quasar | hxxp://asd

Analysis

max time kernel
469s
max time network
472s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://asd

Score

10^/10

quasar re discovery phishing spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

192.0.198.102:4782

Mutex

4a9227fa-d8be-4dd6-b82c-f082924caf0e

Attributes

encryption_key
10AE838492AB5D15FE5D2DEF09C3F7E3C6DCF64F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Protection
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/5424-329-0x000001B3FB3B0000-0x000001B3FB4E8000-memory.dmp	family_quasar
behavioral1/memory/5424-330-0x000001B3FB900000-0x000001B3FB916000-memory.dmp	family_quasar
C:\Users\Admin\Downloads\Quasar v1.4.1\Client-built.exe	family_quasar
behavioral1/memory/1988-1926-0x0000000000B80000-0x0000000000EA4000-memory.dmp	family_quasar

A potential corporate email address has been identified in the URL: Quasar-ratRemoteAdministrationToolforWindowsEthicalHacker|@Crypterhub
phishing
A potential corporate email address has been identified in the URL: TCI.QuickSearchFIDCINameTextSelectedTextQuasarratRemoteAdministrationToolforWindowsEthicalHacker@Crypterhub
phishing
Executes dropped EXE 3 IoCs

Processes:

Client-built.exeClient.exeClient-built.exe

pid process

1988 Client-built.exe
4716 Client.exe
2964 Client-built.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

60 camo.githubusercontent.com
63 raw.githubusercontent.com

pid	process
1988	Client-built.exe
4716	Client.exe
2964	Client-built.exe

flow	ioc
60	camo.githubusercontent.com
63	raw.githubusercontent.com

Drops file in System32 directory 5 IoCs

Processes:

Client-built.exeClient.exe

description	ioc	process
File created	C:\Windows\system32\SubDir\Client.exe	Client-built.exe
File opened for modification	C:\Windows\system32\SubDir\Client.exe	Client-built.exe
File opened for modification	C:\Windows\system32\SubDir	Client-built.exe
File opened for modification	C:\Windows\system32\SubDir\Client.exe	Client.exe
File opened for modification	C:\Windows\system32\SubDir	Client.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 64 IoCs

Processes:

Quasar.exeexplorer.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0400000000000000020000000100000003000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 01000000030000000000000002000000ffffffff	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000020000000100000003000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000004000000000000000200000003000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Rev = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3 = 14002e80d43aad2469a5304598e1ab02f9417aa80000	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0 = 660031000000000074595db210005155415341527e312e3100004c0009000400efbe745955b274595db22e000000bfe70100000002000000000000000000000000000000f513d2005100750061007300610072002000760031002e0034002e00310000001a000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	explorer.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exeschtasks.exe

pid process

5532 schtasks.exe
3896 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

5848 explorer.exe

pid	process
5532	schtasks.exe
3896	schtasks.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3840	msedge.exe
3840	msedge.exe
4948	msedge.exe
4948	msedge.exe
2988	identity_helper.exe
2988	identity_helper.exe
2680	msedge.exe
2680	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

Quasar.exeexplorer.exeQuasar.exe

pid process

5424 Quasar.exe
5848 explorer.exe
4380 Quasar.exe

pid	process
5424	Quasar.exe
5848	explorer.exe
4380	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

Processes:

msedge.exe

pid	process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

Quasar.exeAUDIODG.EXEClient-built.exeClient.exeQuasar.exeClient-built.exe

description	pid	process
Token: SeDebugPrivilege	5424	Quasar.exe
Token: 33	2360	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2360	AUDIODG.EXE
Token: SeDebugPrivilege	1988	Client-built.exe
Token: SeDebugPrivilege	4716	Client.exe
Token: SeDebugPrivilege	4380	Quasar.exe
Token: SeDebugPrivilege	2964	Client-built.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

msedge.exeQuasar.exeexplorer.exeClient.exeQuasar.exe

pid	process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
5424	Quasar.exe
5848	explorer.exe
5848	explorer.exe
4716	Client.exe
5424	Quasar.exe
5424	Quasar.exe
4380	Quasar.exe
4380	Quasar.exe
4380	Quasar.exe

Suspicious use of SendNotifyMessage 31 IoCs

Processes:

msedge.exeQuasar.exeexplorer.exeClient.exeQuasar.exe

pid	process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
5424	Quasar.exe
5848	explorer.exe
5848	explorer.exe
4716	Client.exe
5424	Quasar.exe
4380	Quasar.exe
4380	Quasar.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

explorer.exeQuasar.exeClient.exe

pid	process
5848	explorer.exe
5848	explorer.exe
5424	Quasar.exe
5424	Quasar.exe
5424	Quasar.exe
5848	explorer.exe
5848	explorer.exe
5848	explorer.exe
5848	explorer.exe
4716	Client.exe
5848	explorer.exe
5848	explorer.exe
5848	explorer.exe
5848	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4948 wrote to memory of 1420	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1420	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2308	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 3840	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 3840	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 1264	4948	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://asd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4510062375620805750,455761721422913173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2488

C:\Users\Admin\Downloads\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar v1.4.1\Quasar.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5424
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:5748

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5848
- C:\Users\Admin\Downloads\Quasar v1.4.1\Client-built.exe
  "C:\Users\Admin\Downloads\Quasar v1.4.1\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1988
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Windows Protection" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5532
- - C:\Windows\system32\SubDir\Client.exe
    "C:\Windows\system32\SubDir\Client.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4716
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Windows Protection" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:3896
- C:\Users\Admin\Downloads\Quasar v1.4.1\Quasar.exe
  "C:\Users\Admin\Downloads\Quasar v1.4.1\Quasar.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4380
- C:\Users\Admin\Downloads\Quasar v1.4.1\Client-built.exe
  "C:\Users\Admin\Downloads\Quasar v1.4.1\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x318
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Quasar.exe.log

