Analysis
-
max time kernel
60s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01-08-2024 11:20
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.4.141:4782
55491f8e-306e-4820-8145-a36e1a42145d
-
encryption_key
8C50FD67434C2F78A0203760B26F8419295B679D
-
install_name
Wave.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Wave Background Tester
-
subdirectory
Wave Premium Free
Signatures
-
Quasar payload 3 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Clicker Game.zip family_quasar behavioral1/memory/2388-217-0x0000000000400000-0x0000000000724000-memory.dmp family_quasar C:\Users\Admin\AppData\Roaming\Wave Premium Free\Wave.exe family_quasar -
Executes dropped EXE 1 IoCs
Processes:
Wave.exepid process 4780 Wave.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings msedge.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeschtasks.exepid process 3636 schtasks.exe 1984 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4456 msedge.exe 4456 msedge.exe 2528 msedge.exe 2528 msedge.exe 548 identity_helper.exe 548 identity_helper.exe 2508 msedge.exe 2508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
Clicker.exeWave.exeClicker.exedescription pid process Token: SeDebugPrivilege 2388 Clicker.exe Token: SeDebugPrivilege 4780 Wave.exe Token: SeDebugPrivilege 1508 Clicker.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
Processes:
msedge.exepid process 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Wave.exepid process 4780 Wave.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2528 wrote to memory of 3872 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 3872 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1656 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 4456 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 4456 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe PID 2528 wrote to memory of 1932 2528 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/3M4nSQzJ#mJ_1_VB3FFdNVlcKL0K-uA1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6d5b46f8,0x7ffb6d5b4708,0x7ffb6d5b47182⤵PID:3872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:1656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:1932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:3484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:4716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4848 /prefetch:82⤵PID:3056
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵PID:4336
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:1936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:5080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:12⤵PID:2196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:2524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2336 /prefetch:82⤵PID:2620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵PID:2876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:4600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,486394377408150562,656233241780096516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1724
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x388 0x2981⤵PID:180
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:940
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Clicker Game.zip\Clicker Game\Clicker.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Clicker Game.zip\Clicker Game\Clicker.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2388 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Wave Background Tester" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Wave Premium Free\Wave.exe" /rl HIGHEST /f2⤵
- Scheduled Task/Job: Scheduled Task
PID:3636 -
C:\Users\Admin\AppData\Roaming\Wave Premium Free\Wave.exe"C:\Users\Admin\AppData\Roaming\Wave Premium Free\Wave.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4780 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Wave Background Tester" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Wave Premium Free\Wave.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
PID:1984
