Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-08-2023 22:31

General

  • Target

    da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185.exe

  • Size

    3.1MB

  • MD5

    871556e1a93a261d9f942055b47ae9d9

  • SHA1

    c2c8fde536274f8adc0177196fe80644c11edbd5

  • SHA256

    da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185

  • SHA512

    e869cd9d698bf05a7e20fac22177ab167bd956f379759fb2b3af5ed37bf2f636cafcecb4d4766ac9020481b42d1560539fffc2e6c189b752a2bab7d645fddb64

  • SSDEEP

    49152:6vct62XlaSFNWPjljiFa2RoUYIM1SE9oGdBiTHHB72eh2NT:6vg62XlaSFNWPjljiFXRoUYIM1Se

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

spread

C2

adequatelicensing.at:4040

Mutex

d93e662e-a9de-4198-89ca-f18764fe29de

Attributes
  • encryption_key

    36FFB0B8C391E84D40C64F776A2794BCA2549D86

  • install_name

    Updater.exe

  • log_directory

    Logs

  • reconnect_delay

    1000

  • startup_key

    Java Update

  • subdirectory

    Java

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 3 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

  • StormKitty payload 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185.exe
    "C:\Users\Admin\AppData\Local\Temp\da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3956
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Java Update" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Java\Updater.exe" /rl HIGHEST /f
      2⤵
      • Creates scheduled task(s)
      PID:1108
    • C:\Users\Admin\AppData\Roaming\Java\Updater.exe
      "C:\Users\Admin\AppData\Roaming\Java\Updater.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4856
      • C:\Windows\SYSTEM32\schtasks.exe
        "schtasks" /create /tn "Java Update" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Java\Updater.exe" /rl HIGHEST /f
        3⤵
        • Creates scheduled task(s)
        PID:4724
      • C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe
        "C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe"
        3⤵
          PID:184
    • C:\Windows\System32\fontview.exe
      "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\OutSelect.ttf
      1⤵
        PID:2480
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2104
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9008546f8,0x7ff900854708,0x7ff900854718
          2⤵
            PID:3644
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
            2⤵
              PID:1988
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4260
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
              2⤵
                PID:4816
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                2⤵
                  PID:3664
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                  2⤵
                    PID:1748
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                    2⤵
                      PID:4820
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                      2⤵
                        PID:1608
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
                        2⤵
                          PID:4936
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2860
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                          2⤵
                            PID:3876
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                            2⤵
                              PID:4288
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                              2⤵
                                PID:4880
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                                2⤵
                                  PID:4408
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                                  2⤵
                                    PID:1440
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8
                                    2⤵
                                      PID:1164
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5128 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4324
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                                      2⤵
                                        PID:1384
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                                        2⤵
                                          PID:3860
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
                                          2⤵
                                            PID:2784
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                                            2⤵
                                              PID:4184
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
                                              2⤵
                                                PID:1848
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:1404
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3040
                                                • C:\Windows\system32\AUDIODG.EXE
                                                  C:\Windows\system32\AUDIODG.EXE 0x494 0x2f4
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4408

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Extension Scripts\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Extension State\MANIFEST-000001

                                                  Filesize

                                                  41B

                                                  MD5

                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                  SHA1

                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                  SHA256

                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                  SHA512

                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index

                                                  Filesize

                                                  24B

                                                  MD5

                                                  54cb446f628b2ea4a5bce5769910512e

                                                  SHA1

                                                  c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                  SHA256

                                                  fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                  SHA512

                                                  8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  0962291d6d367570bee5454721c17e11

                                                  SHA1

                                                  59d10a893ef321a706a9255176761366115bedcb

                                                  SHA256

                                                  ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                  SHA512

                                                  f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\GrShaderCache\data_0

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  cf89d16bb9107c631daabf0c0ee58efb

                                                  SHA1

                                                  3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                  SHA256

                                                  d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                  SHA512

                                                  8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\GrShaderCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  f50f89a0a91564d0b8a211f8921aa7de

                                                  SHA1

                                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                  SHA256

                                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                  SHA512

                                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\GrShaderCache\data_3

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  41876349cb12d6db992f1309f22df3f0

                                                  SHA1

                                                  5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                  SHA256

                                                  e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                  SHA512

                                                  e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  b5f5369274e3bfbc449588bbb57bd383

