Analysis
-
max time kernel
1796s -
max time network
1800s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
14-12-2023 12:47
Static task
static1
Behavioral task
behavioral1
Sample
dream_TradingCard (4).jpg
Resource
win7-20231201-en
General
-
Target
dream_TradingCard (4).jpg
-
Size
294KB
-
MD5
fdf2dca307fc564105fa4fc1e1bddf84
-
SHA1
e2b530fa74d7402bcf01754b05c17554e95ba84e
-
SHA256
244b20fc9114e2434daded7633dbdd44e625fa9cdcd326b2449e80fbe141cf5b
-
SHA512
a9f0605a42c4e3584696465d1cdb3c8f68b79463492b8bb998aef68709070ad836519dd291f4c3f674a6fd63212bba9966b1a23dfd1b756818a872345ed539b0
-
SSDEEP
6144:Dcn8Z/B7Ho3FUG6JHaNEBPK620wPYa4t2OOhBrEtpRTPjLIzHoDadpnvr1ZtQS:DJn7Ho3FdIaSFZ20cYa4LmBoRTYToDsh
Malware Config
Extracted
quasar
1.4.1
Office04
10.127.0.118:4782
31b2609d-7ab7-40ad-88b6-69c3b8d96c48
-
encryption_key
9F4B59C2BFE47E9A9C8435C4CE7A87581339D818
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SystemShell
-
subdirectory
SubDir
Signatures
-
Quasar payload 3 IoCs
resource yara_rule behavioral2/memory/1300-525-0x0000017891C10000-0x0000017891D48000-memory.dmp family_quasar behavioral2/memory/2308-530-0x0000028F55060000-0x0000028F55076000-memory.dmp family_quasar behavioral2/files/0x000a00000001da52-2070.dat family_quasar -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 3928 ipconfig.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 Quasar.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff Quasar.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Quasar.exe Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" Quasar.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 Quasar.exe Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings Quasar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 Quasar.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000007b571c8c1100557365727300640009000400efbe874f77488e5707662e000000c70500000000010000000000000000003a00000000007106170055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "5" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ Quasar.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000008f0dd2c15721da010fda46d26021da012f9f86ad8d2eda0114000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg msedge.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3560 explorer.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 688 msedge.exe 688 msedge.exe 2068 msedge.exe 2068 msedge.exe 3444 identity_helper.exe 3444 identity_helper.exe 3248 msedge.exe 3248 msedge.exe 5620 msedge.exe 5620 msedge.exe 5620 msedge.exe 5620 msedge.exe 3688 msedge.exe 3688 msedge.exe 5944 msedge.exe 5944 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2308 Quasar.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 680 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
pid Process 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 1300 Quasar.exe Token: SeDebugPrivilege 2308 Quasar.exe Token: 33 5220 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5220 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2308 Quasar.exe -
Suspicious use of SendNotifyMessage 25 IoCs