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Clicker Game.zip\Clicker Game\Clicker.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Clicker Game.zip\Clicker Game\Clicker.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1508
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
152B
MD523b6e2531d39ba76e0604a4685249f2d
SHA15f396f68bd58b4141a3a0927d0a93d5ef2c8172f
SHA2564a486d7be440ddf2909be2c2b41e55f0666b02670bbf077ac435e3cddc55a15e
SHA512a1a7fef086526e65184f60b61d483848183ef7c98cf09f05ac9e5b11504696406120ab01da8ed7f35e3145aa5fc54307c9397770681e4d10feea64113e7a57cd
-
Filesize
152B
MD56ffd468ded3255ce35ba13e5d87c985a
SHA109f11746553fd82f0a0ddef4994dc3605f39ccec
SHA25633103b1e4da1933459575d2e0441b8693ba1ede4695a3d924e2d74e72becabd8
SHA5125d5530c57faa4711f51e4baef0d1f556937a5db1e2a54ee376c3556c01db0ddf628856f346057d3849baa5db35603b96a0a9894f3c65a80c947085eb640348ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5af76b945024b4b2d42c9c4e94bd802e5
SHA149ae4921fe1d934e815e877df16f74f84755a99f
SHA256ba27ae94bfd68be40d20c189607e2b4af2d031ba315cc47f30bcfa94fa789233
SHA512410e5ecdb15bd5832c45ed382c9e55355c650600822cff49f32c6bbfa28611fd9050b304715f6c9abdb954cc17329682786e425a2161d87d7fac6077710d4e46
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
6KB
MD5c55568e364284ed5c6674ba62ec55eff
SHA17357206d5529028a44bf47368f4a637669e49253
SHA2563a6ea9f91a6217bb006a1155ab9adc3e06d1824dba40403667c888ab4d954a26
SHA512820696dc2a2ea5c9f462a8ef22541563ffeef7888383e31f368cb7c26fb4986716c1d9b19eaa901ae10fac77d0f18de04fc970427dd4b76c31ae3bbaae4c096b
-
Filesize
6KB
MD56c052eec86fbcab6ed1b978cc6bf2306
SHA1de2a00ebc30f7f85c5a7a60a25597c6ac3802503
SHA256d485747e07304bacc2c01ae4cf9192c455584790fdb3b9431dc0b2cf0fb345ec
SHA512912d1f1011abdf5185b1fa3e3e7052c550c89221c352450e06dd6232bf563c644de423773235f70357c9f456f5809a401526753deeb0f40ae0abf8ef81a5be91
-
Filesize
6KB
MD5b34b076f2574ad3dcf2fa376a7748536
SHA1ee929ff8a9603e788fd2754fa1d1ccb8324c4c2f
SHA256c1abd627b005e23a15f38e55298a7022b7da5f530419dd8a406b86a760fbf759
SHA512ae2bc434ae6b1a89052c540529cc05a2a8c9ea7887bd94c1f112930388347943864fa638728b773c52e637308afe8a126e97cd026f666ec0530ff0a9aafae1f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5d6a1c008b5325d1372b62db936455c76
SHA1b8a2c26d99285b06531cd2d943300dca49fa55c7
SHA2568969778aeea3b382ad04590de357d178ef6dbda013aca401447b29fcadfb9b57
SHA512237b7027342d15edf9bd63045b1d77fb24141c3beab4289bce1b34066870be9318bb2b9072b7b0c3ce7d0351b22a9eb377ff6d9e2b0235baab0ddf39be9f39fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5823fe.TMP
Filesize48B
MD5eb4fbd506fa1c67966aa09d297eeddf4
SHA1ff263d7f3a136b1a44e57e4c929a2cc66308d0a1
SHA25653858db4c96d03499fc99cf11602807aa175d674eff148de135daa1eab3b2fe1
SHA512f2125080cf67366fa7c15a37310d89d6d4d05d7f3463b8d093194c49dfb585abe425477482ddab6cc1e35ddea01a3bb5e6803f7f9d7ba9e5578794184b3b6dd6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5046f8ecb570ae7bddc66ddbbd3476c9f
SHA1ce37b38ae4b1f22bf03f32ceab53b632e7dd7bde
SHA256fe97fe4b2c8652ec379c017e99b96325c987d11ba3f7ef0a100d77e5195ac224
SHA512683cc1c051ab4a58434fb80366e21514a2e9b3642a369c70e2edff451b1ddd2d708bf16d77e73367052f00cf11ead1e98019f827f2c26cb4be499054cfb9fa98
-
Filesize
10KB
MD581df3037da1fd5e08c3ace20244abcd8
SHA1a2669dfa9a82c84f468a0cc019f3f95694fce9d4
SHA256541205e8b7894817e6bf7bab8183e217f83867f3fc02431e1ffc64a211b6e857
SHA512982e3ed6edf7876c84bfc8088485cfa063da26427ceca4ad8a7122996276d4409b2c92a4b5f99c5887c2f26070a068c8d8b19de8fecd8fd21824925b69fff3e2
-
Filesize
3.1MB
MD57aa22d33bf837f7bf3df13839fe88fb2
SHA15de58ba560c24782ec1d731e467ba89824a874f5
SHA2564d21d8dcefaf85a18227b75e41549f756680940b33e3acfbed3924f8fc67ad16
SHA512cfdf9026621f36928e8b31b61df67a794bec2b1adade7d1789e9256e2b6b24296e8826cacee429f6f19ce1d96b68338bf8314cc0c167ababedfec78b9fdbd005
-
Filesize
3.1MB
MD5f5bd1a28ad02c79aeaecdb2a887369cb
SHA120735aabe522e8bb43983652d1d0245cfb513a45
SHA2569e6e72c53df1ae465907a9dff34a385cbace996667b98274c32e10130882ce9c
SHA512c51c3e888a717a82f32bf1512a4d42c7954eb2d107b74e23d7ac66050ff8003c153f67f41512d080a5ea2d6dc1fd2c6a3ddc98d6c54cff978f5c70b543fd376f
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e