6727281dd60079c4d8bc15fdb105dbbcb99d5f5b1316a4d41ec10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fa168992065aca9546c058b46682440

SHA1
934e793dae1a699a738d6af78b378bc121f6a021

SHA256
9e67dcfd992ed9df18ef55c5894b147e12614ad9c788964beff7beb4bec21be4

SHA512
9908b41966bad2465c6ee896af8eb0cfd33392df541a4340752745ec44d37b63d22b13130ddc3b32ac132bac81917c5f2a3cd59475a0fef95b7f0cd58e80e33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
789a8d51aec892539770c2ba07658672

SHA1
8233ac3da167595ade88bb785ab3324deee03f83

SHA256
8361b53e754ed5e4e44561f6eff3660b2004a9c821f2c27134df2eba50b89ae3

SHA512
c0249988419cd05845a276542070496aa3103c07074d7fb9e3a7880e255edb0526192048a976288c36c4a7f389f7834bbb3029f58b9f6f21dc53e6bed7db52cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09f5878f7492b300d13c952864cfd0a9

SHA1
eba214b3a0c04eb6eaf018cf463e1bb96d2d3b65

SHA256
f9da505eae457b165a8f46dae195453d04f3d82f497294849499fb0c8899f31f

SHA512
37bbed6dace6a4e72d259d21007159e7602b7f3dc008414765b03606c73b4fd4636f5c4754f02ca6a708ffe7e9ddbb715ec014937c95b80a250687b898070e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77eed636a7ce577916099f6ef5093441

SHA1
83443d117670fa5a780dab4185d0ae249b128f3b

SHA256
6de5c138dc84c68e3d30c4a6b5fdf6b4656e01cff6d4097ad9365fddec6b8ead

SHA512
0fcd8f0abe59e76e419402ed48eb24d2b561ba13cc1a7cc56790285193c3096c6613cd324bf62711291d329cfd27f493cbc4642de9eff5375cd8952a976c65ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f82b.TMP

Filesize
873B

MD5
fccc529b197a1db04f09b8eede6821e9

SHA1
419bd3372adc895ee062ebceff908653fa4a10f2

SHA256
fa87879afab938459d65f5eec4314a85b96713ca97255ac0a988f60795b2f048

SHA512
dad722310019b4ed2e661c4821f971b224aef5294bdbb1ec260d340fa2b83f93966ec39c703afb207328914a669a469171229ee799122c6765b27d5f3cd8ddb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
45155e396ef45ccbf03717aad520ac6e

SHA1
2da3e52ca86fe7468ddb18aa95b296e63e62dfbf

SHA256
969b0d8efa554e14f7f5f6c1dd4eab4f7cfff3f38d41a304536d043861225213

SHA512
dcd3a4003050b5a0b38b7f305feb4bac3c0824876b4105fced27253ea3eef69fd21d68ca972b45f4e2de7d3ffbe4544082d0e9b2b4c4536de8a770061ac59a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9b7b5dcbe91779da282ec1fc6dc431ee

SHA1
468362a24539c8c11c2b2bc1dc58c8c9d31dcb3b

SHA256
67807f17908479628fb6dbaee372d9e8ba85ee162ad675f4452a36b90616e349

SHA512
ad8ce39aabb550edbd7bac09c026097310c80869c6dc69658cfe8a382d4af1aa1a59177906766f83af775f4379e57adab75b685bf7263fc0296574026d0e9745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fbe3528d379503e6f5e1ea2b5e5634d5

SHA1
914a4752366d566899e8a4994f1f17b233d8dc03

SHA256
7a42906e8870904bf4debeb4b55eed1cff4a7c037747854f2bc789a880f383d1

SHA512
f33500e9bd0b8c1b172b56595c5f21dcac11c792898a4adbd5ebc190e1d231244fecd3e4740b480cd52ab0b4d24bcea9d7dbe0db94eab38e57824a71d5572593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3c08f4cb6829fa541b98cb5e689d441

SHA1
9d21ee3a3b942a90190b73f08dfe3ff7d0e3114e

SHA256
7b276884712aee60b411e30d4ca9984cabfe076005ec088744a80f704dc923f2

SHA512
5b03b53638851ccc6d76624884427efcc946e3efb821d392226e61602e1504725597e7081acf04e5bd3b1d78266ea29d9e0ec5afcba69f6e64659fc81cc3a909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
98ea61bc47c07f244198e7ed0928a184

SHA1
5c855ce95ac3f0d1f3a1cfb3fa5b8bb9ba7d7665

SHA256
dd5bc97caee2b7a15e855145e9c82b176e253bcd9a16d8b0f0022107803d806f

SHA512
06f6a0aedce1d020f7b6d1f690789c2d63db4839668844bbc568505917a7fc6c9d336cb5f84da45d027c2d58513d68ad70bb12fadb5b890c9609bbb6a882232b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8957f3537b5f1830b56a0910c87d4e1f

SHA1
55d0de8073f0069c6499b19533eca9372d10e899

SHA256
89c5119cb8832f547b89b592e59ddcb3837026f045c2c51c52b806f58ebf76a1

SHA512
bb9e06f4701a8894406aea0c6e7fd2190a7987ed13434bf6d5f40e9585b02510acf222da6daa7f1242cfd796c8855e1041b04a1190be85dce35ee4a2cb27acbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a499354e72823a76199176ded73b9f68

SHA1
f0c6e3f25e9751772a3e774c0d9ae48e04d2a35f

SHA256
8972fec258c2dd6e800d782d7cc49feec0fcd4ffb3a640fe8cf17a5e613cf5f1

SHA512
c4d32c4b6dc828c51b98c866432af326ea6b475e6ba2475b2903afd2158bd4b3fd0499ec7ba1f18938b9dae203b3726ba9cdad77096522b06884f2cef4f2f686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6acee95da3af8a9e6113296f302021d

SHA1
366885b633ae2536e36d81cee4a62debd8a72730

SHA256
f21187035a2b526fea8878a3a6eb9fad9ff7bda76d434f3e32679cc6262c2d67

SHA512
bd962d4fd599d970e052ebb8fefe8088a9d28cfc8f46969578b5fe238a55122586ca36f9e745cb753b5584673df2b7e2578a65b3cb0b5f109334aa10d8e042b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
effac30a949d196ab11d0227999e589c

