Analysis

  • max time kernel
    1796s
  • max time network
    1800s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-12-2023 12:47

General

  • Target

    dream_TradingCard (4).jpg

  • Size

    294KB

  • MD5

    fdf2dca307fc564105fa4fc1e1bddf84

  • SHA1

    e2b530fa74d7402bcf01754b05c17554e95ba84e

  • SHA256

    244b20fc9114e2434daded7633dbdd44e625fa9cdcd326b2449e80fbe141cf5b

  • SHA512

    a9f0605a42c4e3584696465d1cdb3c8f68b79463492b8bb998aef68709070ad836519dd291f4c3f674a6fd63212bba9966b1a23dfd1b756818a872345ed539b0

  • SSDEEP

    6144:Dcn8Z/B7Ho3FUG6JHaNEBPK620wPYa4t2OOhBrEtpRTPjLIzHoDadpnvr1ZtQS:DJn7Ho3FdIaSFZ20cYa4LmBoRTYToDsh

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.127.0.118:4782

Mutex

31b2609d-7ab7-40ad-88b6-69c3b8d96c48

Attributes
  • encryption_key

    9F4B59C2BFE47E9A9C8435C4CE7A87581339D818

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SystemShell

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\dream_TradingCard (4).jpg"
    1⤵
      PID:3444
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e34546f8,0x7ff8e3454708,0x7ff8e3454718
        2⤵
          PID:1868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
          2⤵
            PID:3188
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:688
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
            2⤵
              PID:236
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
              2⤵
                PID:3592
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
                2⤵
                  PID:228
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                  2⤵
                    PID:1460
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
                    2⤵
                      PID:3612
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
                      2⤵
                        PID:5108
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3444
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                        2⤵
                          PID:1840
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                          2⤵
                            PID:4312
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
                            2⤵
                              PID:5360
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                              2⤵
                                PID:6104
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                2⤵
                                  PID:5296
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1396 /prefetch:8
                                  2⤵
                                    PID:1236
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3248
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                                    2⤵
                                      PID:1828
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                                      2⤵
                                        PID:2344
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                                        2⤵
                                          PID:4528
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:5620
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                                          2⤵
                                            PID:5252
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5168 /prefetch:8
                                            2⤵
                                              PID:4636
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:3688
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                                              2⤵
                                                PID:1612
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
                                                2⤵
                                                  PID:6020
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
                                                  2⤵
                                                    PID:2908
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
                                                    2⤵
                                                      PID:1016
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                                                      2⤵
                                                        PID:216
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
                                                        2⤵
                                                          PID:5648
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                                                          2⤵
                                                            PID:6000
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
                                                            2⤵
                                                              PID:5616
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
                                                              2⤵
                                                                PID:4544
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                                                                2⤵
                                                                  PID:1020
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
                                                                  2⤵
                                                                    PID:5476
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                                                                    2⤵
                                                                      PID:208
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                                                                      2⤵
                                                                        PID:5808
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
                                                                        2⤵
                                                                          PID:5652
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
                                                                          2⤵
                                                                          • Modifies registry class
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:5944
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:3332
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:5028
                                                                          • C:\Windows\System32\rundll32.exe
                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                            1⤵
                                                                              PID:5248
                                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar.v1.4.1.zip\Quasar v1.4.1\Quasar.exe
                                                                              "C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar.v1.4.1.zip\Quasar v1.4.1\Quasar.exe"
                                                                              1⤵
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:1300
                                                                            • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
                                                                              "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
                                                                              1⤵
                                                                              • Modifies registry class
                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              • Suspicious use of FindShellTrayWindow
                                                                              • Suspicious use of SendNotifyMessage
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:2308
                                                                              • C:\Windows\explorer.exe
                                                                                "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
                                                                                2⤵
                                                                                  PID:5144
                                                                              • C:\Windows\explorer.exe
                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                1⤵
                                                                                • Modifies Internet Explorer settings
                                                                                • Modifies registry class
                                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:3560
                                                                              • C:\Windows\system32\cmd.exe
                                                                                "C:\Windows\system32\cmd.exe"
                                                                                1⤵
                                                                                  PID:5188
                                                                                  • C:\Windows\system32\ipconfig.exe
                                                                                    ipconfig
                                                                                    2⤵
                                                                                    • Gathers network information
                                                                                    PID:3928
                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                  C:\Windows\system32\AUDIODG.EXE 0x4c4 0x150
                                                                                  1⤵
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:5220

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v15

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  208a234643c411e1b919e904ee20115e

                                                                                  SHA1

                                                                                  400b6e6860953f981bfe4716c345b797ed5b2b5b

                                                                                  SHA256

                                                                                  af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

                                                                                  SHA512

                                                                                  2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3335dd2d-d988-431f-853d-c09e5b1ecfba.tmp

                                                                                  Filesize

                                                                                  853B

                                                                                  MD5

                                                                                  5ba4cae0b9c6e73ca177bce011643461

                                                                                  SHA1

                                                                                  760bc5cbaad5fe0b9e2c9c6b6e5cc504f325610d

                                                                                  SHA256

                                                                                  e9c64cbb2fb7cf4b1262f0cae76cec0c74aad63ed9ea281c5877c3b9e2c7fbb7

                                                                                  SHA512

                                                                                  88684e8f9611f3138afaffdef5857e59d2eeaa0af11fe568c5c036d242bec75f30bc0745d630852177e5935c4e8fa4ea3577d5bcc2c150969c32fd383b4b9425

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

                                                                                  Filesize

                                                                                  21KB

                                                                                  MD5

                                                                                  f0d11cde238eb54a334858a3b0432a3f

                                                                                  SHA1

                                                                                  7c764fe6f00cab8058caeba38eb7482088a378f4

                                                                                  SHA256

                                                                                  579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96

                                                                                  SHA512

                                                                                  b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                  Filesize

                                                                                  62KB

                                                                                  MD5

                                                                                  c3c0eb5e044497577bec91b5970f6d30

                                                                                  SHA1

                                                                                  d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                  SHA256

                                                                                  eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                  SHA512

                                                                                  83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                                  Filesize

