Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 01:38
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
quasar
1.4.1
Office04
255.255.255.0:4782
562d2243-0363-49ab-b547-810cd136b950
-
encryption_key
2802AB6175F0B038574EF96E3018A9284A075BAB
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar payload 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Unconfirmed 542017.crdownload family_quasar behavioral1/memory/7428-298-0x00000000008D0000-0x0000000000BF4000-memory.dmp family_quasar -
Executes dropped EXE 5 IoCs
Processes:
Client-built.exeClient.exeClient-built.exeClient-built.exeClient-built.exepid process 7428 Client-built.exe 7624 Client.exe 7868 Client-built.exe 4312 Client-built.exe 6072 Client-built.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 2 IoCs
Processes:
msedge.exeClient-built.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 542017.crdownload:SmartScreen msedge.exe File created C:\Users\Admin\AppData\Roaming\SubDir\Client.exe\:SmartScreen:$DATA Client-built.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 4316 msedge.exe 4316 msedge.exe 2736 msedge.exe 2736 msedge.exe 5044 identity_helper.exe 5044 identity_helper.exe 7308 msedge.exe 7308 msedge.exe 7432 msedge.exe 7432 msedge.exe 7432 msedge.exe 7432 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs
Processes:
msedge.exepid process 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes:
Client-built.exeClient.exeClient-built.exeAUDIODG.EXEClient-built.exeClient-built.exedescription pid process Token: SeDebugPrivilege 7428 Client-built.exe Token: SeDebugPrivilege 7624 Client.exe Token: SeDebugPrivilege 7868 Client-built.exe Token: 33 5340 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5340 AUDIODG.EXE Token: SeDebugPrivilege 4312 Client-built.exe Token: SeDebugPrivilege 6072 Client-built.exe -
Suspicious use of FindShellTrayWindow 54 IoCs
Processes:
msedge.exeClient.exepid process 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 7624 Client.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe -
Suspicious use of SendNotifyMessage 29 IoCs
Processes:
msedge.exeClient.exepid process 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 7624 Client.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe 2736 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Client.exepid process 7624 Client.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2736 wrote to memory of 4272 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4272 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 228 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4316 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4316 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe PID 2736 wrote to memory of 4812 2736 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/K6fs8neM2b1B1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3e5846f8,0x7ffe3e584708,0x7ffe3e5847182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6408 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9840 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6660 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"2⤵
- Executes dropped EXE
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10402391807275417151,10538957396234983804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2d0 0x3281⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.logFilesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023Filesize
