Analysis Overview
SHA256
caeadc9fe15c86a04c0cbc13445cf555b14ad95b5d3a4104d62e72fdd371cdb7
Threat Level: Known bad
The file c803b24286b85e84999728e62074f29a was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar payload
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Looks up external IP address via web service
Drops file in System32 directory
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Runs ping.exe
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-14 08:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-14 08:55
Reported
2024-03-14 08:59
Platform
win7-20240221-en
Max time kernel
172s
Max time network
180s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\Quasar Client Startup = "\"C:\\Windows\\SysWOW64\\SubDir\\Client.exe\"" | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\Quasar Client Startup = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\cmd.exe\"" | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\SubDir\Client.exe | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SubDir\Client.exe | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\SubDir\Client.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\c803b24286b85e84999728e62074f29a.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c803b24286b85e84999728e62074f29a.exe
"C:\Users\Admin\AppData\Local\Temp\c803b24286b85e84999728e62074f29a.exe"
C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\cmd.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Local\Temp\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\0WRZ4k44txBc.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 1492
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
Files
memory/2500-0-0x0000000000830000-0x00000000008B0000-memory.dmp
memory/2500-1-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp
memory/2500-2-0x00000000006E0000-0x00000000006E1000-memory.dmp
memory/2500-3-0x000000001B260000-0x000000001B2E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cmd.exe
| MD5 | efb08c8abd228dc2c608b4b2ae81f8e5 |
| SHA1 | 4c132ee66fb7ab5e26989f07d72fbc81d4480f41 |
| SHA256 | bda07aecc578ff4d3f853070643e8cda8f90c3ecbd73132bc75ee17f70b84863 |
| SHA512 | b3f8fa4979321dc1cf0032f36cb37c17a63e396fa2f70bd076eff8d32974c9e1b7a0f3ecc6b8b788c56d3cca131dfd3f5e6b938ceadab0cfa1a3d97e941fd962 |
memory/2500-10-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp
memory/2464-11-0x0000000000D10000-0x0000000000D6E000-memory.dmp
memory/2464-12-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/2500-13-0x000000001B260000-0x000000001B2E0000-memory.dmp
memory/2464-14-0x0000000004C30000-0x0000000004C70000-memory.dmp
memory/2500-15-0x000000001B260000-0x000000001B2E0000-memory.dmp
memory/2464-17-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/2464-18-0x0000000004C30000-0x0000000004C70000-memory.dmp
memory/2464-24-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/1972-25-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/1972-26-0x0000000000E40000-0x0000000000E9E000-memory.dmp
memory/1972-27-0x0000000000B00000-0x0000000000B40000-memory.dmp
memory/1972-28-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/1972-29-0x0000000000B00000-0x0000000000B40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0WRZ4k44txBc.bat
| MD5 | 8b40d57aec119a37c045dd2d4eabc66e |
| SHA1 | 49c08719cf7f2e8ae9ebe3c1beb73dfaf17c11d1 |
| SHA256 | 8d9c644b15f78f3b61738a3a8deaf38f7eeccff37eee0bb16394996167af0d68 |
| SHA512 | 6317b618950c8588b1887f50de3a69939a51eceb8b8748aa70f6cec1365b8b7e88cd94b7fd49e7e5c9f98225d31b08dbab7a1c58b61bbd118b3671de4897fae8 |
memory/2752-40-0x0000000000E30000-0x0000000000E8E000-memory.dmp
memory/2752-41-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/2752-42-0x0000000004A20000-0x0000000004A60000-memory.dmp
