quasar | hxxps://download1326[.]mediafire[.]com/zh4hbc1b82tgRgff_5hzg2Z_0HVedf3-JIQrwAo72a08MYE3OMaNoc5OtY0WNK803szdWKQzRSnJsnrBh-p02oIlIZx_UiShLave_vjLbWxHP_uryGxuRjWykCghIa_cgZG2rekX7fW7o7OAtyI1kncmTbWD0kKw-cqj54dWOODp/f6yljbkhlomf6mq/pygamerat[.]rar

Analysis

max time kernel
319s
max time network
319s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2024 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1326.mediafire.com/zh4hbc1b82tgRgff_5hzg2Z_0HVedf3-JIQrwAo72a08MYE3OMaNoc5OtY0WNK803szdWKQzRSnJsnrBh-p02oIlIZx_UiShLave_vjLbWxHP_uryGxuRjWykCghIa_cgZG2rekX7fW7o7OAtyI1kncmTbWD0kKw-cqj54dWOODp/f6yljbkhlomf6mq/pygamerat.rar

Score

10^/10

quasar office04 discovery phishing spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.56.1:4782

Mutex

a2375055-d323-4f14-953b-13f74ff9f85a

Attributes

encryption_key
36B9F39EDDE38B2DC6E38AA9208FBAD7687FDB50
install_name
Pygame.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0004000000000745-120.dat	family_quasar
behavioral1/memory/2776-122-0x0000000000E10000-0x0000000001134000-memory.dmp	family_quasar

A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 4 IoCs

pid	Process
2776	pygamerat.exe
2040	Pygame.exe
3844	pygamerat.exe
4768	pygamerat.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
77	whatismyip.org
90	whatismyip.org

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\SubDir\Pygame.exe	pygamerat.exe
File opened for modification	C:\Program Files\SubDir\Pygame.exe	pygamerat.exe
File opened for modification	C:\Program Files\SubDir\Pygame.exe	Pygame.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
2140	msedge.exe
2140	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
2364	msedge.exe
2364	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
1688	msedge.exe
1688	msedge.exe
1096	msedge.exe
1096	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2040	Pygame.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeRestorePrivilege	3744	7zG.exe
Token: 35	3744	7zG.exe
Token: SeSecurityPrivilege	3744	7zG.exe
Token: SeSecurityPrivilege	3744	7zG.exe
Token: SeDebugPrivilege	2776	pygamerat.exe
Token: SeDebugPrivilege	2040	Pygame.exe
Token: SeDebugPrivilege	3844	pygamerat.exe
Token: SeRestorePrivilege	3920	7zG.exe
Token: 35	3920	7zG.exe
Token: SeSecurityPrivilege	3920	7zG.exe
Token: SeSecurityPrivilege	3920	7zG.exe
Token: SeDebugPrivilege	4768	pygamerat.exe
Token: 33	4524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4524	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
3744	7zG.exe
3920	7zG.exe
2140	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2040	Pygame.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 3916	2140	msedge.exe	83
PID 2140 wrote to memory of 3916	2140	msedge.exe	83
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 3976	2140	msedge.exe	84
PID 2140 wrote to memory of 4420	2140	msedge.exe	85
PID 2140 wrote to memory of 4420	2140	msedge.exe	85
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86
PID 2140 wrote to memory of 4612	2140	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download1326.mediafire.com/zh4hbc1b82tgRgff_5hzg2Z_0HVedf3-JIQrwAo72a08MYE3OMaNoc5OtY0WNK803szdWKQzRSnJsnrBh-p02oIlIZx_UiShLave_vjLbWxHP_uryGxuRjWykCghIa_cgZG2rekX7fW7o7OAtyI1kncmTbWD0kKw-cqj54dWOODp/f6yljbkhlomf6mq/pygamerat.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec77846f8,0x7ffec7784708,0x7ffec7784718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,6610516831212181501,12011254016508975943,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6876 /prefetch:8
  2⤵
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4388

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap32360:80:7zEvent12367
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3744

C:\Users\Admin\Downloads\pygamerat.exe
"C:\Users\Admin\Downloads\pygamerat.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2776
- C:\Program Files\SubDir\Pygame.exe
  "C:\Program Files\SubDir\Pygame.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2040

C:\Users\Admin\Downloads\pygamerat.exe
"C:\Users\Admin\Downloads\pygamerat.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3844

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap3563:80:7zEvent30157
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3920