112KB
MD5aeb38d0bedc13825073df59dc19195e4
SHA1a602a99086353b6fd3628823ee5b855e9a22cfe2
SHA25625386da8850400b9eaf48048c7cfb4cad5a02fbbbeb4bed3520277c502f0b61b
SHA512d9424ef7e8821ef7b2661a641b33060d6cb202b7425d87751c02b13a77eb3126a0fcc60e98642310eca4f049c6a04bba7295b7df2633de8f134c8b9f4f1d1c4c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030Filesize
250KB
MD59a23e02c51224896115a872ee5f62800
SHA1447ac79a43947ca2519a6a9e4d63333c81156c06
SHA256f6acbc67934394aa13122f6cb281e96a0765dca464725108b63b046da126831b
SHA5129d1e4546a4ced1959212bd1c0f0f8f8a09e6d69b85db5d9cd0172c614745c46143b269ac9a47253fadccfd5834f2db03d35398db16419607b4e749fbd8938321
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5e42077b85df235_0Filesize
37KB
MD5a19b3cd8895a05b6fe472421213f98c2
SHA16ea5a617f30473500c58436c556d375b9d156e48
SHA25603d3f10cd7580343ed050f1b9fe8f8aa6c4da584149752a0d95bfa8577b089e5
SHA5123f91864ff90a5d337285e9e0ca60b80b8644bfcd516a27819b04d3e9a01be7230676c7bf8320bda7b33ec99784fbed2251f21e6f5bc728e7f3f14f94edf850dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5fc6e9ba5172e1a52a8b414e34a294c91
SHA1cbc7a28f175f8dd57901f727710ede8ae6b79bc4
SHA256d41deb27b7aef001b08402385cb7b7b78c119c456df6e8242e4bf110f209c3f1
SHA512f9cb1051d30dd97313e430172152d137d0f62c7eb0f2f326c4b4c9bedbfd2c56d7f6b039a915fd028bcaadf2d1ba6cb7853f28c52c0a9b751330634d3a798708
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
12KB
MD567471e748c920e226c6685844c4f10bb
SHA156a79a10e2a8e5211ff3c51ba8db8c0cbb14db5a
SHA2568ecc75d1b5bd23c6dd0d0ffac41778eb44b5def655df32f79bc55d8f9d3c8213
SHA512bb8173fd8edb4b76c7202bad735e10893791184417f9537abbdd9b5db893ee7bc43f7a6f96b03b8cb3a244f08028423588d40d62feecabb46326c76358da5193
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD5ef8db66ec28859424e0634c9a5163dfe
SHA106a9abca04bbbecf6ecc50fdcb8e3d54125dd0a6
SHA256cd290d46701d1fabc225726c02298eec6e3a128228e8d0238c728ea95bf1132b
SHA512b29e9022852db4d755d209e1351e8ed2ae11745be6bfb28127b02bd06faf6469f118dfd94a5afa943b886d06ab3725a99f632b19f55bba4daaebd1b9c0332aca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55e26415c86812873d25d06f966eb4314
SHA1f92617f8e7705d7b3eef193034880f3b074cbe0a
SHA2562e42c40a259ad89acd78cf467536a134406ee166091f3130611af2e9784ddabf
SHA512b5f917074d99204b4a09cc465a555d9de3ccc9199a3c5353b3de378a0f0d28619fcd8f415aa1e7ea5f4c1cbca2ca1545f004f9d53a73fa3e5e71ac3841253d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
17KB
MD5767e2d9fd7ed3406a102cc40198b8d74
SHA14ed01e5995d5e76d7c9ff0d9d8e1afc6712cd78e
SHA25639475962f4d58fba1189ef6cc833535464b8c9b03907de2f421ca02e592a5764
SHA512c73b4089ffc0a43355491d68b5b28c46bbf3d30b7202493301daa1b7568ff5c49a316477df1ff9c898a60a2011d4372f13e0a49aa072ef5ed9e36bea5845748e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
11KB
MD589e326b5702bf39e557212ce2079fb6c
SHA1a6c638178025776cd5bde60c906584d205672de6
SHA256bf0ee9b8f700f9c0cececbdddf1f094a6159a78a43f5e010e396b69272335665
SHA51264acf6e4babbe8fc2b593a2f41bd17e2cbbaf1507f6591e90e04cac0a7514910652f6c98e4fff2baadd0a13362a5eb7555726b46de71a0d7fb69c55ded8c313d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD5c7d9769ced3c4ce0f3ea5e53c7dc576f