pid Process 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2308 Quasar.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2308 Quasar.exe 3560 explorer.exe 3560 explorer.exe 2308 Quasar.exe 5944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2068 wrote to memory of 1868 2068 msedge.exe 101 PID 2068 wrote to memory of 1868 2068 msedge.exe 101 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 3188 2068 msedge.exe 104 PID 2068 wrote to memory of 688 2068 msedge.exe 105 PID 2068 wrote to memory of 688 2068 msedge.exe 105 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106 PID 2068 wrote to memory of 236 2068 msedge.exe 106
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\dream_TradingCard (4).jpg"1⤵PID:3444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e34546f8,0x7ff8e3454708,0x7ff8e34547182⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:6104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1396 /prefetch:82⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:5252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5168 /prefetch:82⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:12⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:12⤵PID:5648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:12⤵PID:5616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:12⤵PID:5476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:5808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:12⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2144,14460246003231435051,15690808966699296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5944
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3332
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5028
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5248
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar.v1.4.1.zip\Quasar v1.4.1\Quasar.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Quasar.v1.4.1.zip\Quasar v1.4.1\Quasar.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1300
-
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2308 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"2⤵PID:5144
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3560
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:5188
-
C:\Windows\system32\ipconfig.exeipconfig2⤵
- Gathers network information
PID:3928
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4c4 0x1501⤵
- Suspicious use of AdjustPrivilegeToken
PID:5220
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5208a234643c411e1b919e904ee20115e
SHA1400b6e6860953f981bfe4716c345b797ed5b2b5b
SHA256af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458
SHA5122779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3335dd2d-d988-431f-853d-c09e5b1ecfba.tmp
Filesize853B
MD55ba4cae0b9c6e73ca177bce011643461
SHA1760bc5cbaad5fe0b9e2c9c6b6e5cc504f325610d
SHA256e9c64cbb2fb7cf4b1262f0cae76cec0c74aad63ed9ea281c5877c3b9e2c7fbb7
SHA51288684e8f9611f3138afaffdef5857e59d2eeaa0af11fe568c5c036d242bec75f30bc0745d630852177e5935c4e8fa4ea3577d5bcc2c150969c32fd383b4b9425
-
Filesize
21KB
MD5f0d11cde238eb54a334858a3b0432a3f
SHA17c764fe6f00cab8058caeba38eb7482088a378f4
SHA256579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96
SHA512b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5bea64c447b0f2a1012d0ede8e09e700d
