Analysis
-
max time kernel
1167s -
max time network
1169s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
-
submitted
21-01-2025 11:36
Errors
General
-
Target
https://github.com/quasar/Quasar
Malware Config
Extracted
quasar
1.4.1
Office04
10.127.1.13:4782
17d2ae6f-60f3-4a30-9af5-29543748833c
-
encryption_key
3DC2CF1175089490C3D5D0D50D101712F41B309F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload 5 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Gathers network information 2 TTPs 3 IoCs
Uses commandline utility to view network configuration.
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 17 IoCs
-
Modifies registry class 64 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious behavior: LoadsDriver 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffb64c0cc40,0x7ffb64c0cc4c,0x7ffb64c0cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2056 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1776 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2432 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3148 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4500,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3124 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4808,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3124 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4424,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4828,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4832 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3248,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3252 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5148,i,3229783587294193859,11016463093557028538,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffb538646f8,0x7ffb53864708,0x7ffb538647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff7a82b5460,0x7ff7a82b5470,0x7ff7a82b54803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1324 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15033088725610461810,5008059378087564767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"2⤵
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f4⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" /r /t 04⤵
-
-
-
-
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"2⤵
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\system32\ipconfig.exeipconfig2⤵
- Gathers network information
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\system32\NETSTAT.EXEnetstat /nbf2⤵
- Gathers network information
-
-
C:\Windows\system32\NETSTAT.EXEnetstat /nbf2⤵
- Gathers network information
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39a2855 /state1:0x41c64e6d1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118KB
MD59a51708db43ce46c0cef15afd74de150
SHA130867f6be12674137dfd3acd9bc3bf400b501d1d
SHA256e40ebca580e9e55bc2cd8470be272dda5a8c102092e9ff297db78c7b555c3686