Filesize
2KB

MD5
e07c3925c4e8b60a8ea6300a1437ef3a

SHA1
101e086eed0ac5cde21219343545f5042fb1cb12

SHA256
98dd0707ee1844d0b0ad3f44d21c9bbfd1c135e18ea22061c9bc4e0e45736156

SHA512
8ba1327624a4225082e608d9f7689796a5fdfaeb042f9870164436ff0022e94379e8b98774665e3ccc73d8cc1d3c510fbabd10f39b0f164c4fe3310570da5b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\89f9055d-e30d-4816-8460-31cb795aff38.tmp

Filesize
1KB

MD5
f550a7118625533018471e8c60251dbc

SHA1
5671d3ab7dfc496feea8cca63e9cbd39db4f3846

SHA256
9a5fccb90fedcd334cf2e868a4426d3405854decf7792180e0d7e12b6d68a9d2

SHA512
25e205f0ee0e34bef09fe89f95c0968940b3180856b5364c8ca97067e291420e769b0643017c5a3e375228bcb40f7d575f9dbd0911acc3d0d2e35cea32e02fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
17KB

MD5
139023da499ed0daec4a75a6462abe50

SHA1
dacf52bb13fd5c6672b5cd4f7635fdae23f38436

SHA256
1e099e11de8431842eea30a6c792669d371d12ac3c6e520c7eb4cc39e1fb5668

SHA512
0fb5c09a168c6ed9f4b4cd5997dbc562dc835eb146c305f4830a852ff09479df3900fd75655ccdb110c07599ff5befdaafb858a05e6ac7d7033bec3d92520256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
25KB

MD5
c1aaa844ffb3bba0eb544c4daa05015a

SHA1
a872551fc69ca97d251149092d88627a64f29832

SHA256
df3beb136a1eaa18382386627dde5b26fa79a41275de8613d1bce328a4eb67d0

SHA512
c5d986496bd20464916659f2db492acabfdf888213553d14ad842913f1431551f6d997fe0129a3cd2743172a72e394dfd502c5bd31fb5cba90f2a758e3c954f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
48KB

MD5
baa9f9df378773cb28884dedeb3808f6

SHA1
9a43932d23ff5a9d449c6e85f6bc28f2fc221c64

SHA256
515270605d5a6ebee61b69bde18c4fa049479d99578524b17049cad5b481559d

SHA512
62ba4994b070564955b5df3775de2216f17ae2deeaa9441fe9c2cacca9c04b8f4b9690ce84ad6e4d4ae4bd794a8686773b0d9361dfcb38c9beef1cffbbc2b6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
615KB

MD5
33fc776f10d022a60c1e973c4ee94ba4

SHA1
d9f3cf53e8034db68c989c1901599db9ad73082d

SHA256
1f10496e8925eb655a09223c49aa1a4694f59fa305b33e43d3adac5f20a904e9

SHA512
b56b056918ce0c01aae4637f6384a5f34412b30662e260fe341955fc9b32f1ad40c4260a3f9a00faa12438eae78eeb6a06e093911afc647614080f0f33d45b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
20KB

MD5
4460d36c327eff10c9b57f5b7e9f74da

SHA1
ec6b6ce85640e2ce0f167d45fad07a018248dae7

SHA256
946ce5c74b79a601e1cea929e3ffcdcdfbd98172cea2c1c43635e2c96901c48c

SHA512
c7a836ca638f5efca9182d5459ff4d20673f6c6ebe468995be65119c162a919cd0c036bfc3c2700c38ae4b2aa4f29f2d994cf5e4f064b7986cf0bdba564b72da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
8db91a02ba5c6351ddcd3596af9cb24b

SHA1
823cbe4f2d7fb8a9f9cba74da581d09108ac09d3

SHA256
b88647cc82393effbc9a5b87c07a79822908fa1429c49f7d661355c85c5f4ac6

SHA512
59074b697821bf6da48c31e313d1ca899f311199191a2e3eca96a12ff1e8d7cac9e3fd083a75cf93b0455e1af6f1daf45bfae4a853ac642ddbab1dd36a55ea10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
036b91b0a2fe203d49e02e2eadb83390

SHA1
4cd0ca1ffa5b95dcfbccfc1610e7410624ae4197

SHA256
34c640ffe4899129db8bf94c126456adbfb421c2c3dcbcf7c84a9bd9d1663b29

SHA512
3ea80db89f1faf4166eea6acd55b795a3c499538b3b20aeed934970b0d03c0fba808144902d29994b38a8bfdc04032134e5dc2bdeba3b405aa46546c41e4e81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
6KB

MD5
b7d85245f0af1a5fcd7bdafebd1b5cc5

SHA1
a48aebade52e1c1699bddea7cd8d65d13857e542

SHA256
503fca7d1b46ec29b825107812311df66add68b7c435a9fcce85040b77bbab15

SHA512
323e9d6723286201837257387c35fec1c8c702a6a6b0a6233eb68b8ed221052e7a4c52cf017f4cbda4cdb5430f03837ca5b05330a19a9aab91a4d1b7159244d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
4c710d2f2f9a3c589151f048a16f3e3a

SHA1
91fb87566383361dc3bcdfa684d5f3589d175454

SHA256
f765d52f71e607fb8928fe9acbf20c7bb40734864bac8194ab33160184ae5b7f

SHA512
b98da7092263be5c5deccbf01d909d96b1357eaa594532e2b827c1756db6421e83e9c78a571d6d6364fbfff50e43f3391c626be3b3cf845a080797e0def388e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
fada35227f1098bf30e7f04d1c9345ff

