Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/q...

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    201s
  • max time network
    187s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    03-12-2024 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/quasar/Quasar

Score
10/10
quasaroffice04discoverypersistenceprivilege_escalationspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

6dab755e-99a5-475b-95a9-433b328d9999

Attributes
  • encryption_key

    78E30C32374E98EFA5E3E588D4C26247E1BE7C9F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 7 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/quasar/Quasar
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff945ff46f8,0x7ff945ff4708,0x7ff945ff4718
      2⤵
        PID:2248
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
        2⤵
          PID:3068
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2940
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
          2⤵
            PID:640
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
            2⤵
              PID:3852
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
              2⤵
                PID:4112
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
                2⤵
                  PID:4468
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                  2⤵
                  • Drops file in Program Files directory
                  PID:4664
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7674d5460,0x7ff7674d5470,0x7ff7674d5480
                    3⤵
                      PID:1336
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3704
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6052 /prefetch:8
                    2⤵
                      PID:1536
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
                      2⤵
                        PID:4428
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,18077564003059272833,12135074843575193797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4740
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:1824
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4120
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          1⤵
                            PID:4656
                          • C:\Program Files\7-Zip\7zG.exe
                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap31962:84:7zEvent28458
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            PID:1192
                          • C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
                            "C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
                            1⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            • Modifies registry class
                            • Suspicious behavior: GetForegroundWindowSpam
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of SetWindowsHookEx
                            PID:5028
                            • C:\Windows\explorer.exe
                              "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
                              2⤵
                                PID:4264
                            • C:\Windows\explorer.exe
                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                              1⤵
                              • Modifies Internet Explorer settings
                              • Modifies registry class
                              • Suspicious behavior: AddClipboardFormatListener
                              • Suspicious use of SetWindowsHookEx
                              PID:4956
                            • C:\Users\Admin\Desktop\Client-built.exe
                              "C:\Users\Admin\Desktop\Client-built.exe"
                              1⤵
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • Event Triggered Execution: Netsh Helper DLL
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:3872

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              6dda6e078b56bc17505e368f3e845302

                              SHA1

                              45fbd981fbbd4f961bf72f0ac76308fc18306cba

                              SHA256

                              591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15

                              SHA512

                              9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              f6126b3cef466f7479c4f176528a9348

                              SHA1

                              87855913d0bfe2c4559dd3acb243d05c6d7e4908

                              SHA256

                              588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4

                              SHA512

                              ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              48B

                              MD5

                              5f54926958f8d00aca3874093b23ceae

                              SHA1

                              90df80721bec87e6c2109c0fe90dc9ed5df889fd

                              SHA256

                              08dfafa0184d1eecfc9e8c70a10d21178aba74271f5486464d720fb5e313c4df

                              SHA512

                              504d54d40bf3175bc398e8bbc4a0f15cfcccefe9fb18e1f1fb3554ab98479e7e37f79608c4d21a08e67c36a44dd6a9c2e4af6317f800101c38ed59d43fdbdf28

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              1KB

                              MD5

                              e08a909b2621f4c6cd03dbd2cfb039d0

                              SHA1

                              70477a74ca0d9928820c136f540fb50cdedb893e

                              SHA256

                              7fa52908e6bbe8be11305cba9c3a813243fddab080829ebc02f65b116250600f

                              SHA512

                              58c3d36cb1b8008f6c6f42114a61196815dd8f889cc55515b0435f6fa5189075e0d1b8369038229131e8c664d1b8021dcf8d871a9794d91d68c44e3b85eb9c71

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                              Filesize

                              70KB

                              MD5

                              e5e3377341056643b0494b6842c0b544

                              SHA1

                              d53fd8e256ec9d5cef8ef5387872e544a2df9108

                              SHA256

                              e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                              SHA512

                              83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                              Filesize

                              264KB

                              MD5

                              f50f89a0a91564d0b8a211f8921aa7de

                              SHA1

                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                              SHA256

                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                              SHA512

                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              496B

                              MD5

                              30322550d9f9c54f345ea1c71f3b2e8f

                              SHA1

                              b5a3cff2995147279c2bbed7c03b2280ecb286e5

                              SHA256

                              4e7798d8476361378f8fbfb0442db63c7f6bf7e1830d50808bfdb8a58700d8f9

                              SHA512

                              261d1f5bc9c8a369f815eb846c252f54681f70862153bd49959411450870207b3ee240cc9016533c27401922527d561cc1ea7bb23708e4a257f071d010cf55ef

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57dac0.TMP
                              Filesize

                              59B

                              MD5

                              2800881c775077e1c4b6e06bf4676de4

                              SHA1

                              2873631068c8b3b9495638c865915be822442c8b

                              SHA256

                              226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                              SHA512

                              e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              18b9cd24ca9bf3063b93800d3b4b20f1