SHA5129a6a5bae456b472fe3427e552800075d8f70f77ff79caa798d0c9fff51280d71e84bcf13229e7e725fb277265a2507cda74b05026f9da4eb4763642e802031ae
-
Filesize
9KB
MD5c707ba06dc1016992ffbce31caef0826
SHA1ef550ce6d83a79e156d9b54e41abf7be1cac1163
SHA256975b368861e003fb745ea0882ceffc40b051d92c80682046f109cfdcbf96d4ed
SHA5120f5febe17ce0e5b1002aee21c838c210db4e4ff1e651e3b58fd66d7bdd2e47412c60e99ec7d7ab065ec69253ad170d6349b51d6404c641b86f0cf565a1a0ecf3
-
Filesize
649B
MD5624f57d9e06d3260e2d3f801cb1aefc7
SHA1ee9fa7f4eeb49de697429409c18d972dc4aab01e
SHA25696a4f7603df3df6ec3d0bd18c7f0f090fd559d539f68b6e1c109449baa1e05e2
SHA51211f60140d4c875ca71d1f4bec3ef2287d9df89261f571e3588db7628aacacf0ec00c69b5f67652bbf858e1d143753617721f85d018945ff2558ff7e9147c7fb2
-
Filesize
120B
MD550e4fa8f93c2ba9402b94d48dc262d8a
SHA1d4f1a18671d63e3c0625d8ef909af4725cc501bb
SHA256545375f182da1911434c18cf325c12d44b2daef1eed22104f886d165f6608778
SHA5127fb4cafe09142cab3f4c138a20eb9290ff2ddfe704479cd3f58172c81762742d86e9519d9944f798713d9c64dff19d6dff8842a94d8ef314185ef174551b88a4
-
Filesize
264KB
MD53b95d7117e1e6f62c2f358d48c93e54b
SHA1196cd53846e85a682620975b8af168d1a6da654f
SHA256384209f3988852ea8f31230559e24b711bba0c86c2dab661aabb11be510dc6b2
SHA5127be182c26a7f308d5833745209bc2b017f2005b93971d2f4e8b7f016a98f9d90c7505ae07b216a5bdde0fae81ef242d757365c1ae129c5046a0285f6e8607d50
-
Filesize
2KB
MD567decf995a7d260c693f5db154bdcb79
SHA14d620cee93d4eb540d61ebe17496cda60426eb77
SHA256119bffe22caee07bb75ca6018f88cb3fc8fcafaf2e61731de8f91fd3935518d3
SHA5126cc18ba9001df42aba1d8dc7997972540cf1111e0294362de116650c68761fb408fa375f76af644ee53bca643003f04998add6d93950daff0fa3c5aae13bc134
-
Filesize
1KB
MD5072964eb646ac83cf7ffd5af4974c781
SHA1334a6a4d2e00d61abd683e421c89079f8698f1f1
SHA2560fa46d13ae8812ba6b8db32b6f9389186150dbeae658632dc2fbc4d05553f140
SHA5125fe200ada903eb922e4e4eb4d26e0d8a27ab38b212507b89befdbaa41c135bc6b8e1d445c35574f38ef8f84b72770fdd3120d3b0c8df50372f17b132bc32bdce
-
Filesize
1KB
MD56635f9d2b7125a9bd41794a850cf3876
SHA1f872ca8dc19747c169add3f6258159d01325e068
SHA256f4ea4df899478c0df814e0dc9777c9c3968fa67959193fe44cfaf08c9b20b494
SHA5124e1031e27e274e5c1ceef83df1b58524df501f1d982a95557004312f72103556b99368adbf0d404593a00a678af4527a44e089c99978fa31962817af931ceac3
-
Filesize
2KB
MD55456f09245bea825a4c5254ad97b6783
SHA162307359c1939c0e0ed63b71867fa8a35e580976
SHA256d222dadbf9722490000e5a896b69a5aaf33b3bb615fc6a9761a36e6f96d021ee
SHA5125556dd383255b14a719b93523e03db77cb855f3ecaa862b8b879d508d3ab295d8828ba4861b086d52aeb586f0e12ca5c3e11c080314f51ed9135d5d53b908dab
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD563d38f4103f25ee4797e2f1a8ca15b1d
SHA1e057edad6090cb5fdba6e2ca99db09238c0082b6
SHA25604ce09465f8951d4b8728c4b4877db0298c4e54391a05d81719a4341de328e58
SHA512bbcb9723447a4929e6bb6b8f5131e543a075fb093383f8494cd8b354de29e721a1dbe391b8fb403ccd3411fe7c3c198783061aa498169110265f3a7d61338cf7