                                                                                  67KB

                                                                                  MD5

                                                                                  bea64c447b0f2a1012d0ede8e09e700d

                                                                                  SHA1

                                                                                  03c4e014a1ed074ed2611b5889ed79b6f1ed8aa6

                                                                                  SHA256

                                                                                  34dcdd7a5b57897d1eb1a2620ae5bc31d4b5d80e761e62fb8cd3c2a3b907241f

                                                                                  SHA512

                                                                                  ac1c4b495b990d8fad333f54d3e61d5573efb7a0c7c584659cea48be8d4857461bb011b1f2a4966cd714bb9252cc1750e8e53f2203418ca19fcc8143fdea6b76

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                  Filesize

                                                                                  22KB

                                                                                  MD5

                                                                                  bf86b7a75a970559d077f790895a5ecd

                                                                                  SHA1

                                                                                  2a35495fdbdadffef16b9b294b7f49351c959ba9

                                                                                  SHA256

                                                                                  21ecfcf1b74f0c3cdeb145b9298bb2873bc6ea15b1d52b34820f1627fe6fd962

                                                                                  SHA512

                                                                                  7fb648967ea6e5980264b6764a6311dfde889be6a6003d978d1303b22389d7b7869c204af6c01ee8965aefdcb2a8cd6b1ff189fec85015caa9100cd1aee0c15e

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                                  Filesize

                                                                                  19KB

                                                                                  MD5

                                                                                  76a3f1e9a452564e0f8dce6c0ee111e8

                                                                                  SHA1

                                                                                  11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                                                  SHA256

                                                                                  381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                                                  SHA512

                                                                                  a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                                  Filesize

                                                                                  65KB

                                                                                  MD5

                                                                                  56d57bc655526551f217536f19195495

                                                                                  SHA1

                                                                                  28b430886d1220855a805d78dc5d6414aeee6995

                                                                                  SHA256

                                                                                  f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                  SHA512

                                                                                  7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                                  Filesize

                                                                                  85KB

                                                                                  MD5

                                                                                  45a177b92bc3dac4f6955a68b5b21745

                                                                                  SHA1

                                                                                  eac969dc4f81a857fdd380b3e9c0963d8d5b87d1

                                                                                  SHA256

                                                                                  2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb

                                                                                  SHA512

                                                                                  f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                                  Filesize

                                                                                  1021KB

                                                                                  MD5

                                                                                  4b77f157ee1310b028d1f77ba272246b

                                                                                  SHA1

                                                                                  4cacf231df184a1665e39d2144d5e9faa2be214f

                                                                                  SHA256

                                                                                  a5ef992b8569715a2286814188efe11f2aa9232b9c53d8f60981956c94e3b5e9

                                                                                  SHA512

                                                                                  378afdd65a471687ecbb785fef2d05c9b4bf77c74506fadcae917d636f97ef8309215114d7b22e2054162e233882674482391b03e9ca877ed6e728a2e106a52c

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                                  Filesize

                                                                                  32KB

                                                                                  MD5

                                                                                  873c4764c2a7befb6d4d78650fffa6cb

                                                                                  SHA1

                                                                                  3052199d1a09e6aa9a48667267a1a65e01925785

                                                                                  SHA256

                                                                                  c6396cfb3b709128efd82810adebff888f1af62d634f882abf05b09cde839b15

                                                                                  SHA512

                                                                                  385d88634055001bcb3526b0878f2a9adbc02b77e60d0c72a3cc9d81c0c8e59aa7ec04f15e7d80e34ec416c876631288171c8924ea91482b12f7b8ddf37bb2fc

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                                                                  Filesize

                                                                                  74KB

                                                                                  MD5

                                                                                  c60fc26f87ddbef308737edf34ef65c6

                                                                                  SHA1

                                                                                  cac72a52856bd8696a66563883198d9d1e685410

                                                                                  SHA256

                                                                                  23e360f2d680bac47c218b199d688c80f72ff2f829a5150c74993f1fdfce1bf5

                                                                                  SHA512

                                                                                  ef2ad3901b32d3ff817afba6718ac6a5ca600546662b2543473bc32238a3b61c601f7803078f48020658fca8e2bca9bf8bbcca8fbbf52b503f30fa2b13758956

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

                                                                                  Filesize

                                                                                  40KB

                                                                                  MD5

                                                                                  3051c1e179d84292d3f84a1a0a112c80

                                                                                  SHA1

                                                                                  c11a63236373abfe574f2935a0e7024688b71ccb

                                                                                  SHA256

                                                                                  992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

                                                                                  SHA512

                                                                                  df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

                                                                                  Filesize

                                                                                  53KB

                                                                                  MD5

                                                                                  68f0a51fa86985999964ee43de12cdd5

                                                                                  SHA1

                                                                                  bbfc7666be00c560b7394fa0b82b864237a99d8c

                                                                                  SHA256

                                                                                  f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

                                                                                  SHA512

                                                                                  3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

                                                                                  Filesize

                                                                                  35KB

                                                                                  MD5

                                                                                  b7ba0a4aa6a32e2cc52c5c6c56c0e77b

                                                                                  SHA1

                                                                                  27ab63b16aaf8cd3806d9066f79ab4fe1ec329a4

                                                                                  SHA256

                                                                                  d52ebf72521d811bb1241160c3b589eb06cfb31a246e8b25b849401aef6b5a7b

                                                                                  SHA512

                                                                                  bcbc454280cce4607fd7fcc32328c4094c02727acda702b807d61948c21ff0d4b48f734f77298547ea4ef9b146761d54f0668790d3fb1ba67fbb198ea1c018e2