SHA1
53c95a706fb3bed673be6076ee53145f2ce428fe

SHA256
a4a576fe73abb5de3d84aa7113eb5c5e64f059b82ff01fcf66b61cbba4c9f584

SHA512
5cb2a4aaf95b553500f93b4c226cb201448c97763e4efacf522460ca5b8439c440dc716d4953b6e655139908b3182f0780fbd4c7aeab19c515e998871faadbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a6a2fd7350b3000_0

Filesize
28KB

MD5
abdae764a859589e65d1d3b08fa39212

SHA1
03de1df17689a87faa4181e83146df3effc1ef62

SHA256
cbafe8bf2a693005d58dcdeab0d4eb813f2541ed7b51cc4ca8199abc01d12507

SHA512
37165b569f5b2100346ce8949ed57e6121950ef846377e601e5c21f48773363ddbee398b3781a1565e0b9f2e53b7cc781b80280e38da8931304b2c020f6983d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
200f9b839fe4764f9972f0f3e6fb1a92

SHA1
3af34c56e2d6dfa6638af74c23d3638b34d1c844

SHA256
4b31b0535c472628e978133958f43b64a51690b484dc5d6f11d9472b9a99efb6

SHA512
ab9689185822649cb82ad06a13a24521a5c9d042ec93d7c6b426f64e951fa62f5a37353fc8892dff325b30a888c0348005f340a20fd35d881e6fea8dcfa42543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
c6c6dc3c77fa3d6d46eb2409df6e8925

SHA1
f3546b56a1547c6a10066237bce005dd56b7538a

SHA256
053d65ddb0978dffa36c42f910a915eb64bd54c66e318b2d838d38869821e253

SHA512
23fbc11fc7ae83fe6ad09a9d2c55edcf49dfca06453a6c3cbceba92688011801d4ad27b856401804c6599c3956e3f58fcd34ab840decf9bb551ba5090e324422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
f2a8a17888f41620363148b7e20cf0df

SHA1
eb88673c51bc1492a58cd84b0338795e14d8b40e

SHA256
144a2abbde183ca3df14e7f9b359b40a07fcb9a6eb116073f58cc345c36cbd20

SHA512
68d53398067302bab85868c99bb659831d42e807d39c3a42f1a8f165f69df713b2ca09566bad10093812fb797a95746dc29193da78efbb3930b0482d79ab2e77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
16a15d528bf07cc2fb295b2f8677d611

SHA1
c531563da71a65ceb2358a5774200f0158a1b37e

SHA256
138658a699b316201aede5abf89e8b7d4d4f40f23ba99418bd68ae46192e5441

SHA512
4e49ed5e15a1710699d96ea0bfed7fec9f50e301e0890050d2b4c51c5bba1203cac3f7c9d51ac49f0c7f14612209acd0da196cc1e95a2357c95015135ab176d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
eab9b6038bd1927a2eb5cb4806101b7a

SHA1
43092b7f0ee364140d171a1d0efd5caf7d1bf99c

SHA256
ca33100670db93410aa5a9bb76471aad26a2185b26d2a3b6417f0f154e600bc1

SHA512
4b5f171d61a048a01335f37a973bfc5bdab03a1448cb1790d8091591bc30a4a071fc0790f00d7475542ad43561e44be9da6eec4181c59180aa268711c7fcfcfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
27KB

MD5
8fe3c48fd22519103eff568a65eef1a6

SHA1
c88c5d7cf9f8ea6349f6b46f71db752cc95c6e78

SHA256
28885c1ccb18869f0a57e643806e32e84407d367b9c38e3fabedaceeabd083f5

SHA512
0f543f0036bdc8cada4120629112db62bcec04c4ff968238d8c1bba0952926254a4e9f2bc963090f91950a7f0fd5c7ef0d9e16514019c1fb06e4adac4f9e3bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
0f525b5d1da14d8b69fe7c7df4bb11d6

SHA1
ef48f142ca5898794286d3f383d4e9a81282db23

SHA256
7747f1fa72c5c32594bcf58de63f02de2d445b19513a089cc40d4f530e9a9793

SHA512
b278b843d93dda50db8d9be8b75b2ca46cecd5b0cd6f2a275c0a37cd48c8397d6126d46074bf3491eab0a5b205ce14ad5261ccd19977738d1fdc6320bf2e8fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

Filesize
3KB

MD5
e8d7820ac6862abb3c8b8e3ceda5d8ac

SHA1
5e62eb6c399cba23e92a7b31f730cba671c6b3e5

SHA256
d3da1ec1bd590399707400208d249222a0d16ac12db4e37fcdccad50303a5451

SHA512
d43aa65dcfd2baddf0d74bd901488bc37f82ef907e06236c32594c6aea25f4d14f40c8107295306510ca3a6e9caf12cb5c6d36d2515e866883a61058762df9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8de339aa76fc6fa1_0

Filesize
289KB

MD5
20389c4efb6280fbbaf6248c4fa5cff1

SHA1
50ab9c3439bd4e87c40abae793e63ecda2bdce63

SHA256
78ee2381834f99234d615a73812b5bb6afe3a60f736e21d69f98f74bf8f4fbfc

SHA512
e8d82f9fd87de2b665419ccecf39c06efbb726d9b4e12e8e59520e59ed2f8944399311f41664106c8289cbcb414980f1cf7517972652d72dd3fb94f873ec5fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
d1ceae2e2841a08861850d6f1241de03

SHA1
8c01c5efad587490c540cb34fa2a349cdb3a8228

SHA256
7db641f9c70fe85c512eebdd7c204369987f74a7954ceb77104bedc3de029ac9

SHA512
e5c167525ae7d2f33251a309b0d287832f5c749771025a8f36aea2607dfd33ce41f3bd385c23ab1e8b32e35607c576eaa24bc71bb98e01760be640e36d25e49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
32bea920b90b72803f27afb563611016