C:\Users\Admin\Downloads\pygamerat.exe
"C:\Users\Admin\Downloads\pygamerat.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x39c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec77846f8,0x7ffec7784708,0x7ffec7784718
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17623283388991348458,4374894512260507355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\pygamerat.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37128b4e4883085adb70212099d33acf

SHA1
9c716ed5401e9dc2c6879b03f0a34d824d2ede99

SHA256
91c7f07e7aa52f1e4d6751b4ba31d098072197bf3ba6a4549d213f9fe1de1ab7

SHA512
3e3851dbdec3560fc5eb18be51de362acb4bdb889c66d1794b97f29a8a3a86aca900406360778819ace767653d083be45a21673e232be205e81ff36ddd9f63ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
3b9cf1077e681b94cb90216d1e726dbe

SHA1
ba5709d36b297d6414a6b4abe854bf941c0ba895

SHA256
366d22f5ed6b54c893418f12467cb006cb58c38880d6d6036cbb7f3de777c9c2

SHA512
361e52c27341016349be5ac5031f01f2e409829b711eff76110b420424ca0bf9a49433cba4de4615e2361caafdef946fa14039c4f7f67a2b8060a0aaefc63a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
783c4e8efcbe6379604c18436ab9e40b

SHA1
9dade9dca6e22b908c0f5d9a5a06b4b41e7b13fa

SHA256
39efa483a37ba5b8049db144bf9a3a482ef63b0d2aef08256a7f4649be4e0492

SHA512
1ad0ff1ae2b7fbb23da7ca690716d5aeb64951b60080c65a955bce9fed84b6c203e6c8e2642f5335fbe4021f1cc385f79974de2bccb63fcd8c5f98fb55186b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
279a13aa189dbf3e538157ee7af76791

SHA1
cacced30d6061c1ceedededd6ced2cf35a6d207a

SHA256
79753f892336986825ca4f132de7577478d6e605a5a6fcd35b61386d5a93cb7f

SHA512
ba47853c1c2fbefd9eb9bfe8e051244c6cde9136f1a0a2bb650a66ec79550988a8cb1b4f235af4214ff54374e6346239c7580567dbe0a3c355e8ccf92f1bc7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c939d53eb136f44b4901182d698c1b4b

SHA1
d73e74e0fe81b852766e51145a345786c4005a48

SHA256
b516cc0459a3d5809dee77f4383d00595054e2012e97a3213cc5c99358773ae7

SHA512
dbb48d54a48278b86ebc1009ca6ef087a0a98b0830ffe2619efe3cf47af8c29f301d616d804282af833f51af2854a832f0b395abce2ae6ae2f41217c2b4df66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
606f2cd9d41e5fc16cec3ad4f0d2436e

SHA1
d7d71f537bc1fcbb189498a0e6d3ddb7d7e229ce

SHA256
0c0c71654030df6dfe12c50d25a72431ac409889b5a6d6970cfe5382e7dafed3

SHA512
3230d74765dde4d39a2e79722f86e9772500a0b743417f5cc5e111eaad0f944f919bfd0d0c43459c2a476625934dcbdd8d77d38d854e6421da731f7ff4282b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
dad658bdc573d0bca881b385e6b5ea8b

SHA1
ac2bede652176641e97514c4f6ab6d545f99be52

SHA256
488c3f4019f9b18442246d1e8762f6ef3c70b9ed83acffc29b833f76f7d53d7d

SHA512
2ea4862d665ba896f6ffcc9a50cdff0cc2e334f917b81410e757d85fd2604de77b2a400bbf02eb98b430139b80557b2bc9bcaa9ea4039507b36010f6e1ed8687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
7KB

MD5
227ff67cc6962e83b26d4bd3272b7a6a

SHA1
a3299bc95acb03a586aaa1506db190910f236e83

SHA256
3f12f8c769e734211731087df9163710481fdb8c65dcfd29b630ec969fa15712

SHA512
28482d8f133a038b4c74eabe783901c79a6bc537e70c07fcdab95a2b6a7cff6fb18873a8109d1c319ed41a1370f206e072d0d1f59ed4724e951962113235ca86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
95474d3ad3a133a2935836034b8bf0e2