SHA1
632c771552310bbddadfe7de825d7e9ecfff3b46

SHA256
d26d1aaf0105c9e9ddd4c1b30e4e8241e4d878c9993be4b4355ac22611cb9ac1

SHA512
2686c73529e42de1b3366d8f36f368c63060a0c67cd388c5a3f6ceaadb4e218e37a95d8408de2728a9c3f7ea1e19e78fe023eba6011d5baa0a36923f3caf7cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI833D.tmp.html

Filesize
17KB

MD5
a75acd726443f4afe2ecef4c798f840b

SHA1
58cbd72568af6372f5edbd1a4fc4f02436fa2d23

SHA256
8a851082b303ebb13e06482509b0d29b88c887531f5eec5ec1219060b0cde862

SHA512
a7a6ba81fe2c21b7c907b29c433877bd81b0e1c1cd158f20a00dd4466842274a51f6fb4cfffb6376ece72cccaacb8401093466f79153c155b177db22eb795de4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp4dd1b0201cdf49de82ee6eb6d5f2452e.rsp

Filesize
15KB

MD5
dcb85526d4eb95e46efbec66914f4836

SHA1
95f8227110b36456de5ded5dc9fbdd0dcc21577b

SHA256
c1a1ef7680c96eef203bea3828d0d0c4131037e95098eb3fe46df2e17b218a8c

SHA512
96148ad698882edf504122d51fbdf85243d3a6d883305fb57dd0382ed7f894a0da87a622b3a06ae876f7e56f8e36dece5adb4417312529b94cb2c1745913bc9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp99CE.tmp

Filesize
31KB

MD5
d3bc03cc2898479104dec8407c3ef175

SHA1
e196bd4709648cebfbd6ffa1b67ae076c1719242

SHA256
275b6009fcc2c749450ea4307596115f32f69457a7e69c80a8db776e8bda8ed7

SHA512
c10b45ab2579ccbf300afb1c00c9d11fbeb6125f24d69d83a310b0b1dc3e2fa0c7c649343146d36c8fcf38f9de568be30cc5ed1d1f597dc0ef1fd80820219af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpe33dee15c9ae4f25b6e6dc696bfba6f8.rsp

Filesize
13KB

MD5
6c0a6b40d5926ea7a63b0484c2f53c29

SHA1
13ebeb9810aa5871c9edad96864082ff3c57bb8a

SHA256
1f98e701f4fb99db4ee98bad44843d4dcbca154dd5792c2fa812b7e135e944b4

SHA512
1e459199667732de0eea13aa917566617ca13980c0f038bf53c34185b6c0ead7bf0012b1e288741e8945ad9b9ac021db92f732f13003139eefaeda2086b0f233

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
17518c395a838bb60011a8ba8802184f

SHA1
2b507ecebe1709a23fc173d46401b0b749b6ff36

SHA256
859a53ab78c98d130b1112276c5f69353149d9e20a2dec7d381a806faeddbbfa

SHA512
8cc9585734b16ee6b39541561f6d707287834bc1ae79c94efc5c420ef677da2ee30d94a6afd980d96ca8e46acf84534cd904958ca545cae85e062809e50ed6da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6191699c5e32528bfdca6f41d676c487

SHA1
a996bd4013556cc502fd595843812aaf216339b8

SHA256
83a1fc0b8f92dc926a9c6e3e3029e91af6189757a0e2a6b5f764a81391629f30

SHA512
6f63321e866c5e7047e90c4ab54aff726a2dc23bc95d5ea282cbf9feb8171a59a53b787ab9f620bb1ad5169092037590dece169f7b1cb5d88d75238a7ea4eee3

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master.zip

Filesize
3.2MB

MD5
b998513000d39eb8448151ee0b408d36

SHA1
6eb3d833cab76a471039e74e3e8ec29759b2d778

SHA256
ee6d57657e48a0727b6d978dbe7af79be09928bbb06d7f4cb83e202d49309142

SHA512
8a9d01f000278d525e95c732a4b73ad12d5ad871e700a21059264ef11130cd65d102c2e466988fe2db103fc0ef013dc34f136e9422a9ff486a26590c3ec8ad08

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\Client.csproj

Filesize
22KB

MD5
56f61bf8e8e71fdf3cc8c6021270dacb

SHA1
e6812d5e4c79ff3c2fbb84533fc8500b98643c84

SHA256
111492889b37ae64e082f4698b7f0a2659e0b32ed1a04c7c082e2470603f7ac3

SHA512
4462b2b1d3488b226b50d204899ab93243303daf19e76e0fcf4397e245cb162d20424b8ded709659fa0241a23a00a398d612b91456afd43147afe4fa472864a5

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\Core\MouseKeyHook\HotKeys\HotKeySetsListener.cs

Filesize
160B

MD5
3fba66e638100940e5b562aed92edbe8

SHA1
63edc9ffb35b610bc95e47a47b8d0e1fb5e96931

SHA256
32fb3bab0893926af5847c12039670dca397aca72289e95f58da978deac1de39

SHA512
d17874bebf7fd2719faa60fed1542305d3a1463ab034556d8d6de181bee1acf8a4a950f7a74986dafaf7c86e31597fb319b045808e743207bcfb3a9f36b8dca9

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\Core\MouseKeyHook\HotKeys\ReadMe.txt

Filesize
3KB

MD5
f1a1bf31b87de53290e2e0137e30bc0f

SHA1
b1a0e8179ba99da6f8ad327d7388e711dd436502

SHA256
9e086cc957f4129e08a420748041d8d28e87a668a394c8f7bec0c140aceebc57

SHA512
5670e7134b6993ca7d5d1b11b4ff1cb020e4ea892e7bb044e099b00e6f35ef4388260c615da562a41bb4c8bd89d5fdb1a464be97530cc0db53ae1efa7ed97064

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\Core\NAudio\Wave\WaveInputs\WaveInEvent.cs0