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

                                                                                  Filesize

                                                                                  76KB

                                                                                  MD5

                                                                                  425b6feb9fd7574b0d8492482d0dbf6e

                                                                                  SHA1

                                                                                  1b19197209361189837c21059e3212fde95a4964

                                                                                  SHA256

                                                                                  70923d26813d4266526aa5653d548a1a5d25faf563428f1ddba136a2f21cf8ef

                                                                                  SHA512

                                                                                  4d385a64e754282ea59ed0d08396e87faf6c1a9f28908047c31fc2e00ba438569725ac23728938980c9d29baba5f8f5295f3cc48bed17cbb07d6d0d2f9130f6f

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

                                                                                  Filesize

                                                                                  21KB

                                                                                  MD5

                                                                                  b1dfa46eee24480e9211c9ef246bbb93

                                                                                  SHA1

                                                                                  80437c519fac962873a5768f958c1c350766da15

                                                                                  SHA256

                                                                                  fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

                                                                                  SHA512

                                                                                  44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

                                                                                  Filesize

                                                                                  36KB

                                                                                  MD5

                                                                                  f90ac636cd679507433ab8e543c25de5

                                                                                  SHA1

                                                                                  3a8fe361c68f13c01b09453b8b359722df659b84

                                                                                  SHA256

                                                                                  5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

                                                                                  SHA512

                                                                                  7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

                                                                                  Filesize

                                                                                  17KB

                                                                                  MD5

                                                                                  950eca48e414acbe2c3b5d046dcb8521

                                                                                  SHA1

                                                                                  1731f264e979f18cdf08c405c7b7d32789a6fb59

                                                                                  SHA256

                                                                                  c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

                                                                                  SHA512

                                                                                  27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\186a34ab13c00db2_0

                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  ed37fffce5a06e9433073c17bb503f9a

                                                                                  SHA1

                                                                                  be8fc939d4737459c750c4798ba5b9661249abef

                                                                                  SHA256

                                                                                  c727fe9a24433119007b3abc99c87def6dba0b73300e6b624366e9414b4aec3a

                                                                                  SHA512

                                                                                  c1bc89004dbf0baaece137567d00cd97915fdd77c64ceecbecd18f38baf24a3506050313984283e8dea45471be568522015d7f8a70115ee972c57a7101004d3e

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  814a283d5cebc94a848474ba6dda9d8a

                                                                                  SHA1

                                                                                  11ef165c7fd1af88dc49842a78f2dc82e3bd70ad

                                                                                  SHA256

                                                                                  a36ed7f853fbfd35fc3e839ef37d5631a4491b4f2bd8f46701269d5722a10bf8

                                                                                  SHA512

                                                                                  60697bcefda9474b912c3353f08ae66247be1ef38433c984a9737cac52f090addc3ce1ed5cd8dadd6be0ddd2a3810933e25cf957315839e81ebcf05429aa71ba

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4798d771a430414b_0

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  f6616fba0443b83a6308343ba59b02e1

                                                                                  SHA1

                                                                                  44927085519b657bd110dfd51b07b83211609a17

                                                                                  SHA256

                                                                                  88b0e3ed9debeac1750d91b4ede5eda6637e94bbec1645f0e77329ef4fa59aaa

                                                                                  SHA512

                                                                                  81534d1e7ef4c0eab7587f75c397ddfe2322badb57cb3d42f24f2c878807daadf24a15f7cfd3ba3352623ed24e6bdfc4a8e1bdef010e7d7d60eb73c5897353a9

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fe54dbdc0f8a910_0

                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  5224005f0b193c599ff86faeec8c3f56

                                                                                  SHA1

                                                                                  d0daa91e01fe3279528cccbdedbcf73a6c733630

                                                                                  SHA256

                                                                                  925fdb7679d9c959df1fc4218711d520bbfbcc803d1c3ddb20cc981b6d7e3a39

                                                                                  SHA512

                                                                                  b86b707a72a3f231adbe3e5639b543009b272e47b8beaea0bb8b2a220dd515679bd2f0dc617c94e9b3d1965413b24150cd78e22f89522630caca4a6054a05a39

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  aad5ebb5294b0174c0115d25b4a05bdd

                                                                                  SHA1

                                                                                  d2cb37bf6cc4383c61d86d50a21d9d252d2dd0e3

                                                                                  SHA256

                                                                                  9a1557d4a1a660dc5f77b89b44892b13e1a20b0688021b5bcd8c27d4bffbf220

                                                                                  SHA512

                                                                                  5a0f7fb64ae030b0f11afb901b954f9c2e9958eb1a9d1a5c8fbadd27f8f2cc59fbdf2af8a5883bded58a63b906e8d4c9928eb188f968800ff61d495eba9438c2

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  e9a446b077bd643e1852a085c439bf93

                                                                                  SHA1

                                                                                  b1e8cc3e1de58f2680b0715ad5e2b62770b645bb

                                                                                  SHA256

                                                                                  5e1af50025345831842b59d97b580cbc67e5b524f3144ef813c297b46135c28e

                                                                                  SHA512

                                                                                  69977455e0af6fe8665c31467f71e2b0302cd8bfd47dadc0f1034bf90afdc199cadbed1d727c62dbc7375d971da2f9dabac60d0a375bb71d8f63cef5d976b796

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  4eb4ffa6e32d39d12a3c1fb4bd4c72fd

                                                                                  SHA1

                                                                                  5e870d70f6c35d4d5afe7ed6d2dbf0d043134ef9

                                                                                  SHA256

                                                                                  9f16071ae6f10194e29eabd950af6c942411de41c2d85a3d5175f44548531a03

                                                                                  SHA512

                                                                                  670a72b57c8c905c66d08631b1041a272d95de51e81c7eda1e686dfd64eac52d27040a424323714fa9ba81c981ddd216f78afbb3b38ae0ace07b58ae89777458

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  0a2c56017997393e8298f68946d54b24