SHA1
b62619acd9ba96cac6bc4c7c48da83ac8ccd2a56

SHA256
88efb1d5ab97bd3ae43c517bf5c58aa049750e811aa5d198b2aabc26b0d126af

SHA512
3890d951abd9c8e9b217665b055592f97d9a97be703cabb1556752b65f768bd3750634919627c8d5315b61a2ffcc9f80c88a016260dc05c90dabbca2eadcbde9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
a6ebc6e8f8e8b7ccf6369180dda43159

SHA1
ca6ba5931828c45f60789b0a4ed046dd1b559738

SHA256
afcffeb5b5544545da3197efd18682eab76d6716e00c554aac74e57e528d16f3

SHA512
620a8b8cd4622db665711dda1735da40f8a9c44b92353e6fb6a84acde64f719f12982f36af4a58e7ed11bb898781673716d76887305c7e8417716080ee809f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
a05447b791fe9df7275d54c51dd24816

SHA1
3b3abd85015cb4d5923edd0a1470fcf94d5fd1d2

SHA256
505aa8030e24b7a8ab105443fc56efadbb40e8bfe1d01c2ee520bccc00b3391a

SHA512
bc251c6e6061c125574411fee3230278c4029fe2cf42ef373c971f0ee5f57e36150efe6b5c49bad5eaa6b7048ff67fdfad49f830c38aa88db13a6fed29a2d415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
04026b89057dafa8bf9b96d404f7c671

SHA1
f5ae964f7c2938e9d8853c3ec8c093f62f5b488e

SHA256
ef55ad384eca83a9d5331866d0efa34e6470f3e909d2ad4b589c2ae708ea81fd

SHA512
3a36f549e176d77c16a07fdef4201a98157bc239eff8748e5dd5e8e4f49a39e1d618dacd9ff50b1932aede2e27d8e6ffedc6c8b48211b4fe0c1deeaf370ddc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
70bc09e19b5fc68a0053416b68ea294b

SHA1
43c9b85b3df08c043cfed1543f3aa5475385f218

SHA256
02b77e0a62eef280dce491c532593c67ad92db9dc9ae62d5240eee855501003c

SHA512
37a30146c956b04b627891cbce6a35735f54aa6307a9634ecb22f59cc05d00ac19291b6a6d720ea574a1aeeb5d4263122bf11529b98bc74a0d1c5fbb1eda61e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
08b4142364abdaff50822f153ed51b2a

SHA1
36553e31c1c6868c6b3886a08f2d32ca747ec743

SHA256
64868ebc80a148370f382b559c2f8be32df8aaea40fa8387d7ed48cc9407ad7f

SHA512
e6f3b91baba849a95af0327fa9eec4ef6a972981ac9c4b15a1d7ab4addf5b17028961880f0d559322ef990002c831b05fbe1ee6087612ff50e4f819be7773447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b10829ad6451c023017bc8715352daf0

SHA1
5ed187877867342e972aae898197f3cdfeeeb1fe

SHA256
938ecec90730590193478d364ec3be62fbea061a844b0455c90f6e98828ef8d3

SHA512
2eb5de6faecdb43767c80afe8905d8582ab63d960b5449e11d79120e5bf7280f4b424751248cd53b17c91c46606faa81bd11b77f1c8ea3bcb84ff09c4a40e974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
71b4db21a526f4c59400e64ba9a026d6

SHA1
7c927e39ae1c049a042f2927cdeaec8fbe704d9d

SHA256
96a93e568176e57ad082d7bfef31fa7ca60ef6b44566ebec7dea79ce88d6eb5e

SHA512
6c834728e066dbd53bfb904cf984db333693dc2664466d077c596a715a17ed2469a26fc33857180b6ec92104606c889c1e6ba4588f2862f702c6c7a6807166ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
52ab42ffc0b594604a8969cfa651d41d

SHA1
5c11c0c45fb56de20325f057342465adf321b774

SHA256
f2a9e8cfbaba0f158fd01359d7eed0c5811b9f83f159b3a9fb07fd6adc5bac3a

SHA512
a78a24b8b64cd4d1d4fdd6100340cb771adeef31b35cf429229246d66b407544b13bf1192e19db8cd0fb0af0b4df98f472b5a87b63e50e45ee9cde2bbdac1172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
191437ae51d02e881fa4c3428858cfda

SHA1
2833da0edfe02356dd4bbf2ad00e2064b72c51ca

SHA256
1ed45fd964dd048423ad8c74c43e6e402cec3b90e6a5e1d169fe10f3a4ff3128

SHA512
b84f2f6b38c3b1c99392d7d0dec0c47601414db2b0ed60e3118d14bf6bf22c165b3ce0ad154f2bb00c62732752e4d731ad8d473c49e7080e315d1f7171f33b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
78ad1dfe1dbc143f3530d51f1bdc00a4

SHA1
7f56949bed7b6d17bbf6fb8928289709a0e155ac

SHA256
25e34e6e7c989565baddab251fcaeaa83b2c14c3dcb5f24e6165400edacf0335

SHA512
f7b67b62d86642279c004bfd10f3ce8ad5a3428d957e557b25dfe517704191cc5fdd70a3c20a33ef53e2c394a9856362191781c5aa6b44660150214da52d5729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c5062f5b8ee998c8f6c9da214c280675

SHA1
3e2d140c96a5cd2b87bdd0f36cfe4615eaaeaf8d

SHA256
72d2850a43068784ece7ed1cce347beada61505c6c5f1674bee11b794647867e

SHA512
472379b7e93a2e9e254426e60328e6198504b5b4a976a7d6bf187b5c7fa77605fca20b47dad0b65a43b005863b93367d7d0f024197c973219b720c85d58a240c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
dcaa8d1750d2b0ada2ed4fe850ebc586