SHA11aefce01fdcdb069de577d603a4e483b1747b553
SHA25617949eb1a99184be9b1f6a7f7f20dbb87345733b3921a03249ede8fb93aeb4db
SHA512443cc9502bf0140df842a790acdb3aa346b5b31406ccb192bad6b27ad45b08a9c1dd5501c8d978ec28b9a30211e28df0540eb480ad59ff92c54b006aebc20134
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD5b57761da7e8cc18aff1dc133e013e31e
SHA1cb5786741838ff3ed4d184e9f3bd2c4eef4c861f
SHA2562fd5d88715e47c72d67ac010f12feaa694d70d0b19ec9d0bdae7f086222381bf
SHA5123aacccad63c724dbb5d7f809898c3d92dee53719a52b4a2cf040020808821169af38412d7fe6597ded7b65151aa143ae4e856e74c010746aa105c8958a39b2a9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD5b8d994094e85d1f70e858cc070895fbf
SHA1c0a993ed1f963457764591afc1d4e0bf7e4f725d
SHA25686d38b3fe2950815a55b934d78ad2e48883423ff3424a7e3c19ce8b3414fa5ae
SHA512bb5f973d9036558b991b983a60ea6d0622043b93219b7ec2263195e3474a92898a0d2b0b73a4135e96cc123345cc445507777eddc6b073abadbfcf8fc9135046
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD50663b2f80d1a7432bca340bf4e892e75
SHA15de95b4d16aec1f752403c3ee17f2be84787057b
SHA256b5be828a8e7166e9da8bacc53ce9bc9514f4109eaf7669ab1d3b61bcc4b385d5
SHA512e0b6b230396378fab556ca1057154c2151c77e9e42869803eef63a018a633369f43f539699bc2627495d01ce2603f582341c58dc751b9b06c6b2d55dc477c5ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5785ca.TMPFilesize
2KB
MD50cd24a6026e8c03207617e09d836dcbe
SHA1e09c7eb95ee17ba889510b348a2b97e82920cc31
SHA25617dad90b17acccb915ba36ba8a9f94ed608f8f73c65d797f0758d84cb48941a8
SHA512dee8e3eed4618a98a9080e81e61e3e19a9974c295e169e8710c068164a57e1279bc2cd7e29838d80b02102648b164f6d96d83400352e3c8d95ca5c3ce3a48fc9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55cd2c51152eda127ffaedc2e3894549f
SHA14099a201889c136023d4306097859a0c5ddbfff5
SHA2566ecfb86892a4df5fab0cf9db77ea09dbc6a2a099b59ab23f6a6a9361ec9a292a
SHA51298110de5255530bd8c006544fce182b3ebb9c7932e8c7346c2ee4f0068ee1d770ba4dd03d870c8482b7435901f7b81a0fe9828a3ab01e68435013be2a6434698
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD57f55e2e0368214d6ce80d66ec26c6dd3
SHA1d92507649026b12d23e694560ed16ff5f0396623
SHA256aa7e08972845b746f0df78192b7f7a3e431f74045c3c34e4578647a8310c4082
SHA51276045f8529c115ada1d875cbef073585b52e90c9cd03b4785762eb004ede5aee35bfb9cfd7436c86dcf6d9658c7cf459045bf39bce3e87844ccfcfbc2568a7f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD57c9de42d641b07a0f9a9e428c2fa7640
SHA188339391adba446a565d29124e69549c6aef3975
SHA256f3282d4713e7d41475b3e4e0b57c532cd8f0fd2ade1e35552d450bbeb17423fa
SHA5120836668d33e3b6bce171b40cf89be041a7ee41171b73a4db2aa2c418cae2be4d535b088bda9cef22f7d3cd47dce7c849d3a21c9a64ee424dd15e5140070f15b6
-
C:\Users\Admin\Downloads\Unconfirmed 542017.crdownloadFilesize
3.1MB
MD538072c09609f9d5d18728038a64d619a
SHA104b8e50360b870a987ee245965f037cd64f6dab6
SHA256398abac5d259fce710f2ed5da055de32759e61524f1968a900ecf6dbb8bda3dd
SHA512b3b8bec866daa77d1ea87a6b8875a7e9e1e2a934eba4e096a23d295fb804f95dd088fe14e7ded863abe00e5bc57bedb2d7c39934dafa51952f2ae887b2aa6a94
-
\??\pipe\LOCAL\crashpad_2736_LWKSCHOPTKGPZDFUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/7428-298-0x00000000008D0000-0x0000000000BF4000-memory.dmpFilesize
3.1MB
-
memory/7624-333-0x000000001C6C0000-0x000000001C772000-memory.dmpFilesize
712KB
-
memory/7624-332-0x000000001C5B0000-0x000000001C600000-memory.dmpFilesize
320KB