                                                  SHA1

                                                  58bb46d57bd70c1c0bcbad619353cbe185f34c3b

                                                  SHA256

                                                  4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

                                                  SHA512

                                                  04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

                                                  Filesize

                                                  173KB

                                                  MD5

                                                  d3d1aff7a71e5f6f4537a0b3cbbd5c23

                                                  SHA1

                                                  82bbaa35980290986094ec5b2f33da17fe0e1ca8

                                                  SHA256

                                                  d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

                                                  SHA512

                                                  9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                  Filesize

                                                  3KB

                                                  MD5

                                                  dcabd3bee3714514998e81a8630771d3

                                                  SHA1

                                                  900a2d0a7e21f57f035b6dda6f97f8fbc3323424

                                                  SHA256

                                                  2dac568936d560525f3d5d1fc69939c8299bd6469c44d8ae2b4793c0a8bd6ff4

                                                  SHA512

                                                  c9082a05cdf88bea4687786f5638862cf2c30bf22844f617d8589bd01dcb039df49e0c778999a5139b1960e29703e5bbb333481235136d3e930a468304c1f093

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                  Filesize

                                                  32KB

                                                  MD5

                                                  913a9de3d0b06a03aa920a469981fdf3

                                                  SHA1

                                                  e51146bd88968325238c950fa505342b65d125b9

                                                  SHA256

                                                  e0ca8c83e21bc1bd2d01b0394bf73b77a88171b50b5cc2c10e8c03f5f57ecde2

                                                  SHA512

                                                  58356a8f4a4f1ba734f16c1b73fa342131b3cb2f1a1ccaa8c634636cde05870c167bcb9ed00b87700c6400bcae124fb2cb1bea10bfc1996d260756299b5d805a

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                  Filesize

                                                  36KB

                                                  MD5

                                                  9c49651e2bd8fb39caec3421186d1c02

                                                  SHA1

                                                  47357de29963865f8317f5f85028b26cb300a3c7

                                                  SHA256

                                                  a6d7e8877ed172e18c67a4635159d93eaad581985a93e310ff2d8b0782b097da

                                                  SHA512

                                                  ccb4451064f0dd085035b3ddf11af771aeabb893bed2cea892865e0913ddac5fa6d4d9f3d51c4b9545ff3a0a7d8b64b0d1d5d178d25a6811c2954e54389e3647

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  7abcdbe5917b216adbb96b0e5255680c

                                                  SHA1

                                                  c60cf1953158ff41158e4943d96363009703d732

                                                  SHA256

                                                  9ea08f3c5c8ed1452403b7041dec7607fb87a45299b769a8e5073d21ca3d029f

                                                  SHA512

                                                  5e67f68cea685b3555b8c250a5ebdf904385c8fb78af674078ff054954eb6bd94450d6ff36ebb5a5a1a09b2e7119e4f8813dbd7e1711187cc5c96cef6c16a667

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                  Filesize

                                                  111B

                                                  MD5

                                                  285252a2f6327d41eab203dc2f402c67

                                                  SHA1

                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                  SHA256

                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                  SHA512

                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                  Filesize

                                                  3KB

                                                  MD5

                                                  6d9c60199feb668915bf667fdc33b51c

                                                  SHA1

                                                  997ec1b5ab98c71af234ed50ab62536ae68997a9

                                                  SHA256

                                                  86712c8b121714696106d1e647452173e6addb88d32d7ff3af1b07a94dcdfff3

                                                  SHA512

                                                  48690198d818cec2ee7699060409f3fae52eea5375c5cbb65dd07109f767b1320ce6390998d0362cd3b1b5af7351338a3e90fdac1c6827dcda5a3b2745370933

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  9284106fb7a7b720a1b7383ba0a2d0fa

                                                  SHA1

                                                  9aed626235c4a0df7467983662d5efaa34e77949

                                                  SHA256

                                                  ff76d024588208015ddfa75c2b94f8dcef5a83b6ca79e7d188ec94ec80e70ce1

                                                  SHA512

                                                  c00d9047d5520d18dbfd4b07e49f9e7e1dcc9e3847f9a3921add96b091d9ca82cb9dfc71279331ed1e35bde84c17d7a868ca4b569f41a5bd6139841ea08f82d2

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  2047a46a28d7455daca60af8c7052cec

                                                  SHA1

                                                  ce43facd57b595a1648754332a9a7457da567830

                                                  SHA256

                                                  a74c62a38375751bc026f87a429fca3aed754337f8569d00b0a02b0567f95a6b

                                                  SHA512

                                                  9415cb1aec7200ad381f08afe9a9dec24d295a2956a509ebb7f5d9935e47732ebc326ea28f6f4ffb9b4168bf1a558d815af97d6cb6bdb340ecc3181d14253c0c