                              SHA1

                              370e0e5c881cc234cdfa5e07961f62dc97e65a26

                              SHA256

                              19b5ebb1cf90d87af81e597e79a28d0e140b46afc0ba50a36d051d326ded680a

                              SHA512

                              d83e7eb66733e7608c8d00c41cd5725a53c1acacff6ce2ab6246bb54b6c93fd3a825041fc914388bfcc0ed03e0fd192a83f3ce279f11d7becfe9f50c79195468

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              42b025d39f40ffda2d6dc3437847e226

                              SHA1

                              0416a51fcb0129fb13ab17e398c72973b7b2eb0b

                              SHA256

                              b17589465051109ad14666b5e15bb19efcb67db2538f95de81b2363af9fcfa2d

                              SHA512

                              ec92b58b28ad47e30ae4ecc3f847a5aaf6c8b4a422e27c188cdb40e6365baf190a2ec6e899bcbb718cc1265e58b233cd883299d02d33e538c6ab5cd243e4b98c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              e459c5a297ea2aef285d4354d6d3b238

                              SHA1

                              53bc83540359715812d700bc2cbaa7f28451f625

                              SHA256

                              a99216f78a68facea08ac21c0f979b5ac1bdedafd03607182936d24a9397adde

                              SHA512

                              a28239200554a2f04aa89afe4f22ae46ae3afafc578b57bd201ec834cbfee6d4f6a8dc735fec23507044c1596c4bebc8b2355a37a822cb54ed217134375df228

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              90cc75707c7f427e9bbc8e0553500b46

                              SHA1

                              9034bdd7e7259406811ec8b5b7ce77317b6a2b7e

                              SHA256

                              f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb

                              SHA512

                              7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              0d8c8c98295f59eade1d8c5b0527a5c2

                              SHA1

                              038269c6a2c432c6ecb5b236d08804502e29cde0

                              SHA256

                              9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721

                              SHA512

                              885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              1KB

                              MD5

                              589a69552a13ee462d644f487e304c09

                              SHA1

                              97096b7d18b0fc208fbb56c601dd95343074be59

                              SHA256

                              b7923c27f1f8fb06326ed868f1b2677b7dc75ddced7b847970e4585f8f71a014

                              SHA512

                              fe1e612380a942aff6b121a12e337d571361e9f012c1e0cc4281e4d9ff125fd4d0a761f379019b4ef0903eff5564c1d3f0e028b641d2757dffb3a5229b8f54e0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dac0.TMP
                              Filesize

                              1KB

                              MD5

                              df6a5981ac507ce5c9f894855629d6b1

                              SHA1

                              4d5cf179ba1e6a7e8a5feec684b0e67fb37d96a5

                              SHA256

                              eb55c6b7af8f4049cbe037d97c97ba4646c132277a9785ffc24291f8dbd910b9

                              SHA512

                              c2a76fcd0192293d4c4621647dcce0afa75c6febe477052d39fc76cc4be1914bd947fa44125035e961d5b6d105c9c5d1cbd776039399519f5081f78f6b6aed22

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                              Filesize

                              41B

                              MD5

                              5af87dfd673ba2115e2fcf5cfdb727ab

                              SHA1

                              d5b5bbf396dc291274584ef71f444f420b6056f1

                              SHA256

                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                              SHA512

                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
                              Filesize

                              8KB

                              MD5

                              0962291d6d367570bee5454721c17e11

                              SHA1

                              59d10a893ef321a706a9255176761366115bedcb

                              SHA256

                              ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                              SHA512

                              f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              8KB

                              MD5

                              b04bf382079dd7ea39de9b573e4986e5

                              SHA1

                              7511f393558ca1ac7974eea16bba95d8008e61de

                              SHA256

                              e55c9a6aecf1d9737208c2fff7e99cc4c91b9ec1f1517982f393a6330919d26a

                              SHA512

                              f269a385de698793ff4600986f0e2dab98c5a56dfe5efeb66466afc4bc9c62e48b6d0f758caabe1fef9fa77c4941b35faa7688c396a8579455d967e1e59998c4

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              88960ef6eb4a7809523f4bbb6e40a9fb

                              SHA1

                              f5c18135b162edd4dfc3eca3b765d9d147bd5356

                              SHA256

                              3933166388c1cbc2ee89b7e86e01f646a86c132adb60462dde98e21370d0b867

                              SHA512

                              bab39af9a5180305872b2a667a61fc55de8634733066c457a369c1c9ae3da3059faf02e3bf8b280bbda5cd3b5b34d86b4d10473091186ecf320c55a0ba4528c3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                              Filesize