SHA103c4e014a1ed074ed2611b5889ed79b6f1ed8aa6
SHA25634dcdd7a5b57897d1eb1a2620ae5bc31d4b5d80e761e62fb8cd3c2a3b907241f
SHA512ac1c4b495b990d8fad333f54d3e61d5573efb7a0c7c584659cea48be8d4857461bb011b1f2a4966cd714bb9252cc1750e8e53f2203418ca19fcc8143fdea6b76
-
Filesize
22KB
MD5bf86b7a75a970559d077f790895a5ecd
SHA12a35495fdbdadffef16b9b294b7f49351c959ba9
SHA25621ecfcf1b74f0c3cdeb145b9298bb2873bc6ea15b1d52b34820f1627fe6fd962
SHA5127fb648967ea6e5980264b6764a6311dfde889be6a6003d978d1303b22389d7b7869c204af6c01ee8965aefdcb2a8cd6b1ff189fec85015caa9100cd1aee0c15e
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
85KB
MD545a177b92bc3dac4f6955a68b5b21745
SHA1eac969dc4f81a857fdd380b3e9c0963d8d5b87d1
SHA2562db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb
SHA512f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca
-
Filesize
1021KB
MD54b77f157ee1310b028d1f77ba272246b
SHA14cacf231df184a1665e39d2144d5e9faa2be214f
SHA256a5ef992b8569715a2286814188efe11f2aa9232b9c53d8f60981956c94e3b5e9
SHA512378afdd65a471687ecbb785fef2d05c9b4bf77c74506fadcae917d636f97ef8309215114d7b22e2054162e233882674482391b03e9ca877ed6e728a2e106a52c
-
Filesize
32KB
MD5873c4764c2a7befb6d4d78650fffa6cb
SHA13052199d1a09e6aa9a48667267a1a65e01925785
SHA256c6396cfb3b709128efd82810adebff888f1af62d634f882abf05b09cde839b15
SHA512385d88634055001bcb3526b0878f2a9adbc02b77e60d0c72a3cc9d81c0c8e59aa7ec04f15e7d80e34ec416c876631288171c8924ea91482b12f7b8ddf37bb2fc
-
Filesize
74KB
MD5c60fc26f87ddbef308737edf34ef65c6
SHA1cac72a52856bd8696a66563883198d9d1e685410
SHA25623e360f2d680bac47c218b199d688c80f72ff2f829a5150c74993f1fdfce1bf5
SHA512ef2ad3901b32d3ff817afba6718ac6a5ca600546662b2543473bc32238a3b61c601f7803078f48020658fca8e2bca9bf8bbcca8fbbf52b503f30fa2b13758956
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
35KB
MD5b7ba0a4aa6a32e2cc52c5c6c56c0e77b
SHA127ab63b16aaf8cd3806d9066f79ab4fe1ec329a4
SHA256d52ebf72521d811bb1241160c3b589eb06cfb31a246e8b25b849401aef6b5a7b
SHA512bcbc454280cce4607fd7fcc32328c4094c02727acda702b807d61948c21ff0d4b48f734f77298547ea4ef9b146761d54f0668790d3fb1ba67fbb198ea1c018e2
-
Filesize
76KB
MD5425b6feb9fd7574b0d8492482d0dbf6e
SHA11b19197209361189837c21059e3212fde95a4964
SHA25670923d26813d4266526aa5653d548a1a5d25faf563428f1ddba136a2f21cf8ef
SHA5124d385a64e754282ea59ed0d08396e87faf6c1a9f28908047c31fc2e00ba438569725ac23728938980c9d29baba5f8f5295f3cc48bed17cbb07d6d0d2f9130f6f
-
Filesize
21KB
MD5b1dfa46eee24480e9211c9ef246bbb93
SHA180437c519fac962873a5768f958c1c350766da15
SHA256fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398
SHA51244aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6
-
Filesize
36KB
MD5f90ac636cd679507433ab8e543c25de5
SHA13a8fe361c68f13c01b09453b8b359722df659b84
SHA2565b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce
SHA5127641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967
-
Filesize
17KB
MD5950eca48e414acbe2c3b5d046dcb8521
SHA11731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA51227e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9
-
Filesize
2KB
MD5ed37fffce5a06e9433073c17bb503f9a
SHA1be8fc939d4737459c750c4798ba5b9661249abef
SHA256c727fe9a24433119007b3abc99c87def6dba0b73300e6b624366e9414b4aec3a
