Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
18/02/2024, 00:54
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
quasar
1.4.1
client
192.168.1.190:8080
4787fbcd-9b88-411d-86f3-9a4da6d1b091
-
encryption_key
9125BEED3E3189E9FC0B8834A851F5BAC4D273FD
-
install_name
Aquatic Raider.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
snfr
-
subdirectory
SubDir
Signatures
-
Quasar payload 3 IoCs
resource yara_rule behavioral1/files/0x000200000002a7b7-89.dat family_quasar behavioral1/files/0x000200000002a7b7-143.dat family_quasar behavioral1/memory/936-144-0x00000000003D0000-0x00000000006F4000-memory.dmp family_quasar -
Downloads MZ/PE file
-
Executes dropped EXE 4 IoCs
pid Process 936 Aquatic Raider.exe 5060 Aquatic Raider.exe 4024 Aquatic Raider.exe 4752 Aquatic Raider.exe -
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 4864 schtasks.exe 4260 schtasks.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000_Classes\Local Settings msedge.exe -
NTFS ADS 4 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Aquatic Raider.exe:Zone.Identifier msedge.exe File created C:\Users\Admin\AppData\Roaming\SubDir\Aquatic Raider.exe\:SmartScreen:$DATA Aquatic Raider.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 864074.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 480320.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3800 msedge.exe 3800 msedge.exe 1924 msedge.exe 1924 msedge.exe 3888 msedge.exe 3888 msedge.exe 2224 identity_helper.exe 2224 identity_helper.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 936 Aquatic Raider.exe Token: SeDebugPrivilege 5060 Aquatic Raider.exe Token: SeDebugPrivilege 4024 Aquatic Raider.exe Token: SeDebugPrivilege 4752 Aquatic Raider.exe -
Suspicious use of FindShellTrayWindow 44 IoCs
pid Process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5060 Aquatic Raider.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1924 wrote to memory of 2612 1924 msedge.exe 77 PID 1924 wrote to memory of 2612 1924 msedge.exe 77 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3036 1924 msedge.exe 78 PID 1924 wrote to memory of 3800 1924 msedge.exe 79 PID 1924 wrote to memory of 3800 1924 msedge.exe 79 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 PID 1924 wrote to memory of 4424 1924 msedge.exe 80 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/O8pLMV1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb9d6d3cb8,0x7ffb9d6d3cc8,0x7ffb9d6d3cd82⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:12⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 /prefetch:82⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 /prefetch:82⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,7111286507238387378,11766552993074836460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4652
-
-
C:\Users\Admin\Downloads\Aquatic Raider.exe"C:\Users\Admin\Downloads\Aquatic Raider.exe"2⤵
- Executes dropped EXE
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
PID:936 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "snfr" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Aquatic Raider.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
PID:4864
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Aquatic Raider.exe"C:\Users\Admin\AppData\Roaming\SubDir\Aquatic Raider.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5060 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "snfr" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Aquatic Raider.exe" /rl HIGHEST /f4⤵
- Creates scheduled task(s)
PID:4260
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2200
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3480