SHA1
b0c468c4cf3e0336f1f2d859c365b0a11aa86f9e

SHA256
a0350bb824787a5d0a6a89b326cc3e50e2464be1f4c408ac79302832206e8e7f

SHA512
270726af76f4ee555c4d2bb723fb04aac4a0b6e7d95cc77e6e360d96b005ea90de9d454e2801a19d04c1878ef25e0d22a30ab2877654d64e528b7e4d4d287db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
91c9d56cb25beefc590859f7b51b4f85

SHA1
542919df173d532c07ac28dbac78d9c77344ae09

SHA256
87305680d87e5dcb100586204ef613773313e72d7ec1e0e8ae9deea68fec771a

SHA512
af900c8594b9706edbe191bf2f50fbe4fe0e56d7a55c92ce102fccff264aee08a7dae348506ccfe5654fbf760da3aa8a2b7544441ca9d3fd498c0c9cdfcccd16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4d4f49285d21132228b577c1c2b2a92

SHA1
ab7a2543b118f342b76c13f95f528176308d7a40

SHA256
1fb1d91d96587c8a539fb93bec21ff8334829813eeae33b3befa353421525bdf

SHA512
c02050d3aa9f7ba76554a98326ead61bab6e03f93116d69a89fd23892c96a1f5d394eb6606d97ff085c35f67a9f8ec79eff87149d3e14f7667dad7dba6c36f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b53d31778d4699281c1228293411fcc4

SHA1
f4a132c567a0c562883dc0b7b175a3ddbf3e9d3c

SHA256
0bc40e94f5e0f832b201104ff24e2233443e888f6be6caf676ce7c73efe9b41c

SHA512
4c4aee968510a043e2300032176426ba872370fa12974e1727cf30a3be1dbb870f1354030be2b19f787def98da0f7ccb3528f6f9eca289d9b459c0dbbd6c8147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d7e67a740b226f725d27f7152e77194

SHA1
921fb95f9be73d5a8912f1ac8b6f1fdcb1e0bca0

SHA256
a6de46110d306c145110c100046606e6d7851c96a37cfc040316a38ffa4b8dc7

SHA512
88f84501b65bec468e3e53afc3bff779182a1032431582cb9e2038f608cb2ed411345835e2dcd30fd50872f22515d8f4354152d2dd3eda8c31bfdbcf6dc3e5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06f3365b31e4a9e4b8eac27cbf28e560

SHA1
6f4b7163280ef87de06406d786f46931a013ede8

SHA256
8d5366f1058a2e8e7f5259aa06a11e6f9b5d81f2525dff5fdc2ec7f5225a853d

SHA512
c5b48f4dd2e08cc8449cd541c297ad3b387c049d07ee10fc3d61bcc68729a7445786f72d6a4b7f0af6b36226b9fc4fb40ccf0272826b1dd1f04dabbada11938f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
756879f0bc24a6a6ec190e2d223881ec

SHA1
98d19f96271756fe3f159575158a6fbbfde11531

SHA256
1a248e75e1d23d95447429b0418af2be037887629ea4ce30d3f0353c75bfba05

SHA512
b59272a8a8b4561a974bc82df1c4e2cb1bae72bc532739427d794a32dabc4c821e0ce26f8caefdf70e5120fdcfa3d9a8b4701105222c69ba1c05b3e687809e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95fb22554a8f510b1d981d9440b78502

SHA1
ad13021f1b2db5e244a33f905d7be95c067dfa47

SHA256
2111c64345b34268ea5d74c9eee5d2c0aba58024088793d6b9a4d18efb0fc58d

SHA512
4377757ded0ad8ce3a48ac3b24072523cacd6e9a66213669b261789f9c7bcf305d3dee216d4aab2d6a4baa9af796910209b3450bf218e1751934a3d9852d9a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
875d792c94d56cb1b94ef0c5bd2e434a

SHA1
ca72ecf9ff4f36338c82603c61bf02a35cbea231

SHA256
e468b5ef942a32340a635ef9d861d0848a2cdc2cd7cf7c74d675bab05315baf8

SHA512
ead7a4282d9cf8edb0bb74ff0c0f52f15c1f20b6d6bd4dea6a07916fd46dac41c45c6bab9454d0d45918bad4ab10d382ed9dbe4928692737f2cd1dd5c16e7fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e0821130500a1472e436e69aa7e2b88

SHA1
83d28bbfe74dcd80ea28350684ea3b5b6468f30c

SHA256
d51bca763787c6b83af27529ff2e8da7a76078b0f6bdffcca546ffae16b6bc82

SHA512
f9469497c844288895bfa55470a48e89ce77ca2e44d3df44c226cf687bb9ea4c53f26e25f97e5cc1bf5556971fe5c5279f254cb7ffae16dec05ed5fbbd016dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b71fb9a-5875-435d-bbfa-189d9e7702ea\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f221820-c05d-4bac-9295-90619f82867f\index-dir\the-real-index

Filesize
2KB

MD5
7b415d676e5f84f96136fa1223a7d49a

SHA1
e0927e6536077c715785547072de302c8b0ef37c

SHA256
41d8fe225452e119b5281efde37ccdc6d9988cae1d224f01a79b604dd379f197

SHA512
c533c00dc126934851097b462d9e89feb371da367e9a2d49502578106628f214155a41f56ca9554aa4f52d5e04539ed7a3060c085af4edaa3967d9794b52d09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f221820-c05d-4bac-9295-90619f82867f\index-dir\the-real-index

Filesize
72B

MD5
10961dd24d1ba2d035a140f71401654f

SHA1
eb344ab0acc5bb3c2b74452582ab72399a5c8636

SHA256
1305b4e94117cd08075cc7d356c6e7d620af289008740ccaa165f88651f3d153

SHA512
57a415487217c0ed6102e8360dc6eaa44720cedb6ee94e8e3a8551958ebb5d73be6ad078c0f7a6c7b3cd28ff586832ec0f7201282e337867ec7f123869d863d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f221820-c05d-4bac-9295-90619f82867f\index-dir\the-real-index