SHA1
eb24ec2cebf058ba2a813ec578c3d555f0e849f9

SHA256
4ac7dd68910aa4ad76db97ce39742f8b68ca7040e8bff9fdfafff9280306776f

SHA512
ef8fc4114b4b4d4b15ccf584f239de1d5dd80b994e71e50fb1cdeb23b9c6766857e21912a30aa591b20c08806ab27ea10e97ab8ee7844f0c7fb4cb08d6f919fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6db77fcabc3896ff9e39465230d8801d

SHA1
458d5b84e45a8f4e5b9a03411a5aa0fc36d58e8d

SHA256
78def01eeaf75042cd06356770265d094a9a59804594953ff3a23244df26e595

SHA512
1433bfb4f7f688dd534e17baf5dc5080339d7eecd8b9bb79155ba53fca7f4340d46a389ea32c5c275aa7ec890a00c122710b8a2e56429d9997358cd5874c7155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
978853f147f0366788f629962dc7b446

SHA1
880cfe9748a2e53797f1f0fbcd2c6b81a7fe114c

SHA256
ad282621621d44ec5bf29c6d26fa714bcbc965bb579a8d395ddb3896208b1fa2

SHA512
2a51cd6658e3628c7f95631ef8af2206d1c701b02f24d105a7fed5b21181ff33d73972534ad9151f2857df040a23045cddf3430bd2a7271a6cd987eedf01a263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
44a883e2d6e2c34e379ee871f04bdc51

SHA1
289a7e893c49e91e33c28ed496f5500b75c6299d

SHA256
ff1bc1c7962da41eaf4d48b5acf81aea018dcb13d7147daa1f8b3add4f05b111

SHA512
256249369f2dd97883093295b8ca8a65988de5febdeca00c168d20800f9f86caca1fda46560421b861c75128c521f5eb09a29fd6fb0a4799d079267072f9a40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b4116d5593d019378f5e13e748994c6

SHA1
3699ba1e04c1a3767b047a13b2dbb698434753e7

SHA256
2f9078af759c104e2bd86d4e908d97b610f8fde0d40a96b1b61579ce93b42e06

SHA512
cc7e51ebcf72fbc8488598d7846b3d74b38647685b68e3c508e96d89d6a9189d75bf4d2104764283aa8f278416032b02e4ef4cee61122adf2e99519a41afa9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
96dfd72db4b2a2d8a34626b367d153d6

SHA1
236d8803da99a0d02cf7805e3563d415b4b05e73

SHA256
8e295a87a4015de170ca0bcfd2dc64d45422b1279c4d18f5fbd7e89672884cfa

SHA512
4d840bff77c50fe00a5ca89d52670220bc391387a337796e25f68468ab9225e271fe38d2e68d884f35737cc9bb847b1dba8f383604be97d5344e587368482c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d75cc0a7d626469b446d7bbb02f7381a

SHA1
5ca0e62a8c068aa67c6d293748eb2a8b38073d5d

SHA256
59ebca404b271144f138fe98e698c9082b70717223d4dfb5f46dab5bb717aa94

SHA512
5ea0525a3c2b9382825e2bb51f9c14660b2b027654b9ad3173a620fd882c0ab96a6325084f3036a113d5e7c72a3163d0505d0a37bba9653ab120d6693f30e6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
af52fe71f49e1b434e328ecbf941611f

SHA1
f472d4a46b87384970bf44c2af1e65a2772cee65

SHA256
c9c55fe39b06a66d5db79c118c9c762e5f95b3c24b18a7de3f4d4e396105a86a

SHA512
b775578e1328c022116f325a27c9967210271cd931198a08e52accd74d9a34a7657dd97f0d133bbfb89506747964336e4df28c8ebfc0e4731fb37a29e5ca1ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c471aac9e1302c1a7359427e368bb0fa

SHA1
e1e2d8e93910fd6226793aa42c6456699c21df69

SHA256
b12618b9d7cb3c35cd242461eaa3764afc10b9f17ad5f8aeacd58bb07b436859

SHA512
c48d5a6d190804832fb05bf5b67d1fda5e369ea6603f74bb520774f27a799b157ab52144bbba5427527094897c8f403cd981c9ed52cac80d53811cecc5cdd689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc1176c72372acc23ca216038498b7fc

SHA1
7fa50f2ad89898c01b1170858f28d5ed1777ac6d

SHA256
8cc8827c9b3b9732ce7ce46352a25c8a0d9210693f6ce1efb628048fd47673b7

SHA512
042af8a46e8050264a0136362b4da6f92cd5673211612420709ac24c379241f057100e97415961472793f1e82787b3dfcb19c5cbbbbe119169d48694d6b17ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\166d86a9-4891-4787-a88f-3a8f33017717\index-dir\the-real-index