-
Filesize
1KB
MD5799e21dd9127684b8dae57829d7d1442
SHA18d9f8e38bfc56b9c1a436e09347fa2c5ff017195
SHA2563714e89823fa50a6dbd59cd91c078a4eac06970cc7e6afae3a9cbfa65ceaaa01
SHA512f50d364e9ad15f25a162d249b36d57864c41e64b5ebe13946732b389e85c55af1298ea132c8c4241bdab373d3c6d8ead4b8de7cfefdd6937ecbd302049d92fa5
-
Filesize
1KB
MD5e4b149384cd7934f7cdb05b2e167f71b
SHA128f12e4d6f1f97ce88b044c6ab141c8972b96b4a
SHA256baa74b19a1bc1f61504cf64e1d353feb04aa5b3bbaca1464258230009c18ff6c
SHA512c57f3333ba285244f5a327419f2334d36cbd7a00d1e32cdfb3c33d4e3b99511c738338d99d87f2c2f10a464b79d9937915b21e2ef09001a79290313a3f3115b1
-
Filesize
1KB
MD5ca11ece34901191878b26fb6d72f7c04
SHA1e3fcd6c309258721cda0d94cd4400df6b0b74f70
SHA256faf6a2d4d31496f9727edc22c73715d11f84cd3adeb303be0cee2ab0b0b05d2e
SHA5120b3ac0ce3e70c8c993d4f09e423dc0784740dfcd1f7c50619445c90d3dfc86e8863369601379fa2d28c659803af275605d57c139c50ecd4789c8eda1749dc5e6
-
Filesize
859B
MD5f50d76c9764415c7c83e2f69f6ddcb54
SHA1fcc2b47c1154d9656d7e6cffd0eae5ead0e9c3a8
SHA256cd97e076e09cabb2ae511f929bce0a3eb0a8ddda02a22541a66a08aa8c001b16
SHA51287e1f2d62906ad786e7affda7c6e1adc5523111947f37694b855395fa1b86d69788b772aeb31b53c7313178dbcff356b693fe0a56594f6fc47a722e3dfa04191
-
Filesize
8KB
MD50858412e0cf57381bf0e13e0840e6525
SHA11029ceda003f5e9dd7635454a640a856a143f226
SHA256b496137bbb8e65c918d5c3901f5505d04bb6dc2c30aeee3d19a11940c73e9ca8
SHA512b3bc72ca0bd95bf5a65553485d4b639f3ceb0c77bab6f7859fb4a5e7c2516aa3a0bf0f00eff056104800947c75f7d66c37d012b7f00fd35f0f312ca781c1ae97
-
Filesize
9KB
MD598f9ec016309828fe0f985f1748bc1b4
SHA1eb07df13e648ffa7b727d242dd9acdd13a6f0b5f
SHA2566226aaa963fdc5c5c1bf2ba38e717c556f555db6ab0a5ab325193a4af4074277
SHA512b110f43b609697b3fa63515a144c27385d7cbbbf5b58896dcdb1754668fcf933e7fbde340fca698c1ffb3fce969c07155bd5974085208d00278fd234a70b9e9b
-
Filesize
10KB
MD53c3131749d816100cd568d0ea4976394
SHA1d9907ce31a879a252648268ae08a40946d2340f4
SHA2565290c8e5d1d43660e50708285abf79e9a7876b361ccee88b81b9cfa47f9db64f
SHA5127646db196141f377e7e6eac185fb417531af535022821053b860392b6cded10eaf72f4ac959506b709a8285d9d9d75d21657a54b950940bbbeb3a35d11b8e32c
-
Filesize
9KB
MD56303007d7891ff9a36cb23a071479101
SHA17c242f788dac58cef872c021c133e0be23e2b1a6
SHA256be608e8c323b0a63036976a1484814d697752f43aef04e2de7e127d9cee91124
SHA5122986b74a3bed6cd9e98f0818b3c3293331a80c5084efc356986c91dd5c4590795a360b0d823ae6e5f29e38e9815380b266a3b4eb117cda026d6d9948ddef108a
-
Filesize
9KB
MD56c49c0c8e5397ff8487a709db3726a65
SHA153eb49cfdf238444db4e26111ec535cec74c6828
SHA256e4bd3afd3dd43e64e553758b83919ed058845df01602da55544d65b496b4ee5b
SHA51262f8fcece3b4dce9cfeac5fdbce8b67f0cee586b8ee714293add0a192a08b6918df4451b00be75e8f7821f49cd6169a42c52e7da44aea24cbfc12410345fc7cd
-
Filesize
9KB
MD57f1260a0b88d46c8efed4b25b882221b
SHA1304f458e57e57dbaa59d2a32cbd386a1f34bc4eb
