Analysis
-
max time kernel
515s -
max time network
509s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/03/2024, 22:28
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Quasar payload 3 IoCs
resource yara_rule behavioral1/memory/2996-566-0x00000220CF6A0000-0x00000220CF7D8000-memory.dmp family_quasar behavioral1/memory/2996-567-0x00000220CFBD0000-0x00000220CFBE6000-memory.dmp family_quasar behavioral1/memory/3216-608-0x00000176F7D10000-0x00000176F7D20000-memory.dmp family_quasar -
Executes dropped EXE 1 IoCs
pid Process 184 dotNET_Reactor.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 100 camo.githubusercontent.com 104 raw.githubusercontent.com -
Program crash 1 IoCs
pid pid_target Process procid_target 1500 2308 WerFault.exe 181 -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff Quasar.exe Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" NjRat 0.7D.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 NjRat 0.7D.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff NjRat 0.7D.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\NodeSlot = "5" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000005a589879100041646d696e003c0009000400efbe5a5841717d5888b32e00000084e1010000000100000000000000000000000000000029445800410064006d0069006e00000014000000 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "8" NjRat 0.7D.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{3E6516E0-265F-4091-903D-87A91AA4BC59} msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" NjRat 0.7D.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" NjRat 0.7D.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" Quasar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags NjRat 0.7D.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" NjRat 0.7D.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{C1215A70-B147-4A7C-A9D3-0FC1F2C8C042} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" Quasar.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 84003100000000007d58aeb31100444f574e4c4f7e3100006c0009000400efbe5a5841717d58aeb32e0000008ce10100000001000000000000000000420000000000d7e35c0044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000 explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 Quasar.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\MRUListEx = ffffffff explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" NjRat 0.7D.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 = 66003100000000007d58aeb310005155415341527e312e3100004c0009000400efbe7d58aeb37d58aeb32e000000b4d80100000006000000000000000000000000000000705b53005100750061007300610072002e00760031002e0034002e00310000001a000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" Quasar.exe Set value (int) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" NjRat 0.7D.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Quasar.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2264 explorer.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 2008 msedge.exe 2008 msedge.exe 4780 identity_helper.exe 4780 identity_helper.exe 1128 msedge.exe 1128 msedge.exe 116 msedge.exe 116 msedge.exe 4480 msedge.exe 4480 msedge.exe 3468 msedge.exe 3468 msedge.exe 2872 msedge.exe 2872 msedge.exe 1500 identity_helper.exe 1500 identity_helper.exe 4296 msedge.exe 4296 msedge.exe 1600 msedge.exe 1600 msedge.exe 2488 msedge.exe 2488 msedge.exe 1972 msedge.exe 1972 msedge.exe 4536 msedge.exe 4536 msedge.exe 2156 identity_helper.exe 2156 identity_helper.exe 1528 msedge.exe 1528 msedge.exe 5576 msedge.exe 5576 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
pid Process 2264 explorer.exe 3216 Quasar.exe 4580 NjRat 0.7D.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs
