quasar | 6af13fedc6065c776cd888e5bdb32c2bb31a423af7621b387676b45f014e3a90

Analysis

max time kernel
75s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Loli.exe
Size

5.4MB
MD5

d65286844163ff91b3cc8dd54c92b729
SHA1

85e5f37f0d092252b2c44225da2e6d888d4fde0a
SHA256

6af13fedc6065c776cd888e5bdb32c2bb31a423af7621b387676b45f014e3a90
SHA512

7d096028a596a04acb2ae8b837fc81197841af33fe547039978f99809dbb854fdd9f83c0c7bde2a60f3044127871ab9dcd0f621ba3c0d87f44662bbcd5d96793
SSDEEP

49152:zE/yEPsBimcZhhbGKnIXDpZEV/+hH45ZRPJgBB6aCHHB72eh2Nw+N7:zELEBimcn2X9uV2iZV

Score

10^/10

quasar agilenet spyware trojan

Malware Config

Extracted

Family

quasar

Attributes

encryption_key
E2FB9900B23756E2DDF30B24E44B0961BA7B0F9C
reconnect_delay
3000

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4488-1-0x00000000003E0000-0x0000000000944000-memory.dmp	family_quasar

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/4488-1-0x00000000003E0000-0x0000000000944000-memory.dmp	agile_net

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

1744 msedge.exe
1744 msedge.exe
4516 msedge.exe
4516 msedge.exe
4516 msedge.exe
5164 identity_helper.exe
5164 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4516 msedge.exe
4516 msedge.exe
4516 msedge.exe
4516 msedge.exe
4516 msedge.exe
4516 msedge.exe
4516 msedge.exe
4516 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4444 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4444 AUDIODG.EXE

pid	process
1744	msedge.exe
1744	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
5164	identity_helper.exe
5164	identity_helper.exe

description	pid	process
Token: 33	4444	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4444	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Loli.exemsedge.exe

description	pid	process	target process
PID 4488 wrote to memory of 4516	4488	Loli.exe	msedge.exe
PID 4488 wrote to memory of 4516	4488	Loli.exe	msedge.exe
PID 4516 wrote to memory of 1400	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1400	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1968	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1744	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1744	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4808	4516	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Loli.exe
"C:\Users\Admin\AppData\Local\Temp\Loli.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=ay9tQiGX8N0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa15f746f8,0x7ffa15f74708,0x7ffa15f74718
3⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
3⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
3⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
3⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
3⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
3⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
3⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5300 /prefetch:8
3⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
3⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
3⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
3⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
3⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8145687252305266646,7839616342497861004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
3⤵
PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
29777c384afa5e267e310c1486baa4a7

SHA1
6b827e83ea8089a22756f68be89d8352f12ad88f

SHA256
3a74c7def8750d475d6ea89c4d27b9d91a191e28b9ad23c4d1ce6bad0e8451bd

SHA512
9c3935cf9347911b2aea4f8da3495771a1bda6845573794e98b3812fd3202a781d56f9f76c39687ecf15c63a3b2e0251ec1ac3e579627c77264a7b11f45fb256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
431858f8b9200ffdf742767488cc767d

SHA1
ac0e429af813d4692c8df6e2c8b68e41f1cac901

SHA256
d123cbe6bfe191a9b68678da983dc24bd22211b30600e1d4d48c9937e415b89b

SHA512
a0f2ea686a1c9c8528d6f597ed03a1406a98618c1d6572452b744e61a0f7e761be332c9df7745d4bf48b906ba719ff277b91323139208dcd5a062ba4778ad3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66b0f5fa136fd262551f35d26af7d6f0

SHA1
fcb7d6b5c45e6102964572a8759f83a6eea8f0fb

SHA256
af85a8b8bb067bbcc7f5ec34789289eba5618e33053df2f6fb9ccd3099d5197a

SHA512
eee73e71c5463a0e4f86dea0f077c447d8cffb6fb3fc9abc384b5036f30a9532b35854d8893041dc405dab22a4b9a710f0be9275a227226bcc8cb9058fa35ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13a2d7d6ae5ba9508915582cc9d006bf

SHA1
5933455caeb2869a430597a6e579c4d176d386d7

SHA256
002fe8253120a14f5e0200f59457a2fa0783a6ec4f381c5647a851d8675a3225

SHA512
7c4a60381c40a7883b2dccb9abcc7a8e2b46441ad3cb8ed620a18cd619de14d960834511f51f7bae25d73d630ef8e91edafa6dc0b2829c4a14c7b24e2e97ec7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\759ec176-5176-46b1-b31f-939bc973c980\index-dir\the-real-index

Filesize
624B

MD5
929a50bb1db3ed081adbe7e3963f7ceb

SHA1
aa96abf8eacbf1e9616372cb44eaae77a3e54fd3

SHA256
3d74bb14b7d3b65c395d56a531ed2889b6eb5b1f7897d0cd47d63c8bd060e89f

SHA512
9b464e7a8381b15086e86b1507cefd55c6c5474d9bc41e6901ef2d6e28f0c64e43e277af31ac6f0c9050035f05617fe26bfbe73f09fb042133b4a8423c3211ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\759ec176-5176-46b1-b31f-939bc973c980\index-dir\the-real-index~RFe57bfb6.TMP

Filesize
48B

MD5
01c4270a6f4369df4286ba1e67072c48

SHA1
dbd3dff144c65d6f7662230b35c32436f372e156

SHA256
ed857ff7a09cf6ec24fbbf76f03ffb6445b72e04ad26ed661bc1e061486e3d54

SHA512
c007dd90cc4daf259c0740e53b0bd5fa7e46d4f0ae93e73ef8b3476625e07b7e4aad0d6fd8c63085c2f4ea5f62dac69625af2bc7c5f00ececc7c4fe16e03afce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6813609-6c5b-4ee4-9ffe-185b4e654e9f\index-dir\the-real-index