SHA512c1bc89004dbf0baaece137567d00cd97915fdd77c64ceecbecd18f38baf24a3506050313984283e8dea45471be568522015d7f8a70115ee972c57a7101004d3e
-
Filesize
1KB
MD5814a283d5cebc94a848474ba6dda9d8a
SHA111ef165c7fd1af88dc49842a78f2dc82e3bd70ad
SHA256a36ed7f853fbfd35fc3e839ef37d5631a4491b4f2bd8f46701269d5722a10bf8
SHA51260697bcefda9474b912c3353f08ae66247be1ef38433c984a9737cac52f090addc3ce1ed5cd8dadd6be0ddd2a3810933e25cf957315839e81ebcf05429aa71ba
-
Filesize
1KB
MD5f6616fba0443b83a6308343ba59b02e1
SHA144927085519b657bd110dfd51b07b83211609a17
SHA25688b0e3ed9debeac1750d91b4ede5eda6637e94bbec1645f0e77329ef4fa59aaa
SHA51281534d1e7ef4c0eab7587f75c397ddfe2322badb57cb3d42f24f2c878807daadf24a15f7cfd3ba3352623ed24e6bdfc4a8e1bdef010e7d7d60eb73c5897353a9
-
Filesize
2KB
MD55224005f0b193c599ff86faeec8c3f56
SHA1d0daa91e01fe3279528cccbdedbcf73a6c733630
SHA256925fdb7679d9c959df1fc4218711d520bbfbcc803d1c3ddb20cc981b6d7e3a39
SHA512b86b707a72a3f231adbe3e5639b543009b272e47b8beaea0bb8b2a220dd515679bd2f0dc617c94e9b3d1965413b24150cd78e22f89522630caca4a6054a05a39
-
Filesize
5KB
MD5aad5ebb5294b0174c0115d25b4a05bdd
SHA1d2cb37bf6cc4383c61d86d50a21d9d252d2dd0e3
SHA2569a1557d4a1a660dc5f77b89b44892b13e1a20b0688021b5bcd8c27d4bffbf220
SHA5125a0f7fb64ae030b0f11afb901b954f9c2e9958eb1a9d1a5c8fbadd27f8f2cc59fbdf2af8a5883bded58a63b906e8d4c9928eb188f968800ff61d495eba9438c2
-
Filesize
7KB
MD5e9a446b077bd643e1852a085c439bf93
SHA1b1e8cc3e1de58f2680b0715ad5e2b62770b645bb
SHA2565e1af50025345831842b59d97b580cbc67e5b524f3144ef813c297b46135c28e
SHA51269977455e0af6fe8665c31467f71e2b0302cd8bfd47dadc0f1034bf90afdc199cadbed1d727c62dbc7375d971da2f9dabac60d0a375bb71d8f63cef5d976b796
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD54eb4ffa6e32d39d12a3c1fb4bd4c72fd
SHA15e870d70f6c35d4d5afe7ed6d2dbf0d043134ef9
SHA2569f16071ae6f10194e29eabd950af6c942411de41c2d85a3d5175f44548531a03
SHA512670a72b57c8c905c66d08631b1041a272d95de51e81c7eda1e686dfd64eac52d27040a424323714fa9ba81c981ddd216f78afbb3b38ae0ace07b58ae89777458
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD50a2c56017997393e8298f68946d54b24
SHA145a9ad51ac4ff270b082369a07b3835f3cfceacc
SHA2568bc096045b231e8a9c7d404abfb4ffb4b1455de449ec4f82ecccf49bd2d0c7fe
SHA51263ac1c9635c24ad9e9c16a7ae9b1680863ef3f7ec0df38da0ce7301aafd9efe37070075bec57a01ed90fdd11ab91930891c71e691fa5324bc2f23c10b8438fcf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD50c8b397121a3ae77292569d6d8d7d954
SHA1e2b9c104c51a5208eb05658701f5001a05c3d727
SHA2567555ce1fa3342f8dc3df3582a9c30bcc79aa330cfadee63237f4d741636c60ab
SHA512a5b5e060039d721b2f58448951c5873ad62b4d2ef185ff443c6a4838d3ee5193970e167394c4ef316e3ff419d5bdf3ba8276559592eb348e95fb5bd9177fdd95
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5e9d4c04e17bc98d96516738d7ef5f3d2
SHA19bc295259cfdc43ec5549b93af07ad596d291701
SHA256eb08bb06bf7172c2e54152feb3c82dc6d7fbdd19f4015bc2397bd5ad64594fab
SHA5121c7a718f815fc0c2a554095c1e9b12a1965dbcf4b4c9855e06b911ab764b14a208e2770ddf146172b7b0c4f014cf1fe6efa27b60f4e7e719dfba274728a0201f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize697B
MD5d98336ab70692f230db3cfde25667dc5
SHA116be0095120ff97d020ee1e1b75bb7bf6d53782f