Filesize
2KB

MD5
554469e864048d65f3ea22865dc52fe2

SHA1
e347f3f5b3cec9c6cc02a1f956e27eebe142ce2a

SHA256
3f7f746cb79052d6a3c99361c889bb8fdf70f4a4c88bea8e6a7725aab9107c57

SHA512
b62b19b5685adaafb17cc2a4067fba347abb3c21ab6c4491a2c2c0f7373d1f62688b83f4dd66e72254829ebbb36e7134bfe8dd9633b26c8e4f37749d8663eb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\166d86a9-4891-4787-a88f-3a8f33017717\index-dir\the-real-index~RFe5bc773.TMP

Filesize
48B

MD5
0eaaf6d64cdcebfbf1001a7f23b84d22

SHA1
14e4a52a3b62d875c4eb746343cab49b05a80c82

SHA256
43ff5586f234d796b3123c13e6bde7b977601588da28f1589ea40371f68edef1

SHA512
b229a9e369f39e9762393d3162e858ecdd17406f7206072632face5145938c96671da31d253f43263fac171321cdc762d8d344f93c9329b742b0747c138a840a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
f9033c9364580fe520a0468a689ac3e1

SHA1
19a08eb4899f104af92f75178c7b0bbb92593119

SHA256
e9d4956c4129cea66848713097a9a4281955ba3ffde4538975fe74c865f04b60

SHA512
85d5b9b3250e56deeb47bc02ec5c3dd137a560e68924f88695afdc5ccfdd77284d40eeab8cab047a3b88336b0984be26467eeef5cdf61fa7559ada4365a0915d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
61f3d127a4de709b9d4d3b6ded98820f

SHA1
a8b7b085cdca5f088b862f13cd051d0ad52a7fc3

SHA256
f2ba73dd055d30ff10dce0174b27dae7e9a0ca3fccaaccf8dfbf63aeeeab3e0e

SHA512
dfd412cfa41209fe4f12629195ea4c0b625203683830aabd027deb2eaf38741bc58e301b014834b8229fa5f1effa97089206dcbc639b730cd980ff5543129d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
c602c95811c0e50982837668b280d607

SHA1
c2f332781c521f1ce1f62d3807df016da69c411e

SHA256
746f121168b3d7ebd1267d381d1c42508730e1a8c00d27e5b4cb70d108e0a51f

SHA512
2d383b566a67dc8736c3cb8387caadbeafc5f6fa16f592b2365a1c5407b4ca045b9c4b2af40f159a302befda45b8a45da646b074e6c21a719ff69543f9ba2d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
2e88461df6136f6bce58a0ee71ad9071

SHA1
90e548a248e08b77310bcb141df1f911a08fd852

SHA256
54e2c2d99f44dc399355e03cb8a61d92171ae710e78db85b6eb72659ef71b472

SHA512
e604e264163ed7131473c12eb522d41649bcaaebc82ef1ae3e2fcc38e62d0bdc1e9a5085323af9a2ef0ec6bcd6afdd93449ac52f4fa19bf626a76adeeb8019ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
961B

MD5
97dc5c917aa1691d7e360a043e165072

SHA1
7e3ed0dd05e9046e6d25cf29d339cae261aaa560

SHA256
5b4ebf85654f10cd9baffcbf27d1daf43d1d803b1b27ef4495544e423d9f4459

SHA512
5f0bdb5de02a3a34a5012a7cc7024bfebd4e9f4c2e6e4eace86275dc108a8324f792f6af01a6d030acefdcf955c941e96d0cf9166a568a48a86b6f4a5feafa80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
870134d210804232e74e2567126162a1

SHA1
b0d51de9f2672fcad934aa07751625cfa70a902b

SHA256
aea4561a7e125892d12cc9e73bb17e4ed58e56d3397b9cf670ac8b5b6ab0a89b

SHA512
82183229daf668f725c2958a35ea9712237729875c7c39c8060f24aad8f979e91a03cefe57fe12e5b1692d8b94d4eb36d9cfd6fbdc60b471976c6e445835b397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
557d4f7c78c17118fc6dd9ec84ddca51