Filesize
2KB

MD5
3f2b1d690796ea9decf0a98f6540f90f

SHA1
81cf60b900f09a445b0b7250014dbb3d6d6545f7

SHA256
fae97aec757bcae1d20eb0ab79850d655253f74bb999f2e987149cae55e1aecd

SHA512
d0e7fca8cccaf327834d6e45120922a1dd2c54cdc41643eea0db216d7a0dfa4a4af34b88aca4b42fb2c2400e1429e240b4d3490a04cf3aa68ef94728c4c6c719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f221820-c05d-4bac-9295-90619f82867f\index-dir\the-real-index~RFe5b55ec.TMP

Filesize
48B

MD5
8922b27f9fee71813c7dd94a54eed29c

SHA1
23b7785f4f7c7468c8e42e94204e9368087b1639

SHA256
0316673b159ebcb0be3fdfab4a02a9c91045b07e5d79427cfe7041f982d9b590

SHA512
2b3dab91ca3bd3acc4449bdfe8885425413ef07f26023c020490c5f1dc5e8a4595982d6a0d3b447bd7d0e720955ea168f9a20cf778ffb4b0514881a7a01d6d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
147B

MD5
b048ffd4b0a5ebc296b9dd0ad44a61a8

SHA1
0e87ac617c0e9e77f95701f468fae5429f7f1c4e

SHA256
703071d12ce871cc3eedb5d2c08023f44d9e5b1241564319111128d6841de8ad

SHA512
66f2165b3136644fcaa8fa8508bbe126c5031686d1ecf4a820b1f7fbcedff74bfc442ea3ede32300ec3eb6748e03bdab12dc960fac7c64916b6e3044c1dcb160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
33700c6f323b324be05b1701db0337be

SHA1
48190ccc6c3a3a0c2920a1dd289a6f6fb477f029

SHA256
16b538241e7ba41b801899e48ae92400278d0a7de407f365dbc21e4603cb79c7

SHA512
c2c27af1e957062ef5bfd19e91432789373a5222c6f1f1e771534e8fb41525416bdc7503bd9eb86b87e1f5c515d93f2b22f5484818d6d227f50b8c430cb765c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
47ac95d9364a639060d34c84affbf3cf

SHA1
21404f3bc62e0b23497d21159c046f6c1283a00f

SHA256
534f3c6d3a094dcbd8f6c9c46aef9f6dc0a9683a418b432a56bcba3245215072

SHA512
0b163b3ca81b18ed6751daba59e77582da23b69499f3a48cf3c557a51d50c47d3e8b222cf9324d1222c3cd612ac7e42587327eaed9e13e37958b650d8e7adf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
63eda2010a5b0d18a844b7a8123f326e

SHA1
d1e44ecd6e6d29a2107ceb7f47a8bbf16b421803

SHA256
d35811e9554ba9b6ecd7e50e5d59bc35fa3819a219f4212c8e03571ef82bc925

SHA512
03ec4e19bdd5ff1233dd0d3cddfcd4c287c004d37075860ad5c3f8b696d447a73ce555388b93eac63df096ca9bb28ed90166250b6c64dd36021c2dc91b2b564c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
03457dd9a179a5be5147aa9cd6e09e59

SHA1
0abb69ab554afebd3a11d4d39b922dcb7d27745a

SHA256
7986511acdcc9ce6709e45cb4554c6a3d5c9ebf26f1dd9be3a2e6276b61a7442

SHA512
acf27e07e55b37288881492c455a30f06643a5532c452ad924b434eccfb1dad64648611be9bba7cf3a0232c54c9d9d1d1cc47e7883b72256e79cbf3d3501759a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
83B

MD5
176687eda8d542080cd91da7be1bdb5d

SHA1
ddffd20ae442c2ee8c39565b75eee449a0945622

SHA256
f25173110df3e13dea52061188ec0d9f240f3ea2f9f51ad74d7755f3d56b57a4

SHA512
5ccb6e159b501844f3d3a3f97630c67459fd333a396a99a1b0010f875e8d7fc0573bb2faeb335ef4219ffc4433c518e3d98f0cb66b10b32cbc74e41c08e42571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b4330.TMP

Filesize
89B

MD5
d765e8f9d4ef78079584e717e4d4a711

SHA1
cc33adf01dc6481c21c4322d1d44be521bc9d689

SHA256
1e4d193dc0f8e8246158e4ef843b0f99cec29e9bed8002bde2a1c4263772434b

SHA512
33011ec4f503d458ff316c20b70e766dcfeb07b61c6e2569a72dcaee3efca668827a9784f326fa54a67c29f72ade59f241b5027e6df4e34acaf2251a774c9723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4bf8baebd9874882c95a0c1a7c80eee1

SHA1
052f7035415057a67a9bc3ff70c86491a0c1e017

SHA256
b0b96b00e13e7ee62e8c35b4e9f26d82caa2c46ec3acd5279963afed564bdda7

SHA512
409220c0d8c7f3e8d4be31b847870a2601b7ba7e6a296d4210e73b320fbe2673c135e0351e643c0284e53af181db41b0a4c2039071e44d8ab52e6f19a0e20490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b92a7.TMP

Filesize
48B

MD5
b2f696d492b3dbd61cb8c0436183674b

SHA1
d4aa8e300b7edf4754563cf951bf89a7cf407235

SHA256
f5b8103a9f1a0bda847288020c1b4fe66c136f73007fb83b88c08a6017747aa3

SHA512
6d39c1ecf37050bd268f4bd0c74ffce668bec7a5bfd6267b9e7397894929f942c920a2db33dedd6e5d6874b85b55a3605864e624626c9be5155fb8cd35eea102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5215fac259289a8c4fbefa6eab9c31b7