                              3KB

                              MD5

                              b8c5c154dca86c2d223228ad12956415

                              SHA1

                              178f208982f242498ec84e856305bafe04018e5b

                              SHA256

                              4ff34589e9d977b3e4f99e7e5158db0c00a8565b2cf09b6acb23dc19b5cd2b1c

                              SHA512

                              7eef44248f1a7004fa1f9843293f149944c6fd0966ef56b0c951c5facbdfdb9e836e676b6741751a7956e32fb4bd18f6b59b7cdd413aa8f5abb879191077b712

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                              Filesize

                              3KB

                              MD5

                              c3f2008259665dcd40422dfd40388a4f

                              SHA1

                              cdf742e467855ce589b72cc526c54025f0bc6d05

                              SHA256

                              e98c3f18b839ed8e4526b6c48df0bb819749230efb6100f3537bded47b5d3e96

                              SHA512

                              811a933f0b2458b762713328fc813de914844e4b25027bcbe1ea9694c73b004cca0577a8fc14fd5949ff07188a58efda03c998fe3de058ecbb1a71a00086ad14

                              Download Submit

                            • C:\Users\Admin\Desktop\Client-built.exe
                              Filesize

                              3.1MB

                              MD5

                              75d104906564ef9cc616a55e05453bb1

                              SHA1

                              1f61f26c1e15d87c1832deae3d7dbd5ab61e8536

                              SHA256

                              5f693695abc7d19723ac2d32b26464e5dca2173e7723a0dd66a2ea24b6916a01

                              SHA512

                              468cc9e5f5018317f8b912e965116f959fd419e52804c4b66914660c087d8640910f1a95c32869e923b96d767bcb5fae4ad22729f1aaa71e5fbd82d6e30e25e7

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\BouncyCastle.Crypto.dll
                              Filesize

                              3.2MB

                              MD5

                              0cf454b6ed4d9e46bc40306421e4b800

                              SHA1

                              9611aa929d35cbd86b87e40b628f60d5177d2411

                              SHA256

                              e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42

                              SHA512

                              85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\Mono.Cecil.dll
                              Filesize

                              350KB

                              MD5

                              de69bb29d6a9dfb615a90df3580d63b1

                              SHA1

                              74446b4dcc146ce61e5216bf7efac186adf7849b

                              SHA256

                              f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

                              SHA512

                              6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\Open.Nat.dll
                              Filesize

                              68KB

                              MD5

                              cc6f6503d29a99f37b73bfd881de8ae0

                              SHA1

                              92d3334898dbb718408f1f134fe2914ef666ce46

                              SHA256

                              0b1e0d8f87f557b52315d98c1f4727e539f5120d20b4ca9edba548983213fbb5

                              SHA512

                              7f4c0a35b612b864ad9bc6a46370801ed7433424791622bf77bf47d6a776cb6a49e4977b34725ead5d0feaa1c9516db2ca75cb8872c77a8f2fab6c37740b681f

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml
                              Filesize

                              1024B

                              MD5

                              b20fe7aa7fb6837d8d6d3be81483fa99

                              SHA1

                              2f7e2c5b06aac5cc3647cd03ac28f07dde4bf79c

                              SHA256

                              e2474e51636dd77be644ed264be00717c5fc93959d3ba72dc34b4deeddfc0412

                              SHA512

                              6732fff75286e9ac2e0adb87fad643cf95a59a6c736ca25dcb9acf02f4d1d1b1b4d482ddf52821d22d8dae51edbae72b5899aa190337b044830cf7f850d83265

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.Common.dll
                              Filesize

                              62KB

                              MD5

                              2185564051ea2e046d9f711ed3cd93ff

                              SHA1

                              2f2d7fd470da6d126582ad80df2802aabd6c9cea

                              SHA256

                              de930a748e4dc08c851ba0a22afce8dcfd0f15f23b291f9306c8ef6ccd7460a2

                              SHA512

                              00af241c1f89b478e66d758db26ed0a413b690d695abf91211b5cbc3985133632327ea0fc41140bd61d02271b6aa278a8e8f539d8ca6ce94972aef50c1a9c868

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
                              Filesize

                              1.2MB

                              MD5

                              12ebf922aa80d13f8887e4c8c5e7be83

                              SHA1

                              7f87a80513e13efd45175e8f2511c2cd17ff51e8

                              SHA256

                              43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e

                              SHA512

                              fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe.config
                              Filesize

                              176B

                              MD5

                              c8cd50e8472b71736e6543f5176a0c12

                              SHA1

                              0bd6549820de5a07ac034777b3de60021121405e

                              SHA256

                              b44739eeff82db2b575a45b668893e2fe8fdd24a709cbf0554732fd3520b2190

                              SHA512

                              6e8f77fcca5968788cc9f73c9543ce9ab7b416372bc681093aa8a3aad43af1f06c56fcbc296c7897a3654b86a6f9d0e8b0fe036677cf290957924377bc177d9f