SHA25655542cfd264fb1c684cbcc2a15f3d0433cf435b62a976e76e09a2beff290e9bd
SHA51295c2be8afecd0b07eb9304e3b02bcf3756a152730d2191725192a5ed5d9ccf3ca126f4320e0b8b76f3b8d427e91dd964f4101309c67a4a175caea957f103deb1
-
Filesize
9KB
MD5df9c432c757f2640f1248d0ad6767a49
SHA18283ca0287b6b8e054ec6c3d029486615e27837f
SHA2563b9af14351ed917e734765c7df9fbe0dbd374fb5ce77b3bc071c8e0e99fff9f2
SHA512c303f22c45b2b33619235a774d5e3c1520e57c121babf03ece0f2923c472fc30af9bb56d7bb5efc784ea55b584730f21986c3082763e654a63162e083a33328f
-
Filesize
9KB
MD55e95c9723e0c85bc93b37c606c65baf5
SHA138364ad2c4ad4c2138b6da927fef22482dcfb1d2
SHA256a75c9a3266287c7898697d83c70a3c483aeb2acb0033d06098ee25c6d5513ab2
SHA5121c3acb6aff0bd3a8c9e70743214618bf1f3b8203d1d05066428fd4c43e68ff40c3f2865f5ddce4c47c963f5fad7bd1b188080e593e896262670280edeb8dce92
-
Filesize
9KB
MD57cb166bdb48535635fece16b0f7c64aa
SHA114b560d915b225762283cc2f51a59a847a9acd0f
SHA25648165d6f3b42d86b3eeec2183251eaf1e9d328b63f6e637ca81d0f1949ccecfb
SHA5129cc8c488481fbb822eaf13d4a66239f1146bc1d799603b8fa42ca75289db253790680f4373b8f417d96f3e639b3c2fc95adbfe67294f788f256760dac0b573e7
-
Filesize
9KB
MD5c19ddbe5c38fe490fa4b998eba90e0f8
SHA14a4ec4d198668196bbc99234297f968fb04fddb8
SHA256aaa0e599d6149ba37402fbb6ad6c9b6edb499582d4c1465b17fc2ea40d3aaba5
SHA5127201f145ff22643f8a3ba995757446d97d574bf88f20f16415f5f31fb456e8e542b87c62feaa27ca0a866011eb032859b092f307a82a982a266112031631ba07
-
Filesize
118KB
MD5c60f52cb6b072efd6fd1973daf8d9048
SHA17163004c3e3d832031915af117672bda9b6df0d1
SHA2564a225cd509c4c79ab3ad78af0983bf58cda546009784135759b6076c5e9ff3ed
SHA51268b38b482cd74c444992e12c8a3eb1f49a120d71688767100267308c07828d4f77b8222f912ea2102070991360bad46e94272a6395c8e21fd8ec1aec0b44aa5f
-
Filesize
118KB
MD58d4e62b1e98e1dd69faea41c29265255
SHA1d6d6e4ff6a20d535e2942857fc27ebf5459d676c
SHA25603cb6cbc6b94bf15ac9aafbab1c092ce9e5ac96908e868439ffd86b2f1fca276
SHA512cbdc9fa5ddd7b7cc9ac77188865f76b4dabef10e056cb92ba19287cdab61fa38a2e87b514e838cc5aa88e48ae0d3dde2a9559d7ab786691403acc33101299abb
-
Filesize
118KB
MD596361c8be4ff6fb00ff55d344e4069f4
SHA10c8cd2a4924549a0aee867a525fd1d14217d1579
SHA256c9ca56b04dfc414dc470fc8d92563b13c66a08a80a6194f59af1e1b310c0e65e
SHA512298c81674fbd22f29c0ff9d202f62a0a6a0deea79431fe7757c1c3a4cdfc6f3f884a213e2ab73fa2a316584e97c2296deb8c3f15ccffa0d43c951ce5e6a59215
-
Filesize
2KB
MD5f6c287509481140fda8116c8e831b7d6
SHA1781f9e972037007da6ebe92d0e9ba51f4fd5d714
SHA256a23d0654fdd344a19d1c8e0feb6f4e1803292a4d033773e14dad26e17dbff661
SHA51263ec7882fd46ecc88e50672478533be670a77dd4f8056418db59d3ce6e776e44f5a39a89ee99e092fcfb9be61079cb34f20fa8a3a5c59b342afe05e113fa8ab2
-
Filesize
152B
MD51ab523be0df47b9c44c0863d39e9402e
SHA1a41f981235db6719a25988be3f650f0dd44c5803
SHA25665223a518625d4525c42fa0a46e7bc62cfbc9f4eed6570a7c10f639ccbb907ac
SHA512865d0e948b80b911c029f4782d31bed455d6ae405823db137fe5582674f556312db9182f04417f876a4c04326183d97759abe5b114230a939417c9fe87449e6c