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3640
-
C:\Users\Admin\Downloads\Aquatic Raider.exe"C:\Users\Admin\Downloads\Aquatic Raider.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4024
-
C:\Users\Admin\Downloads\Aquatic Raider.exe"C:\Users\Admin\Downloads\Aquatic Raider.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b4e91d2e5f40d5e2586a86cf3bb4df24
SHA131920b3a41aa4400d4a0230a7622848789b38672
SHA2565d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210
SHA512968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319
-
Filesize
152B
MD590bbaa873cb1024ace83f887dfde38ae
SHA1922416490e14f9098df969a56b75e7523f108e53
SHA2562ff8abbbdad2acf5f04a3b47624055a0f2c36a09b0db3945b494f7eb92ae87bc
SHA51260587031845ee5ae354c760bd2714a47ff561d3bd6e8aab7b2073d1b9c6b544c7eca94078d9cdefcd87b44adce4e814852c1e8f6af8ca3bdd5b0ddd0312e57b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5186e21adcf0c946cc7055348893de9cf
SHA1c2e3f63b1dc468bc251358e42bb7f9abd5936ca3
SHA256f3c1afb68380348140d2ac80d9887a0cadf285fb0a9de4c13ded2d4788ba4cdd
SHA5122ce50e43540bd5a4bc6e936a7c05f1adb935251596f4cd4f8e66bc4650c15592e8849d7831d107237d78f4e0c527478bae813253a48357739e926053207e9bf2
-
Filesize
317B
MD5afc6cddd7e64d81e52b729d09f227107
SHA1ad0d3740f4b66de83db8862911c07dc91928d2f6
SHA256b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0
SHA512844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a
-
Filesize
5KB
MD53984225318ec9827bf55627c04c36225
SHA174ac1a6b75c85720d397a0444f51bb945bef3df3
SHA2560a3edd2ecde088442cb1c1413627a45e3dd61ca564963be565e80aeb4a236ad8
SHA512a7c57d7e933cedd38806926682a4e6b6e0d28110c5e5090a2b2c6fabc3db9d76ec11d39064c495472a1148e60d0da7d61e86e3da6d04fb89c56873feb2a5a073
-
Filesize
5KB
MD53ff8d54d7e411e931bd2f7f88e48cbff
SHA14dbbc976ae3271b1cfb19e73719c51f737b5ac82
SHA2569a3d00fdaeef61d36ff7e10fce38bf4547084f49344d0aaa7591759960fe47eb
SHA512b4d8b4fe79c1c5b152c9b610e434acd5748693f69c03fed3caacb0cb5bab8a154e4c9fa1806f68080c911fe1329ea3d14227dc26f7a10cd3ad3e7c67bf5e2e4c
-
Filesize
25KB
MD538e0f825a71c236dde48aa2f551fc800
SHA11aff06111b765ed4e382b9216101e1f54a09d73e
SHA2568018002d860e6370cd760a83b61d41f77cfb9473aeafbf630b27e4b4a7c100bf
SHA51228fc9207402287a3742a8b409aa0db3d570cbd8e456c4ece1ced7b34b6d22f8fd0a2f699142090a9fe54062b35082560012ae80aa9785ce2b21da0aa9bd40399
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD50bc57bd5b8fb3af28a32a2e278547264
SHA17b9730c08f8409c1751e80a82c2ec478f39192e5
SHA2567eddd51b353a7ee3eef7ea1756720e33ffd5cdcb0e153fa2ae3df1a7d23da189
SHA512fb4c6d924acf5c135f3ff1aa1043a75fa5f0e3b207c7d3cc3f9188986b02f0f1484c51cd258d0824bbb1a6ca7920708a075fe23b4709a84f29869fd7922926d9
-
Filesize
10KB
MD57e7f8029e0184a5d4343c5690e817211
SHA1b06c089fa85cf1cb3d0c2ab65e909c4bcb7ebdee
SHA2560bd3250d6a8600746817c15e7226382fcabec9d80d122d0d693b9736d32a378b
SHA512007618f4b809a09da12daac2da25d1419348ef3e9d42ee210f5c52c59ee69310471b26cf5b978be0aaa7ae167489a8da6a13f57d0ee1c28442ca87b15189f363
-
Filesize
2.2MB
MD56a473d167e00e45c8234767311439736
SHA1f150b38141d4c6c1076c40ae7ee8421a814ee34f
SHA25635ce70f1f184a0b82ffce9cc4ec959c4e2b23abbbf7fbe465ddf5b25c2ee3403
SHA512a9a3ff6a9e5d154aa2bc3ba1d517fc6f734358c94cbe59e226c93fda2a8d1b5053df94087214574d469834fd9fdef17662ee3ed683fbb62cba8b1c153e22e603
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
3.1MB
MD5308d0ff88a914a66394f2f44d1e4865b
SHA18df9c9032084f3d1e70ec652c05deb9f66b02fbf
SHA2562b86c52709a832ddadb00fe12ca74aed9cff98c2b4a83eb9afeffcf3853b87e4
SHA512e5483aa1e2b79e04aaa4e4d3a769714fb1274ed8ec6cbf1af883da69d9f87c59daf067f6eeb356a0045a8593e10210e06ea601539cf920898a373f8aa2e4b4ee