                                                                                  SHA1

                                                                                  45a9ad51ac4ff270b082369a07b3835f3cfceacc

                                                                                  SHA256

                                                                                  8bc096045b231e8a9c7d404abfb4ffb4b1455de449ec4f82ecccf49bd2d0c7fe

                                                                                  SHA512

                                                                                  63ac1c9635c24ad9e9c16a7ae9b1680863ef3f7ec0df38da0ce7301aafd9efe37070075bec57a01ed90fdd11ab91930891c71e691fa5324bc2f23c10b8438fcf

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  0c8b397121a3ae77292569d6d8d7d954

                                                                                  SHA1

                                                                                  e2b9c104c51a5208eb05658701f5001a05c3d727

                                                                                  SHA256

                                                                                  7555ce1fa3342f8dc3df3582a9c30bcc79aa330cfadee63237f4d741636c60ab

                                                                                  SHA512

                                                                                  a5b5e060039d721b2f58448951c5873ad62b4d2ef185ff443c6a4838d3ee5193970e167394c4ef316e3ff419d5bdf3ba8276559592eb348e95fb5bd9177fdd95

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  e9d4c04e17bc98d96516738d7ef5f3d2

                                                                                  SHA1

                                                                                  9bc295259cfdc43ec5549b93af07ad596d291701

                                                                                  SHA256

                                                                                  eb08bb06bf7172c2e54152feb3c82dc6d7fbdd19f4015bc2397bd5ad64594fab

                                                                                  SHA512

                                                                                  1c7a718f815fc0c2a554095c1e9b12a1965dbcf4b4c9855e06b911ab764b14a208e2770ddf146172b7b0c4f014cf1fe6efa27b60f4e7e719dfba274728a0201f

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  46295cac801e5d4857d09837238a6394

                                                                                  SHA1

                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                  SHA256

                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                  SHA512

                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

                                                                                  Filesize

                                                                                  697B

                                                                                  MD5

                                                                                  d98336ab70692f230db3cfde25667dc5

                                                                                  SHA1

                                                                                  16be0095120ff97d020ee1e1b75bb7bf6d53782f

                                                                                  SHA256

                                                                                  6f0067c1169af975b85fc0e9af839824fac20e2a473c09ef2336c16804dde2a7

                                                                                  SHA512

                                                                                  dcc276777b21af73d4fff66b537032752a3fd0eb85efda2197f4559cfae35147275a6d3b0022921250ac80d5d33b02e2d23a217d6d72c4aefa3df11bf0278583

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe6425d8.TMP

                                                                                  Filesize

                                                                                  337B

                                                                                  MD5

                                                                                  771a571de2850b7b88a15aeb38027214

                                                                                  SHA1

                                                                                  4b6e91b912f0861003e68611329cd23970983060

                                                                                  SHA256

                                                                                  731ed634348a4e06f57f5d34a5245b0dd2130a8f7319ad3f9b0048ef59beaae7

                                                                                  SHA512

                                                                                  af09a0ed9942aeaf46bf252fa0aa1aa9601b395009d3bf249a4806370987e3aa33ee0d302bcebb2d2beb6badf357b204cb00659136f58be212b18e8806703fff

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  ca147e58df918c35dff22c4dafbaf0b2

                                                                                  SHA1

                                                                                  6f5cc95807f4e266c8bfed16c3e0a43506e42261

                                                                                  SHA256

                                                                                  fb395b3b2ccc240bc161f09b970e593d11786bebc2ccdea629824aa240503a64

                                                                                  SHA512

                                                                                  50c9791d291a5d08bc771a796aa1d38eca48f43a3da73ac63a2d1bdb24b7c7f4f7563fa665ac343ab768aa396e8e791aca195d77b73fad6d8bfaeb60a7ab7a3a

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  213b4be572fb352b4c720a9d0e8757f8

                                                                                  SHA1

                                                                                  b40e4d6b3758bf8694e54d431b254a9a5c605de6

                                                                                  SHA256

                                                                                  37e72a211eb3bb90e2eb8da150e8a66940cb40e8204d92a2d38647313809794d

                                                                                  SHA512

                                                                                  6cc707a5a2f1df0bb9ff7cacb1af633b5bd799371b30219bbf2a2a2dbe028a7a90a8246d557b3fe43b849ca62b14a81436dccbc3320389cade3f9736efc76b21

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                  Filesize

                                                                                  111B

                                                                                  MD5

                                                                                  285252a2f6327d41eab203dc2f402c67

                                                                                  SHA1

                                                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                  SHA256

                                                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                  SHA512

                                                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  0d2cdad7316eb351b120bca1e9140771

                                                                                  SHA1

                                                                                  276b9340a9f4461d898c54751035c9be87ed2b20

                                                                                  SHA256

                                                                                  fcc278f96abf5d281fbe484f5c15ae3dfe35fd36e7846ba559274679451282b5

                                                                                  SHA512

                                                                                  9921fc1c2c0b26daca0fed5f52281e496d2d69002f3277cfc8108897083d89cc8f4402be6cf5e92e57daa4014d5c0a7355e55c3b63bf9d8b972311a42ffd0800

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  5f4402b6742e82a4923ce5c109aea489

                                                                                  SHA1

                                                                                  9c0106b63c40da4fa1475268c2c12bb3bbaaeded

                                                                                  SHA256

                                                                                  9be7cff556ead54741ec03264fa15f81abcdcaba7dce8df8429d0848a806fa73

                                                                                  SHA512

                                                                                  278e7052d6642729a396a06259780815fbff425ee38b0d4e0be5d36e05807be291329958b0482256235d66de39a9af693b6518f013acd41acfd457dfd43f05d0

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  99eb4c181349b1db19a0949957917f55

                                                                                  SHA1

                                                                                  94c50a0c6cc77700126cfc2c5916f559cc2d4399

                                                                                  SHA256

                                                                                  2423851515af97b4779b047373162c3d0507f4981f565f6c915c816232834ff8

                                                                                  SHA512

                                                                                  2e4093c1c563d7a302d66f464892c4ebe4fe4999c3f03448c7aa1a926a43020b5e1a8684a39267a381f32b77680fadf1806491028478fadf4b0220b4b2207c7e