memory/2752-48-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/668-49-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/668-50-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/1972-51-0x0000000073CB0000-0x000000007439E000-memory.dmp
memory/668-52-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/668-53-0x0000000140000000-0x00000001405E8000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-14 08:55
Reported
2024-03-14 08:58
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Quasar RAT
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c803b24286b85e84999728e62074f29a.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\SubDir\Client.exe | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SubDir\Client.exe | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{48919F8E-078B-459A-BC24-C1286632461B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c803b24286b85e84999728e62074f29a.exe
"C:\Users\Admin\AppData\Local\Temp\c803b24286b85e84999728e62074f29a.exe"
C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\cmd.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5yvfqnmlRxXn.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2272 -ip 2272
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 2216
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8778d46f8,0x7ff8778d4708,0x7ff8778d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8cIPnToldDNa.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5492 -ip 5492
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 2200
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BdLzpVKfjQSG.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3036 -ip 3036
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 2200
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lGKuU6yK0ylt.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5352 -ip 5352
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 2208
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\t5LkbtXG4uA3.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5516 -ip 5516
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 2204
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1i1ABXMmhrSm.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3472 -ip 3472
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 2204
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5792 /prefetch:8
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CXQ19QGPScq9.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3432 -ip 3432
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 1772
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lTQbEIcNTLEL.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4980 -ip 4980
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 2220
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQjLNgQBcDQU.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2308 -ip 2308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 2196
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2zrNovLba7ao.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1976 -ip 1976
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 2216
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\chbkGAlgEntu.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2908 -ip 2908
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 2240
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
C:\Windows\SysWOW64\SubDir\Client.exe
"C:\Windows\SysWOW64\SubDir\Client.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3763272749212379622,7474944179158077676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qkeojmxt2RKa.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4296 -ip 4296
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 2188
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\PING.EXE
ping -n 10 localhost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| GB | 92.123.128.152:443 | www.bing.com | tcp |