-
Filesize
152B
MD58b16630717cf81f638bae67ab57f5e76
SHA15767a40e7011584c074743df3ddca48d05c833aa
SHA256687f4722fac01dbddcee3ad0b9bb4c5483d21a83538b049818fb3ea9f2b52cfd
SHA5123718b25f887b0112db461060ee647ad4240bad91d82816e48659e15b9f1c94b4a637665ac258b025fdb6b3ae0349bc26802e4b6d8215846ebc01777ed5a6f771
-
Filesize
48B
MD598cca0f0bd5a0ac744aded25a3f6eae8
SHA14389637253de71dfa263f5f4987a38298bfe5c3b
SHA2565a58995b44d9676fbbd15518b0d1a3a41f3ccd62730d537d661bc5d336b2cfdf
SHA512b95bcb6821880a35f9a5c618c6f516571118153fe5c859e5689eb9a74d3965451dfd7ec4a3195703f7f86e97a3757a5da4a793626137619bf03939f5e02c8c60
-
Filesize
3KB
MD5a0e50deaf0f239e75968cea57e02b324
SHA1532f1e8834172cd1347037a1ed30a0e5c45183b4
SHA2569cf6149a4c9aedd104fce07e751b73b28d0e29b28535ca122c8bb5fca616bc2b
SHA512eaa8f2247e381ddb33ea1c482ae7e0b291a46300a9acc2642f0267d76f4607cadafe8844270980c550327438e5e464128c766c9fbfb98254e68334baa83c6089
-
Filesize
3KB
MD5013605a41cd86dc50da63c6d1175cb0a
SHA16f687124c4a2419c3c8274a44d8eb54cd9ea3280
SHA256aac7da11ca4e198d70beb8c94881b190efd5b3ddbd30a5a36ed4faf7569b6609
SHA512c7ede4a34ffccdfe9e343537446cc672d59fdb00953debb9e4c7097b905dbc2486e50dc96c47c003041c8149e5daed546366e83dfc69ef823e4f484a5029e821
-
Filesize
3KB
MD5fda7abf7d39e96f8aa60cf33abf10f20
SHA1bf25aa9d1cd924ca98a1c3d3708b8be54ba58cb0
SHA256533c748b93de9c87d17e9be7f5b1f6ac5d377427a16e74ca4e098e414972c50e
SHA512107cd0bc525d0895344104c66c497b2f50bc775791cbb9ca1f8ed2b38a0bf78ee5fb296d6308e48f75825ae53f24dd8f1bd8971f723ae14b46a446d1c7813cbd
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
707B
MD55029be738589e480708dc573d2961cd2
SHA13ad4231c58e8542fec414c85aac7abe850147b5a
SHA256b3d0c001a19839c5afb3e414ba20bf828632b7c2d67ed78cc799527f9218184c
SHA512289d5b0777daac41c1b0bf5793402e5dc03d3fbe41c052a469b204290719c4015634bd4e919eefa42607ebde390d4c10889ff63136b0a3c279d162e5b1d192e9
-
Filesize
934B
MD562c173a03f40f002ba9f16efd012c40b
SHA12b9384db4f45386767f42571f4449b0ed3670da0
SHA256c511b7a6b6957ecd11669c3eea0be6f278b7af489cd13d0f3e4c7ca800be2362
SHA512dea539addf77deac935b75e00fe6333ff563b8f776def07d736cb4b551e95584737ebd0174b7808a588af4a888d32564fdc7e37df03071fe7652e216da8ebd12
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
5KB
MD550a0af60c6104907d123bac0a58b3d55
SHA1ec85348e8499ec8ef29c939f96bcb6b97a6e4de8
SHA256a6d19f60cee3c18a54656ed291e09fd41e48502ff987a101e483ef0b28389882
SHA512a5ef762588bf1c135e3053ec548c7c99a5ee21f950abee03ec63e25b6a97b9219dcf63072c547db313bb2285e382fbb3d1e3ba4474fc32f51bb338a378abab66
-
Filesize
5KB
MD504ece37e50db5609c3cad8cb88569266
SHA1f8982585d680d22b44eedbfcdbbff45b23515f92
SHA256b44c8de21836713c53b1b1cacf961a4ea9bcbe6654e83dd8173726c8f39a735a
SHA51250027288c0f4a8f2e04aa5994fafa1de53059d0b7f72df3df5eb7ce7273d1dadc7b22226aa9a61f31b53b449b9fe067a8d608451844365322005c9b8edf925d8
-
Filesize
6KB
MD546f0fb7b84031e8449f4d75b84030752