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  5da194ef4cc37e97c796f7f2ab8ad10f

                                                                                  SHA1

                                                                                  be1d945541544afad0dd920ed2f61882bb5d7b07

                                                                                  SHA256

                                                                                  430280c83176092dadbf66ada4a4774002d2c55ab9c025d1a7d70154465ac97e

                                                                                  SHA512

                                                                                  8d756c9d54bc740668679e58d4a72b00df633e239d7bf876de970531d2f2ac1cd9a5b408475282c474bbf22b84f4d3fb2824b2f96c728e4a48a12c8fa5be47d6

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  b6c291faddb8ad3a5d55d946186a7549

                                                                                  SHA1

                                                                                  3ecf4e9aa12823e2582afe5c872a4d89d6782879

                                                                                  SHA256

                                                                                  ac4e0fcce5b8f4a3f26bf555ff5bfc57c2dbd2f646a127b9a4ba3d1b796dd197

                                                                                  SHA512

                                                                                  a706a3ed088e9a6f6fba30b0c1a8689185203e0b38a5b8812502913376fbe58e972ac33a873788e76de5419397234e48d6cfccaa5b09197c853e50fe7dbd71b5

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  2bd833175906724acd02ef55ae620b2a

                                                                                  SHA1

                                                                                  828fd6cbbd0bc7099ddeaff6ecfff3495640a3ea

                                                                                  SHA256

                                                                                  ec943c6e81f6d7e030751489bc1a5199572099e0d14bc5cbe57a4dc7e2193bff

                                                                                  SHA512

                                                                                  7086b7f7f59ed9aa68d5286dc30d02d2ba6a81f81a8db607ca7fb473bd7323ced13db14573849165aea1e19c9130f7784a00c0f0689353f35e283d33b4d577f5

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  84ab08e47bbd096343e0bccd2bc37989

                                                                                  SHA1

                                                                                  f116ea165cdbe32a807eadda5efcda36eb2ebe20

                                                                                  SHA256

                                                                                  4353b5b6964119327447ded7206b3bab68a976b649fb74f2957ebe3d145b92d0

                                                                                  SHA512

                                                                                  0ce26fdc711413c4317c5e3efb4a953f1d8b15adc834b1fa4b6c95a128a4b7db5a027ca9084d45db8f213c3a7317f7d309dc140e2e51db1d2a89c7a4d9210cd8

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  cd5df8f578bf4101b743634ea3d4180e

                                                                                  SHA1

                                                                                  168c4eb0d9cd885c9018bbb7933c6ff9e426845f

                                                                                  SHA256

                                                                                  7b23c5a7f13d2538799ed3812c25c9c54bc7af1f17a6063eff745ac3b12edf28

                                                                                  SHA512

                                                                                  a4031605c4a0849caa45501712c2d6c00431c05fb427e0dd52a5dd4a0017a19afab89412e151216174f31949e2aeedb80c694a18be524cbf18bb619658219c92

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  2e0c5c28d32664bcc0dbd02a3fb34b0a

                                                                                  SHA1

                                                                                  081777caad22197f09d2bb78da0b69e13fcbc20b

                                                                                  SHA256

                                                                                  c925e1512060d37707a42158593f63c1527d48cd847e0f63363ad16e1634b78e

                                                                                  SHA512

                                                                                  3609dce59c45c2892fa850cca8b96cbb35a1da3ddb6e4e11d854f6e0110327d9f1da953ba780e875f092d7bcd7a089cd0523a75e5aa94363f33dc2cfc756c4fa

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  44ac45bf20e15a21407166e5a524d5fd

                                                                                  SHA1

                                                                                  187b9ab0c6d4bebdc0bee46c625dfb30ddeedcd0

                                                                                  SHA256

                                                                                  405941eb15dff030d4e7d9282e7743f688724637651750fb1a7485e8127040e5

                                                                                  SHA512

                                                                                  ec54a105bd2099c7397370737ed834d06d9533e5051df93ee5ff3f491a0a458a94bbd91482038a338057ac9c9942679dd936d1cde9ca5cd5c6d91ae6ad5c033d

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  16e0c70b539f6b0986b7a5a131988711

                                                                                  SHA1

                                                                                  238fb5fae382b9f7eebfd22df7c7c7a00a1c7664

                                                                                  SHA256

                                                                                  094720d0311afdd159872331b907fc4f5f8bd2e3d0e6700d60b02014fccd5573

                                                                                  SHA512

                                                                                  0ca89a836c63b624d13b52f10c51abe93b9a032fc1a5ee47053a9b7aa76906bb01c5db9c74d2e8366339bf6c4a48f74722f4de2c7bb39f4867258c9e056b87f7

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  1fb8025ebdde641158c313398e7a192d

                                                                                  SHA1

                                                                                  9213e705b00693c868da260c11ee09181423d9c4

                                                                                  SHA256

                                                                                  1ea89352c84930af98c4b0c4583a2bedbf0c415b63363474baa9220d0f4300b7

                                                                                  SHA512

                                                                                  8460c8d8eca8b4ba39b6217adc7799d820f54d472f10d24e1603f5239c56cc99fc3706dc7ea820301588b001c7e35dc6af34b6829f312dc4b8dadee4949b8c09

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  03ae0f4cf07e3eaadd9235664b9c7924

                                                                                  SHA1

                                                                                  7a53489e22ce7566c81083e4809b120d3e5ea03b

                                                                                  SHA256

                                                                                  75a9999150448c39063df781b5bf76bddabbc349c2527003dd86dc5c261b9b45

                                                                                  SHA512

                                                                                  c1a8810f40b18387d5ab8f6165af17c81981200abc00e1b96f76490d6da6ace64b0513bfcfddb31e753cd2ca1a888794830930d8e5cddcc6fed6c4186fa6ed9d