| GB | 92.123.128.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 152.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 176.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.134:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | synapsex.co | udp |
| US | 104.21.70.188:443 | synapsex.co | tcp |
| US | 104.21.70.188:443 | synapsex.co | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 188.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | 26.134.221.88.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | cdn1.synapsecdn.to | udp |
| US | 8.8.8.8:53 | noelsfreexd.ddns.net | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| GB | 96.17.178.211:80 | tcp |
Files
memory/2636-0-0x0000000000170000-0x00000000001F0000-memory.dmp
memory/2636-1-0x00007FF880C80000-0x00007FF881741000-memory.dmp
memory/2636-2-0x0000000000A90000-0x0000000000A91000-memory.dmp
memory/2636-3-0x000000001AE70000-0x000000001AE80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cmd.exe
| MD5 | efb08c8abd228dc2c608b4b2ae81f8e5 |
| SHA1 | 4c132ee66fb7ab5e26989f07d72fbc81d4480f41 |
| SHA256 | bda07aecc578ff4d3f853070643e8cda8f90c3ecbd73132bc75ee17f70b84863 |
| SHA512 | b3f8fa4979321dc1cf0032f36cb37c17a63e396fa2f70bd076eff8d32974c9e1b7a0f3ecc6b8b788c56d3cca131dfd3f5e6b938ceadab0cfa1a3d97e941fd962 |
memory/2568-16-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/2568-15-0x0000000000570000-0x00000000005CE000-memory.dmp
memory/2568-17-0x0000000005540000-0x0000000005AE4000-memory.dmp
memory/2568-18-0x0000000005030000-0x00000000050C2000-memory.dmp
memory/2568-19-0x0000000005110000-0x0000000005120000-memory.dmp
memory/2568-20-0x0000000005120000-0x0000000005186000-memory.dmp
memory/2568-21-0x0000000005CF0000-0x0000000005D02000-memory.dmp
memory/2568-22-0x0000000006230000-0x000000000626C000-memory.dmp
memory/2568-28-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/2272-29-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/2272-30-0x0000000004EE0000-0x0000000004EF0000-memory.dmp
memory/2272-32-0x00000000066C0000-0x00000000066CA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5yvfqnmlRxXn.bat
| MD5 | 39fa50b1ce1f717e3cdf0b935ca7ede3 |
| SHA1 | 213c3e8463c921238c4c75dffe90dc0686e7f11f |
| SHA256 | e46a13d32c85203793523bd4166559a1f4a7cb20f716646b5f828b08f22aca60 |
| SHA512 | 4d6c5755e50cf8d64a7f97dfd191126409bb88337673392ef447e165095d5027e6b2c986a74974b9ce6786ee652042342c77304b5fc7398f4a5633d37d5ce687 |
memory/2272-37-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f44d6f922f830d04d7463189045a5a3 |
| SHA1 | 2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c |
| SHA256 | 0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a |
| SHA512 | 7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d |
\??\pipe\LOCAL\crashpad_592_VCZHLXIQQGGJAJQS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7740a919423ddc469647f8fdd981324d |
| SHA1 | c1bc3f834507e4940a0b7594e34c4b83bbea7cda |
| SHA256 | bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221 |
| SHA512 | 7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43014575c6c16e624f69cbd01c1ad4d8 |
| SHA1 | 54a3e6834b71d9bee28e3facf2c5bdd9a2ae80bf |
| SHA256 | c7df834fcfa8bb72a0a6c1072ab66622bc2f7ff70fe296fecfad583970d84665 |
| SHA512 | 4140539e8c98c26750866bc4dd79951ad5c560228555a5ddb5d0ad6794d3b7fa2a3a2885d553f61c41ab5fc4031abe53f6873dc6defdc453923d5fef6312c22e |
memory/2636-62-0x00007FF880C80000-0x00007FF881741000-memory.dmp
memory/2636-70-0x000000001AE70000-0x000000001AE80000-memory.dmp
memory/5492-71-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/2636-72-0x000000001AE70000-0x000000001AE80000-memory.dmp
