hxxps://mega[.]nz/file/eL5BwAZC#_9bZPlC_6C_5T906uxCeiPRRh9zu98OGnDDnOe0yA3o

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/eL5BwAZC#_9bZPlC_6C_5T906uxCeiPRRh9zu98OGnDDnOe0yA3o

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1428	msedge.exe
1428	msedge.exe
1284	identity_helper.exe
1284	identity_helper.exe
2776	msedge.exe
2776	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3756	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3756	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 1676	1428	msedge.exe	84
PID 1428 wrote to memory of 1676	1428	msedge.exe	84
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 5080	1428	msedge.exe	85
PID 1428 wrote to memory of 1712	1428	msedge.exe	86
PID 1428 wrote to memory of 1712	1428	msedge.exe	86
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87
PID 1428 wrote to memory of 4052	1428	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/eL5BwAZC#_9bZPlC_6C_5T906uxCeiPRRh9zu98OGnDDnOe0yA3o
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcafda46f8,0x7ffcafda4708,0x7ffcafda4718
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,10986270552928920588,2154157756541184976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244 0x48c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4412

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar RAT v1.3 Cracked.zip\Password & How To Run.txt
1⤵
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
17a9c1568c4bc32b4cb7e33f85702d95

SHA1
3e74ebb370d3957841900f9f384ac74d8a57fede

SHA256
ed3181359b970cfff68044511466f5ad9ce375f6a7439e1334196f569b82e5ee

SHA512
af94bd5119be7595e7320b3e17a7e3edd727e4f420c016faa334be238c4dec443de1c7ac7f2c0b0acb2a04b259463001342b7f0d14bb8d0332735779d4e36f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6dacb07ffe83bf9177889ab75d60361

SHA1
dc8ac06072bf5d4f873bda0746745ed03dc29bf0

SHA256
b8ef7a5dc32fd48333d08833f33a9a59f058ce49aa7b4681854427a14cce7bea

SHA512
99658581d02fa9a813168ca413b39938495dda107729648bbb180f959a28809311169ebf83d7232e7f8c834fa8852253755e0b22eea2ae68725c134a6c4c78a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01c1a28a0ddde5147af143e89d10dd9d

SHA1
fe595847c55fcac374cc37e3cd3c967d666dfe60

SHA256
d32418b8d1a3d99b0e2e20ed9e71c222565cfa095c5e539c7eca69b4a37bba68

SHA512
bcd852eab4e168219fdd2bfb584a67b24035793f97b8cc02712b876af7bff7b9ac351c3656197cb94dc5544b70818d0c1815c97568757f73c21cc65c501552b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a96473ef2a644732f6903f4a164be94

SHA1
d5f8b32f7462846841b9026c53faab026aa19bf3

SHA256
397bf5a415d112f52490a09f1d13fbb423b476705aefcb2af29e756388b340af

SHA512
b1a967361ba3153ca6a6df709815d02b5b11dfd3f1cd0de40a3827a99fc60dc994ff9bf4bca7b94140fc6ebad862aa95915fa36e0056805556bf54170fd564d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
988d3e4e5da71106bb9049c3de8bed4a

SHA1
f0ca847794f328e317d7193a609c3bd6d2af03bd

SHA256
7fef06ce7d224134e9e0cbc54ba0e568bc02ed0ab406ece90e0de359e12830e0

SHA512
6b74bab8afa5bbb988854e29b9a14c777998185a9eb74ba3a97d9bb1a82e0d558629ae675b4e6bb1d6f978decf668f09b92d1f7bc49642040e328bb7619b31c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cc68.TMP

Filesize
48B

MD5
e33f02f7c3172fa3456063e8db1ff684

SHA1
874e7b0c0a1243fe72fb17b63abeaf3fbd5d270b

SHA256
687e159fc8f5dbe7f1e4e018968c6d3f26952c569d29d384f5f93ed635ca6bab

SHA512
d5fc54c636d47af0b5c26bc8a38bbf683787f66aab65d0b8aeadcc2eea1ab3dfeb294e69754a8876fbc83435db2b7375b20aaa43ef485a3dd23cc5348619c195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95a3de3c0ac7c26c7179c1f9f3a6abcd

SHA1
16a267b0e21cf2355368affbb38e7d1b45359c78

SHA256
988385711b757cdfb706d401d39701e009fcd46b500293f7dfef24fab29a4dd7

SHA512
0459a675e4113503938831053b9d0b0981153b5badc6eae98bf755eb4d1cbe50f676c5430eee9bd4983de4f6e93aa69b5c48bc22eb97c9e045686a9d6765a583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a8d6104dbbac04ba5011c0b1125a766

SHA1
8450e12bd2c6748a919bbe2a06e956f893fa7387

SHA256
088ce40929715521db5e34ca88108ac7df036888853bdcdccc47e00158965794

SHA512
2120b41a86a1014fdd71951a6b0d35352d56d3953ea117a8394f985190db7c75ebca599d282afd73cd828c2a09c253a914d4ca736306b194f199a706cfff2a64

Download Submit
C:\Users\Admin\Downloads\Quasar RAT v1.3 Cracked.zip

Filesize
1.4MB

MD5
26e09ee84ce197b5f42c9ae1d6bdea69

SHA1
5e2451ff7da88938af27c96d8cc241669b690ea6

SHA256
ba2b6504394dde691ec877ac26166edcb711314d0ecea7e22fca12fd4a518305

SHA512
e7d27e083a0e4d5f26bdae31de6244312d0a0a93781c1b3ea451b9620279cad0492043b32f21233b3e1265805929d8c75099480642e8e42e66a1255afcf637eb

Download Submit