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\Vestris.ResourceLib.dll
                              Filesize

                              76KB

                              MD5

                              944ce5123c94c66a50376e7b37e3a6a6

                              SHA1

                              a1936ac79c987a5ba47ca3d023f740401f73529b

                              SHA256

                              7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

                              SHA512

                              4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\client.bin
                              Filesize

                              3.1MB

                              MD5

                              f4d16cfe4cad388255e43f258329f805

                              SHA1

                              fe7cc6c9eb76b5ad97867b46d053fae601fd4a2d

                              SHA256

                              8fb6ae3496d4ac025eab443d3e322b0faa3461d25b54093c9205d35746e3250e

                              SHA512

                              867045eac0f7765e6bea51e62bc4ed68b1e81ce6c2843d2e08714eb391a8ac94c2571c09828286252248400ea5c12bffa50a25c8ec5ad9e6d0bb836320ec188f

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\protobuf-net.dll
                              Filesize

                              282KB

                              MD5

                              abc82ae4f579a0bbfa2a93db1486eb38

                              SHA1

                              faa645b92e3de7037c23e99dd2101ef3da5756e5

                              SHA256

                              ca6608346291ec82ee4acf8017c90e72db2ee7598015f695120c328d25319ec6

                              SHA512

                              e06ee564fdd3fe2e26b0dec744a969a94e4b63a2e37692a7dcc244cb7949b584d895e9d3766ea52c9fe72b7a31dacf4551f86ea0d7c987b80903ff43be9faed3

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12
                              Filesize

                              4KB

                              MD5

                              f4c935abcf46a28a7b3ccfd1f650e228

                              SHA1

                              fa2c0e6b827ee57cc7c98875f12f3eef884f54f9

                              SHA256

                              65afc72bb2d2c3668864af582f890bbabbbb389399ca494aed2d2d1308e88a51

                              SHA512

                              7371e87767650b5ed69d4986bcbfb93193936fe20677094b6fc90dd8fdf6ee9360f80058c87ae31cdaa146c52210cef2a9f008e152dbd0a917272165ce1bb4a2

                              Download Submit

                            • C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml
                              Filesize

                              371B

                              MD5

                              482b40c0d7aa8a3d1bbf44e34b4d2ca5

                              SHA1

                              d6d24c92b01a2d8a1e9cd5a15669443091f1c7a7

                              SHA256

                              40adac53b3488585f0bd0dfc919d7d145184d4b78ee7641d721bfdf141571c31

                              SHA512

                              64774f6c520ba1b99c353d79747e78d07dce9220ba9d4a0d81d8abd6d593ef32941b73d7795e1666b0777571bca194d9ac7b6b4394c1b2bde32387ea4ee2f813

                              Download Submit

                            • C:\Users\Admin\Downloads\Unconfirmed 199056.crdownload
                              Filesize

                              3.3MB

                              MD5

                              13aa4bf4f5ed1ac503c69470b1ede5c1

                              SHA1

                              c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                              SHA256

                              4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                              SHA512

                              767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                              Download Submit

                            • \??\pipe\LOCAL\crashpad_2028_HGDZPPXEGUSXVGGT
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              Download Submit

                            • memory/3872-661-0x000000001D6C0000-0x000000001D6FC000-memory.dmp

                              Filesize

                              240KB

                              Download

                            • memory/3872-660-0x000000001D600000-0x000000001D612000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/3872-659-0x0000000000F10000-0x0000000001234000-memory.dmp

                              Filesize

                              3.1MB

                              Download

                            • memory/5028-555-0x000001EA580E0000-0x000001EA58130000-memory.dmp

                              Filesize

                              320KB

                              Download

                            • memory/5028-580-0x000001EA5B910000-0x000001EA5B96E000-memory.dmp

                              Filesize

                              376KB

                              Download

                            • memory/5028-582-0x000001EA583B0000-0x000001EA583CA000-memory.dmp

                              Filesize

                              104KB

                              Download

                            • memory/5028-527-0x000001EA3A260000-0x000001EA3A398000-memory.dmp

                              Filesize

                              1.2MB

                              Download

                            • memory/5028-558-0x000001EA58130000-0x000001EA5817C000-memory.dmp

                              Filesize

                              304KB

                              Download

                            • memory/5028-556-0x000001EA581F0000-0x000001EA582A2000-memory.dmp

                              Filesize

                              712KB

                              Download

                            • memory/5028-531-0x000001EA58410000-0x000001EA5873E000-memory.dmp

                              Filesize

                              3.2MB

                              Download

                            • memory/5028-529-0x000001EA3BF20000-0x000001EA3BF36000-memory.dmp

                              Filesize

                              88KB

                              Download

                            • memory/5028-554-0x000001EA57820000-0x000001EA57838000-memory.dmp

                              Filesize

                              96KB

                              Download