Filesize
2KB

MD5
04d8ebe444236071689622c0f71fe044

SHA1
4b8e5fc7be1bccfd127b49e12206f3174d3c3354

SHA256
15e43d296fc40aa00b79c1d28b6d923b5b4e1466763628b94e4d7330da1c3506

SHA512
c77afe7b5b2bceddf94ec8cf2a2a3dd9068e1dc00e0b34bf92622186b347eae104254bbdf9f1ab0f24a21a6465cac44acfc8cd47b73a11e505bd733a2d7f6a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6813609-6c5b-4ee4-9ffe-185b4e654e9f\index-dir\the-real-index~RFe57bca9.TMP

Filesize
48B

MD5
9954fdd8d9733f7489cd6ade844259c9

SHA1
e736195d878d25cd689fcd9ae9a5069e9585d94b

SHA256
ee1242f946c4b10df77499023fe178048b6e6172ec172bce278e0939516568b9

SHA512
0952822a67962f0991af2cf4f8e6aca19582201b77ca338225660e4dc41a08a0763d8af50a0b3148ab522a07974eecc4becb5fbdcb82d508d8c26f30f51f09a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
91eac66f1a3ef776cd625ea7fc96d76a

SHA1
e885e03e12d8bbb949ba0378bf811e78ddc0ec1f

SHA256
f76324846f4b89a819b6c7b513ecafcb8063bba9aa8748be18e66748b82c6049

SHA512
3e15a8d543b2d1e76dd686710892bb5dd48650dfceb43e92652752362796f9638078afd083bb1b6e78c764ca670de705deb7bbc692c7603ea05f4d0fe5a14e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3e60bb154ecb1c9eb14e627a1de55225

SHA1
e11cc3a945401657b14b8da9cc5d01c047268cbd

SHA256
88cc28360bb9739275b9000ab1b26d58b75798ba9340aa098f7b49d7bfad6336

SHA512
3244f9a2d99bc3fab5a685f483f9d82f84f1e599b9b0b6e9c004190ff9e5b1fd38ecf281cb4a31c819f90b606a4129ac2c151fa922022bf3448566d30602fd47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
ac9fbbaf8f6cfab1c00cbe63a8b69092

SHA1
f7b2bb9aec45e4f94ce46ce0751be94fba73eab0

SHA256
7852e2e485b521420e8285ba6fdca784bfb9942c40a19c6baa95df61f6d3cec5

SHA512
db909d2888c3b4db0643cc57d056094733daf259f0b261fb19da2698b5a457790cfbaeead05063f413da25aaf70312ae3993521baa2a2eb8408e6d0ca6993a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
2292607cb25771b866c7e5048f669e27

SHA1
c9edc66be2fbe718bf71b0dd965421aac284e1c5

SHA256
a2086ac78b9e46ce79856375a9e56788d1512d7a13bac35d1fbd47b549d859d3

SHA512
639553b5702b1aff3464d81af060b452cf16feb2270d5262ee4b94cb4639b238ed4771060d9b54003e95189553ac15f86efe498f69706a1452855b29d7520647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2cfbf25de4fbbb17182b76198d0f3cde

SHA1
93d6892aecfc7eb579814c07b1ef5ad00ad0cf2d

SHA256
7a85a354b1ec0d301b53915a88c35a64c01939a72663ba64541f450368d87785

SHA512
27548e939d83f3fd41529b34b80c3b07db8887fcad10bb1d97410cad98fdd173876eb6e2d628f095b6aff3854b4f90b267b9c460f4766b9cd9541d504d36da46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
cdbc90983e3ce078b1d62eac4e6bfb91

SHA1
de534b4780ef33e945c2dd7a9e58b079c88b734a

SHA256
f9df1c6b1f7fc8f6ff8852150f8c2e1854c3bd22e9927777d5e05126d968119b

SHA512
a8b97e74e145a47ce877975fa1b35b87313d98ea91df76f270fd612f1ca2e735f86af6e99f5d961624a406105de8fe9f44b4dcb162264de4ff97ec693be0d043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a8d3.TMP

Filesize
48B

MD5
daa15e86394e0b77a0520cac8a8d8469

SHA1
b13494a6ac453a5d673a78e57f95647b716796d5

SHA256
63d148733b20a9220a9e1b46c01e84a9af56adb42f3448495013b64ac206eaf7

SHA512
42128203f39a58bed68450ec161bf4c765a85196169cea3fca212c6512d94c16452ecb5db8d7b87dac9f057ee161bf2d55a3055ff3a7273abbe1f93b3bb3389f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3bc6a7f549acb4056965fb0c253b2efc

SHA1
e3927ec4016d77d500e305274241956ec4326778

SHA256
80a11d47f1bf03f42e6d4bc24ca192568695dcc876b00f125b9b2d1cea65652f

SHA512
38b432711f75742e1a465b331860d2c7b7fc9f4ec24f1d2d821408979d89d5d67f11df18ce9bf87f66863786617698853814a5fe20cd10a1144ca1e8f758222a

Download Submit
\??\pipe\LOCAL\crashpad_4516_STNFMMYKWKVBQHPE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4488-0-0x00007FFA19513000-0x00007FFA19515000-memory.dmp

Filesize
8KB

Download
memory/4488-1-0x00000000003E0000-0x0000000000944000-memory.dmp

Filesize
5.4MB

Download