quasar | hxxps://github[.]com/quasar/Quasar

Analysis

max time kernel
916s
max time network
915s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quasar/Quasar

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

10.127.1.17:4782

Mutex

4ef71bab-8e28-415b-8a44-362b1a9fe5a6

Attributes

encryption_key
5752BED435B2DD0EFF4B97918EC100AA90391862
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
explorer
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 5 IoCs

resource	yara_rule
behavioral1/files/0x000200000002356d-240.dat	family_quasar
behavioral1/memory/3416-443-0x000001830B9D0000-0x000001830BB08000-memory.dmp	family_quasar
behavioral1/memory/3416-444-0x000001830D6A0000-0x000001830D6B6000-memory.dmp	family_quasar
behavioral1/files/0x000300000002336c-855.dat	family_quasar
behavioral1/memory/3372-857-0x00000000006C0000-0x00000000009E4000-memory.dmp	family_quasar

Executes dropped EXE 3 IoCs

pid	Process
3372	Client-built.exe
3008	Client.exe
2236	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
22	camo.githubusercontent.com
28	camo.githubusercontent.com
29	camo.githubusercontent.com
30	camo.githubusercontent.com
37	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2276	ipconfig.exe
2424	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874908620680781"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\1\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\1\0\NodeSlot = "11"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Quasar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e80922b16d365937a46956b92703aca08af0000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\SniffedFolderType = "Pictures"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\1 = 66003100000000007a5ab09b10005155415341527e312e3100004c0009000400efbe7a5ab09b7a5ab09b2e000000e9420200000008000000000000000000000000000000fc9b25015100750061007300610072002e00760031002e0034002e00310000001a000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\1\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Quasar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4664	schtasks.exe
2876	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4376	explorer.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
1688	chrome.exe
1688	chrome.exe
4604	mspaint.exe
4604	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4376	explorer.exe
3416	Quasar.exe
3492	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
3416	Quasar.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
3492	Quasar.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
3416	Quasar.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
3492	Quasar.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4376	explorer.exe
4376	explorer.exe
3416	Quasar.exe
3416	Quasar.exe
920	chrome.exe
3464	chrome.exe
3416	Quasar.exe
3416	Quasar.exe
3416	Quasar.exe
4604	mspaint.exe
4604	mspaint.exe
4604	mspaint.exe
4604	mspaint.exe
3416	Quasar.exe
3008	Client.exe
3492	Quasar.exe
3492	Quasar.exe
3492	Quasar.exe
3492	Quasar.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 2376	4460	chrome.exe	86
PID 4460 wrote to memory of 2376	4460	chrome.exe	86
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 4896	4460	chrome.exe	87
PID 4460 wrote to memory of 3928	4460	chrome.exe	88
PID 4460 wrote to memory of 3928	4460	chrome.exe	88
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89
PID 4460 wrote to memory of 3508	4460	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quasar/Quasar
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb311ddcf8,0x7ffb311ddd04,0x7ffb311ddd10
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1924,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2244,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4380,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4392 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5200,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5720,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5844,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5528,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5752,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5972,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5512,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4480,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=992,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6184,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3212,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3828,i,4142798450178752941,7719665532825711805,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3248 /prefetch:8
  2⤵
  PID:1576

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3984

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3416
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:1552

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2660
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:2276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:1308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5064
- C:\Windows\system32\dashost.exe
  dashost.exe {a115aa45-045e-4e64-8ca0ba8ea49db851}
  2⤵
  PID:964

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Nigga.ico"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4604

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
PID:3372
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "explorer" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2876
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3008
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "explorer" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4664
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /K CHCP 437
    3⤵
    PID:4628
  - - C:\Windows\system32\chcp.com
      CHCP 437
      4⤵
      PID:4956
  - - C:\Windows\system32\ipconfig.exe
      ipconfig
      4⤵
      Gathers network information
      PID:2424

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3492

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0d7c3fabdbb9d33482872317d77fb2cd

SHA1
bc6c05af324f78532c568579ad6925687abe2760

SHA256
4e3d440664ece7f416d32bfe3bc90b427ce10dbd9355164d51f6c193193dde73

SHA512
99f0b9b4965296a0b223e8eeed458e73215c98f41bed1b001f2219fb3d49a9581f7c7b5fc22087803da830e5a27ca0f09da39604ba620cbae525885206e2d130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9a75d66f1e325cac0f75082fcc9c07d4