SHA1
2f34e33c52bf334ed7c31d054128c65a0da06eb8

SHA256
8af8326b9ef8d2ebabb06fe5de7d5b1bb9ef50bd5747bc00edb4386c147251d9

SHA512
1e97971f2da5856cf1d596bb9c6e1165f544a76c13611dc45b2bedbba70612c2f9a668056546506be94c9ffbd8e6e68225ad1021a595dc20d8607c6cf893bf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
257d796228a56b4cb9ddc390a6522cd6

SHA1
7468b0b5cf4057d63deaab41f27d133449e970d4

SHA256
049eba64b020bcb028e45adcf94b673ad1358840eae69933dda01821d755e646

SHA512
5dd4fb3b69d91c3ede5dc6e68e417f8ffa5c06710b29fb5a77e69c879520b41afcd554556f216dbcbb857a8796bea1330814bc1573d1f798b9a86b9ad810038b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df7d4bf74e54ca87b03bc86478945055

SHA1
986c28dbcd81736f20d8c03e1dd4f144e70a06f8

SHA256
600721beb300e5c3ae48f4f136c099c4a6f1e5d5a43e973c24f531480ce857c5

SHA512
9e64805a5b041737e425d656047537eee05c8390d6ff8d99e238e768102bed35381f549b86d82a2fcc0d4a91ea8484bed024d70e2a4b7cd64a0a8b151837dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
daa8a36780d653b66f19488cf32dba96

SHA1
00290bf3cf473b69f1bc2b81822e430e70e9f0df

SHA256
01d604c66b5bb44699e8fe41112c116388db8a3a6dd07c3534bcaec622811ed6

SHA512
7808b7b5c7eff7ef278125b741d346e3807186cbb1d313cbf5d2e338e82e170db3f9e708fbc42085dc83b732e28380436e92a8b340e6133cf1093d0b66a353b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9254c40a39324bd482cf64150c60f6e1

SHA1
5a7e11abe6ecc79e37d35e1ff8965ded1e251f44

SHA256
a8a13c16d67256eaa5cb8a5acf5ffbb47d9e469c37d09f9991c20ca5ac0f79ea

SHA512
e5edfcf53b7487d569ef7eb17fc4132a9b4ebc75a35ea88557ea74406373152561481f12282aa9bb806bfd3ae08deff57844cbd9afd9693cb67c9fe6544f107b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3757dc52f145fe5cc0f3875bbb93318e

SHA1
6b45af286311337c2252ed8f388d72b9d439f33d

SHA256
9fa87b2f4913c10a92f3edf26612d6b0ea890ed3e9c738f714a3e8174584e13b

SHA512
ffdaa26767539a39c15b599e89e88b7dd0e0a791880c263bdc0dccff9701c2956ec68758efed636b0b6f1ee75c2b9da56ef3ae04f7e080090cbd9a9f1d0adfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5805f6.TMP

Filesize
1KB

MD5
ff21903fd41d78d3d4c82c810c54fb06

SHA1
423c37c4e3b551839d22590d3f61e1bbd7eb1496

SHA256
ca1ae273b037bcaef088e99a723cbf95b6ca3d0041ad2d4599e4714c161d796b

SHA512
f5bf54ebca4d14fc68c40b7aea45aa67faac82bc78334ebdd99c6251437bb2b200a88e37190f10a774902334c166ea4bff7c26d9a45959342df8e157000f7e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72e4da4f7327fda6485a632e82420cd0

SHA1
4a21050af7793c5d01ec0bf980430dbc0fcf44e3

SHA256
cbb2798e6faf71f797ed1c5f15d88e15d47a40c64ab2751823bb945af693ca1a

SHA512
9377e2743e6517f0b175e470cac110363e2f5fe4a55ca4c2f3da5796bfca3e66773e198c56f36c8e7a0bd0c944ca991264aca8d131d5a7c76ddeee6709306bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d5a38ad437025d529ce3f0f83a325708

SHA1
ad0f491ff65f422470a1c6e6e75fe526fa85f758

SHA256
76d4995e3cecc854f1954034ae4eab0f3a415cdb3a243f7171f4eb5775989ec7

SHA512
93660dcf2c824e3baaa654029642e2810aeb3d9f5b12539e9be56454932a37217598de524305664c55be64e2542ced30af75d089b155caddf501480582a2ba77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5276177c75420b42ebdf2b91db08f115

SHA1
9e463af026b4b7438a6d9e706dcb02ab0bac6878

SHA256
9198589a063e4cd45371ffc828a2c51cc4188e164fbd848bb8961520e6c53052

SHA512
4279f9782d2c611b5956db9e1e75e759690008aac0bee3dc786f776af7ed876de0e5e1df4e7337dfa2354367fec0db7dfafbec57c11031e0e1b752bb704e34d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19a2ef2aa88580d1c99646966f2fe0ec

SHA1
e334430f4621b56feaea2f03f751de0f3887a19e

SHA256
685262c9c010b013f41036451e54212ecd3dfdfc79936af827b1f38fb169d6f7

SHA512
efca2ecd7a2852b6b601bdf55eacc31d72c92d6f1f6744bf8d312402868b091f5542e1810569fc3c435232908a40c049ad3f4bca34a2ae1d17272ccfb57ff3cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-940901362-3608833189-1915618603-1000\8f27efea9280c1c617fdc09cfccb15b4_f2cdb6fb-4ab8-4547-9f25-fad1f7a44351

Filesize
3KB

MD5
0f131904638bbdeec4512bf0d97f9f5e

SHA1
81e9cc9675657e94f646ea6517e70cfcb114dc4a

SHA256
d97254e5f1aa475294f5dff0777632a8fc2f2f04a22dca0c84ec1f2af437f08e

SHA512
a4522b26c4641f7dd7178fca2ec8772c2593a1248e0b95dcff33a9a3337162f5fe327fd250859847f5dddde8de7b9077708ffdf479c6bac85197d64901e3cfd8

