quasar | 31cf47322ffd34f77f48354d8b22eda7c1a78b0fec01e3e9989ae9131c6de3d8

Analysis

max time kernel
72s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Loli.exe
Size

5.4MB
MD5

46307165e1f82a856c23e41090f8dc24
SHA1

5e9269c708993ba55e92d5aa7e3cd43dd10b9401
SHA256

31cf47322ffd34f77f48354d8b22eda7c1a78b0fec01e3e9989ae9131c6de3d8
SHA512

d98c8fb6830db10b738181adc2cdbbe7eedbefb047c5f7974dfdfbb2355ae4321285b31c5a57684e5a036f9655986907768de655681e108f956c7a99363eb9d6
SSDEEP

49152:aE/yEPsBimcZhhbGKnIXDpZEV/+hj45ZRDJ8BB6YCHHB72eh2Nw+NE:aELEBimcn2X9uV2WZJ

Score

10^/10

quasar agilenet spyware trojan

Malware Config

Extracted

Family

quasar

Attributes

encryption_key
E2FB9900B23756E2DDF30B24E44B0961BA7B0F9C
reconnect_delay
3000

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3916-1-0x00000000001A0000-0x0000000000704000-memory.dmp	family_quasar

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/3916-1-0x00000000001A0000-0x0000000000704000-memory.dmp	agile_net

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

3136 msedge.exe
3136 msedge.exe
2528 msedge.exe
2528 msedge.exe
5148 identity_helper.exe
5148 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2528 msedge.exe
2528 msedge.exe
2528 msedge.exe
2528 msedge.exe
2528 msedge.exe
2528 msedge.exe
2528 msedge.exe
2528 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1952 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1952 AUDIODG.EXE

pid	process
3136	msedge.exe
3136	msedge.exe
2528	msedge.exe
2528	msedge.exe
5148	identity_helper.exe
5148	identity_helper.exe

description	pid	process
Token: 33	1952	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1952	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exeLoli.exe

pid	process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
3916	Loli.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Loli.exemsedge.exe

description	pid	process	target process
PID 3916 wrote to memory of 2528	3916	Loli.exe	msedge.exe
PID 3916 wrote to memory of 2528	3916	Loli.exe	msedge.exe
PID 2528 wrote to memory of 2656	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2656	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 2724	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3136	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3136	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe
PID 2528 wrote to memory of 3524	2528	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Loli.exe
"C:\Users\Admin\AppData\Local\Temp\Loli.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=ay9tQiGX8N0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca54846f8,0x7ffca5484708,0x7ffca5484718
3⤵
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
3⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
3⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
3⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
3⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
3⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
3⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2080 /prefetch:8
3⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
3⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
3⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
3⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
3⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1818011439209881759,8275350993708900884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
3⤵
PID:5488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1952

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
9f3d75b8b411d8d71de46b0936bd7882

SHA1
c9135b86733674f5a176354bf87116e6a47e0239

SHA256
f2172a637412ef50218bbbbe98771794daafcc8be57e6aa6a9d3ce79df783023

SHA512
9287f5dadd4dfec5e0ab39fbe52f5f3fe8490c6fb7d1d32e7e6be97c9bb5915abd12ad061245960bd9739556ff4554de189727522f890837242acdf397aee5c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
4c578e67c17a0fbdbd2f25f97a537a65

SHA1
00fbe2c2141d0ac0ee1d35bd038200d31b528211

SHA256
36d577290eee5f3ed662b5050f88d556169512cbfc9d4ab16ffffd03b15be0ff

SHA512
cb9dea5f748876089f64a087282c172a8f5e5b0cc1836cab3df0892e066d070b0cc583573980450e02bcf3010db95a9ee23244968d94da5d22039aa993d5cb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
379d42d4c13101d7f487eaab6af08cfe