memory/5492-73-0x0000000004AF0000-0x0000000004B00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/5540-80-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-81-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-82-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-86-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-87-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-88-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-89-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-90-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-91-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
memory/5540-92-0x000001C3A92C0000-0x000001C3A92C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | 21078325f83e8963ae58a4f86689c5b4 |
| SHA1 | c6b43d9c4e663171f722453bba305a20fbafcb4b |
| SHA256 | c827dd81936f8d9756bdda01fe151e2b80fee1c33db5bc2849a61c380e616e9f |
| SHA512 | 89639a25a04b324e627231af047d8d3afedec4b80325251f8df08dc569e2f598ffe81f84fb04d534344b425dc73a05f8476b79434bf0fcea7d2ffad4fb5a6023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b87b9b662b48f3ea2259d0c7bdc6e7e |
| SHA1 | 3d980369161a1dbda211106c9db71ced15dc10de |
| SHA256 | 4c033321f49a81ca6b801944e1ccc685ea87349c3876811f801b2f5409546043 |
| SHA512 | 73d87b8ad35c17d7de3d6be43efce8f17dc11750ccd63fb4f6073cedb6e104bdc7be55b93aa5de8858e103697bf112885cb913bb839cc92e122782710b2f1822 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf7575350bf6d2a38efae0ccda12b5a5 |
| SHA1 | 75363bd8f07f63b04a7c6a2be5ff5bf7267f1268 |
| SHA256 | 88ce7362ca6ea7c13622066cf40465fb977d00ff3cfae1a7d78fcf7de963909a |
| SHA512 | d86c449b4c1d2d656691e821bb3dea4b0fb5f7af9577f1397b9e8f8a468311bc91b067e4b3b1e9869484f0af82a906e0ebe323534bf2ae89ecff1ab102553107 |
C:\Users\Admin\AppData\Local\Temp\8cIPnToldDNa.bat
| MD5 | d2bd6770141b02b1c96ae8c14c04640b |
| SHA1 | e783fa8b7633f0e77b993a639311a0a4d580afef |
| SHA256 | b64915a92c6439fb627fc07bdf04c259fb74d0dec3c9e62150dc28de2f01ff3b |
| SHA512 | 252a117cb1d50f67212cc0f437356562596effff3f4123d650d549f57876d903091ac099fefcac17736cf39bde0f4c0dcd81479d4f0ab4e069c91587fb09d749 |
memory/5492-113-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/3036-115-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/3036-116-0x0000000004F10000-0x0000000004F20000-memory.dmp
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | ba4f3d670eaf86f5a4d8dd97bf7e2d7e |
| SHA1 | 871d41d7ea05cb961dd690710a78bb73cdbe71fa |
| SHA256 | 9b67920a119f2e628b0a436eaded09576fd334a974b23eaa48fa81379e426cda |
| SHA512 | 7183ab4dee1d30030bfb04c43cde95da6f48f73d6cc09987df6a718ff125dd30815f835be6523d4cc71ced4aa9a255908e30134a5e32fa476e54c505d9b41f6e |
C:\Users\Admin\AppData\Local\Temp\BdLzpVKfjQSG.bat
| MD5 | 63dba4453833bb9defdafcad7eca4aa5 |
| SHA1 | 39ac956bb4195d13367fd6604520aebce92234dc |
| SHA256 | d027cef164049c46f1ed28aade895c9777f9cf26ba9528f99e49c2b3a1cb34f2 |
| SHA512 | 2a9328709920f07a13d4e463bd641e2e45ca61111d1c2685c95a04cd5df971a08be5e1259ff99ad7e35230a1e3588a981227363e1ae831f59468245e5aa824cb |
memory/3036-123-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/5352-141-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/5352-142-0x00000000052B0000-0x00000000052C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lGKuU6yK0ylt.bat
| MD5 | d560d8cc65735751cadf8c647af34796 |
| SHA1 | dc55ecccf69007e7eaf8f9b2e8b29f3cdb1ab740 |
| SHA256 | a918a40a11853d9aefe2d3e5d5aa50e9c6fd2a1b5e4e5501316604d1a9c59e42 |
| SHA512 | 3bf79f9b2b1d2fbf2a794470d3e51772e5a3a1e02fd47719860139c1fba94edaa11b4b03b727e91b90f2b9978f77685f226e8a686a1eaab68b764d2c61aeaf19 |
memory/5352-151-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/5516-162-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | 7af279f6cba7d802225cad0bde1d83ea |
| SHA1 | 304f1602405476da89101013107af5aabbae297b |
| SHA256 | 46bcdb7c3f77891aecf351fc0f227940ee8b0137d81527fc17a29bb379d446fe |