Filesize
8KB

MD5
e97a92e61d74fbcba1f81192e1405550

SHA1
0de02aec8aaa4550d6080b6fb4b69fa9393c08f1

SHA256
e0dc91eb2b1b5b6c08478cf11e2e8db140ee28b92001dbf6ef1b84e6c910483d

SHA512
389956629c88403cc62148af3dcfedbd317082f7369733f4b270d7c3d3d5e70f8b104052f3699b16e19536bc7af34034cec33a7f9c02683de9d18883c13c1c2e

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\Properties\Resources.resx

Filesize
5KB

MD5
4eb5913a0e5aa842250f7419538fa230

SHA1
31fb76e5d9babe97a11fea041081f96ce426107a

SHA256
4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298

SHA512
846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\Properties\Settings.settings

Filesize
242B

MD5
29a2bb6bd6f85ff04804c473e895de92

SHA1
48d8aedc9ac54affd627fd9737a0af3ba713f6e4

SHA256
baba99193fc1787141063b135424b476ff4151beb833883fcb594631f17c0147

SHA512
e2126226fde15a2cbf850824ae9bd2a04910aed905d3f6df366c629890f4ce07404c9fcf30bd41c61c73fb589ff254b8ab328bbddced7640e734098e542bdce2

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\app.manifest

Filesize
1KB

MD5
fd29301b5d8935606626f78b52b99694

SHA1
0767eeafe33c83161aec47ea2c28a30ba954fdc9

SHA256
3b904ab04cb29f4f2cf083c2b133a494ad05e6ef5c6a0243c31b51fc25e6941f

SHA512
3ddfc3055529d4affd1a33aad9026362b5e48348dfd23f352539857c94471fe5797291237273c78c03351583a489cf7ba4792f2a4c3dd17f1f2b806dc08ed04e

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Client\obj\x86\Release\Client.csproj.FileListAbsolute.txt

Filesize
315B

MD5
4b79cac39d951cffe7a2f42dc7949518

SHA1
e1afe637a6f511f727523f1d702c62ee9a7c4a9e

SHA256
b4e727ae55ff38377f07a32619510dace0edfe8c14c057298b60a35a028581e3

SHA512
6564151a5329fa962fc03bc6b27b23c35176c27242626349eac5382056bd75371f8ccb159bc13fd7b78a71d5a39b2045a3e57ec98e677deb29b2c530d09b3b93

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\QuasarRAT.sln

Filesize
1KB

MD5
ade30341661e1e8de4fc9d4666cda96b

SHA1
92e42be0daad821d0d1b038d9379714c760cd964

SHA256
8a0da3e2e9cb87794b6316f46305d9b73d24df420e28f78668439e2216b34491

SHA512
71c2b942bedc3782ca9c4d9d20b6c0ea95f6b4821b6ab23d1d5179e502fadda106d289abeba2817ef54bd641495fea809c09a0cb2e8bb1d913bb7517c568479f

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmAbout.cs

Filesize
1KB

MD5
94c3aa48d4ae7c8c3bfb11b884a93384

SHA1
c0722d6d98d392604e0e090fd549df581d95c59a

SHA256
bf0fceb99a604d1cfe7880e50a20cffec7b6ce3325e34e9f1e0899cbad7f8a6c

SHA512
5276cbe81f9fc4b5c9d772ff21b193a77399e3ff2b9361f606cb48a4a3d4cba7397ff36f7d059f7b7d36a4e7aa9093ea7c572be633067d797045fb5080c93275

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmAddToAutostart.cs

Filesize
2KB

MD5
26eca7d3fc1b5fb4d45bc2aa7813c7f4

SHA1
411df30df9e704282b1bfe78a384073e3895c39d

SHA256
6f08e41c846d619f882283319ce07d07187179129a0f234cb721af32ef2d0402

SHA512
fc08c8c9634209e67578723f89e2e604e60bb1c829d2c3c9291ba2041c6d66f9eea0e430cfbba1771e89c6228b7b68f3d24221dd45ceec02d1cc9a8f812fc08b

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmAddToAutostart.resx

Filesize
52KB

MD5
c5f785b9eabb7176dfa939efe4c59bfd

SHA1
809f7dc01d8ce8bd72ba5b546cf4ea1018634d53

SHA256
74205c2967bae78ef5d1f7b3e977eaa78bf0073962bbe4d16cdb7cc039d9a8a5

SHA512
f289122b3a1ac645abb903799be9a1ff50c58d58cd86baa9c247ca4ebca82d69e11d7b77225e9d3440dfede6ed44df5d148fe652259322e56b91b3f55b68e4e9

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmBuilder.cs

Filesize
19KB

MD5
fb7f19e699105c3aa8e1493810a95532

SHA1
9ae1bce62004c3052331fc3653d9055c51606ccb

SHA256
aa578d1c3ef7322f22785fff590f92fe27f228c7cd1837658ecd89ce62b60cc5

SHA512
bf987fc3216108e16cec11be1ea5558d666bf54a8e570a1d275c35526632578927d831d8f4f24a4f6c0492b534c02755b0d372d2a7d1947addf481f869b3feba

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmBuilder.resx

Filesize
52KB

MD5
e27db99a83e6d09a72c53ddb138b7a1e

SHA1
5f007fa8ed1e920530f88dcc6054122f04af0bb4

SHA256
cf6accf3fa5ffc88fbc780d8b01f1687047dbabace7406f3b52323e6d3eb99fe

SHA512
8d3f8112bd353c3499edf7f7a3bf64e3e94d7d0a58550dc0208b81f82b5e7477935ebfe6d086f4f46808950a8ea7b6e4d0e96b162bd1e133e4427628db70be49

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmConnections.cs

Filesize
3KB

MD5
661309736c59877c950c43ba41109685

SHA1
e1a729b8963490ad5e24ce8e25d30d6b5be0fcee

SHA256
43f617634b29ee94b9ee489b096f4d311b013ebb49caaf24dbe5184624286aaa

SHA512
df821acf6d7adc23e2eb6c3b7caeca5b3458d9462d6a585524f1e49516cd60b4a13ca991b0a8478aa631643ccdce7a8dd04c961846e398f9a30fbb619353e530