SHA2566f0067c1169af975b85fc0e9af839824fac20e2a473c09ef2336c16804dde2a7
SHA512dcc276777b21af73d4fff66b537032752a3fd0eb85efda2197f4559cfae35147275a6d3b0022921250ac80d5d33b02e2d23a217d6d72c4aefa3df11bf0278583
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe6425d8.TMP
Filesize337B
MD5771a571de2850b7b88a15aeb38027214
SHA14b6e91b912f0861003e68611329cd23970983060
SHA256731ed634348a4e06f57f5d34a5245b0dd2130a8f7319ad3f9b0048ef59beaae7
SHA512af09a0ed9942aeaf46bf252fa0aa1aa9601b395009d3bf249a4806370987e3aa33ee0d302bcebb2d2beb6badf357b204cb00659136f58be212b18e8806703fff
-
Filesize
1KB
MD5ca147e58df918c35dff22c4dafbaf0b2
SHA16f5cc95807f4e266c8bfed16c3e0a43506e42261
SHA256fb395b3b2ccc240bc161f09b970e593d11786bebc2ccdea629824aa240503a64
SHA51250c9791d291a5d08bc771a796aa1d38eca48f43a3da73ac63a2d1bdb24b7c7f4f7563fa665ac343ab768aa396e8e791aca195d77b73fad6d8bfaeb60a7ab7a3a
-
Filesize
1KB
MD5213b4be572fb352b4c720a9d0e8757f8
SHA1b40e4d6b3758bf8694e54d431b254a9a5c605de6
SHA25637e72a211eb3bb90e2eb8da150e8a66940cb40e8204d92a2d38647313809794d
SHA5126cc707a5a2f1df0bb9ff7cacb1af633b5bd799371b30219bbf2a2a2dbe028a7a90a8246d557b3fe43b849ca62b14a81436dccbc3320389cade3f9736efc76b21
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD50d2cdad7316eb351b120bca1e9140771
SHA1276b9340a9f4461d898c54751035c9be87ed2b20
SHA256fcc278f96abf5d281fbe484f5c15ae3dfe35fd36e7846ba559274679451282b5
SHA5129921fc1c2c0b26daca0fed5f52281e496d2d69002f3277cfc8108897083d89cc8f4402be6cf5e92e57daa4014d5c0a7355e55c3b63bf9d8b972311a42ffd0800
-
Filesize
6KB
MD55f4402b6742e82a4923ce5c109aea489
SHA19c0106b63c40da4fa1475268c2c12bb3bbaaeded
SHA2569be7cff556ead54741ec03264fa15f81abcdcaba7dce8df8429d0848a806fa73
SHA512278e7052d6642729a396a06259780815fbff425ee38b0d4e0be5d36e05807be291329958b0482256235d66de39a9af693b6518f013acd41acfd457dfd43f05d0
-
Filesize
7KB
MD599eb4c181349b1db19a0949957917f55
SHA194c50a0c6cc77700126cfc2c5916f559cc2d4399
SHA2562423851515af97b4779b047373162c3d0507f4981f565f6c915c816232834ff8
SHA5122e4093c1c563d7a302d66f464892c4ebe4fe4999c3f03448c7aa1a926a43020b5e1a8684a39267a381f32b77680fadf1806491028478fadf4b0220b4b2207c7e
-
Filesize
5KB
MD55da194ef4cc37e97c796f7f2ab8ad10f
SHA1be1d945541544afad0dd920ed2f61882bb5d7b07
SHA256430280c83176092dadbf66ada4a4774002d2c55ab9c025d1a7d70154465ac97e
SHA5128d756c9d54bc740668679e58d4a72b00df633e239d7bf876de970531d2f2ac1cd9a5b408475282c474bbf22b84f4d3fb2824b2f96c728e4a48a12c8fa5be47d6
-
Filesize
6KB
MD5b6c291faddb8ad3a5d55d946186a7549
SHA13ecf4e9aa12823e2582afe5c872a4d89d6782879
SHA256ac4e0fcce5b8f4a3f26bf555ff5bfc57c2dbd2f646a127b9a4ba3d1b796dd197
SHA512a706a3ed088e9a6f6fba30b0c1a8689185203e0b38a5b8812502913376fbe58e972ac33a873788e76de5419397234e48d6cfccaa5b09197c853e50fe7dbd71b5
-
Filesize
7KB
MD52bd833175906724acd02ef55ae620b2a
SHA1828fd6cbbd0bc7099ddeaff6ecfff3495640a3ea
SHA256ec943c6e81f6d7e030751489bc1a5199572099e0d14bc5cbe57a4dc7e2193bff
SHA5127086b7f7f59ed9aa68d5286dc30d02d2ba6a81f81a8db607ca7fb473bd7323ced13db14573849165aea1e19c9130f7784a00c0f0689353f35e283d33b4d577f5
-
Filesize
6KB
MD584ab08e47bbd096343e0bccd2bc37989
SHA1f116ea165cdbe32a807eadda5efcda36eb2ebe20
SHA2564353b5b6964119327447ded7206b3bab68a976b649fb74f2957ebe3d145b92d0