SHA1
4fc38810a2548a5d4f42430d239c13df39319658

SHA256
475d500a42a33edd290a947783e58a619cfec6b99075b498a6983dd301b39c1a

SHA512
9e5cc356f645b60b2bf78ea05f02d937ea74d7444bcf64d00e58f94eff90ea5a333235ebfab20fbbcd017f9a882fdeb16b2412fe0e95f87a8ee28593a3356519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
575eeef73fd46431d7f3ed99a23371b6

SHA1
93a18be9985966c1f1720f5f896e052240ac1d6b

SHA256
f86ef17e7f5af5c7500e9b53d1d0fbe6aea3c43aac704645e349be418896d09a

SHA512
683aa795cf9ff6918ed2159a474116f9b95ec0e8f1b07cb4c866704a429bd2066d6e01cb99887cf4e45d5b0e0e0da771e2a718ec5b255e401dc2b55e4d3f55ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
45582533f41f5f34bd35e90b05a30759

SHA1
80556856e6ba4deed51948816d1a9158bcecc58c

SHA256
5fb0274a0499ec74b17e657ed403537afd205687ecb4c74dad7632b0aecd0792

SHA512
37496e324219093388574494b0dd1128e6e7bf9adea057b7d31ff7e1e23c40f426d137a3426f5450aecd49240d47a368f8552a923d39b8226f72451cc64ea4ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5a160409a6ca45ad9146d10b6f6b8d66

SHA1
5fc10f4b306eab474a0adc29ae1515d9ac22bd3c

SHA256
8e54dccc2ff34ced8406e7c4dfb07276073cafaf244292fb2439e2e88e03b8a6

SHA512
fd95453f24b6d3c8a7e70999e83857a013f7da04d27c03862cd60f821faa587848d7b732204706bd9f0322ad2f1918ffade6bcc28247b6bda8128e562acd226c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
103c120413c3903f424e0d747d2a4557

SHA1
d7b1deeea67ce449e9c277053cb1647909ce3de0

SHA256
f575d748acc6e8e07a2eb423c25125f51c697594c83c9eed6c1885386adcd0cc

SHA512
2393ab6d91b670b83fd77cae628458447397b2e680a787fa595b8b70cd5a9c28bb4c9985a062fcb9bef220f26b9710b72a84a6482005e314a208870cab658255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
330ea34a12969ce04fddb6a0e92e237c

SHA1
62310c948568449fcc3b664734b41bc6fd509ad5

SHA256
26bf8f7c1daa0744f6c6771ce025ba9a0126ba0f3b039d248d375c2d0dd3e7e2

SHA512
2d3bbea6a3ae9869218ce06ca629885e3c0c46bf65f0ab8fc2e2412cb2f8963f052a50f7fd5ef363c1cfadda388135b01a34765e073024bb6b35c31f9056c8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1728a270a855a95e7bc0df5dcaaa7ac4

SHA1
fbbcc5111d310a7f9aefabd492269fe6a547d122

SHA256
c1d805ea448490e2d92c6cba7ceb086b26edf6a1d1c99950f6d394b348d8947d

SHA512
d5a63e8892fe547a04bd2cb088217819580640730f576155ad8fca0efe18aab754b27225962a7abcd4a4e6ea7615d65b46fd8300b4575c153460a94f9fc3b609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6bad2023a030ade0e309f3743fb83772

SHA1
55ca4faa26af75088f75cc7cc8059bc078b67b07

SHA256
19d47571da9ab52fdffceb2463ee591a52a7cc664462537a7188d27ff267e183

SHA512
8798c4d4ceea5ab4d9b8be3a04d8465a5f0787dfe3d04e22ecb1582f2f21b96a3b3aeff7f0806be66c18aae5458354b3f6285af69c6cb8cd0aa677cfc8c954d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
82da9a3b85228d83dbb02074443bcbf7

SHA1
019b2879e692e37f181c3a8ca5e6a684d4f632c7

SHA256
7380240e5a4b61f12cc7b11b59bb97125d3efe949239404f56a102e2e1623406

SHA512
1d928d91ae9fb83677f4ad68c2d919513b0643894edd297bf3bde95056810c8e7f37d83ce8269c899cb6f72164a187610648404485a4eedc8ae82ef3756c7e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0a77831e7c583b0c47fe7588c754d775