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmConnections.resx

Filesize
52KB

MD5
a7bcdb6bc05b67560cfcf14839f511b0

SHA1
6a052fcc22aa55546d9eab2f196c4d2627d0854a

SHA256
399c4d943e414b57c9d5b717a768f1cae054eae4bcc12afa80acaca99428c630

SHA512
b5033fbcc3ae0a035fc96e31f46cb7c6319cfcb4aa50ad9586b6d7f8e456e0484ba5d9ae74d1f943342e6de1a0f14330f74c5a41c59bda854cc6b0796f07dee3

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmDownloadAndExecute.cs

Filesize
1010B

MD5
f70b757b8bfa85eef6a1a4eb65b26684

SHA1
d6315c8d6421903763ea1ec49b1d92559314f82b

SHA256
e2be637b199b31bfd4ceda9a7e0f9b48336cdde13b62b0e478336a8098d1f926

SHA512
5997808d7fdec7ca92a126c41c89fb4e882a1c4d788f808ee083ae3f0de4b9dbcfd10e5a15a1861898be3ddbf73cf5e5349ff826145159955079e9c16b5c4868

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmDownloadAndExecute.resx

Filesize
52KB

MD5
5fd0d5f439da8b408d48bcf2f1cb2ba3

SHA1
d27467190a6cbb99b4802a3ed429a2118b69abb7

SHA256
d13a40f106d9e65d8a910015bf767f05ba59cc99e249dc1a301b882114bc1730

SHA512
e6e555662b5b6dcf4447bdf6daba0a4091641a6bb45942b33ef8f5014d9289a4cae837089a0451a4d11d213e7212963a2183f288b3566f62b32664e15c976a29

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmFileManager.cs

Filesize
24KB

MD5
1da4c4e0d2256867bd9869670bf3b7c6

SHA1
4738993415aa35834be33a5a6e17be204d0d4a1e

SHA256
9af7cbeabe00a058dc4dd8c0195b0b7068f20f45216bef87b464676b4178e684

SHA512
28e6067e910b50e568433c6c6361b4c03dd38d095657374f9e28f35fa96433b795ff83e09ad93a32e67db6f683e1d3e6acdc3b5117259bb6e9fd8e49c7571ef2

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmFileManager.resx

Filesize
64KB

MD5
f379b97987bb27f7c5a8d1297b524ae4

SHA1
075df3a55d35a5d81201f01545030bbc51de16a4

SHA256
923892c3894871293579cf23199028ba74103a69bfcf5840aa80a93c68be39a2

SHA512
667b08b77cbdac687ce57a2b3f004fde646ad1a7af0cac4a4958c0ddb08e3287528c55281ea220e42ae8d4325170bf0084946064d7aa3f028fd8dd75fbf75a4b

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmKeylogger.cs

Filesize
2KB

MD5
c518fcc20339584634bc652c6b355420

SHA1
80fbfead8db1e2d176efb5a5f7c2e23518467fc3

SHA256
b8d41a192ea39d42e0f3939f1e6a3c826150738563521055fd7ac7c2b15850d4

SHA512
36f5d2dfdfe59d26cdf2605a38ea998d98285170ece70260ffb3f15f26241685be9eb9370ad2e44b4dbb7da1fca1dc2499c0998925d27e2bbe62fea912712d26

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmMain.cs

Filesize
31KB

MD5
001f76a3531722e60697214151a2302f

SHA1
a72d6f4b741bdb265dd47c267e63b37ca6e69563

SHA256
fb9c0bc46d18f0bfdb593e5d7d18f44104d751dcbb72c9c4812c05555cad159b

SHA512
df915ccd812caaac3617d244fc277d16072c8ed739447f2288b5c2c065003d5e744260973baf1449f38899f4e84f2e8cdee601ca65c84998f0936facfd24e130

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmMicrophone.cs

Filesize
5KB

MD5
8f11cec250022a4ea0011d1440b31def

SHA1
a3cf4e063ff5625fa1fefb74d40934b41ba0831f

SHA256
04e06ac68967fe587d5307cbceb137feff705368d4973c92e0e763bdd63bf760

SHA512
86ade9c88c0f55020cfd72b6600eb3609c93f6ef7d09081aa7d7aa7bd309ce78509438698d3f145ea5b5b96d8a41db84f21a20a93b58a759a9a1120a70363649

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmMicrophone.resx

Filesize
53KB

MD5
3b08f32eff48e7d9d550b66fb0865bf4

SHA1
bbfc5d8403564be2294d0a0d02fb17f286257642

SHA256
c18ea962eb69ec521ac695599c21e85741dc86f79e524ac2a89413d1a5e41829

SHA512
aca011bcc1f07601c9a745c893266c59fe0b51d7456132ecccf2d916981cb13b311937e2b6696fa96e05987855240520780205100e53749e4ef5ad8b6555c2c5

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmPasswordRecovery.cs

Filesize
8KB

MD5
6a984b600ebfab9d57da8c89cc777d67

SHA1
f40b4e3a431fdc386b17293c07c1a1c5a8792e4b

SHA256
c1f9ef488d389329e54255e3d95ff031aa054991a25e71602b1b52b58bb1df1b

SHA512
35e8d305d3e46577f982e7f7b369ca3d11d24201e635b8768d7bec58c40a094642d581caf5ecb81dee39b54263fadf96160787ddfbc1a32d6f725f00860e6a38

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRegValueEditBinary.cs

Filesize
3KB

MD5
47e2fabea632c488564e20bbd4fdab4c

SHA1
1af4002e83e742e093184ef973df249c54088121

SHA256
c269f63cf3ccd21d25bbf4c8ab8ac86a6c4fe41a3fe3461dcd44497e33a0d846

SHA512
0ac82a2b1eabfbc9863c5fa389f8266292b0bf534d6b0ab65fe2abe661dc11c80a40fba118d7a0f0070b53344edcc8c3f976cc4b92197662773ac129f7846952