SHA1
d0f859f124da19359763c73fb90ef643cedcd304

SHA256
b3ece2ec6fa3fc41bbf96bab32172a94a2793358fa5f262af6e5478ec08692d3

SHA512
d2c4e9dec83e0a2d2a6d21aa40de4b82f3345a00fb0c4c6ed10cab9ee2f3598988b7ff32e46763dd54924f7d25fa78339e491ba9b282bc64e52cca297ceac569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
34cdd8f9187aee69ba3fc1f19064cf3f

SHA1
82c3df323a15fd66d0b11f862d97f24ca84ce733

SHA256
b40ed41313d81d848260a5161cabb4f305eb874b92d041f2b9dd421bd6fd94d5

SHA512
43025a0ae32bf0cdcc1ce1ef0daf2dbac481b0df9149785ec1103144ea1b15d4ed9b63d0ba0b672f47c15565319f39556b007f98743513f0b9ecbe345da37cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378570935417355

Filesize
28KB

MD5
6e839412d00a63ea5a9170eb9b79f597

SHA1
3dc5dbaa327f5cda237cd40106ab19f1a33cd6b9

SHA256
77e63315df1c2c90fedfc5c5af71c221ae0c9fa1dc2c997fd18e276e66df5a4e

SHA512
501129a1d98a50d88ceaefacf9304eda6eedfe062d59e41f39dc4a5b21247fabe76d5020cb98f76bb25c84bf818d468a7d878f34530b5d769d8023855e258aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
304B

MD5
5b43fe52bdf3a7d10e73d9fc76104992

SHA1
90508712491400adece7f8609646396ab6e4838f

SHA256
81e52b65709cc96d1a647a68fe1ceaed1c5f91d5ca001db494deca3f3a8d085b

SHA512
3192f0521d87a69dae8e6fd99e0594e9f8c37fb46577c93e377ff14fdb7c98fe58466aae1d2a830b9af0ff3c61057fdd0f1ecef71a6d7a77792e59df0530ff42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
6b84535e5088a47b7a09ef6b1ab4f1f5

SHA1
b4c152d2869844e3b1dc1e2b44b6e6071f8f700c

SHA256
04e642b417438f36f9da1981cb0659c7577f58f809148b0a124581a1e0fd58c7

SHA512
2eb745ccfdaf9ecdc561ee7f09e0eb595a8ddfdf5a72b2e7dc6e94cc62fb693b5774604925b8c476930b583c671b56a75743b9a140300e1d8be303519b054e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
033a6b64e90e0ab5717fa1f16e8cc84b

SHA1
f84573f928bc4a8e3eae6e80013458f1c394ea10

SHA256
e70a6d4c5cdf565d092fca111a64e3712c438e4f91fa776eb42f40518a83ed8a

SHA512
acb4ea189a5f236001a5d0de2dd227d160b56320d51d3e0e298c90f65f913022887a11fd02f436a1f1dc5235c2340f8f0c859534ff72fdf8d2a12510aaa56831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bc001.TMP

Filesize
705B

MD5
15fce4c5048ad50f13f54369ee6ce02b

SHA1
e880638a6008f9781385ab2d20cd1a737108dfa1

SHA256
bd1d609afb6a19cd92e364dcb051b59c856137b48e3c9a43837894b56f881554

SHA512
8c291d5e14fa0b711dcb109a92732b56a97de13db15002d6e73e600e235d47a20d685743aa15c7867d987afdb59e1b55fea641f72a410f03d5419b8f1fde12f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
8adec3f6884ed2cb19038ea226e44135

SHA1
eefe29a827a2c5f0c0a95d1d8a478b2ca0781601

SHA256
1cc4f3945846ac717280ee4e08a05588cc9a2e3057376816b79080a170d60676

SHA512
5d55fc27c3e3f56c4d48bb769a6be3909aac25139dafa6d24274fc47317a2765ecc4102ef5d659ab18f334c72eceb596220081f85b3496d90e883ba8bf1cf94b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
5dd6884fde25ef7aae4e9127c7ff2b8a

SHA1
6e81dade7ed5d3b9715737a7169a57ae0c8df89e

SHA256
3c3692f470d7224507b50678e597c76fb5064776386a079617ce73e4003161b3

SHA512
68233eb5c07434a048d20dbc1cc639889c76f38d637daea26f024670033fa65aee31d8a9441402ee3ff68435c19add967c12ac18e486104deceab4daef87f787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ae62d86e-6f74-4cc3-836a-fbdb9914729b.tmp