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                  Filesize

                                                                                  24KB

                                                                                  MD5

                                                                                  5a6206a3489650bf4a9c3ce44a428126

                                                                                  SHA1

                                                                                  3137a909ef8b098687ec536c57caa1bacc77224b

                                                                                  SHA256

                                                                                  0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

                                                                                  SHA512

                                                                                  980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                  Filesize

                                                                                  41B

                                                                                  MD5

                                                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                  SHA1

                                                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                  SHA256

                                                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                  SHA512

                                                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                  Filesize

                                                                                  72B

                                                                                  MD5

                                                                                  b07f6978932687888ce767b0f4012c21

                                                                                  SHA1

                                                                                  9f509021ff28537affc7dd019e5f68158b43fa15

                                                                                  SHA256

                                                                                  b0cb34438871ddfa26854db40de6ce14fb2d93386d98f20c156212877e3f3431

                                                                                  SHA512

                                                                                  ef4de3d302ea404d0bac200a2f2fbf170a1502cedb2f122242c2f9e463b397955e699a6b2e731323b01dfd29e3698a9b37fe8f33d02806851a261dc8d28f56e1

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe635f0d.TMP

                                                                                  Filesize

                                                                                  48B

                                                                                  MD5

                                                                                  6765de382d691c39321b0e05cfe5fd88

                                                                                  SHA1

                                                                                  a63781508589b221830f98f800b6e940f3265646

                                                                                  SHA256

                                                                                  9fede2967fae9a3f25e6f6f0ae47598885a48522ae32fedca6a7656238d723f9

                                                                                  SHA512

                                                                                  101839c15e05f5654c0e6d1d8a3f19197867d7a8570d71c42d1a07750605685f1bfc7db23f652726bf9e233ac8cbb6095a19bdb57fd243c2e3fd6dfa05e8a084

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  b1f4f5050be852a018083f64b97d4fbb

                                                                                  SHA1

                                                                                  de9776bc97334281f4438a50416ef890127f0e6d

                                                                                  SHA256

                                                                                  35d5a86b2997f220ec4a70b622ece51e4ea7c1719f094f66d8bcc47e57889643

                                                                                  SHA512

                                                                                  3195a380af9b92dfc8c7dc470e119ea7d378765681f4c1b8b60e763b0830fea186dbf60480593ad6daf6314f05075fc60038241af7093ab874038d15d4b1d6bc

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  b11a42f948e5edf08c31a2ef88125164

                                                                                  SHA1

                                                                                  4d554ea4de60d62c1e959b7ade8905daab689986

                                                                                  SHA256

                                                                                  879925674f1eb67a9262f45cb87fbc7d38f4fe2ea7fa0396244e9f127e8f557e

                                                                                  SHA512

                                                                                  9ef0fe4c267f819f59402736be4385088269b6d15558acfd5e7ffbf5ea1db539f18e47745bd60cf92bcb545fee3910cba0611892b322de428ffef66cd32f6655

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  d26e28f5135a5332b1781043faae931e

                                                                                  SHA1

                                                                                  78878abf55b096bb4afc8a8d282f40ec1d2482fd

                                                                                  SHA256

                                                                                  60aa006d156e32a258187e17e477ce35c76020740400ef9d235ac3b1d94d3d0d

                                                                                  SHA512

                                                                                  b17b42fe237fac205bdfa3adb304954c0afd73a9a0b0eba2b430868ac1df488f4e76f974cdec0745acf8256c8363df9d9ef0a88a23ad16620c3a6cd420624cbe

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  3f1467ca1b3d9c22fb860733f80413ba

                                                                                  SHA1

                                                                                  c56eb361510608f54b6e9cd96fe0e145c12827b3

                                                                                  SHA256

                                                                                  2900a4eb5ce92a3fedcfb0f9c48720315dc7b7c8702cc04a9a6cc96050898f48

                                                                                  SHA512

                                                                                  12e6454380fc320d3b6bdf58d5363984b9ae70087363fa2176c4da1f51ff9bb6a1db7d440f1abfbeeafde82bf8a1afc42ced0bc8ebe649cd7c4bbd5b9ef4b933

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  c86d364b81e3ffdb2d08107738b0dad4

                                                                                  SHA1

                                                                                  f0c7bebb75dd0bc60ce0d00078a0fefd7fce7e87

                                                                                  SHA256

                                                                                  7e1261c26270472dda6ba161726ded7674b751e8bc4d80c8ffda01c0f2440cc2

                                                                                  SHA512

                                                                                  2f8b40d428be85756ef8f69a4046cf1fb367c9b28d246933a66c00d9a1a81ded090dbd010268ec1251a908aba4aebbf18c0a1a646ec87d38582c56f611fd9867

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  62d54d2881d4caaa14ea0e0b5fe586ea

                                                                                  SHA1

                                                                                  1ec5ed6d776abfcace81f80dac112acefd51aeb3

                                                                                  SHA256

                                                                                  85fb7287cec606c61512724f1b71e52a357fca208360475e585500eb1011c659

                                                                                  SHA512

                                                                                  e34988c7d4d770d9df44f96913aeecb8d2d31ae97f71664e310e22cc68a8fe938e14d0f57ff82c79a1630d85fe7ac9fc3067ff653bebb3c2a4199cce9e2fd689

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  469b324926c2a7b444d05505578d7389

                                                                                  SHA1

                                                                                  db9c7cc3fecbf0f88caedf2257cf8abcb655ee06

                                                                                  SHA256

                                                                                  9469057c20782f4381a01df70d28ba60bc07732ae8fdcd3eecd0dd9be81282ab

                                                                                  SHA512

                                                                                  b96e790db6072c4066df9931c40dd76bc0d4e0efdd8d143f920d03b9947f34c9f782f3ab6ab34922e549c61378cec2541b3458ba9d7183c5b3b1c5bb6b97c62a