SHA1
2b5ae18426cdc7c32f9575411935754e018b3fd6

SHA256
3984c44c95d31370e83fe000d812fe0ad16c27f0dff29be4be2f56afb2be5d6e

SHA512
e763630c003e985a1cb4bf975a0865bce777ca1d5b786ce524f935507e570c8824185483dc005ead140e2af6ee9fac4e99b38943faaa3a2d978117258d61269d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
960cfef5f53c4adc8dcbbef14b9fdd3f

SHA1
e86718730d571d88c22f0cb87fd6b371e9b01871

SHA256
7582d25523b0298e3b505eb55199db7053f112ee38804f6b06807daad795a7e7

SHA512
8a5548723a7e59ac2cfd2c5a53427526f710401aede90960ccb98243f816a983c904109810408ec70ddacccf6722559af28a076a858c921dcc4777cb8c7f2164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a1f5699485c9c2bb6fcc9c05da2964d4

SHA1
5305ffd374868f780af3a1d47c3a2ae3a195a70c

SHA256
c8e78bee892529ce7d8a16d32975c69f62dc0c7a0252eaf4e17b7621e8cdd773

SHA512
a9e6a85f80def25f12d76b1e8518f0a1bd2c4e13b96692e711fb38f46f4017942d0ba0144bcfa5111e26e64c903ad816aca342d40750ae59ca1261cd77d448a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e190d1dbea0dfc408e854298fd3e0f21

SHA1
7b273c96621f4a21458f2870990a52c1fc988841

SHA256
ab499dc5f94da3ff99bc8ea841711c892528fe62731ee92096f6fee545a4995d

SHA512
b9ad1fda3a14183f37a9407d1cf45bc95e2c2f7ab7f25366bd6bf57615004501fa55e000cfc8ee00563d7a817bebb54c815bcfc359ab997d1962f108b3fe48c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aaf73d52033efda29c0e6393ac1914ae

SHA1
f669b8ce19a2e701be15b5bf349b1a88b2634db3

SHA256
935bd5b80336d9b6339a7354a2359e1bb57273ac4b58ea1b18fa7562237f1016

SHA512
9caf2c04fd985d86f52012e5b13bef9aef680f8a1b1d440a85eaf7fbae9579864ebc3f0606af6b1c3df801d1a34cf2b842e5da1722d713cb5fb7d386ee03782d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
35373ba247f59281bfd3ba0598ce399f

SHA1
72ba55145c84a70e4444be760e3168329ca54a1f

SHA256
b2bab63f8bfafa23be6d4dcb57452c34cfc7aa1da5b21ddf86fb3abb953f67cc

SHA512
58413c7bc4530bc330813e2607653f4cc74283a568c48116964b71080fe8b256dd68f89686e73341fa778014748600f3551d51cdd3c211f4bb88e1c7ec7b9401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
33b1ddd910775f83c8e00612568e2b5c

SHA1
84274439d37ac5aa756a18979f62c342efc8e79f

SHA256
247b6cdd7691e23efbf33710170a9f3a1b7470c86aea94489c9d6b1e2e6603df

SHA512
f13552997b463c2c1dc1597b71091015df60676c10c3cf7afa05be060c9198e30940d2a91bf1af8735d0858053ddc49b9996162cc7d141b9acf845dac165b167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c0f738fac7f7f4abd16f730c578332f5

SHA1
9246cfaea53d76cdec1ae191ebff9bef4c6d3812

SHA256
0eebff33d23429faeb502b782cee9443f9273e010ce2a2765bec12a057487337

SHA512
c3030c7c9ac047334ec379aacbe2fe70db0db625ef6b0026317ef819434c28005b5261c0f1e1a84d8e2754a69e84f052f8dd727a4c2d57b5fe3fabd18c63d913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
80fcb9c99852951abd06128645aa3d3f