| SHA512 | 9a260d9a87cc048c143bbb43f6efbd53adfe6843a58fc16a8e6c8752ba87a60cb4bae4c3d2063be763af9c7ba63a100464f561f74858b90300c36955e1d471a1 |
C:\Users\Admin\AppData\Local\Temp\t5LkbtXG4uA3.bat
| MD5 | bb83c768c10260f88867e054d39bc083 |
| SHA1 | c7a2f223f5ce7c96eb66246200cfa695662e7c97 |
| SHA256 | c0aafab2881d029a2a814d60fa71ada4e3a0954a38f52808613b0fe004026198 |
| SHA512 | b6d0c6b6312b94b837ae5131cf37ae34ccf8b6467a9a7847094b97f95d30b4b3cf2962bd96c020a8010b04c547babe0b0154003ecc581259dfa1f7ff3de91593 |
memory/5516-169-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/3472-180-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/3472-181-0x00000000059B0000-0x00000000059C0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | fd0b98ef2e1f79db7c454d9e6c70e9da |
| SHA1 | 6e41bb34ea84a562e9d5f7054293a7af9b838a4f |
| SHA256 | 1271154e73b06059d0676d730d69189c66175b134f524c8079758505999bfab0 |
| SHA512 | e9dcfff19140cafe55dcbccc1f065c0f9cdf543d07dcec78e2bcdc17725b973d3ba4facd04d9efe2660b023e8e9afdcb796f1bbd3c135d9e11c9c3e7270c7925 |
C:\Users\Admin\AppData\Local\Temp\1i1ABXMmhrSm.bat
| MD5 | a8279f3e7a71ef7fd3de3b334d4e0786 |
| SHA1 | fea1760c7de4ab819b0a29bc78077fcdc2b5f279 |
| SHA256 | cfaf1cfb12fc8f31ca3af0b6b868da35dfabb085aef216c02c77e4bdb1eed70f |
| SHA512 | 90a0d146d397382e0988fa7d13fc0616bc6e0cebc2c347681d686f561b776294127da888ab5e370dfbe4f7577e1d2bdc7298554557c13fdda5d62ae8c0a91eba |
memory/3472-188-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b6033a821c96fac252c07ab58b63bf5f |
| SHA1 | fc68a05ae88450da7f81502ff6de6fe0d95c4a93 |
| SHA256 | 777b41ecb4798a9126eb6724f2b36f136746ac1a23891a3dca988fbc7d75121c |
| SHA512 | c710cc5ad5180522d5afb5d24ffc13e15764bcc3fe8e6b33ad39c49a67d502be70452fcd7a19f324f7009e61554ff24ebc6de92dd195e8567f137a78a3dbe5d6 |
memory/3432-285-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e903c76e85145bc707ff655a8839a52 |
| SHA1 | cfbcb345f2556c3c8384a1217f994c71b39c1862 |
| SHA256 | 16810d7496ec8ac7b37b6b3b41cff7a9e06230204ce4fa7d1b954b02cd67ac78 |
| SHA512 | fbd6417c37484dbf95f328516b2ab357d9f1cb17fbbbac7fa9308486fa818eb7aac2146e8564ec0bf87108ac111778da6270cc9c27ce2391d958a1a1f6bc7940 |
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | b5f150f29503def329b8c4ed483755f4 |
| SHA1 | 7c937092e2a18c6568ff386e64000994d0b6e1ae |
| SHA256 | da3888a05b2c7498ddbb3b8f031fb859ce72c4692ca1605b5268f1defe0cfb44 |
| SHA512 | a6ab1492083049c67e6fe4e21924c8f94e71d66b96918a178be4f632314a0c901e2c4934731af7ea83ac9cb7c61335fcf5003f6d284a0eea5e4fcd2bab25bd5e |
C:\Users\Admin\AppData\Local\Temp\CXQ19QGPScq9.bat
| MD5 | 7e4e245d48c50d319f5071b33db18949 |
| SHA1 | 68c05ccd4d4da7e5641d5ce9dc158f181e4238d7 |
| SHA256 | 9181cd297fca939f0268ee20b2f1803975a88cc569787fba0d965775740291e1 |
| SHA512 | f4d6e52cf6726f2b3e89329bfa07c1732e9fdfb3437e6eebb5b6daa3a100a44b1cd04c577447557a77ef71413b3c41dad142aafd37cad41ba0a234f125e5364f |
memory/3432-352-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 97036f291cd93f105818adb5662e048e |
| SHA1 | e2a875356a7c875628a390d06ff83ce9947cfc0c |
| SHA256 | fb7e8cf09e4d38d74bcb267da3b066688274c217ed4348e8923fba6f3ea1ae34 |
| SHA512 | 1eb4f2fff2d3427b5c6d2b4ef695266a4f66ec836ea7c1d2c1adb564b82d9aa31a57cfb0333c27d10b092122abbf6d5089c81f8853e89fae6c4f07a3a8a35266 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | cd44c87dbbaf120ef787ecab0267548d |
| SHA1 | a4fbaa0cc2bfd613cb0998eaff52a8e95ba45d10 |
| SHA256 | 5a0b80a0ffadf2bd7ee0567a288cd0c0531ce24f03607daf4ce7c3c20bd69e2d |
| SHA512 | 2d4a2ec3a77deec3146bbb89cfca1821e1c4ee9848bdc594f8b642207424b4e2437ba13d67da51e417046f6fb230f847db98de67ebbb0bfdfaf414a0fce03faf |
memory/4980-572-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/4980-579-0x0000000004980000-0x0000000004990000-memory.dmp
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | 0b2eb5c180089cb03b7bd081daeea0a1 |