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  8ac79ae572103e495a5730541fc145b5

                                                                                  SHA1

                                                                                  58e7a69943012f29b15f587707836e24ad7a3d7d

                                                                                  SHA256

                                                                                  7b413919ee449112e8e3a64fd89037b1eee9165ecffe98787e50b7a33c4cd974

                                                                                  SHA512

                                                                                  4736a7104b06e94fd5f9bc9c16caba2ebb02dfb601b2a9d17a90dd1bccff19c617534a6fc04a82e07f287c3fd99285e41e67eb0080d762de8fe53e6e199400df

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  f1cd6d8306a61ba282360d1eb27f869c

                                                                                  SHA1

                                                                                  7bd07e2ec3d70947b9f14f8b2d1f11008ce5572d

                                                                                  SHA256

                                                                                  164f4c18ff876c798b4455a237fdb3a85987db71aafed367f7dde170d858da0e

                                                                                  SHA512

                                                                                  3bb300b2b8cca72926ab20574ab26df8da683f0bb6c2b5ad63e6e46379d802622b48001d7483a487946a5188c6895ee927e4655cbb914bdfd18dea7f08523700

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597267.TMP

                                                                                  Filesize

                                                                                  873B

                                                                                  MD5

                                                                                  2e1ba1a0d548715a52968f7baa7abdba

                                                                                  SHA1

                                                                                  fef3d74039accac273a5d3ee97c28a7184d11554

                                                                                  SHA256

                                                                                  d6eb90ece800a7dd3a9dca0b09d33879195c5c218a2582581ca0a7f81c2cb7c1

                                                                                  SHA512

                                                                                  eaf41129409e91cf01952c2e55d55bc73b042340600b109078cfc6d70b6acc2c5a969e58b18683b4e773127cef6fc13e95a7de3e16be294eeb362e8577eb6abf

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                  SHA1

                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                  SHA256

                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                  SHA512

                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  b4f72d042b0613ad5980db15d0116d53

                                                                                  SHA1

                                                                                  8e4a8b945b025f75050a9e77db985d2a33920ddc

                                                                                  SHA256

                                                                                  af3d7cd9fba3ceee3cdc4d0969b5efa3601858e1beda8a2f52ea4f4c60bf1c7e

                                                                                  SHA512

                                                                                  014aef69d66b81c33cf0c8bc3610d1a4e71ca92fb33456d1c23a00ef6fa84a7e443181fddc6c8c5c5a02ec125e01c244e3649d4f61536716e1ae6fa476b38fc7

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  28c238b3cdba839737f820025198671b

                                                                                  SHA1

                                                                                  41000c04abb91788feeaddadb1680078f895365d

                                                                                  SHA256

                                                                                  22823e5d1d8f1b996eb452dc258cbb807b0a61423b9b718dd49cf3aff1f33801

                                                                                  SHA512

                                                                                  a7a3e64d188c5779ee0d207adcd032c47a72b3bd049d4a56d11a83890448918b86b51331aea686231b95bf136c49306838b4ec115fd0d8b45ec10dcbfb1ecdb6

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  10KB

                                                                                  MD5

                                                                                  2f97e446a903ceec0f4e7d1e34e571bb

                                                                                  SHA1

                                                                                  9c2b57f1e810547f002c8cd0afe5e9172837ae0f

                                                                                  SHA256

                                                                                  74914f4a68112c1a83d3ad4e8eb627f736c72b27555ae26ae18d919b09bbe9cc

                                                                                  SHA512

                                                                                  bee78a6afbc9aee73c40ba1e183929e1505b11f7bc1ad4241a49aaceab77d73fdf51c1688cd3e6a46498ce23ce7eb4bb547b6e1536977c4417ccdb1fb655c332

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  290ed9da9301e67c50aa85420f0e2419

                                                                                  SHA1

                                                                                  18392d6c731416897a691e239a1ff360c72618c8

                                                                                  SHA256

                                                                                  6894333f0f4a31676c5c7e2b53f20fa668fdac29a14e16be921dbf36e7bdbdd9

                                                                                  SHA512

                                                                                  71abe9fae00b750559b317616eba39250882b59d6d294ba56ce29142a997870d8a5f387183bbb781451714e209dc8a24298f1e61d48a2d53e92359fd708837d1

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  8c0e569a5f6b444ba765b3c9c7d613d0

                                                                                  SHA1

                                                                                  53d65678a2fcb290f608197ab01f3bec6da9ac7d

                                                                                  SHA256

                                                                                  276c0f52142067d977b6a65fca443d68d77ea84ebcff9eb4271a7aea88a61d7b

                                                                                  SHA512

                                                                                  67d2a82812da9bb139d865af8acf4e9b73c5e8659f0e145bd3e9fe63dbba0e8793ba483f0474025a45e3384ade8ed21ae0531d189a65d3a9d5e28e589b09a46a

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  10KB

                                                                                  MD5

                                                                                  b464bd7d04a3239ac114f33d957abcca

                                                                                  SHA1

                                                                                  0a96c4a72213b57a6f1df10549c8fce236d232ae

                                                                                  SHA256

                                                                                  5d2de54d5df73d36c5e75c3015b5b3572f16a02b3933fdba7faee3e586273524

                                                                                  SHA512

                                                                                  a27705d6f000137ed1a92f92d0a9758448f1ac671241cd089ef8f381c0e23fd57c9acc4cb58c99c5eeaa47539c576f758660d3d093cc55b27745633352190fbd

                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3635043082-2972811465-3176142135-1000\c3406d884f1bba8f5083b58be7655f69_05362cec-23e5-40b6-89f7-968588d97615

                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  45ce87e0470f9cbb9d843f1e8dc1f91d

                                                                                  SHA1

                                                                                  97002b52955271d9bbfb3692ce7f9ca158917108

                                                                                  SHA256

                                                                                  f2b3b3345fac2031493822a9eb2e44091febe774a18d7394cc08e2645c746dae

                                                                                  SHA512

                                                                                  c9903c92815a9574d5db8b19fed5fbb9b9a931b87fd8126f7a4898114e1f7b64e228751464f97db7208a22898231d451c34bf3bbeb45a150cde2eda66ce1c997