pid Process 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2996 Quasar.exe Token: SeDebugPrivilege 3216 Quasar.exe Token: 33 1488 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1488 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2996 Quasar.exe 3216 Quasar.exe 3216 Quasar.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2996 Quasar.exe 3216 Quasar.exe 3216 Quasar.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 4580 NjRat 0.7D.exe 4580 NjRat 0.7D.exe 4580 NjRat 0.7D.exe 1704 NjRat 0.7D Green Edition by im523.exe 1704 NjRat 0.7D Green Edition by im523.exe 1704 NjRat 0.7D Green Edition by im523.exe 4512 NjRat 0.7D Danger Edition.exe 4512 NjRat 0.7D Danger Edition.exe 4512 NjRat 0.7D Danger Edition.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2264 explorer.exe 2264 explorer.exe 3216 Quasar.exe 4580 NjRat 0.7D.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2008 wrote to memory of 1312 2008 msedge.exe 85 PID 2008 wrote to memory of 1312 2008 msedge.exe 85 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 680 2008 msedge.exe 86 PID 2008 wrote to memory of 4764 2008 msedge.exe 87 PID 2008 wrote to memory of 4764 2008 msedge.exe 87 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88 PID 2008 wrote to memory of 2104 2008 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c47182⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3312 /prefetch:82⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:82⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4064 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:12⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1816 /prefetch:82⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1372 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,3842196124593885369,3823961500235878710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:116
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2752
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2164
-
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2996
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\b67c3cd428e9442f91949ad6c78c1f5b /t 1900 /p 29961⤵PID:4512
-
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3216 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"2⤵PID:3564
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c47182⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 /prefetch:82⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3564 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:82⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1360278708413852512,4574883333052249153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:2344
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:772
-
C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe"C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4580 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Client.exe"2⤵PID:2956
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C dotNET_Reactor.exe -file "C:\Users\Admin\Desktop\Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 12⤵PID:2248
-
C:\Users\Admin\Downloads\NjRat.0.7D\dotNET_Reactor.exedotNET_Reactor.exe -file "C:\Users\Admin\Desktop\Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 13⤵
- Executes dropped EXE
PID:184
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4c8 0x4181⤵
- Suspicious use of AdjustPrivilegeToken
PID:1488
-
C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"1⤵PID:2308
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 4402⤵
- Program crash
PID:1500
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2308 -ip 23081⤵PID:2928
-
C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"C:\Users\Admin\Downloads\NjRat.0.7D.Green.Edition\NjRat 0.7D Green Edition by im523.exe"1⤵
- Suspicious use of SendNotifyMessage
PID:1704
-
C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe"C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition\NjRat 0.7D Danger Edition.exe"1⤵
- Suspicious use of SendNotifyMessage
PID:4512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8124c46f8,0x7ff8124c4708,0x7ff8124c47182⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:12⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:12⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:82⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:82⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:5380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6044 /prefetch:82⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵PID:5616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3165468873210479437,6227686400663142758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵PID:5624