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  fe4fc7af41c4ad2db939f1164ad3ae70

                                                  SHA1

                                                  8815262ec16fbcf12274f9d287969b05c23fb470

                                                  SHA256

                                                  d94c000add707101b8ada2817c3310f9a1e6c193b2ecd836daa8688d55214a18

                                                  SHA512

                                                  06669d138e4f4a2c164dae5ddf89e96b97bbc9f2cf0510fc473d62680598555535b570e16a85159a9ccadbc1b3bff9394aee7e66544324eff80c272ced246e83

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  34b9c70054f1e0b4ab1f13845906802a

                                                  SHA1

                                                  b80f15b2eeec9f0c7384d27bbd8f713e63617767

                                                  SHA256

                                                  f343275f6101b69f1f616341decba5e8a867d23edca48f356f9d1efa5a34d865

                                                  SHA512

                                                  83ddf613c0f8966a4de76b203033e048154d5f7a1a619440f356cc863ace120b82fe2b963f26889c2a26bc6a2ed8878c7d0997ccc8da13374cad537dcc0694bb

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

                                                  Filesize

                                                  14KB

                                                  MD5

                                                  b11531e252bfb1ab4170878cdc476101

                                                  SHA1

                                                  bc98f9e0f064ece7bd4fc919b5890185c58a0f81

                                                  SHA256

                                                  c66d5c1ea67aebbd11feb2df83b1c1f50a88a0115f18630cab65f2541c49961c

                                                  SHA512

                                                  8c4bb068721b2948f13365884cbc7ab0eede8d9ddf30f06928a837430d0a2859cb5decc609161dc38e543e3b98a199002a0be12025e502444f041e657073b21d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                  Filesize

                                                  24KB

                                                  MD5

                                                  29213338df67d29d6454ee5d61ad3970

                                                  SHA1

                                                  8c69ca76a2e639060d5ce835a9600e6ea3764a83

                                                  SHA256

                                                  d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

                                                  SHA512

                                                  14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                  Filesize

                                                  96B

                                                  MD5

                                                  29e27ec49856e680d67f7404adf65bae

                                                  SHA1

                                                  027a4dc48ea1f2383d60386dcc3c8d403a8a38eb

                                                  SHA256

                                                  f98f46391945de55baf7d361b3cd5b5a66fad0561b0e56db5f4f7f27df4266d8

                                                  SHA512

                                                  fdc76b49c055b81d30f22a234b81684aa3494a7a7829e3439216bc0a1eca721c1874faecd9a2abb2bd50f0df4bc2afdb20ae39c93895b3340cbdb16d211c5e62

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594433.TMP

                                                  Filesize

                                                  48B

                                                  MD5

                                                  a2c8688976a441de55349480ee80cc14

                                                  SHA1

                                                  4dfb0e4d90f9a90eb7b7e7c8ab2a2c3c98ae4907

                                                  SHA256

                                                  f92f49f187b2886bb9a9b9907e6e7f209d2981494880c4fb1afba53f13f5df06

                                                  SHA512

                                                  144997abadbf5432b7b8ec721f9ef724a74668680b2b07ab65c259156a076808db9d51db012dc7e8dbf8ba83ecefd63871536a805ab9537c8b3e18f4328ce88d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592b5c.TMP

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  51fd54a42306ffbe170c728ee19b750d

                                                  SHA1

                                                  1acc0964697e09bedb422c8f537e70b460d73742

                                                  SHA256

                                                  3c0944c252c548d688568df4938ac4ad89b8a2697839b6a1ecfb4e1b68788865

                                                  SHA512

                                                  4605834c9ead0f422cf6c72dba7c41a804513ffde4c379864987c10e4ed3ed184d45553be5258b5018360176cc8ca468c8a4ad8c13dadb735ff62e6e7f5e3f25

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db076cb9-7b9e-4f3b-aa61-211cfbb34c39.tmp

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  9084909abec9c3af2f3d04d8e7f14b36

                                                  SHA1

                                                  fd33827cadf3e7b2a79cc4dafc4098ac665b8b0f

                                                  SHA256

                                                  d57da142c1b18ec49ae145470ad101eed369fe00bda23cec414af58364f4d758

                                                  SHA512

                                                  d5045c504014bda20af12f3a827e0cae515d2e71fa096dcc5b755b8d431a494f1b5739088636632dc68602ab0da2d9bfed79db4608d70a896664dae17a4956cb