                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                  Filesize

                                                                                  2B

                                                                                  MD5

                                                                                  f3b25701fe362ec84616a93a45ce9998

                                                                                  SHA1

                                                                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                  SHA256

                                                                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                  SHA512

                                                                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                • C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

                                                                                  Filesize

                                                                                  3.3MB

                                                                                  MD5

                                                                                  13aa4bf4f5ed1ac503c69470b1ede5c1

                                                                                  SHA1

                                                                                  c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

                                                                                  SHA256

                                                                                  4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

                                                                                  SHA512

                                                                                  767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

                                                                                • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe

                                                                                  Filesize

                                                                                  1.9MB

                                                                                  MD5

                                                                                  902c60209cc856b9280463e5480e6534

                                                                                  SHA1

                                                                                  ac09b1aa98586dca2ecea674d80f2d26d8b38a6f

                                                                                  SHA256

                                                                                  3b7311aa805e7984d3bd3ac1b86f9f2fd94acbca689bda7b793bd4d894daad76

                                                                                  SHA512

                                                                                  dc016d226aac5e2ef709b6c59546c6b4b129f79faf6234751e5692392dc865709645fc4278ae8c42715bc05b93c4098950964967249fb8615d26b865720b85b2

                                                                                • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

                                                                                  Filesize

                                                                                  1011B

                                                                                  MD5

                                                                                  fd0263b30dc5b5490f9b51f58a3dd869

                                                                                  SHA1

                                                                                  0b67eef6960b370e18fe1ccd0bd718ab4c0a4b64

                                                                                  SHA256

                                                                                  1ef2c4cd5254ea17bd487c6358239cd0cd5a4661c51c01eefbda40471037230d

                                                                                  SHA512

                                                                                  df2b4bcb4543680670c2aa8417cde1575d9697cdac4172a282652c5f402c7dd4f45a2051b19f4da348045d4aafb86a599d970baa5ae1952a539d223079e57aed

                                                                                • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  9378cd79b79e9a4b7837de6dcd17fdc2

                                                                                  SHA1

                                                                                  289bc3436d716f870b2c1747f68aab4dbaaf04e0

                                                                                  SHA256

                                                                                  5ba1ce9c90f00e9d82ca4aa5dde823468d328b4296a46295fd49bb6aa4521adf

                                                                                  SHA512

                                                                                  c36818f8be54eb4e6f4a0ec3106aee8046cda9543c4cea7a2183fd9917a97c2ef0122f9b2897c32d8cccd600e2278d5a188d01654883b2debb5c2e96b6976bb4

                                                                                • C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

                                                                                  Filesize

                                                                                  372B

                                                                                  MD5

                                                                                  ae71d9794df809c967f77780f694e058

                                                                                  SHA1

                                                                                  afc1a3a73f90dd007161280c07a0f89e53353cfe

                                                                                  SHA256

                                                                                  2c76071cfe0d27bc18328b177cd3a386d14f400d3b9f1674a05e9d2dfc75938c

                                                                                  SHA512

                                                                                  86a609defaa46f045697d38f2ddfd734857efb4f77fd8ef51ba7218521284eafc572f4a8faeca6f6b28abddfa463f9c0a6d746c090503334129b399dd8247fea

                                                                                • memory/1300-525-0x0000017891C10000-0x0000017891D48000-memory.dmp

                                                                                  Filesize

                                                                                  1.2MB

                                                                                • memory/1300-526-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

                                                                                  Filesize

                                                                                  10.8MB

                                                                                • memory/1300-527-0x00000178AC2B0000-0x00000178AC2C0000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/1300-528-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

                                                                                  Filesize

                                                                                  10.8MB

                                                                                • memory/2308-587-0x0000028F56920000-0x0000028F56930000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/2308-532-0x0000028F723C0000-0x0000028F726EE000-memory.dmp

                                                                                  Filesize

                                                                                  3.2MB

                                                                                • memory/2308-531-0x0000028F56920000-0x0000028F56930000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/2308-530-0x0000028F55060000-0x0000028F55076000-memory.dmp

                                                                                  Filesize

                                                                                  88KB

                                                                                • memory/2308-529-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

                                                                                  Filesize

                                                                                  10.8MB

                                                                                • memory/2308-536-0x0000028F56920000-0x0000028F56930000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/2308-537-0x00007FF8DF280000-0x00007FF8DFD41000-memory.dmp

                                                                                  Filesize

                                                                                  10.8MB

                                                                                • memory/2308-538-0x0000028F56920000-0x0000028F56930000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/2308-539-0x0000028F56920000-0x0000028F56930000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/2308-558-0x0000028F6FC20000-0x0000028F6FC38000-memory.dmp

                                                                                  Filesize

                                                                                  96KB

                                                                                • memory/2308-559-0x0000028F6FC90000-0x0000028F6FCE0000-memory.dmp

                                                                                  Filesize

                                                                                  320KB

                                                                                • memory/2308-560-0x0000028F6FDA0000-0x0000028F6FE52000-memory.dmp

                                                                                  Filesize

                                                                                  712KB

                                                                                • memory/2308-561-0x0000028F6FCE0000-0x0000028F6FD2C000-memory.dmp

                                                                                  Filesize

                                                                                  304KB

                                                                                • memory/2308-562-0x0000028F56920000-0x0000028F56930000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/2308-586-0x0000028F56920000-0x0000028F56930000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                • memory/2308-588-0x0000028F73730000-0x0000028F7378E000-memory.dmp

                                                                                  Filesize

                                                                                  376KB

                                                                                • memory/2308-589-0x0000028F715E0000-0x0000028F715FA000-memory.dmp

                                                                                  Filesize

                                                                                  104KB