Filesize
1KB

MD5
07d24336ff786edbd71e9ce62d4f4b4f

SHA1
ef894fbb74c0d82252bee792aa6a3ac77b4855c3

SHA256
1408819d4f698471aa2483696662def15652937f642a480c4ba959b7e32ca090

SHA512
d55284d9b07cbd9e4b32a0e88faf4b2a8bbe307bc37135476976e797a5b28d666683d66e5b7773f85da23844a90f14ff7c0ef11879a6103d2cf5298e99b9540e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
96KB

MD5
543c8a22402730d7e2b6362800d04e51

SHA1
a5b30e3f5c3e52ceb1e9606c79ff62f573211926

SHA256
6efdb497a536919b50e067f33b6d54f8a84eb0fb8cc7dceded48d6e16c8d9a21

SHA512
c87c00970d2b6572d4e2fae53861e6371055d000278e36efaa63080196a0f0d8c626728bbeb26f2e170ac011a629b4859960013f9866b2ed5863b2c579518ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8841ea7efea2d3a0b6f3efa3a22e97f3

SHA1
bcb2fa0701938c551d79da6d5c0747baca645560

SHA256
e7df39bc4c22cb5d1521efb37608513420a7230351ca1b467cfacec38b2cf87c

SHA512
d7a8c3ad326c99c544e162a0a4ab0205e4571f7338a28cc90bd5fae28e60542512fd2f810a2b47505848449989e75c179396b663e7ec9ef22341a3af3a2dafca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1256e8769e62b48e5507eedf8137f8c

SHA1
782901a48d47d8a474ad27d6165606c240432fea

SHA256
c1ea4903832ae7a98012a1ba90c845af9771df2b4663f3116021ac8efab44105

SHA512
cb7e8229259ded4ff83125ef6c3a084b6045d0156de120570f3c19765a920d3558463ad3d9bebce0bbfe72850d35dd67a51d438b9ff535460736d867bb5e5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9131d7e941852a2b715b137c389e7d99

SHA1
c5e574e655f15103c77e5ea97fcb0a351fc7fb83

SHA256
845674092f7e82a2a8c37c7b87f35ef36eafc772882b7279ec08d4c3f6d65266

SHA512
589af65d6e9ed49368a8f3af4fca1c29ffd53568d370a0be81a4422734819845c63b2492d5ddea65388168380359e6f36cb6ca1f9373bca599103b9d4d674574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3223e00562be400ab7f1debe39f17058

SHA1
3cab4b6948c95e15eb4ac3437158da02be874d3f

SHA256
c3358c65e20b338e159acf6f49a5576b56780d9a372f82ad965abbb23e01f53d

SHA512
9ff00a5b741cc381ffc0d02e694fce45b78ab5a01831f709900bb0a44dd8c6283c6498a474fa7222c6f98961ab5844367a143d40474643672da017f8e4a9ef86

Download Submit
C:\Users\Admin\Downloads\pygamerat.exe

Filesize
3.1MB

MD5
30e00394286d212b8d0da13d6a0a5a41

SHA1
532e5d28e66de0645973626029d4c393b9ab32fd

SHA256
7597946a0b215521763a9a0e6ca3ae854eff0c4e07fdf0be7c9e6e49e4bf62e2

SHA512
6aba63984cc58b6c6148308fb74344de1a815172d33b929305a12a353ed772642e1ca04ab7398343134d28578bf3f36fd19edc23f5b8dfd3ee550ecb6ab30158

Download Submit
C:\Users\Admin\Downloads\pygamerat.rar

Filesize
1.0MB

MD5
1add2d73dcc388a43c21c286fe6f50c2

SHA1
3c2ce1f4da6733de2e5c5e234078fb19fc154832

SHA256
deba0c39089de920450ab2ad38b7171c8eb0425f2f973b8eb97ddb6aac74ea7e

SHA512
871f2b162a55420950ee41e7864669ba469acf605aa1889e01071d10b167d3350c3e61a1d5d00efaec1c76b08c66e7ed33cefc69987129c7055ef0e674d9f095

Download Submit
memory/2040-131-0x000000001C9D0000-0x000000001CEF8000-memory.dmp

Filesize
5.2MB

Download
memory/2040-129-0x000000001C1D0000-0x000000001C220000-memory.dmp

Filesize
320KB

Download
memory/2040-130-0x000000001C2E0000-0x000000001C392000-memory.dmp

Filesize
712KB

Download
memory/2776-122-0x0000000000E10000-0x0000000001134000-memory.dmp

Filesize
3.1MB

Download