SHA1
abf114d05766eb2756867c36f2e608900b6d8dfa

SHA256
cc3de0263514efddec548489942a24b28e1d2f705ceb871fd73705914e8355f6

SHA512
3739df2c13052316ebd13586384c902eb4f77ce25b04ef53c30686f3afe09e69baf4053f6dfdd64a31e2c4f8246acaa4873c042e86b1da17b5a74c9385636115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d9c6.TMP

Filesize
48B

MD5
455d8699c8b7c58f738898105329b508

SHA1
56cdf0816a996a7668c5c11887a1e82a7a8afaf1

SHA256
3b34fe646f5cbcd8b54cf0a8fce94fb5712153e3c0cf79e137e287adb935bfd0

SHA512
34cfa082072e06899cbbd9b433729cc6333b58a04fff74c35dbf1cfb07fb6fab7d404b50c6296f0f87ec431958ace629433e6902f0e4de61ef9dfdda431276c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
188ec118f24ba2b9ff6017e6c7303ac8

SHA1
475e557a79e6e39708f9653df08a9470a5a9e1fc

SHA256
0f188c0258dd50d291cf9c6668ea40550b0900b884081d47f2e5409b4539535a

SHA512
1aff588cfd22bb11a77e40124f73c51365d4f2a2bf8dbc815f652d87c4ff34d63662ce36cf67dafb50472dd44413b3528434f8997523dd6c9d10707254ab0a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
b82a0fd1092cdf56fd842125f198ff9b

SHA1
02da696e300d0bfbdf8969be3ca2e6d1034a31c3

SHA256
adf3d6b1e7265504991ea85f9f6418edff7d3afea40202946c1bf5deee72880a

SHA512
6dbfc2aed4aa8995f23cf82ef68b316c93bf3a822bcb1bd05531d2f6cd30eb9946760266695950143a9dadf0bbad64baa3d6a12a7a947bb1d8e0a956ad865c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
3268d431c9b8a4bba054672dfd503e29

SHA1
4bff4a6441de36307a2957c9543b442b41c9f0e1

SHA256
ae1bbba496b6c76a1a072a77c9042b553e6e7819b374aa90032e347118ff1729

SHA512
119074a28e86601205d0351717f74c64ed2a0affd809f7be929da06a13d5c8787325f6a44d7f8431cadf6ed29a96febdf66dcc95061d47d32eb6db55e6b7f40c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
db15fdb027a0e926f66a816c00562c73

SHA1
2ca0761ef16a00113342e3746eec7313036f8e75

SHA256
23dea67c9b5912cb0e5a25ecf9494c5713b5558a6a0e88355fc8a7bc3bd90e79

SHA512
25075da3c638751b34e806b8a15b160f4a1c00dff20b8674c19220c0d28b9a8ce3020fba04f3942736fd23f31bcf128e34489c8bd44b6a972ba71dc78145c04b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
52f22323a49e0da051b8c83e7ea0361f

SHA1
38f8f9b0b64a55e9c4c4016695d5df0a10fe069b

SHA256
632e91a051ae54e45d5d085a71b061110d104cfba003eb01ab8580d94b7af60d

SHA512
fbafe7e7a965c7ace49086b06e17354626cdbf40ad46f757c9a1d3b57a064fbcacb6545fa04adbc7ea71989cab0a4009689a18a24e307e58a04f6a3f4d7d01f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-83325578-304917428-1200496059-1000\9d9f92af78d831a46f96de6f581dd8b2_dd1a0625-b3d3-4ddd-b1b9-ba296590664b

Filesize
3KB

MD5
da6c98264ecca26984f18db9c6d46342

SHA1
e05e03150ba8aa011fae5dc8f4e89631f352bccc

SHA256
ed4b081f9879e2c19e68c02842531a0553fffc52208572b6103b977c9db0152b

SHA512
c4451dd55472ae65d8de791acd3c00f39d2b14764e8a45a6208c1451eee15bd69914be901647908b4a2f09900e9dd8ea96d956b0e3e54b0100ddd8e220b4ccab

Download Submit
C:\Users\Admin\Downloads\Client-built.exe

Filesize
3.1MB

MD5
76943b3538d0b34d0f0a7f005ced4648

SHA1
6f3e945cf916d7f0fa7b2498ee3707856bd5c4d1

SHA256
524f7548ec94ffc18f3b01007eaf32dded58809d8dfdc86500879dacecd3a45b

SHA512
671ae056e1579914f66bf54f6bb029ad67fff761efb49b35488d54676dd0c19e88271bfb7392fb06b725ff83eb262ffe2c94de9bca9dd7d29776d03d809e8475