| SHA1 | 61914875a9518366e65d6eba71ed3a369d105666 |
| SHA256 | d0ad7af8e389ae7afb8b4a064790b6ee36fd9482897eea3e46c3ed7bd302f673 |
| SHA512 | bf6ee10c9647af3d8b92160276aeb511c00b54275d3cd70de4e3b9e193c4453400ba3b76cb2dfc96737014cbb6e4404a42af1d7a4e43a1f8250a4ba20e19227e |
C:\Users\Admin\AppData\Local\Temp\lTQbEIcNTLEL.bat
| MD5 | 1cb1a7d60b3bc3f310a30dd2e3583f9c |
| SHA1 | b3f1067fdaed74bac9ecaed1a6a49a159f0c4127 |
| SHA256 | 7a4eee685e3ec17bc907934ee96147beac32e63c1f4060ccb586e6777e249cf2 |
| SHA512 | d62ad3038407351fc360a8948cce80f391fbc6b4cd1d9ef5c72de8b20a0a082afbaf464d7fb0ec184414301115c135fae342a4f1310043fd9794cc13ec057503 |
memory/4980-614-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cff3e6e72f314fa910a42aaf285243e1 |
| SHA1 | 6da95afae1e396ce69e07ddbfd1c9ea11daed22a |
| SHA256 | b1b50cf30cb17d9092bbcd46726f694872acc789bfdf33ef10bb207af754d416 |
| SHA512 | 0bed6da18ce3f788ae0644440aca3ce476ecb1bae3cb444ef466f838cdd6fa81596680521c86294126e02f57a9f3afafabe7b1cb4f45e9ed47e9c773b20051d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cb4a.TMP
| MD5 | 4e34cc7014436ce21c0467995a05fb83 |
| SHA1 | 18e2d1e0bc86fe9138c260ea3a67e671b7613c43 |
| SHA256 | 67309584217e3500d0e5bed52b316da6c5edefcb082a92003d5f6480612fef63 |
| SHA512 | 57f6e068361631019edc7a9b0a02e41544267dfa0cf3c8d16807baca6f788e4849515c1019a4e61c0cc6e2cc0b0b7e1bf0645179c41ae75b56619be850f94627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de83dc96cf9d5b8dff8bfbddddb4ccdf |
| SHA1 | 2e9b4380daef95ad27cc010492d111a373b0263a |
| SHA256 | 47b3e7bd0208a7bd5c0381ea6122021094bcb56bd696741e8c06672ce1468cec |
| SHA512 | c5b895e41e5155fdd58cc1976be01283128c56bbb992ec64f7b54dc979b11e9e9bbe947acfc81c7bf9ed75f1f1b41f700251aba5c6e463cf3ba24fc156898e23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | f1ac243ba30b8d6986ec598bd30918e4 |
| SHA1 | a7f37252ef3dd93c2614227e8d9710b54d3f24bb |
| SHA256 | ff939d51ded278f14c1e138c8281f78755949cc224917ad4db2a3d6a87d5bb48 |
| SHA512 | 2a57344dfa0e700b56549e38f3833ba12306c38c7d8680f58c0703e13d336ff94ede1b6efe68fa9b186577c4761fcfd7cac1560e48a26f90e46951220fd4a081 |
memory/2308-738-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/2308-739-0x0000000005A70000-0x0000000005A80000-memory.dmp
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | 94bdc064ecd53d464f6b5c50c0356aaf |
| SHA1 | 53ec5a2ce162408240d2ab77a39751cd7cec254e |
| SHA256 | b0517bbb5bcd3cab25ef5a67e209c2abb493cb7a362080f0fa65e66372fbba8a |
| SHA512 | 28b9f7a6662ac6ee2abb511053ecf6179fb5199ef474e86bbbc0e9cf518020c63f073c4dbd27a3d29512c03b9953da1e5d2ff2256c8fd8e577e0a601ecb4db9e |
C:\Users\Admin\AppData\Local\Temp\aQjLNgQBcDQU.bat
| MD5 | f60fb81ed9a82a74c8d29ba14ee69eb3 |
| SHA1 | 5ce83f05b073d8a6ebbdd5aef412fbd00722e64e |
| SHA256 | 0860a19447418312ff6c54461a887f2c5f1f260ee94e76d3e91b0a552dc13712 |
| SHA512 | 41bb66c5acbcc2f1c6419d16e7e70cea84ab7aa3d458264675a2e89d1cf2f5321cad6ef1b525231c523d2e188268e6918affd4d458e2506a1e4f6e6ad731db80 |
memory/2308-746-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2dedb384f11a6303529c1677d32fd4cd |
| SHA1 | 16baa633c7d9f0382f5ea009aa9a5dbc36a35562 |
| SHA256 | 63ca7356bf1911ee10efa4cb8cf28bcc38ae4d6807278fe7b57f404fd3aaf8c7 |
| SHA512 | dddbf21c9488657061f7002ecbe6e987481120e1e0085b73b61252d6dcde37ff325f75c6920aff0cba4cb7ae8cae595a0a7a15c1360c3bc591869084b11c9d00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0dcf1153b8dfda0a162e8597cf54ad9 |
| SHA1 | ec8c3da0fedbe12b3313a401dc8057ed801083f5 |
| SHA256 | 40d03963e82876d99c0ea53f594f4fa7020ca73be6230b96431a61b665e8cefe |
| SHA512 | 232ae83628ddacc9c8b04c8692a1efe17580c4a2020f981e0ba02d315b96078ba9d06c59ebc0e43257a51e064f38622f70f3fdc03280f9739989919ae87d5893 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/1976-786-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/1976-787-0x0000000005300000-0x0000000005310000-memory.dmp