SHA1
25eb810bb4258bb98df5a6e6abad8c2bcb559d12

SHA256
fc530d43319bb1dcc5de592545a52f40fbb4b46ba136a7f97b28cf335d0cb4ac

SHA512
982ddd5f94fad1ef0334a15a34302a6269d7a9375dc4a534f91a9b1a3213d6b10d34866576fc54208ebf85ef5bdc93cc009270fa62815410745f81d2fe0f3720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5627ede92044457a8dc3ee6851cd032d

SHA1
3042de862957111006843967447da0841303220a

SHA256
fe6835874bf8527f440106f0046bd9e34aaf9149dfb49716a62150b78473d2a6

SHA512
e402acb5d686148914af733acb9951954178e63d08b20a17ea6665d5a648b060d6e995798aa6f6acce70cfc1209f94513286e79070449abd39f838e6efa99eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\027dcdc3-14ce-4b61-8842-a8852ba3de41\index-dir\the-real-index
Filesize
2KB

MD5
cc26b0164b636317759b2e9ef4de62a1

SHA1
6990d4a55a52aaba5fdd4b06789e633bf734f0c3

SHA256
68cf2c49367107ead266fc41efc8f09f40056c32451ef923b2e0059130020a3a

SHA512
a917c5ed01239bd1544c6c35d8751b511e018560c98964e903e0087e5b89a833858fdf0f27561350153c60dcd2483ae763744363793e01d9fce46b613d112ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\027dcdc3-14ce-4b61-8842-a8852ba3de41\index-dir\the-real-index
Filesize
2KB

MD5
4d8102dfbd8745b27fcf477e3334d92a

SHA1
acbfc0713cde5232b211b0fee182b2d0a5e73473

SHA256
a664fbc451ef33d317593bef5081c4e81f79ea9e26077cc4322047b082ca091d

SHA512
0d7036f66b344f8ae911bb9ab0e421cb1cb9f8bd95b4cd73d72edad932c375c39fde3ee630aa264f56bdb7a0f1c56e368c12744c771797a9fcc4ee2004c35565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\027dcdc3-14ce-4b61-8842-a8852ba3de41\index-dir\the-real-index~RFe57ac4d.TMP
Filesize
48B

MD5
f8f80dbd0e52598a60b13add3d68255a

SHA1
a6f1b0602a3e0e5daaeb5929ce8c5ad9efc2d85d

SHA256
e1cc1027ef7b95be45b4b4ed92cc7689e218fb22e19f66d0189f504dcc11325a

SHA512
6c6985642753488196ecd2ed6b2a9a44811a0a45bac73ad4af42872cfbbccd629b6692bf9ead65800ad7c7114fa26deb6f35a700aafffa314e40d006765b6e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\64a2cd68-61be-4c35-9ba7-44d18cb1fec0\index-dir\the-real-index
Filesize
624B

MD5
27f814226fa4506652629048c7399318

SHA1
fe1babd8638b5a1269563cef12b272224142551a

SHA256
8ba084756a8e323646c769946f9ad4760e653cf497bc89b7240ff022e94d01f1

SHA512
cdeadc86d7bd94afea088574b1190840fd06695f9b18023aeb6c430217a6a56722968cf495518d195eb9a8aa102cb2f978d710bed368319ad7fd549ce01b2f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\64a2cd68-61be-4c35-9ba7-44d18cb1fec0\index-dir\the-real-index~RFe57b093.TMP
Filesize
48B

MD5
53b909a245b4804ded1d0c072a7679ca

SHA1
a886017c4ee5f1115758d00a837db86105865418

SHA256
b0887373a501c2d7993ff503004990a60bc8f6ecb72315a5a14b3fd72556432d

SHA512
d137f74e1c988a860fd5dbc5b90962d14900214b5022da21af73871eee14bbd6711bf2a486be66fc61e85c81f8b02debec6acee1f7042a4b9e84f54512ee8d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
c438aa8d607d2fc1e4f795bf74ea0a0e