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                  Filesize

                                                  88KB

                                                  MD5

                                                  b11ecefa8abbe8ec4e6e7d137cf3bf75

                                                  SHA1

                                                  39f40c48041b5973dc3f2740c432764f820cdd25

                                                  SHA256

                                                  3350b01dc0649df37889966fdade9faab787f0fe0e02d3b2c2e88fffbce74172

                                                  SHA512

                                                  487c7ea7cb10fe2ca2e95e540b69e9ff7bb40589719f5e9ef557655d993f25a4118bd187698be9007dbbfdd0a44bad534ac99051d890755550236e7c24a6cde4

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                  Filesize

                                                  126KB

                                                  MD5

                                                  132635c047ed1530af1d86dcf50ac692

                                                  SHA1

                                                  d42216bd7cb556002410c3fe7c3a3242dd928b8e

                                                  SHA256

                                                  1f4d103427d2e676006f968d5f5c6b0d11cb9496a77e12f5437c9d5956cd79f1

                                                  SHA512

                                                  66e8f2d3b59587eb271ea5c9ae132c1542f8386b0eca507d041a1e6c317863246df213e646f202909ee98e1fa94f967627c89b2989f8bb6a1116920374cf8348

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional Data-wal

                                                  Filesize

                                                  48KB

                                                  MD5

                                                  37110f17eafd53c7be44ed8d901dcb9b

                                                  SHA1

                                                  5b8aff04260e12eefa757cacf0dfaa020ab34afc

                                                  SHA256

                                                  4f72f7a07b4406ec587c1f7026fcb2abad1f52d9fe2fff18d712205df26509bd

                                                  SHA512

                                                  06419536386658eb958f2bae45325fcfaaca146dd276c32d189f0d9567f6ac4ff93719e6a972370f4d482775c6216fc7d2c52beb5a6712c239157ac4df4b7917

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data-wal

                                                  Filesize

                                                  48KB

                                                  MD5

                                                  9ff4fed42568ce9df9c7c4abd5797df0

                                                  SHA1

                                                  24f7b894ed378d804a7d00f9e1ff92828eb3eda8

                                                  SHA256

                                                  09e844efc7d3d4ff59bc410b070df25a68b456a383fa7172a4ac297d04b73c75

                                                  SHA512

                                                  f182ae3308c71eb37d232e7fe18769f188bfcec6e8124f0eed6dfee179b10562754690b68e1baf6678ee19c52f7a87505fb28f29974e46dc4f0dc7a961b5de5e

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                  Filesize

                                                  120B

                                                  MD5

                                                  a397e5983d4a1619e36143b4d804b870

                                                  SHA1

                                                  aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

                                                  SHA256

                                                  9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

                                                  SHA512

                                                  4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                  Filesize

                                                  11B

                                                  MD5

                                                  838a7b32aefb618130392bc7d006aa2e

                                                  SHA1

                                                  5159e0f18c9e68f0e75e2239875aa994847b8290

                                                  SHA256

                                                  ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                  SHA512

                                                  9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  12KB

                                                  MD5

                                                  4276de0f8524b59e369d865ecf125022

                                                  SHA1

                                                  a5f7fe3218acabb543459d3ceb544a49d5a1ea8b

                                                  SHA256

                                                  ab9ca7777460ee36252f0a23d06f7d66738d2ff5c20757fca252278587b65669

                                                  SHA512

                                                  26e785a4d80b8ba03056ab621e2e54c0e095fd0ce4a6614bd19bfd8ea4a9b62e55a90750d1a184ded5971ce3c2a473c6fc1f5084e122538c82ed8a99f62c0f31

                                                • C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe

                                                  Filesize

                                                  585KB

                                                  MD5

                                                  1dc4fc00b32a8e8f47620b24b7a79da6

                                                  SHA1

                                                  b545c7434553eefaa5803864196e564b869594c9

                                                  SHA256

                                                  05763c86a842aaa1b0d8ab28b12bae934653fcc1d6fe16cac75ad9e2607a6113

                                                  SHA512

                                                  6b37fe5ccd501de4915eb8488f9dc4cb70335a38d7a54eabcdff68ac9d2cc54f8f4be2d1c5e5c3705203ca08129be21746c5eca42e54d0a121da085e5a3ebf91

                                                • C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe

                                                  Filesize

                                                  585KB

                                                  MD5

                                                  1dc4fc00b32a8e8f47620b24b7a79da6

                                                  SHA1

                                                  b545c7434553eefaa5803864196e564b869594c9

                                                  SHA256

                                                  05763c86a842aaa1b0d8ab28b12bae934653fcc1d6fe16cac75ad9e2607a6113

                                                  SHA512

                                                  6b37fe5ccd501de4915eb8488f9dc4cb70335a38d7a54eabcdff68ac9d2cc54f8f4be2d1c5e5c3705203ca08129be21746c5eca42e54d0a121da085e5a3ebf91