Download Submit
C:\Users\Admin\Downloads\Quasar v1.4.1\Client-built.exe

Filesize
3.1MB

MD5
a21e87cbff5cec556086064e8b910d66

SHA1
cf8422bd15f46a58169b7345254561c947a3aa02

SHA256
51d52283afb7e54eb123ae7caaff901069438a45f888725e7d2003bd90ef8039

SHA512
691a2768f5047a0d262f9848a58f2b865fbf2df7788bbf6107af6c9103f8b681da6686226ae63692f4dfca97d08ac5d8d95be478cd231b61028cc7f936fc25dd

Download Submit
C:\Users\Admin\Downloads\Quasar v1.4.1\Profiles\Default.xml

Filesize
562B

MD5
87fa02ab67e743b056a12811eea5c577

SHA1
09560aaa6eb1110dc6f61b0b6fe7ce212cb01776

SHA256
24b0784a9d9c0460b3e834b50087fc86431a8796eb9ddfe1c4bcfd9ec3b97323

SHA512
0b80148a8731331a42e6c3ac0572a664459266c93496754e156557c073b1f3a45ec0b47ca6f9b1e36d0c3f092ff2377a5b2d2dabfd41d8126dcbd27541b759cd

Download Submit
C:\Users\Admin\Downloads\Quasar v1.4.1\Profiles\Default.xml

Filesize
1002B

MD5
0d1a053ab3e6f9dae642a97741b69b70

SHA1
91a4f41b8520957c920712e22ed25c0be9641361

SHA256
5fdff417d0b7791b8cf234182fc73f0fd293e33355e1a00204290b6505220fe3

SHA512
0ba2e383846644903f10df236113e82fa374b5ab5346f6c5aadf0dbe0930f66bf1138dd95c161048b7eff9b150fbd514dccf6de5d0bb2a6e2153f50664ae78e9

Download Submit
C:\Users\Admin\Downloads\Quasar v1.4.1\Profiles\Default.xml

Filesize
1003B

MD5
e5424e960b637f3e5a257897b00c3afd

SHA1
2f4e3f568be5fc8b4c5af2816a65b5898ae7d15f

SHA256
6bf85330cfd83d146f1e24b66538cc2f0067ae1d19fddd3974dabe79139ebbc0

SHA512
ab0ac76fb43defb1377c8ca9166773ac4a3fd9371f60e4073f630e724f5c229963efc495e0da179fe321b140ac958d666fe05a4cb1b0d0cee714b5a6bcb91008

Download Submit
C:\Users\Admin\Downloads\Quasar v1.4.1\Profiles\Default.xml

Filesize
1000B

MD5
2e51aaa58ae87dd6accf9fe085a99224

SHA1
c8763eab6e69286e675f3374b7d5cf1096831cb0

SHA256
7354e07faa09555042aded1c21d03cf4554f7eb4204b3959b54d0efa4b048f82

SHA512
5e40d142aead41cff2098179e44ad85f75e4345952846233a04c82c4bd5d07a74396906f846fd05685f36d3747199a9aa941f6727d97caabea5a1c8fe6ddada2

Download Submit
C:\Users\Admin\Downloads\Quasar v1.4.1\Profiles\Default.xml

Filesize
985B

MD5
579d77a14bd8259775cf4390ccb11929

SHA1
b65168d93d937774609d91246830c0a11e80ff90

SHA256
87b96e199bb7ee35d3ba86756bf35d8b0f14ceb56a51e64b45303e157e52f335

SHA512
bd9e3134c07330cfdf51f750d5fd20ffdd3d947e8924fbd68d3a558de92a1266993c16ba718bc1f9dafe49466a3603658ae105db61e0cc3f97282fd98309d22c

Download Submit
C:\Users\Admin\Downloads\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
c54e487f2769112ce0215e3a4e774048

SHA1
f99f2b2c7ee07fee27a816f04701dbdbbbe1bfb0

SHA256
152253eb1578f87d96f3d3696ee0b36d532d913a7f793227fb714087537e279a

SHA512
084e851475abf3872ecdead4de3aafa2dead65239d4cdd3fc6c3d3fbb24d33b1e561bef02561f9161ebb19e2b9020edd41f689201c515ea7a0540ddc4f9d4ee0

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
\??\pipe\LOCAL\crashpad_4948_IKIZAGUTCDTLQTMM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1988-1926-0x0000000000B80000-0x0000000000EA4000-memory.dmp

Filesize
3.1MB

Download
memory/4716-2006-0x000000001CFD0000-0x000000001D4F8000-memory.dmp

Filesize
5.2MB

Download
memory/5424-1808-0x000001B3FDC60000-0x000001B3FDC7A000-memory.dmp

Filesize
104KB

Download
memory/5424-1807-0x000001B3FE2D0000-0x000001B3FE32E000-memory.dmp

Filesize
376KB

Download
memory/5424-340-0x000001B3FE540000-0x000001B3FE86E000-memory.dmp

Filesize
3.2MB

Download
memory/5424-329-0x000001B3FB3B0000-0x000001B3FB4E8000-memory.dmp

Filesize
1.2MB

Download
memory/5424-365-0x000001B3FDD10000-0x000001B3FDD5C000-memory.dmp

Filesize
304KB

Download
memory/5424-330-0x000001B3FB900000-0x000001B3FB916000-memory.dmp

Filesize
88KB

Download
memory/5424-363-0x000001B3FDCB0000-0x000001B3FDD00000-memory.dmp

Filesize
320KB

Download
memory/5424-364-0x000001B3FE210000-0x000001B3FE2C2000-memory.dmp

Filesize
712KB

Download
memory/5424-362-0x000001B3FDC40000-0x000001B3FDC58000-memory.dmp

Filesize
96KB

Download