SHA13616246441d1e42aa06987cdb85c0ead553e3a5f
SHA2567733ed2b7ec12a43ca289a4da2be0b8cdee3664c3c0bf8135a358a00fd511421
SHA51262d569cd56b4a3fb3bfd1544866432875ea909120b4128493ef75567452216f8094ab0723366cf50ecc4baaebfd27905efcd5ad8c7b5fa56f784a9ccbb990eeb
-
Filesize
6KB
MD5652dd9808e0c7be866b635d26e942e4c
SHA167e5c33f93af637c69f3506233d05662bb15754a
SHA256c7b5a4d3269e8fcda3d2623bb555301eeeba70b2eda2b710f7ede7ba8dc92552
SHA512b7abafae501e84f225428282e448d404d9e992a6c11e2d300b10672c1adedfc0a8f84b035a389d3006553e8d56bc9c8235e0494dc04c8b827bf1e8abc2cc021f
-
Filesize
6KB
MD59af051f40070245d2f010f56e170c016
SHA1264957fdacd64cad07519ae7d0052e7e1048a1eb
SHA2565fa0af596e7dc220ce05a5f322bb5b117eebcc3ea41a3af0d44a08716e24eeb5
SHA5128fe6f12d7677a0ab56ea3ed1da1f6ebf532a731121f28b21c03ad53b3dad033868fc0ffe8181c66c09f3f261631210cde85f0808c326a19f907d228a5bb2aa4e
-
Filesize
6KB
MD5c215a0426d78aa3b312ee14b5176538c
SHA131e892ff47e87ff7ae7b6721260f721b5bf946a8
SHA256f6eafe03d5f215308fc1d61525d89e2938cc2032d1e1711b630be766629ead4d
SHA512e0ba345f22e69ceef0b3eb2ab150564c5be7ab2d18e0bbb345fd1103db5e22a767e07c9d60a1a77071d1836435473fa4c5bbf5d636f91b235b19fa0ff8e41168
-
Filesize
6KB
MD51d11c594b1824a02165dd6fc92a3db49
SHA144f3715ccd3a70522811fe404f53fda1a849e7f3
SHA2565e1e8c0cd047bae034461a4d4b18150f00ce9c78a6d900c7fa40e0788d487be6
SHA51234ff9609ec58c29dee3fc1f8d7816d733b107125656498ddb2b7d8cca24fe26591620edaf5ea8b8e7bdc8d942c90d89b3add4a2e7cf2caf835e5a863779156ce
-
Filesize
24KB
MD5d590b705436b349074c9730516c56716
SHA1545dae2c594f8dd63eebc19fabd55900b7a001cd
SHA256da4e0974a427913f72174b1fa4fc560396d987ed41ed691409916cb42d914413
SHA512e11e7aa45fe3b931bbdf7956379dc61f845e19a087eac8e5ebe4783c5ca3d2a602016271e8f1ea4bd2ef9dacca444b93f1fcab0373921246e2ed7350f48cb9d3
-
Filesize
24KB
MD599315c72c0078122aea1e2e0e41a26e8
SHA11d04494fd6fd5bc394405c02e23f8df323394d4a
SHA2562dcf01b803332137a3a4925f7fc2878c3c6b8be4be77ef359e7f658811446b97
SHA5127a5404b86f6b5cdddcc12fb9c0f23f4264049ae784faf0be2ff16277eddc09759bcd4f62a6652c87f956255de49f12b12c32dbb5dd228cb99574a963c26ab605
-
Filesize
1KB
MD55052fccb601207920fffaed0465e5ec2
SHA1614935fc314acfc172b39bbb95e2dced3b12d8ab
SHA2561b2883985ae8f6038aaa044e8a2f729cc632fd8cfca2804793c3d3ba878c9de6
SHA512c3d4ebf22f203b35c8d287994c8a702a22d728498733ff37a8cfe6a80cfaa9b50b673cc58a03cb4f00e2165fa5517a826ecf172c0b078e4ecb07880e2cf475a4
-
Filesize
1KB
MD559ecd6cef06ce63a10715b8ba8cd50f4
SHA1c892e66a58aa1caddd1a83faf36b2e4c0059e454
SHA256c640981ee888ff6f63a076f3e76145f92e2bbcd79bdd5263aac5c0b5bd73fb92
SHA51281533dab4c4caa74984c0f5b2b08947381e91f7f7e2067bdc3eccd37d6d4c1d9f39f27a98818e7a4a570d185b17032946fa8f210227a82f9bd726d010e856c00
-
Filesize
1KB
MD50686f78d75c14ec33d95a6d88fb09067
SHA165d0769ab72beae538fbbfb6cc208169b9de932b
SHA256c9b48c89c9ade8a300c633fee849892d892d6fcd6c5a58bfd71dce9808391df8