Download Submit
C:\Users\Admin\Downloads\Nigga.ico

Filesize
10KB

MD5
297524600b7aaf954ca9fc4a0c58f51b

SHA1
773168073ccdbc3e871188649550cc3549fa8dc0

SHA256
d1b20469719a54e3a5e8a177cadce9876aeb0fa0276a5196f97bb5494d0a9a41

SHA512
dfe568c67d9c24c1a73232110b562ad6e42e56cb4a242577cfd3775cc13aa907d56b02110af1ddc789963a3c45644462988cc9e14227474bd3240bf6dd952a4d

Download Submit
C:\Users\Admin\Downloads\Quasar-master.zip.crdownload

Filesize
1.4MB

MD5
10e9e98b1e34511ed934908890a5a6e5

SHA1
0b82ffca06d2b9e4c20747eb14497b76bd5ea939

SHA256
4fd29e393c3b38ec8a90ff126bc692ead3a4b56e1269fc0d242a8cbbf25fa7fd

SHA512
70d4e11719eb39f949022f6740c8ef9862ac47769cec3f077856dc66179094b3d5d5922a471b2427251551f5e61cafe6c3548f3ebcff65765077c4c9b4147883

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
b9506818752154b0484f22b0f12a1130

SHA1
e52b50ca96541c9aa0922dc2de24bed8860aad0f

SHA256
a010ab6c4702c21d877e3c4c301580dd3fea1e22c8b7c03fc7e7ba4ea5fd5bdb

SHA512
fe4e635abc833ebad62ec45c518b5c9d12c95cd0432b77d9123c1aeb5c896431e6d0d97ea21b4824c9604bb79498d60ee48d6ff94b0699af79b7a62a15ea7a2d

Download Submit
memory/3008-870-0x000000001B740000-0x000000001B752000-memory.dmp

Filesize
72KB

Download
memory/3008-871-0x000000001BFA0000-0x000000001BFDC000-memory.dmp

Filesize
240KB

Download
memory/3008-892-0x000000001DA00000-0x000000001DF28000-memory.dmp

Filesize
5.2MB

Download
memory/3372-857-0x00000000006C0000-0x00000000009E4000-memory.dmp

Filesize
3.1MB

Download
memory/3416-475-0x0000018328690000-0x00000183286E0000-memory.dmp

Filesize
320KB

Download
memory/3416-854-0x00007FFB179E0000-0x00007FFB184A1000-memory.dmp

Filesize
10.8MB

Download
memory/3416-476-0x0000018329020000-0x00000183290D2000-memory.dmp

Filesize
712KB

Download
memory/3416-442-0x00007FFB179E3000-0x00007FFB179E5000-memory.dmp

Filesize
8KB

Download
memory/3416-833-0x0000018329250000-0x000001832926A000-memory.dmp

Filesize
104KB

Download
memory/3416-832-0x000001832AEB0000-0x000001832AF0E000-memory.dmp

Filesize
376KB

Download
memory/3416-474-0x0000018326E30000-0x0000018326E48000-memory.dmp

Filesize
96KB

Download
memory/3416-477-0x00000183286E0000-0x000001832872C000-memory.dmp

Filesize
304KB

Download
memory/3416-455-0x00007FFB179E0000-0x00007FFB184A1000-memory.dmp

Filesize
10.8MB

Download
memory/3416-454-0x00007FFB179E3000-0x00007FFB179E5000-memory.dmp

Filesize
8KB

Download
memory/3416-450-0x0000018329290000-0x00000183295BE000-memory.dmp

Filesize
3.2MB

Download
memory/3416-445-0x00007FFB179E0000-0x00007FFB184A1000-memory.dmp

Filesize
10.8MB

Download
memory/3416-444-0x000001830D6A0000-0x000001830D6B6000-memory.dmp

Filesize
88KB

Download
memory/3416-443-0x000001830B9D0000-0x000001830BB08000-memory.dmp

Filesize
1.2MB

Download
memory/3492-891-0x000002853F460000-0x000002853F472000-memory.dmp

Filesize
72KB

Download