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRegValueEditMultiString.cs

Filesize
1KB

MD5
8f8e3539e4f8c25ca949233ae72510e0

SHA1
1ed58cbfb98d2b64bc7855b0f283065b54f6e113

SHA256
6bbb43beab8ca65904d589553c41e89fe9a0c16a103620737f0ec1e0e4f69177

SHA512
ae8558293b7685ee2bf652f138736ff7d119c8c46e4caf84e2cb7f4f67141b4245044c2d2e0d95303710c09c72ea941edd721fe1730ae1104f3f4cceb2fbdb63

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRegValueEditString.cs

Filesize
1KB

MD5
4af837fb75e77a9564e02f89450b162a

SHA1
d3bb979a227e8e66d6cbdf3790589a1d4a640a5f

SHA256
0198f969322c320d14a6c6219ebe6c21c197bde375b34d221fb773b88153f95d

SHA512
025258a36972e51f36a0847cf9d4553908e67fe78153633cca40f54be3336416b17f7e2ffdfbd40a62fc5a5fe4b3d0392f6a9f7698790cf99292f6c6d2cedfc0

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRegValueEditWord.cs

Filesize
3KB

MD5
27eaec9d76aaa6d552c79093e452743f

SHA1
0f55aa72b56a5bc79f9409d24198368177bc2f32

SHA256
f8a4aaa17dc9dfca4b281e9bab05982decf0ffd43df977bae925fb96250ec31a

SHA512
382429bc1edfd5cbe01664d8d5ae0ad5391de3a5eaeedc7e402d99200f5e78642c31b64280a2eb839bd64f66ae2086146f7e741b0d9688d357fbe9240d731c27

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRegistryEditor.cs

Filesize
27KB

MD5
d0473c9970987a004398fa1d5e3b0427

SHA1
d512b1ae09cf9b1200b25306e05b136dbcc98c50

SHA256
3265cc8aeb6d87308af0b65483b86303adf383840661312cde21ce0792a6dced

SHA512
03bed7f264df1027117138d034e9b25f49e2d787252da3010609dea151b851a80f339c6a93848fbf3d585ea33874a1456b83d4c2aa9404e25bc209c0c87e4395

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRemoteDesktop.cs

Filesize
12KB

MD5
26e7e9267ea84697585d815200c31037

SHA1
0048cc4c73ba2585c76c2272d6f831a6499143bb

SHA256
3eb1fa408b0b4301bc8cff1a9e594d2e9d3f533a30dca69905ab0d7f66622fd1

SHA512
58a1c1150326f318bd8b5dee95adf30c60fb6b965d2ee8779ced5a37dd32c9387ecfe6eb284a64ecf3e3eabe4fdd6df737daf3b84ae3bd200733410b20658c2b

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRemoteShell.cs

Filesize
3KB

MD5
842d59b4aa494615436e31c8032c98f6

SHA1
3482646919aa791b139c9cd89ae4b85fc326adee

SHA256
3aa9512450862aa0086b9b60a6b1ef62315e30b6e4a0dd21bbd79b9702a2565f

SHA512
7f98ea087655ce20c1fb8cb1a231f133f395e7a574aef5788bdbe683de09b1272b129c89c6a3f581bce03cdc73cc6006f48ea2b52611691d54b772c5d1283cd3

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRemoteWebcam.cs

Filesize
5KB

MD5
5ab3d92483b2e6af902bc157be639b39

SHA1
b3fc6f08e02d33ceb5cab96b77aee3bcb82a0ee5

SHA256
41a770c9c08d35c9260cf96a881e4b0310ea9b69dd43e4004781e9511c9e8359

SHA512
34d71825ad8103a492038b359b770662cec10d920f567c881ed9c97e9e1fa8e3e664049449f9e268aea1a03211ea0aa6827395b5174656f35efa6a69eb08015e

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmRemoteWebcam.resx

Filesize
52KB

MD5
c86a813b0798a72d84a059293384bdb6

SHA1
a0ca3062c4db909a5e769d9c91143f2d66e602d4

SHA256
b6caa5b19784659a14bcade7801af17592c6a609e4dc582a478842b38b1f868c

SHA512
67c1660590c27cec32bbd68ceb53336e5fc0527beb43d57cc48a2a889847d2fb603c0fa268f5a5328eb1187c518b08eb195ec89626d6a6cdd03c6ef955f481cb

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmReverseProxy.cs

Filesize
7KB

MD5
5764025fa227ccb83d7856fe38411a9e

SHA1
a397c459b356feaac985c35fd4362905f49bbbc9

SHA256
bce4bfc96b6104b20211b5e1ae6bed4112f001d464e0d7408596b592b33df0cf

SHA512
e42aa59703abd13b828412ac2597933ca7fe9359c7059514eac6c4112e9a7bcc81dfb0201a734597d58b153506931b186ddfc2d7bc704f8e9678dcebf03eb2e1

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmSettings.cs

Filesize
6KB

MD5
c1d17d97d6530a3699f403994c2fa0db

SHA1
937306c14912bfc36eb846eaa749796fe85ddbe4

SHA256
8c11fd657434c0bafe0cc6f39e2db64a74f3e2e1a5b5d07b5ffff9db9dbe8e19

SHA512
69654098de38d647b2cb0caabc45bebf6c91b8a5ce99c33033469e7b6f76cdb8befb85b989576c9abab6b3a705e571ce1d46138f6391d1398537820ea4bb14f7

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmShowMessagebox.cs

Filesize
3KB

MD5
47a2551a8d90a8b767ad1112e81f4190

SHA1
cab252a935a0f1b641d52b07804434d2aa137530

SHA256
ed8a29a524199b8364b44d455b320a8995b23b5f519bc020fbdb2f5cff6acf43

SHA512
8a6145feded2447d4f36c9c040b1c9ac53996e802f7e6bfa8c5aae86b5ae3e73fb50162aa4a35efda2c2b4aaf6406c7f61bf3b88aa43c3bb33b5a9320805a779

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmStartupManager.cs

Filesize
4KB

MD5
563f011ee2fff4b8fea80370e0da2265

SHA1
02ca7d1c8ebcd6e2bd64513f81dc22db5445cf47

SHA256
9ba665b148149de1e932133b1e241fd69679e60697ed31f655c45cdbe2992bf2

SHA512
f8ab4004355d8adf5b77abd13af070b2ae8fb051df708361d2bc501ecdd1845c0d3c9ce8d9434e0f4dc008c3d39098bdafec7b000f79ee8d945a493dd6898b7e