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4360
-
C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\NjRat 0.7D Golden Edition - Rus.exe"C:\Users\Admin\Downloads\NjRat.0.7D.Golden.Edition\NjRat 0.7D Golden Edition - Rus.exe"1⤵PID:5632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a4f8b1f2f9fb6536c7354509fbf35948
SHA16c2e6476b1bb8b451312006755f6ef1bf647e083
SHA256146fd5fbf625d3e9f3899725231fe6369ed2985d3d7934b1cc39aa6a7a760bfe
SHA51224cb003b78f6f046c75fd4e2d86bb38f0f0bb1c5df994e4e507d97d18c5e8c1f9fcec731f60c6b7a967458828197fc54014b70e902330965a52852f643ca5757
-
Filesize
152B
MD5e494d16e4b331d7fc483b3ae3b2e0973
SHA1d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737
-
Filesize
152B
MD50764f5481d3c05f5d391a36463484b49
SHA12c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224
-
Filesize
152B
MD5f921deacd4aadfc57ccc8c1106a5f43d
SHA1f0269013da565761c40753477efd01aba81627b0
SHA256820f4ec228f1e95fb3596250960fac9120802466350ed5dd4aa563bfd61f30ad
SHA512fe738df869398635eecccd5d5b2c5e8f6d328e73454faaf4fde8f08500369faff91546bafd4962b4e1be01bf11d24ee1915801db9582490a4e97e156a56a8816
-
Filesize
152B
MD50f13d8fc079b2105c3d2d36ef3903cde
SHA1241c045694faeab6cfcbb199aaeaa02d4ed87bc5
SHA25656e2729409a4b1712f5caa058cda65888545a54e0f6403f2be5aee1b7a6b04b0
SHA512d1938a6ad89229ff3bd2ae304afa17e6ae92a48d3d22a03a961cb6ce5269e1d95c4a81f5efb54fa1f56dd3aa908f83d00cd0fd8da3c53fbc1c5aa41dd5e83048
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\560d3e94-607a-49d9-ad6f-2c725745959b.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD5a655eb8caadc6149fc3988833bfce462
SHA1bd34fdddd85201b13c72cd31cfa3e6d868af0315
SHA2568b7905598332c694c4a15db50a0b4beb9f403f221a7c2d40743330b3643a841b
SHA5124460a97032222d53ccaea504d9e4f124d36a442e25273aec36c8b30cbad2328057616f928f8e5f04cbcf16e6ec945858d4b24cf81562cfc32a872c6c4f179329
-
Filesize
264KB
MD54fa9818f3b491d2e2545a1c6184ae513
SHA184e3cc0f3739edef8bc1ae0114e61c5709227f74
SHA2567540484caf3b0a200c740cebf539fd9f50d54fe3c18ddeb5f053fbffc04ec8ea
SHA512274dfa716ce55e84a2a8d5978658e042f8c889eabcff26e0efa0a652996993521836a9b2e436fb3b8d4da29d993ba531da29ac47f353103500449fecaaeec25c
-
Filesize
1.0MB
MD58d3233c38ccdf151f216c5eb2eaca08a
SHA152d8f0063924646e6e52aee1b271e99a98ef44ff
SHA256721a7151bcfddf8d7ee1cd025b40b05f06c605f71d97f3c9b16b7bbb05b50aee
SHA5129792ea5dc60c6d85acca31e1e3e92050466747b2b13b796bb11e86813413e7e87f5f7942b76eff28a0a78fc78e16de8ccb30b4996e767b1f07a23454b6ad3bdf
-
Filesize
4.0MB
MD5a78d8a277a17d1983e69c78c3d7b2575
SHA1b099a101ba477827b5c08e05ce2a2dbd516f8c2b
SHA256995399286ad575f9a20e112a15ad2b31b35bc928252c9fc199f7c24c7dc9e818
SHA512167f04fdc73d2914c1f72a0c24f00993f4851afc81dc5ac6ea08b2d8d1cad7f4e0072375a7a8efd2b62cf9e2c3ca138eedee0970e2e92a765751a04d2a227ae2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5ba6fdaa26275a02c502db9f1c2165f41
SHA1c1a2835f7bc9fb2952ed6f9d8ef9e1e6dad74679
SHA256e58e9f117e42b18685de5e12041834807d9210a7d53fdf392f298747be324e43
SHA5120d61b1e2d8c0e3425eb493e86d1e885d247b59f168f30a96e67475fb83d11107912d7175abfdab83c16367f8bba9cc7e510c8049d60b4ef392a9e9f39820a0ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD532ea72892a3e601e8dd6311cff6f4957
SHA1ace8da6e9ceb1f057b0ea58877d01e932615a583
SHA256343e7cf1115519e71188e385bcbc1a1c90802c19f86b78fcd2187ade339e204f
SHA5120cd1e3cc0089ffc4bed43e3a0d76a50620ac0f64ef0b99eca7e770b8d794c863f05b17e9ab71807ab26dc0dcae5a43ac8b40b11a06ff7f998b92d0d26d55e022
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5752b3cf7365a767aef6fa012f657e7a3
SHA1f6979ea148333a408a8863c3e7babdf32cfb3871
SHA2567b7036f6f4076c945ea551bdc6d6243feaf43155ee20d5d1a0fa78077dffa5c9
SHA512ef5cac4eb9b6f5d87e5bdc9b9760739554659103eaa0dd991e4626b51dfeee07c0b810ffdf2b4ba0eff5584fd89a2820b89a3a44ca9c4ed61e9cc40385c2a02a
-
Filesize
28KB
MD5ff76f0cbd21ec49567cd22dbd6aaac64
SHA16ec5b15f2bc98370ea56fb608c6adc7c4de0c6ff
SHA25681e9c4de41bd8cf564c844528edfce862f0897306e6ec854b680e3db8b179a69
SHA51297a57c2b91cf8f11bc973ee6310f6e68899e7570f68bc0ff6468ed29846d8c45ece36ff2ffbcd6eb34d9960bc7ed16d0809c8eb4ac5a87d70012a05bcd647110
-
Filesize
322B
MD52f06d1f1cdbaade27962845afba96c9a
SHA1da2837a03542948fccd61389cc303755bb8a3600
SHA2563fd9f7d7e9994879e096385192d17f14787956ae2cadf1df71e25537cb563244