SHA5120ce26fdc711413c4317c5e3efb4a953f1d8b15adc834b1fa4b6c95a128a4b7db5a027ca9084d45db8f213c3a7317f7d309dc140e2e51db1d2a89c7a4d9210cd8
-
Filesize
7KB
MD5cd5df8f578bf4101b743634ea3d4180e
SHA1168c4eb0d9cd885c9018bbb7933c6ff9e426845f
SHA2567b23c5a7f13d2538799ed3812c25c9c54bc7af1f17a6063eff745ac3b12edf28
SHA512a4031605c4a0849caa45501712c2d6c00431c05fb427e0dd52a5dd4a0017a19afab89412e151216174f31949e2aeedb80c694a18be524cbf18bb619658219c92
-
Filesize
6KB
MD52e0c5c28d32664bcc0dbd02a3fb34b0a
SHA1081777caad22197f09d2bb78da0b69e13fcbc20b
SHA256c925e1512060d37707a42158593f63c1527d48cd847e0f63363ad16e1634b78e
SHA5123609dce59c45c2892fa850cca8b96cbb35a1da3ddb6e4e11d854f6e0110327d9f1da953ba780e875f092d7bcd7a089cd0523a75e5aa94363f33dc2cfc756c4fa
-
Filesize
7KB
MD544ac45bf20e15a21407166e5a524d5fd
SHA1187b9ab0c6d4bebdc0bee46c625dfb30ddeedcd0
SHA256405941eb15dff030d4e7d9282e7743f688724637651750fb1a7485e8127040e5
SHA512ec54a105bd2099c7397370737ed834d06d9533e5051df93ee5ff3f491a0a458a94bbd91482038a338057ac9c9942679dd936d1cde9ca5cd5c6d91ae6ad5c033d
-
Filesize
6KB
MD516e0c70b539f6b0986b7a5a131988711
SHA1238fb5fae382b9f7eebfd22df7c7c7a00a1c7664
SHA256094720d0311afdd159872331b907fc4f5f8bd2e3d0e6700d60b02014fccd5573
SHA5120ca89a836c63b624d13b52f10c51abe93b9a032fc1a5ee47053a9b7aa76906bb01c5db9c74d2e8366339bf6c4a48f74722f4de2c7bb39f4867258c9e056b87f7
-
Filesize
7KB
MD51fb8025ebdde641158c313398e7a192d
SHA19213e705b00693c868da260c11ee09181423d9c4
SHA2561ea89352c84930af98c4b0c4583a2bedbf0c415b63363474baa9220d0f4300b7
SHA5128460c8d8eca8b4ba39b6217adc7799d820f54d472f10d24e1603f5239c56cc99fc3706dc7ea820301588b001c7e35dc6af34b6829f312dc4b8dadee4949b8c09
-
Filesize
6KB
MD503ae0f4cf07e3eaadd9235664b9c7924
SHA17a53489e22ce7566c81083e4809b120d3e5ea03b
SHA25675a9999150448c39063df781b5bf76bddabbc349c2527003dd86dc5c261b9b45
SHA512c1a8810f40b18387d5ab8f6165af17c81981200abc00e1b96f76490d6da6ace64b0513bfcfddb31e753cd2ca1a888794830930d8e5cddcc6fed6c4186fa6ed9d
-
Filesize
24KB
MD55a6206a3489650bf4a9c3ce44a428126
SHA13137a909ef8b098687ec536c57caa1bacc77224b
SHA2560a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28
SHA512980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5b07f6978932687888ce767b0f4012c21
SHA19f509021ff28537affc7dd019e5f68158b43fa15
SHA256b0cb34438871ddfa26854db40de6ce14fb2d93386d98f20c156212877e3f3431
SHA512ef4de3d302ea404d0bac200a2f2fbf170a1502cedb2f122242c2f9e463b397955e699a6b2e731323b01dfd29e3698a9b37fe8f33d02806851a261dc8d28f56e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe635f0d.TMP
Filesize48B
MD56765de382d691c39321b0e05cfe5fd88
SHA1a63781508589b221830f98f800b6e940f3265646
SHA2569fede2967fae9a3f25e6f6f0ae47598885a48522ae32fedca6a7656238d723f9
SHA512101839c15e05f5654c0e6d1d8a3f19197867d7a8570d71c42d1a07750605685f1bfc7db23f652726bf9e233ac8cbb6095a19bdb57fd243c2e3fd6dfa05e8a084
-
Filesize
1KB
MD5b1f4f5050be852a018083f64b97d4fbb
SHA1de9776bc97334281f4438a50416ef890127f0e6d
SHA25635d5a86b2997f220ec4a70b622ece51e4ea7c1719f094f66d8bcc47e57889643
SHA5123195a380af9b92dfc8c7dc470e119ea7d378765681f4c1b8b60e763b0830fea186dbf60480593ad6daf6314f05075fc60038241af7093ab874038d15d4b1d6bc
-
Filesize
1KB
MD5b11a42f948e5edf08c31a2ef88125164
SHA14d554ea4de60d62c1e959b7ade8905daab689986