SHA5126ad2c0466a6ab2a538242ca00a9cac4cc7ae5a7f5d45d55941d4e6d8b21176466b3885fc2eeefcb5ff6c0391a2eecea6da0d83a399e17c35e1807790ad19eff6
-
Filesize
1KB
MD5adf1cf3b02bf9b9607e20b2cd2d8df60
SHA166e47fab7b736e1670f23fda7c53e86c53dfa407
SHA256523ce10dc856c0ac2aaea5ff7494af6334bdb629b93c11cc9f63cf116c478c6a
SHA512c7feeedb52bba327df7c413649679c3a95ac1b08b2155709a225af56f1be6cfd8258860b1321dfbba347c9ed52cb8e58fb3792e82a1c1d045f63bb13e1eec9aa
-
Filesize
1KB
MD5bf88d0786c98349af4c9111b13ab7c93
SHA1405827124d16c54644cb133f960d3dedee10311f
SHA256da65ce7c720cda7227077750e0bc838d1e7822b0c166d21ab798aed7d24aa4f8
SHA51240fdea493a6985a817ef54bac33bedc1a8833d83921cecee7c9c887b9f0aa8a50f3bcbb96264b46b1eacb6855af0600d8ff157e479b64f4c3e3964fb4053d810
-
Filesize
1KB
MD58be95043e159a7dfc987e4d712e28b0e
SHA17d7566b5ca51492d13de823045b5d70b1096d630
SHA256ac1c2165f652baf1fb4c28f0c6248c41abe2b5413bc0d90a35d123b07932e45f
SHA51265db16109430c5855f5ab34b10b4b9db0759c1281b24dffbb0f02b4bfc0c269d4f2f867c4ed8add4e84844cbac758cf10aedefef32ddf9d286368bd289410bbb
-
Filesize
1KB
MD5c05ad11cadd7f7fc56b9999e2106e437
SHA170b810a075983834ba53e68b87cbff6598f41b8e
SHA25616b43c719e976fbfd9dc9766c640d1574dc47da11b4aecd156ecc3bf4b80379b
SHA5129267a028372ba641719dfe785463a9b0e25c4899c42ae58ff263acd674e1c77152169bb21d617368cb91c406904847b3ba0a06ae7c48de1150b52796d115e699
-
Filesize
1KB
MD5330bc167e002884e1b6dca63f0ebac88
SHA19c591132de610e21cc43490bc9f4f81eeb595d70
SHA2561c81e928d3dfb427e080b1dead8d9ecc335352feeb5ad985f960ff41d507c30a
SHA51253e1246e2f2ed4258f378eb4515370de9cfa424560c51408939301cdd30bfa5a1835eab7f481960c8c0d990564a9066c5d96819ea1b17deed6d94aa1cf713a69
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD5071ba3fba13e24f180f296fd7da755a3
SHA1131b479e2b53b93688eed42a54b2330433b1de52
SHA2561e8de561e2d6a6025acfb06ea8dc2c6274ea50445e93a8c6eca095bccd426aae
SHA512adcecc4d9bf3b746851b3a12ebdf91414934b369e1c1e0aa13ef1830c2680387a69088ee34fd83945f47d49b2d1911269bf90637fd914a34716c3d488a52e810
-
Filesize
11KB
MD5199e54746275146152f96d31e18b8a03
SHA10e2e60cb319cf93df2fe1e9f8701843ef651d4f8
SHA256d247becc4d0e016e014006e97df9050b9c7735f8277d6a8a2fec97ceb3aa07fa
SHA5124384c8644a1392d434ef392529ed65ac3f8c761bd038b9562d42412d5c2f358558c4dd4405f9f8a0797a7af13b6d34f2c0b47c25d20d927a9b51c83822247769
-
Filesize
11KB
MD55c09acc3ffb9f1a3c7b62bb5642f9920
SHA1651b69b81ffec31cce42d5103b2f936ac5d419eb
SHA256891ef3426eaead1b852ffc051111888723ac65e8f996bec1b104d8b566c130c5
SHA5121e997a9219dc7bb0394347407edb638e7b0f07a722ba79e75c7f4b3a8d2bdfa87b00abc63b2c71a335f6344f5aff90a1a8a037b2588c198d5cd620000ad15a7f
-
Filesize
3KB
MD5a984e171a2baaabe0c3e237aab97a19a
SHA18af71478d0762e89823feca99104f0bd6f6adddb
SHA256471dbd17cc96b12a5c5dce7cc1d7bcfe57fe9dacdb2150f52b54a1509d6b39c2
SHA512dc0133552cc790736360c9a614dc781e7b26d8dc881ccef48fd0678247d19f7b5eaa8eead7b0301d91c19b799272c7624efc5865da8015aa61fe70dad3d0931c