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmSystemInformation.cs

Filesize
4KB

MD5
077eb775c93f5ff33181bfa2d8cfbb5c

SHA1
82058ce5a63c7c9c63de0aa32e2ac578075e36ca

SHA256
da5122810cc3012430f7979b4eb243f0908c5a13e271aefc6ead15497c7bd559

SHA512
a0f130515f24181f98033ea19c2260ee3adf8b06bb6e48866abb60eb418a321e58db4d5e547b631b1238818e1bfa836399b9a8218411914fd1bf06a019193119

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmTaskManager.cs

Filesize
3KB

MD5
19904b73b46dee2af3f65597244c311e

SHA1
296c27bff908ad2bac5b407a958536214f06d50c

SHA256
1e0061437e5657fbb7d2821fb8987279f81719369327069fc5eb8f9cd2598404

SHA512
8b39cb618fd1fea4cbc2b89e9c426379f3e6ac9cdb6571c6b9ab3f42345fc7bc0536eb26028475f8a5e152f6fe498066735968ecd17ddc11b1951bc86fc1c466

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmTermsOfUse.cs

Filesize
1KB

MD5
e89dff109b11ca44f37900a5dc9cf365

SHA1
80ded63e722202a57a8259c1c27a173ebcca1a59

SHA256
c3e2fe29a6dc19800312249bdf77f53f37992b0ae92751953bbdc0e84d685a9b

SHA512
c5e101073353f825e04a55bd53d090f52a9fde703f7886db70cfac6fd4e490f891cfe8479bce140a1259c67fbba67802bd0d5ecfc77a6aab709c77048ccc4d38

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmUpdate.cs

Filesize
2KB

MD5
95c063af0f96eb1c1cd85264a337c297

SHA1
19ab2ec1ec81dc04934547bb8616a0ab7d6cbd28

SHA256
3c123153dcf24fc4e8a20802ca25c9529f16086294bfbc3d76255227a4d3850d

SHA512
0bbad182fe66307a88d302578478fae30048a09d7a90682de401b86c3e8aac1757b8294845dcece4bbd0f27f8a21825a0c8451160042a4ee593521749fc8aab5

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmUploadAndExecute.cs

Filesize
1KB

MD5
f8fd2a656c5dcd2d48dc080e2882dbd6

SHA1
fb60379d8abdcd7b90b1c11b0e00ec1006e3b22e

SHA256
6c18ebf0e038abc070dbbc30c68c89441066ff43aff7a02409f1535a44f5e83c

SHA512
5914459d347ed8b57947bf87b373699dfa1e541f356170ca06c06b1adf6b8af42cd545c75edfb7371dc19744deb9b2d7483e6617f63afcdc065708997ee9bdb8

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Forms\FrmVisitWebsite.cs

Filesize
955B

MD5
78da5aa7d134076b434f231f717884e9

SHA1
67c200730a233718196187814c796039138f48f4

SHA256
47d8137e6f1bc0684cfe027ca841e2af8d95187f94b490ae61e463a89bc7c31e

SHA512
55d4c28e57885d95e9a16aaf594ea1ee99ef4a3b18061ee4175865e37d97bc460e47e51e4dc6a4c946c28ed319bb34bd33be755004b369c22376f30982f62fee

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\Server.csproj

Filesize
32KB

MD5
1764152ca25b4de663b6f747c7c56beb

SHA1
b3f16670c406c2e436110efb7c1d5f418ee1bcb4

SHA256
16adce3292f461bbbe17bf0afa82d491b6b094e3a3a94d89169a762b39f1f3a8

SHA512
d0d7e2fd246edd2ee7273925f3696225e8f10c120f68f878507f2051f221d0f618ea86783240b82addbfeb75cc9066c37526891b7e16868fddd6233ad611c3e1

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\flags\au.png

Filesize
673B

MD5
2fba49c88880e9ffcff947015cb7ab9c

SHA1
20361b7e4d3cf488c5e6330b6abdb1efcaa9e866

SHA256
a7f9683bc4240ef940ee3d4aaf127515add30d25b0b2179a6cdec23944635603

SHA512
6d826ac84a3ba2f845a1092c75a4416f170fca0e74122de5d031095942d51f2c1b53604589a8960a3d48319f3040361d9b66f1733de19a5fd2b18f07fe6a29ff

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\flags\re.png

Filesize
545B

MD5
c1cf1874c3305e5663547a48f6ad2d8c

SHA1
0f67f12d76a0543772a3259a3b38935381349e01

SHA256
79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842

SHA512
c00e202e083f703e39cafbb86f3e3f6b330359906e3a6c7a6a78364d6adeb489f8b8ab1b2d6a1b8d9ef1a17702cfc8fc17219cf1aae3e5a7c18833f028037843

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\flags\sj.png

Filesize
512B

MD5
559ce5baaee373db8da150a5066c1062

SHA1
ee80e5f63c986d04f46bff10f639113c88107ced

SHA256
f8dc302371c809ebda3e9183c606264601f8dd851d2b1878fd25f0f6abe2988c

SHA512
c0ca7595cdd2dcef0385ccb1c0d15bb74accaea63b9531233bddf14c1791ffc9712dff660292706cfa269a975d29d7a189885cd09046ac6d8ed39a57ec9557ca

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\lib\Mono.Cecil.dll

Filesize
277KB

MD5
8df4d6b5dc1629fcefcdc20210a88eac

SHA1
16c661757ad90eb84228aa3487db11a2eac6fe64

SHA256
3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e

SHA512
874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\lib\Mono.Nat.dll

Filesize
40KB

MD5
bf929442b12d4b5f9906b29834bf7db1

SHA1
810a2b3c8e548d1df931538bc304cc1405f7a32b

SHA256
b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0

SHA512
9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\lib\Vestris.ResourceLib.dll

Filesize
76KB

MD5
64e9cb25aeefeeba3bb579fb1a5559bc

SHA1
e719f80fcbd952609475f3d4a42aa578b2034624

SHA256
34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993

SHA512
b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\Server.csproj.FileListAbsolute.txt