SHA256879925674f1eb67a9262f45cb87fbc7d38f4fe2ea7fa0396244e9f127e8f557e
SHA5129ef0fe4c267f819f59402736be4385088269b6d15558acfd5e7ffbf5ea1db539f18e47745bd60cf92bcb545fee3910cba0611892b322de428ffef66cd32f6655
-
Filesize
1KB
MD5d26e28f5135a5332b1781043faae931e
SHA178878abf55b096bb4afc8a8d282f40ec1d2482fd
SHA25660aa006d156e32a258187e17e477ce35c76020740400ef9d235ac3b1d94d3d0d
SHA512b17b42fe237fac205bdfa3adb304954c0afd73a9a0b0eba2b430868ac1df488f4e76f974cdec0745acf8256c8363df9d9ef0a88a23ad16620c3a6cd420624cbe
-
Filesize
2KB
MD53f1467ca1b3d9c22fb860733f80413ba
SHA1c56eb361510608f54b6e9cd96fe0e145c12827b3
SHA2562900a4eb5ce92a3fedcfb0f9c48720315dc7b7c8702cc04a9a6cc96050898f48
SHA51212e6454380fc320d3b6bdf58d5363984b9ae70087363fa2176c4da1f51ff9bb6a1db7d440f1abfbeeafde82bf8a1afc42ced0bc8ebe649cd7c4bbd5b9ef4b933
-
Filesize
2KB
MD5c86d364b81e3ffdb2d08107738b0dad4
SHA1f0c7bebb75dd0bc60ce0d00078a0fefd7fce7e87
SHA2567e1261c26270472dda6ba161726ded7674b751e8bc4d80c8ffda01c0f2440cc2
SHA5122f8b40d428be85756ef8f69a4046cf1fb367c9b28d246933a66c00d9a1a81ded090dbd010268ec1251a908aba4aebbf18c0a1a646ec87d38582c56f611fd9867
-
Filesize
1KB
MD562d54d2881d4caaa14ea0e0b5fe586ea
SHA11ec5ed6d776abfcace81f80dac112acefd51aeb3
SHA25685fb7287cec606c61512724f1b71e52a357fca208360475e585500eb1011c659
SHA512e34988c7d4d770d9df44f96913aeecb8d2d31ae97f71664e310e22cc68a8fe938e14d0f57ff82c79a1630d85fe7ac9fc3067ff653bebb3c2a4199cce9e2fd689
-
Filesize
2KB
MD5469b324926c2a7b444d05505578d7389
SHA1db9c7cc3fecbf0f88caedf2257cf8abcb655ee06
SHA2569469057c20782f4381a01df70d28ba60bc07732ae8fdcd3eecd0dd9be81282ab
SHA512b96e790db6072c4066df9931c40dd76bc0d4e0efdd8d143f920d03b9947f34c9f782f3ab6ab34922e549c61378cec2541b3458ba9d7183c5b3b1c5bb6b97c62a
-
Filesize
1KB
MD58ac79ae572103e495a5730541fc145b5
SHA158e7a69943012f29b15f587707836e24ad7a3d7d
SHA2567b413919ee449112e8e3a64fd89037b1eee9165ecffe98787e50b7a33c4cd974
SHA5124736a7104b06e94fd5f9bc9c16caba2ebb02dfb601b2a9d17a90dd1bccff19c617534a6fc04a82e07f287c3fd99285e41e67eb0080d762de8fe53e6e199400df
-
Filesize
1KB
MD5f1cd6d8306a61ba282360d1eb27f869c
SHA17bd07e2ec3d70947b9f14f8b2d1f11008ce5572d
SHA256164f4c18ff876c798b4455a237fdb3a85987db71aafed367f7dde170d858da0e
SHA5123bb300b2b8cca72926ab20574ab26df8da683f0bb6c2b5ad63e6e46379d802622b48001d7483a487946a5188c6895ee927e4655cbb914bdfd18dea7f08523700
-
Filesize
873B
MD52e1ba1a0d548715a52968f7baa7abdba
SHA1fef3d74039accac273a5d3ee97c28a7184d11554
SHA256d6eb90ece800a7dd3a9dca0b09d33879195c5c218a2582581ca0a7f81c2cb7c1
SHA512eaf41129409e91cf01952c2e55d55bc73b042340600b109078cfc6d70b6acc2c5a969e58b18683b4e773127cef6fc13e95a7de3e16be294eeb362e8577eb6abf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5b4f72d042b0613ad5980db15d0116d53
SHA18e4a8b945b025f75050a9e77db985d2a33920ddc
SHA256af3d7cd9fba3ceee3cdc4d0969b5efa3601858e1beda8a2f52ea4f4c60bf1c7e
SHA512014aef69d66b81c33cf0c8bc3610d1a4e71ca92fb33456d1c23a00ef6fa84a7e443181fddc6c8c5c5a02ec125e01c244e3649d4f61536716e1ae6fa476b38fc7
-
Filesize
12KB
MD528c238b3cdba839737f820025198671b
SHA141000c04abb91788feeaddadb1680078f895365d
SHA25622823e5d1d8f1b996eb452dc258cbb807b0a61423b9b718dd49cf3aff1f33801