-
Filesize
3KB
MD54e3e593d5caa8bff97b8539f5691eb9e
SHA1057a2c97e3b278a179a1c705753baa1c69e07609
SHA256e3b044df5997432aed39ee6de65d4e13fff2c0393ddca761634cc8c2542924b5
SHA51275a9b1dd828deb1a3c7190220df58f9469911ea0a019add8bc84d1b26e6079a53565e095ad5788f1f9610b21fba45d78c87aa5e3d412101977af4fe99d91d685
-
Filesize
3KB
MD5f10c5ede19042af7983f2baf7053379b
SHA121dca2cb159897146612b19da145da62aa424396
SHA256a9f6a29a3c034ec70166dd2457e69df8cd41bb19862281f4d055db11d9fc6535
SHA5126c8d27fd590528495ea6bda712c33fc4affe55fd6c18e40212ddf2ce2f75fdfd4ae5e3acc7316b85857b6164b773d53979facfb8d4e672b2b6135fa190d89154
-
Filesize
3.1MB
MD561a3ef97c3dec2001bd869750b9f7d99
SHA174e23b89b1504067d081a42db9f214619f9662a2
SHA25657f1130a27a4798ea96f474b9469045bbc38465cd22cbc819d362af070f83d3b
SHA512af2aa07a9a41f2394d79a85ad63c850c5aa9bfcbdaac72e88ff2d936b51096054b663a02b62b25cd205e57c47449b552970ab85fe766512c57466ebd52fc48ef
-
Filesize
1022B
MD5fabf7745ed9fa2989b41ff8d05203657
SHA12c62889f4340fbd5c13c330d95e2ccc1d221ccff
SHA25662f7dd28fe5862da85b5dbb47074ba2014d3203137421be49460622d0775cd95
SHA512cc0a818101726f201284ad2a45e6bbd3f712488341e42b6547a85819eb652b046fe103eb8ca8917b3d0e2d65a86beb6d8743fb46d4c2d6195eee6e910fda4243
-
Filesize
4KB
MD50a55b4a3ca2845a827a4014c56d88d1d
SHA1cbce8b92d06d92ebb0b7965e6d57e8ac3b4a92dd
SHA25613e18fa8c72fd5e072e2257a1f17dda4904b38418f43439a04ae153369072304
SHA5125aafee4e11b8041ada3ce520fdbe420db3991b1dba159c6535cd24473bb21134a811db2766637bea65f2be3c5f1b2faa8fe3ce510d574b0279cc0cf14a0d88ab
-
Filesize
373B
MD5b6af1da05c1a00991f04f8b898cea532
SHA124c48b062d8d864eefd32f2d84a36e1a7282e911
SHA256f2ef0d8f29904a65ce6dbe29baf9379fb4659afb6930a5af5d9fb88f73b73f41
SHA5122ab2de469911c3fee5b9bbfdbb373e5eb15023bf25b9e1835ebbf5890c66cfd7a06d7d5911e2fb630afadf9b30489e589634cefe52ca4c4156ae24b24c00c8aa
-
Filesize
368B
MD5df257bfb55ddee25518b75484c44d0a6
SHA1e91fc138f34fb347a24a47f38ead92db0efb1c30
SHA2569e349a4059e265f881b2f34abab53816d5e915ea63846eaf25b42277171909bb
SHA512c222a25d8d387fcf0958acb62368bc4c6a9821ecea6a7a37bd0d91716dfee427f5c2e0cb96d37c2d68c354903547553eb44daff99a73cac38b54c40cba0836e0
-
Filesize
3.3MB
MD513aa4bf4f5ed1ac503c69470b1ede5c1
SHA1c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA2564cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d
-
Filesize
1.4MB
MD510e9e98b1e34511ed934908890a5a6e5
SHA10b82ffca06d2b9e4c20747eb14497b76bd5ea939
SHA2564fd29e393c3b38ec8a90ff126bc692ead3a4b56e1269fc0d242a8cbbf25fa7fd
SHA51270d4e11719eb39f949022f6740c8ef9862ac47769cec3f077856dc66179094b3d5d5922a471b2427251551f5e61cafe6c3548f3ebcff65765077c4c9b4147883
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
88KB
-
Filesize
320KB
-
Filesize
1.2MB
-
Filesize
3.2MB
-
Filesize
96KB
-
Filesize
72KB
-
Filesize
376KB
-
Filesize
104KB
-
Filesize
304KB
-
Filesize
712KB
-
Filesize
3.1MB
-
Filesize
72KB
-
Filesize
240KB
-
Filesize
5.2MB