Filesize
8KB

MD5
c3ed5406e979e73b6fcc0e38abf9f743

SHA1
ad38875fe7dfb5c1bcfbe4a3387257a09b057286

SHA256
fca9582b57b4aa0d0b8d2dbf90d278d08769b3a91b02ea1b79049203f46c93ca

SHA512
35d0a45222ba22dfa37f4ef4dff99b09c63856eb3c71d28599bb20f1273abcd955245a5ffcd0e32038dc98a4fa0fc88694312ab807edc40ac6e6e978ea9a5c41

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\xServer.Forms.FrmBuilder.resources

Filesize
31KB

MD5
6e3ba8b328ac9bf2a07b30159046d990

SHA1
b3809725e7e1d1e307b3763c3430c1ba6540ac9f

SHA256
f601a9675a4777fb08ba084f3aa04895b2d293629740ac29f2bd1dbe33e972ab

SHA512
d6ab0cbb1bdd61a6e2923109ae5ad41fb78f9c3093f45eec97c30210a32993356855a12d74274bbfeb2ea0c55052367c6bd7498874b308d3ed98bb838d257876

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\xServer.Forms.FrmFileManager.resources

Filesize
39KB

MD5
d9eeefb70580152f0149b03a0d49ce0d

SHA1
c225b8f562322c5baf89670671463225d7e37b97

SHA256
b114084f1b5914da3320b5e4502011018a3fa799593e507ad294d8ae44a49d47

SHA512
9a1f1751a1d3f0f7932ad576f163384a7e685e3a882db1e49f09d54648608a242e021acdecc6fd101ed1c072de8d5932f24afa48c11ec9e4bfb659b8e0a3169d

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\xServer.Forms.FrmMain.resources

Filesize
125KB

MD5
c8a58cf5f7273eaf5fbe071279eda51d

SHA1
cafe45c0bdf2233407b3ce67f5edd7090bb18589

SHA256
679df94255a9ab9b0a4a75d1913fde3236bb128961050c44bbf4ed7f48f4b24a

SHA512
975ada7261b6056126d6207b2505ef8fd2d665ce3e89019e2e251182907dd53087750fff8bf2cbd6bc26854f2d907ba2561df8db0ff41ad42342d48adc3319c6

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\xServer.Forms.FrmMicrophone.resources

Filesize
32KB

MD5
d94fc8d24e944e7eef6000f3272c2602

SHA1
2200991b57e36482212232af448890a68f7e5f89

SHA256
3ffee03c5f9d039d8ec7fbcb5d8343facff71935d21219da015527d22af22cbb

SHA512
fe8f2ea92165e744c2a594ff18362a028e43db7117e9099a8dc2fd8765f2461143e7ea4da943957b9659219fa0ac0741f065e6d26134cbb8161b91bc31ce79ba

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\xServer.Forms.FrmRegValueEditMultiString.resources

Filesize
180B

MD5
cd7dbc7abeda9893ce25793744443958

SHA1
dbbbbe2694d4b9b990881f279b4313574dbeac9b

SHA256
e13ed2c59366d0eea74863fd71a81f0cb977cce1edfde304fc538690a4f6ac89

SHA512
e880f131ff460384940248ab2ecd97189ae0b7169fe5246440dfbce32f295cbd7697ce2ee65b434a0e40be91b91c21b2c14b1f446b2b1650d0a5d94c0d4f37ef

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\xServer.Forms.FrmRegistryEditor.resources

Filesize
36KB

MD5
71fc7a99da2842202487036233696c94

SHA1
fccb792336a030a12ae772617da7ba9f1a3f26d8

SHA256
a567ad52c44ecb82681d5a3fcfce65deb7600373bc5ec18838ff4dfcab3b629a

SHA512
4915c4e62ee36f573219617bcc1160f91f18f2834134a3338ba53377954932f722841bbe7271dbe09cab2b71f86b7e8d50d5661964af92bf47dd7084cb4ec0c4

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Debug\xServer.Properties.Resources.resources

Filesize
54KB

MD5
9d2d24422e7c234eef2aadea730e8217

SHA1
4c3ecad5d475ad571593d5c2781e0b76ccee4378

SHA256
4010c5a8583623c95286dedd3d89cafb455777e53fd7c57a6788a3041e5dba0d

SHA512
ef89293c1a21fb628b7dce5060c8a1dc332c841a9626487a16ff2b98d8c3964849fa86888a1f8016a738c3ba25839b0b0d614ba1c7d6fb150c4c553ac8ae1019

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\Server\obj\Release\Server.csproj.FileListAbsolute.txt

Filesize
3KB

MD5
4b617021918993bd17d740f5462e2308

SHA1
ebb388ee07feab0d97c72ef55ca828ff8b9aab78

SHA256
92a45505f03777d06c7a5536a5da1491a6bf110bf2dc459517eb8566eb0794bc

SHA512
f4c68b4d6d835381303ce76b105d3e7d6aa9f0eebc45622dbf3f0a209cb369eddd26d31a0423dd6c6618178ff4ac5ff4747d9abc40466807871c8bb0e2924dc6

Download Submit
C:\Users\Admin\Desktop\Quasar-RAT-master\build-release.bat

Filesize
113B

MD5
688a0b49332ec59b17f3c8b81f4c018a

SHA1
411a5915f5c2491383a3053319681272cf7b058a

SHA256
74c5ef687bd56a909a9f0670396b473248321061b01d037e59ecce34dd655fd1

SHA512
5d391218924f8cac9410bc6d573f8da1dde58dbf4c7a715dc3a8aa5508902e31fa1ae27e0d624dcf76fef9d6176f3c92f365f74417b1b0e4eb630f36c98eeb8d

Download Submit
C:\Users\Admin\Downloads\dotNetFx40_Client_x86_x64.exe

Filesize
41.0MB

MD5
1cf262f35322d6c9c7a27fca513fc269

SHA1
4cd67f609f89d617d2b206341b8c211e1b88b287

SHA256
ddb54d46135dc4dd36216eed713f3500b72fc89863a745c3382a0ed493e4b5da

SHA512
663123cbc508c6bc483b7a2630a055c160c56a1c067f2a417a4e91c1bb55b8be5b041a2a76216b594b1adfa47345c8da6f2c80e4a2b3fe0b32f380cf28ebb093