SHA512a7a3e64d188c5779ee0d207adcd032c47a72b3bd049d4a56d11a83890448918b86b51331aea686231b95bf136c49306838b4ec115fd0d8b45ec10dcbfb1ecdb6
-
Filesize
10KB
MD52f97e446a903ceec0f4e7d1e34e571bb
SHA19c2b57f1e810547f002c8cd0afe5e9172837ae0f
SHA25674914f4a68112c1a83d3ad4e8eb627f736c72b27555ae26ae18d919b09bbe9cc
SHA512bee78a6afbc9aee73c40ba1e183929e1505b11f7bc1ad4241a49aaceab77d73fdf51c1688cd3e6a46498ce23ce7eb4bb547b6e1536977c4417ccdb1fb655c332
-
Filesize
12KB
MD5290ed9da9301e67c50aa85420f0e2419
SHA118392d6c731416897a691e239a1ff360c72618c8
SHA2566894333f0f4a31676c5c7e2b53f20fa668fdac29a14e16be921dbf36e7bdbdd9
SHA51271abe9fae00b750559b317616eba39250882b59d6d294ba56ce29142a997870d8a5f387183bbb781451714e209dc8a24298f1e61d48a2d53e92359fd708837d1
-
Filesize
12KB
MD58c0e569a5f6b444ba765b3c9c7d613d0
SHA153d65678a2fcb290f608197ab01f3bec6da9ac7d
SHA256276c0f52142067d977b6a65fca443d68d77ea84ebcff9eb4271a7aea88a61d7b
SHA51267d2a82812da9bb139d865af8acf4e9b73c5e8659f0e145bd3e9fe63dbba0e8793ba483f0474025a45e3384ade8ed21ae0531d189a65d3a9d5e28e589b09a46a
-
Filesize
10KB
MD5b464bd7d04a3239ac114f33d957abcca
SHA10a96c4a72213b57a6f1df10549c8fce236d232ae
SHA2565d2de54d5df73d36c5e75c3015b5b3572f16a02b3933fdba7faee3e586273524
SHA512a27705d6f000137ed1a92f92d0a9758448f1ac671241cd089ef8f381c0e23fd57c9acc4cb58c99c5eeaa47539c576f758660d3d093cc55b27745633352190fbd
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3635043082-2972811465-3176142135-1000\c3406d884f1bba8f5083b58be7655f69_05362cec-23e5-40b6-89f7-968588d97615
Filesize3KB
MD545ce87e0470f9cbb9d843f1e8dc1f91d
SHA197002b52955271d9bbfb3692ce7f9ca158917108
SHA256f2b3b3345fac2031493822a9eb2e44091febe774a18d7394cc08e2645c746dae
SHA512c9903c92815a9574d5db8b19fed5fbb9b9a931b87fd8126f7a4898114e1f7b64e228751464f97db7208a22898231d451c34bf3bbeb45a150cde2eda66ce1c997
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
3.3MB
MD513aa4bf4f5ed1ac503c69470b1ede5c1
SHA1c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA2564cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d
-
Filesize
1.9MB
MD5902c60209cc856b9280463e5480e6534
SHA1ac09b1aa98586dca2ecea674d80f2d26d8b38a6f
SHA2563b7311aa805e7984d3bd3ac1b86f9f2fd94acbca689bda7b793bd4d894daad76
SHA512dc016d226aac5e2ef709b6c59546c6b4b129f79faf6234751e5692392dc865709645fc4278ae8c42715bc05b93c4098950964967249fb8615d26b865720b85b2
-
Filesize
1011B
MD5fd0263b30dc5b5490f9b51f58a3dd869
SHA10b67eef6960b370e18fe1ccd0bd718ab4c0a4b64
SHA2561ef2c4cd5254ea17bd487c6358239cd0cd5a4661c51c01eefbda40471037230d
SHA512df2b4bcb4543680670c2aa8417cde1575d9697cdac4172a282652c5f402c7dd4f45a2051b19f4da348045d4aafb86a599d970baa5ae1952a539d223079e57aed
-
Filesize
4KB
MD59378cd79b79e9a4b7837de6dcd17fdc2
SHA1289bc3436d716f870b2c1747f68aab4dbaaf04e0
SHA2565ba1ce9c90f00e9d82ca4aa5dde823468d328b4296a46295fd49bb6aa4521adf
SHA512c36818f8be54eb4e6f4a0ec3106aee8046cda9543c4cea7a2183fd9917a97c2ef0122f9b2897c32d8cccd600e2278d5a188d01654883b2debb5c2e96b6976bb4
-
Filesize
372B
MD5ae71d9794df809c967f77780f694e058
SHA1afc1a3a73f90dd007161280c07a0f89e53353cfe
SHA2562c76071cfe0d27bc18328b177cd3a386d14f400d3b9f1674a05e9d2dfc75938c
SHA51286a609defaa46f045697d38f2ddfd734857efb4f77fd8ef51ba7218521284eafc572f4a8faeca6f6b28abddfa463f9c0a6d746c090503334129b399dd8247fea