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | bebd5c66a8dc631d112fa15a004607ec |
| SHA1 | 6d33be5c5e5b5a46b477497d94d7240916466491 |
| SHA256 | 9c5b2f53604902695e3a17e34089f0ac62d65c1a3facdbca242e583615d1ee5a |
| SHA512 | dd8fcc501e0e48691325767a92c27fa0ad33c6c1b8672c9f2fc63a78b52b123f7e50c28194a1adf31cacbfd883ae081d77d6514b4096b9de74bee24284982359 |
C:\Users\Admin\AppData\Local\Temp\2zrNovLba7ao.bat
| MD5 | b20119a9895ac52563a050f05a2f3d74 |
| SHA1 | 59b045b5382fa7d38e974a592ef8324756e867c0 |
| SHA256 | 14156a4b7e9c70bb567653b3b54c163d0cdbc537faea8da47a28196a412847f1 |
| SHA512 | 5fe9fb8939b9802d340d37d89d2137dc45c4b78ffb3e212e29c3f72049913734fd9d1704cf3992eb74ea0abc3f693e22f42e12813b5de9a53e876aa2e45760c4 |
memory/1976-794-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d0347f7af986850aa329e96ac5893a2 |
| SHA1 | 15b4c55c8a8f7b0fba4b45d7e180aa247f9934d5 |
| SHA256 | 0f806b0f36cdb2671b2f4b8ebf4fe6ae0fea0c9278fb39bd3cb3850126b79760 |
| SHA512 | d4010d50b2c4aa433438cb0bcb901577956fb4708bdf58fef790bc50b1875620c24da0c8afecaf27a0ee4004308e88050f42507538520400325c34cdace9114b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | d910e73194aa47b8a69c0596cf0121c4 |
| SHA1 | b00e0a33b4195292102250144e22a6770372a9a1 |
| SHA256 | 60061f24c61ed182abad2f88a4898aff431e079c0f6b9fda91eade54738ff19c |
| SHA512 | ad39b501fc9fd2a94f4f4024a0e00e0d9dec78080657681255fe9a4c4a081633679d2a3f030d2567be073616bac6995fbc8ca001f77fab2ec30b50a081bd2ab5 |
memory/2908-847-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 98a8a5d471fe111c573e93bf61d14b6c |
| SHA1 | 75a0d1a33fdb53af8ff78560e6a716fdc37b539d |
| SHA256 | a3e0a65923306d126ffe4f9ca8b2288dbad7a02e8b8efb8c3a4ef8351889f9b7 |
| SHA512 | 100cfaa619b5136ec83ac82c9a2333216716581ea7bbd934a964fa03fb9d92e695eeeb8e6425a3cc86348b654e15050aa1faccab7189fc4ce7e66bc9bf488c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | d6d1e7dd954ba6d6d40943020628e4e9 |
| SHA1 | ff21bb23bc72d6b523c9d9e6d5a67df6a7561498 |
| SHA256 | af7788b954f7d5bda174f934249443c931557c86bc89dd0ed1c70fbde3e5937c |
| SHA512 | fc982f32aa326dd99a757bb0f69546318260257d7a10e3008e09ba07309694eb0dd0986674d1e17d43f8fa06a653d2c0dbb2626868b60a86833614c9a708198e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 17638a050e2d849a50bff892bbab78df |
| SHA1 | bb37f6dc9198a28ebb2f6f9fd2bf4d81ed2b807b |
| SHA256 | 53004a91c39704dcaea8f54724c730695a0d43bfba2da764caa44e6da1aa2eab |
| SHA512 | 179615aeb045f21fc297a52bad9e9abf4aeb132b7cd89843d5c37b7eef90786358f5202ea95cf28db7fdb7064bf56aa7d8a27b1315e24cac1a743ceb36b06dcd |
C:\Users\Admin\AppData\Roaming\Logs\03-14-2024
| MD5 | 4c7c6888c6caeeba51c75d6d42e9dd6a |
| SHA1 | 0cc1054320d2478fbd930e567db85227023df5f2 |
| SHA256 | d82a325520b6d72fff8d732c567ea4d085744e0da91eafcdfbc1e4b1319e2133 |
| SHA512 | 5c14f725943e00a8e7e5e80835347c859abc77bcb1d88f91d92a1e93c0ade5020b31eda012dbfaea0715751d29d49b38a95826518d5f18f652280b1329eaa833 |
C:\Users\Admin\AppData\Local\Temp\chbkGAlgEntu.bat
| MD5 | 1df45ddcc297a0f08c1f7b38dbafec17 |
| SHA1 | 75be05e23aa4ba8997f2e6cf74c570361efe965d |
| SHA256 | f5e4d7602918cfac033cb54a7a44cbc9b51f52a93ad8157f9f268f5f832ac47e |
| SHA512 | b59930bd2445ac808202af7f5f821922c1649ae0010a09e2b129a7e15bbd292ad76e577bbc9915d1dcde277f0b56b03d207c4578cf3eef259f86674a3282ce3a |
memory/2908-934-0x00000000753D0000-0x0000000075B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57a7545e1e3dd1c2_0
| MD5 | ac06aecc4f2431525211cce8e5f71c33 |
| SHA1 | 1d28f6527ee07fdba4c46d3fbb2200ec576bd1a0 |
| SHA256 | 31dab55fd69f39cb429c170e23a92402d4a7ef7d65ab9a44daa5c3e4794f69d5 |
| SHA512 | 15ade5ea579ad3e271b0736490b8c8312a65287b8038a750afc82b9e48ddbbad667638045e4b555ecbdf23241b8c073cfae318ee7d2c2f75b5359c8446679da4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2df7d7123311c9131b92118d5e9a02ef |