Download Submit
C:\Users\Admin\Downloads\dotNetFx40_Full_x86_x64.exe

Filesize
48.1MB

MD5
251743dfd3fda414570524bac9e55381

SHA1
58da3d74db353aad03588cbb5cea8234166d8b99

SHA256
65e064258f2e418816b304f646ff9e87af101e4c9552ab064bb74d281c38659f

SHA512
241ba3f82f37818407bc00909c160b653b45a1a3d156e043b87ba18a7819294716705c952c7b46516c4afd86e6f99bad23e7235b951a371ae6728107f19e5f23

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
F:\71d06f230beab8e79b17\1028\LocalizedData.xml

Filesize
59KB

MD5
967a6d769d849c5ed66d6f46b0b9c5a4

SHA1
c0ff5f094928b2fa8b61e97639c42782e95cc74f

SHA256
0bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542

SHA512
219b13f1beeb7d690af9d9c7d98904494c878fbe9904f8cb7501b9bb4f48762f9d07c3440efa0546600ff62636ac34cb4b32e270cf90cb47a9e08f9cb473030c

Download Submit
F:\71d06f230beab8e79b17\1028\SetupResources.dll

Filesize
13KB

MD5
7c136b92983cec25f85336056e45f3e8

SHA1
0bb527e7004601e920e2aac467518126e5352618

SHA256
f2e8ca58fa8d8e694d04e14404dec4e8ea5f231d3f2e5c2f915bd7914849eb2b

SHA512
06da50ddb2c5f83e6e4b4313cbdae14eed227eec85f94024a185c2d7f535b6a68e79337557727b2b40a39739c66d526968aaedbcfef04dab09dc0426cfbefbf4

Download Submit
F:\71d06f230beab8e79b17\1028\eula.rtf

Filesize
6KB

MD5
6f2f198b6d2f11c0cbce4541900bf75c

SHA1
75ec16813d55aaf41d4d6e3c8d4948e548996d96

SHA256
d7d3cfbe65fe62dfa343827811a8071ec54f68d72695c82bec9d9037d4b4d27a

SHA512
b1f5b812182c7a8bf1c1a8d0f616b44b0896f2ac455afee56c44522b458a8638f5c18200a8fb23b56dc1471e5ab7c66be1be9b794e12ec06f44beea4d9d03d6f

Download Submit
F:\71d06f230beab8e79b17\Parameterinfo.xml

Filesize
197KB

MD5
eb9d318bbea1f384a78ede1d1051f47d

SHA1
ecd4391fe00d9bb73964456af15fcd94db676cc0

SHA256
73b29a019c1821304c65a30f338db2747b950ebcc0e65c02cff39a0166316a72

SHA512
91716d9a78852db0abe526a08c73c8349eeb997ad493a8f5b043e45a4a7aadb15febfbbc42641aeec445bc36b0054a4520e051a0ce4cadd237510033f3a9bce0

Download Submit
F:\71d06f230beab8e79b17\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
F:\71d06f230beab8e79b17\UiInfo.xml

Filesize
38KB

MD5
d7a2e90dd9df6f93fd4b7354f8ec2b0d

SHA1
a792c41b62796513e312f19dee91447b9280b23b

SHA256
1d1590eb48e66646ed7917a76302862ac87e6651c841a808cf3fe797b9e697f6

SHA512
a3431da5517428b69d4481a98ab6cda6849f3b1b33dd44cc2edfd76ddbf51bd2b45b3c4ed21293f7fee2789281b8cf5120ef83f11f99de6fc18c0e3fe5d1d9d5

Download Submit
memory/3772-2566-0x00000000065E0000-0x0000000006B4C000-memory.dmp

Filesize
5.4MB

Download
memory/3772-2585-0x0000000006780000-0x0000000006D26000-memory.dmp

Filesize
5.6MB

Download
memory/3772-2562-0x0000000005DE0000-0x0000000005F02000-memory.dmp

Filesize
1.1MB

Download
memory/3772-2560-0x0000000005160000-0x0000000005190000-memory.dmp

Filesize
192KB

Download
memory/3772-2591-0x0000000006350000-0x00000000064CC000-memory.dmp

Filesize
1.5MB

Download
memory/3772-2559-0x00000000051B0000-0x000000000530A000-memory.dmp

Filesize
1.4MB

Download
memory/3772-2590-0x00000000061F0000-0x000000000620A000-memory.dmp

Filesize
104KB

Download
memory/3772-2574-0x0000000006090000-0x00000000060A0000-memory.dmp

Filesize
64KB

Download
memory/3772-2586-0x0000000006460000-0x00000000066E6000-memory.dmp

Filesize
2.5MB

Download
memory/3772-2563-0x0000000005D20000-0x0000000005D64000-memory.dmp

Filesize
272KB

Download
memory/3772-2584-0x0000000006270000-0x0000000006302000-memory.dmp

Filesize
584KB

Download
memory/3772-2583-0x00000000068B0000-0x0000000006C1C000-memory.dmp

Filesize
3.4MB

Download
memory/3772-2558-0x0000000005030000-0x000000000504A000-memory.dmp

Filesize
104KB

Download
memory/3772-2557-0x0000000000700000-0x0000000000740000-memory.dmp

Filesize
256KB

Download
memory/3772-2689-0x00000000075D0000-0x000000000766C000-memory.dmp

Filesize
624KB

Download
memory/3772-2690-0x00000000075A0000-0x0000000007606000-memory.dmp

Filesize
408KB

Download
memory/3772-2692-0x0000000007580000-0x00000000075D0000-memory.dmp

Filesize
320KB

Download
memory/3772-2691-0x0000000007630000-0x0000000007730000-memory.dmp

Filesize
1024KB

Download
memory/3772-2575-0x0000000006540000-0x00000000068A6000-memory.dmp

Filesize
3.4MB

Download
memory/3772-2570-0x00000000060E0000-0x000000000612C000-memory.dmp

Filesize
304KB

Download