                                                • C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe

                                                  Filesize

                                                  585KB

                                                  MD5

                                                  1dc4fc00b32a8e8f47620b24b7a79da6

                                                  SHA1

                                                  b545c7434553eefaa5803864196e564b869594c9

                                                  SHA256

                                                  05763c86a842aaa1b0d8ab28b12bae934653fcc1d6fe16cac75ad9e2607a6113

                                                  SHA512

                                                  6b37fe5ccd501de4915eb8488f9dc4cb70335a38d7a54eabcdff68ac9d2cc54f8f4be2d1c5e5c3705203ca08129be21746c5eca42e54d0a121da085e5a3ebf91

                                                • C:\Users\Admin\AppData\Roaming\Java\Updater.exe

                                                  Filesize

                                                  3.1MB

                                                  MD5

                                                  871556e1a93a261d9f942055b47ae9d9

                                                  SHA1

                                                  c2c8fde536274f8adc0177196fe80644c11edbd5

                                                  SHA256

                                                  da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185

                                                  SHA512

                                                  e869cd9d698bf05a7e20fac22177ab167bd956f379759fb2b3af5ed37bf2f636cafcecb4d4766ac9020481b42d1560539fffc2e6c189b752a2bab7d645fddb64

                                                • C:\Users\Admin\AppData\Roaming\Java\Updater.exe

                                                  Filesize

                                                  3.1MB

                                                  MD5

                                                  871556e1a93a261d9f942055b47ae9d9

                                                  SHA1

                                                  c2c8fde536274f8adc0177196fe80644c11edbd5

                                                  SHA256

                                                  da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185

                                                  SHA512

                                                  e869cd9d698bf05a7e20fac22177ab167bd956f379759fb2b3af5ed37bf2f636cafcecb4d4766ac9020481b42d1560539fffc2e6c189b752a2bab7d645fddb64

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\PERTHE563456HGRSEG674RSGE\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

                                                  Filesize

                                                  48KB

                                                  MD5

                                                  ca7b8657793b7e40eb87a186553e7913

                                                  SHA1

                                                  9f5f6c79567a19fc9ddab1be45446817442f90df

                                                  SHA256

                                                  151c5ff4b6f67702fd4c7357a4d114b6dabe6e48c9333f23f437fac04d25a717

                                                  SHA512

                                                  8bbc6f76abd8dd63b1755df03ae085258f8128d816f4e6625852f5f35f2ac7968783f22c501c5c19b0543e560d9f336d23bd074dde83140b3c464f06ac70dd7a

                                                • memory/184-746-0x0000000000B40000-0x0000000000BD8000-memory.dmp

                                                  Filesize

                                                  608KB

                                                • memory/184-747-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                • memory/184-748-0x000000001B750000-0x000000001B760000-memory.dmp

                                                  Filesize

                                                  64KB

                                                • memory/3956-143-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                • memory/3956-135-0x000000001B350000-0x000000001B360000-memory.dmp

                                                  Filesize

                                                  64KB

                                                • memory/3956-134-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                • memory/3956-133-0x00000000002E0000-0x0000000000604000-memory.dmp

                                                  Filesize

                                                  3.1MB

                                                • memory/4856-145-0x000000001B9F0000-0x000000001BA40000-memory.dmp

                                                  Filesize

                                                  320KB

                                                • memory/4856-146-0x000000001BB00000-0x000000001BBB2000-memory.dmp

                                                  Filesize

                                                  712KB

                                                • memory/4856-149-0x000000001BA80000-0x000000001BA92000-memory.dmp

                                                  Filesize

                                                  72KB

                                                • memory/4856-144-0x000000001B2F0000-0x000000001B300000-memory.dmp

                                                  Filesize

                                                  64KB

                                                • memory/4856-142-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                • memory/4856-150-0x000000001C600000-0x000000001C63C000-memory.dmp

                                                  Filesize

                                                  240KB

                                                • memory/4856-151-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp

                                                  Filesize

                                                  10.8MB

                                                • memory/4856-226-0x000000001E0E0000-0x000000001E608000-memory.dmp

                                                  Filesize

                                                  5.2MB

                                                • memory/4856-152-0x000000001B2F0000-0x000000001B300000-memory.dmp

                                                  Filesize

                                                  64KB