| SHA1 | 9eae9f902c03b265c58cd57e8d9e59366f828824 |
| SHA256 | 98d8f6901cd7324c4f4c111efdb9859c0e7887c633c0bdaf22e0ca657bb21e42 |
| SHA512 | b87087ae8014cebc81bafdf6eae3a26bb2d88433bf59cbe95fd3d23159527b826db287ba81f22200cbda6b98967dcfcdd245d444b2fc42571b4631d3716b0665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 96908a46b1b18eb8989a8fc1a69d8d8c |
| SHA1 | a343887e5fa762da4304fafe0b8ade599433d052 |
| SHA256 | 92139e652c2c135768afc6d808f2182160636b250492a28552d9ab277a32ed92 |
| SHA512 | 48274d31be0bd10919d868147b3f614d15bdd9e6197ef0300f06ebb9c94a47b436fc7eba0c96ea7caed9fe680d37bf373a04ca4cc5821191b9cb6f1ab0df4b49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\535c53bed1fe3b5c_0
| MD5 | e264132e26bc93b707526c9f0b979004 |
| SHA1 | 510db596265cef6e2d59f6d9085dbc17f510cc11 |
| SHA256 | f07b0b5c88fdccf32eba6b08d4057cb11457b5d046583c5f225fe8021990729c |
| SHA512 | fbdee1f3cdf712cfa02e19604626242207a16ca7a2817757b31c48f07ad1c2ac755adcbd4faef992e2815be20bce030a9590cb7a328e0680c0bb8e806f1da784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9708302212dd6027_0
| MD5 | 69741b3a3557eb46a679530d2d8cdd59 |
| SHA1 | 7c330b1c62efe73b59444a0e9ff8a6f3ef9ef818 |
| SHA256 | 6b84a2c283ce0ee1aeb091d8867e3be9f334de5f4e072487cf1f3359576b97f1 |
| SHA512 | 0d2a3986538b4b9975f63e99e697458102a07af03e554b81ed8f7fb3649ca5d1e0e3cd74689ec9a50801bb2f24113179be050c283b1eda6d888c0d3698e5ea99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ba29808787470df_0
| MD5 | c014d815b1a7ad6480c6abfc59fca563 |
| SHA1 | 67f8289ce84b74b126226e500f62bebfb189071d |
| SHA256 | 4bafcbd4b7575b1ad727587c88f872244aec53d913c606a3ea64267d7c555b6d |
| SHA512 | 6b492690039e9442d3f31e4e31fc422da21c77c3c456a96a4d238debd7f900f1d1d9e8053a08e0ebf246dc57e53ac3ffcdc5dfb3e5a06b93beac8bae2e1bf46c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e77790e4598fed_0
| MD5 | a9cc7ed3c4dd4f4c2acbfdee73df98c3 |
| SHA1 | f5622c935991f655ea4959279eb6c729406dec47 |
| SHA256 | bc2b46cfc18792975518f19ebefab59851adc4d44e512066d429a67f5a869bdb |
| SHA512 | 4e13e9f2dc64dcce610a1cc2aa76c21b64e353e30aecf00eb9cbd7c02e91e8b733074efe428db500d34cd636f7e868166f790c226d068980317fed8a995806cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 705faf924a5cad6ba670ca41e6b4e7aa |
| SHA1 | e4ac8bf444d4d5690d6bd79fc3b777a5ff076eaa |
| SHA256 | 0be23c1516c0dff2ed075d520a69c365bd3bbf4bba935cca5ddc071636e0b9b9 |
| SHA512 | 92ba1dc28da6e171be179b3188621bc26e20ad89e81ba94038b08cbdc83df0dd111662b63415bbc15def987cd62b1cec289e2ae77c8786b8d9bd2993f2aed3b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 775f95318e4183b12b80c06feb4a9d75 |
| SHA1 | 689008637a9552201220550db991928aace8204e |
| SHA256 | e1978fde4e7194e7aebc51382b119e7d7dabac4093bd6677825df69d0ef1e598 |
| SHA512 | d105d088286183f641688409bdf14d84d3b3002e2d8a382d34d58700a3f2d7aae360a52ce2a4b8ee862d24a5e324dc51a551fa0e252bfcd77d237b159bafdc58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5928977a68198db2b1d7ceac1fc08eef |
| SHA1 | fe28e16e5b9780b9c719d2bf4c14c3cddcfe858f |
| SHA256 | b2badede0f58bf7f958f09852aa4a3c9268d8cd8085a14a951ecda7a0386c3a9 |
| SHA512 | a37a6e79492409ac3154618e44fe44999acfeb812d53e83f409dabcb7677ec8a7faf59f7ea6b1e5cccfa5134884f94052c2c612e5e3c5584c326a61bac221a8a |
memory/4296-1033-0x00000000753D0000-0x0000000075B80000-memory.dmp
memory/4296-1034-0x0000000004E60000-0x0000000004E70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 215620bb336171f0ea691180140abc3b |
| SHA1 | b595aad4fe67fc6839e1643bbc7cfb331a0764ae |
| SHA256 | 3dc60f687bb48d39395156e8168fb08545f374be23067e914ec98b4a9a67c81c |
| SHA512 | fcf37cfbcbad90851831ccd40ced6000e0c282865693af9d98bb727e13e70d599d4060cf363d0b8ccc42661d38e76fb6580dbd72447b479aef81f0d61432ddb0 |
memory/4296-1054-0x00000000753D0000-0x0000000075B80000-memory.dmp