SHA1
8ca1215dbfd998464883318a5224cc1da2fdad83

SHA256
ea8307f67c752519fbae3872b6aca8c3c04ba9dd24aa8aad58163ec8e217977f

SHA512
7e03d837d9295e868227ff02f0b52f4872814f08a4e76689b53ea2376a21dfc69da2796606e69ff82226017c2f8de99301e076aa8f028e76d8b1d3a41d9759d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
029743bfa06431f294aabf871277d4e9

SHA1
6fccaacb022db141d57953bb9a0b0d6b37a81e07

SHA256
598b2c22702f2009cc9e3b4a1499800e5124eb479bf65915034fea209ad4702a

SHA512
dd73e685082ac3f889ff410e09c283c343806b7ed7008a590511e2fcc9173797658433a981cedb1a5c00132fe6785a725c3fbaa728b7b4598da90e23ffec32e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
155B

MD5
ed0751377946d46c5808734452d463cb

SHA1
ecc71779c454f6dea04afce67092f1aeaa3138fc

SHA256
73a57ebf0142a72d081e96b1ef10e4b0926d9948db4461ca914129ba8808a976

SHA512
a07ceaeed86e772866733176b067cf0ebcf8be27367416d5ac33d2182676b072ef01a41b07031e10335c4dbd1bcd7bfafbd1f50b7b3da3be1e9586d862f866ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
f79e0945634e4ad0806394717f00a6fc

SHA1
063e07b89ae1e346f9edf1b6ffe435ad1eeec4eb

SHA256
91a8fb68f6a0c05d2ad9440e22f20172d7d75672c665613c62ddeea72d253b9b

SHA512
17ae5e74ff6d41fd32a130ef233ae83a4d687d3085d254a2701a834c41a91bb7da3d4f45da354498250821702757d92226221d46f834c046ec973ee9dcbae1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
153B

MD5
e9a08e07756dd1397e0d0c184223db54

SHA1
f911b5a889bf62502fc12b188dff365c0dc12416

SHA256
66795323c52058f8d19445942402f2e22b2ad87b0923ba7c56451f24a3037dd1

SHA512
5e99dc22e4bd5e732bd70b1b4e917a6ede1f74ff8e5ea38ff02320dbd74a891ef642be7a36cd22ce4f70f11e922d6b0c83f696cedfa6ebcfd28a4b1093b91a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
a1e04f3658043960e06165587bfdb9e3

SHA1
8af7abc2d531c48c11fa0977f3538a1fa6b68368

SHA256
0b00b3dd64ba50fd79eb909ea2db9c8d80aabf2ef7ec79e779ff6e93171e34f7

SHA512
d7fc31b7ced2b0de14c38329813d285d748138ce0d9e8914b258812776657d33da6ef8024e639992e9214cf7dc805d293485a9a79602fc00fd8e9738ef9189b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579df5.TMP
Filesize
48B

MD5
9f28467e5de09ce3f48bdc443073759d

SHA1
dd38d42618cbb2d9a93a376351bd24b2d1d89c31

SHA256
ef45526a1d14bb209e067ae3e4d3b658500a89eb2d1fc579c2c291275208ace0

SHA512
7e94d3a8c884dd99e7960dc2452a832d04eb1caf7dd6a1a003f143d546712422d1bf84614431e7d0337178492318dea1a5884a8c36ed2bfcff09d33dc55da8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e2a910205342df9823afb9c8ce10e86e

SHA1
78bd7a4e8cceb567dac711f8bc9f0d10850e89f4

SHA256
d03ad434deca7d8f05a248ff4538362f8c1a3e18cce851a3dd373bfd13864960

SHA512
971757782bfa722c9f7fbb0986498c1cdc00444c4d6ee42377fd26f3df05ba102585c815317c47e736debca4306b4f35efa5ea4f9ad3bf3900f1f6a26750f0a2

Download Submit
\??\pipe\LOCAL\crashpad_2528_ZFSPFCRVCTJSWESG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3916-0-0x00007FFCA8C23000-0x00007FFCA8C25000-memory.dmp

Filesize
8KB

Download
memory/3916-1-0x00000000001A0000-0x0000000000704000-memory.dmp

Filesize
5.4MB

Download