SHA5121aa07ca7fd46d0bca95e4e0884562091b06803948160760cd499f02fbfd7df1f7324b77fe68cf08ebeb7a954868a6a514123ddef03bea4b31995e2a080f15ac0
-
Filesize
28KB
MD5134137762075405075c246306f6bc245
SHA1d91989d90d11bccdd07edd028712c0cebdebf257
SHA256d667233865bab9de545fd9c4444df3b527859d8e71fa11971d6003d9f8bee7c9
SHA5120e0c111dcdf0e77f08e9c637c00f50f772b6d001d28b3d82c6165d6c721f3cd50ad925d2510a340320d7af1d2d41d643d299ab4d1aa6a97b66073b20f9dea501
-
Filesize
264KB
MD53f4a15f73a2c38df14cfdba2d3382250
SHA11044b3bac6491b0f5669359cadd4b0dd94808260
SHA2565445016a75267edcd8839419171f5ff187b5d33a5ffb5066654656fb6e4fe188
SHA51290f1feb4433a38db4e91d50a4df52bce30c003726b10bf923cb09a633ef0d5dbd621bb30f331eb49a5d11d103979cfa324ad541d26c4faf4b444d3cf9b181d8b
-
Filesize
264KB
MD5405b147fefd860e61bab6d24d1821240
SHA1dbfd2a6dcd8a29161e2e70256574f8d14b53f9cf
SHA256fdf5f2cf498409240c4bec6ab7def9a598dc3ef178edae921e1a1156cc2cb1a1
SHA51295eae11679f70a356fea5f748b0485fc03f427ffd92142d29362b7aba822e09f3cd3bd749e61108b020c462946f91cc3c6d4927e42770644a03aad23b69d0063
-
Filesize
124KB
MD5f1b2807a7bed05c091329684fafef512
SHA10547a04bd8bfbe7440a6a3ae7108564380e1f123
SHA25644a7b4eea27bfed80186eb0dd39681de09369061fd0a764f6415ee2ba7a0d382
SHA5122c98161272f8ac6a936e7ff49480e92924d9622fabc7ec859e087e7ed8ef8345e987acf351b55569970cd46aaa4161c59d976741225ed2ce0edcf3686a1c7d1e
-
Filesize
3KB
MD5e65b29f9b179ad5865b21da9eedfcf59
SHA19bd82439e367e8c15f460fcf999d9da141bbcc41
SHA2566d74e525e78b0e8954d53f031a891812329dab1e9ee848f3699e7ee480d12134
SHA51242635ca86bc8bd7de5471c7014f09aa92902dc7bb0968ae70acc3cf13d3fdac8eaf8c7fc0b9b346e9f8f5574cf78c668d70744f9f04ed4d69be5892bdb9f2367
-
Filesize
13KB
MD5130251f6fc4dcd68c6fd45dc7c33bbfe
SHA192fbdbc2098dfb7a3a838302234f7703470d9f9f
SHA2567510661410f4ff32bf80e65ee535eed51ff5ef61b80d9faf099f561aa06e9fad
SHA512c98a921e2b905373bb659dfb668f2b38aa927cafdb136c9d1fabb70e165eb1e662489bf1204e571e8298d025698615ba13d2f2411de8dc7c50fc53000f29511f
-
Filesize
331B
MD5e700dcee1be8197e9ce67d9e1962da91
SHA16f0fc76088d35cd3723af19eb0ca6fc8744f97ee
SHA2565a7a65fa7b9b5a34c5c7f821cab10ec2470cf0758ef9f30d76d4acc6472a1541
SHA5124e489502d7405941db058d6cf0ed130a5c12efedf1c6d6c5cb57b39258fa0f834f2aef4c87507cbbeae10f4b166926a1f6131e31c081a560b326f8e3fc2ba40c
-
Filesize
2KB
MD5b6c5b545f822ffa407b754fda059a680
SHA1801d166ef94a2f247b080dc275a259c844d1f6bd
SHA256326a738a80198977c3e95927603b7deda8273492a9581df982e91e5f6734ea50
SHA512e0a6db322da4a7e0f612ef1920263f057d1867f52c832f11eaaedf08e9137cac640be09770f14ba5dc566988c3df9742362a59d1b4bf4e4d9b57b99611c26094
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD5a9a133ed5bf91f2199fa4666e584be29
SHA1fe856876d3a782885e8098f5ed7413dc87ba4e81
SHA256370718b51b5196926f235290bf95f110e8011bad0413212cbf05acdf23988fbf
SHA5125ea76dd309c83248ffad4978ac1409af1a1ecd217c5212bfe2bed006850ef6238963b07d15f4bbbaffffa703c3b464034be73ca44f2f064a05e14297b9d6e56a
-
Filesize
2KB
MD5fcccff7eee516fcf0e0ddcaf9b5bcedb
SHA1cb60d4f1237f156d1dd07b9ab2c75646b5ff82c7
SHA256b36aebbedd2e1153989d91b78fdc2465180c55f9800628272265838a0932d129
SHA512a33eed5e4caa78f52074eb23196ee3d681d88e2b68a9b68cef62b5f55088075d68b850393b3bdf7f0e3a48cdf52ef00a0230496fdeac3103aaf3ba47d3fee1fe
-
Filesize
7KB
MD53faea36ea9405658e67301c3c64a58df
SHA1d6645337816737f3c9babc7d376c9c6962d1e601
SHA256a53e8315c78016175f197450de5cc1bdc9b34ced4bca12897031ad21e8fd945e
SHA512d7248fa24489f0144de978c63a397f25755f1af166961292d4263ee987d63daaeab865dee569d9737875ddb06c35687381d9c206094e8b48a700b0c724344337
-
Filesize
8KB
MD5b51c75c0b9ad2c09777687ca5e7a7c85
SHA128dde6fcc2b0c6ec6104d515a6732f2ab3bca708
SHA256ad4d0c4a9d53bf931a44e071ffd41c18504fadcdf80b962c3df76909d371616f
SHA51213208282f7567f3db575edf049860958b67915debacf8ea112e0179adefff6242b45e3316437f638c86de50492ef8e8333a4bcb730e2896d275133fdbb97b394
-
Filesize
6KB
MD5feb7172378569d1be7246273a4289004
SHA1de58e3e5d5b9709a7fdf670c08177c878b3ecebc
SHA256a2b5d1b213165e758e3045e907acd055ce4130363b493b3b35cb8505b4806f51
SHA512dc38fcede493792025c4572f94dd52e6d3a7c7d51b653cb09b2513a692bb4cbdd117703f41e32079d7a83af89f819dff5691ea5c77351bbff49d9c634749e94c
-
Filesize
7KB
MD5c388bd27751f7480797e0d43070bc95c
SHA186c3bfe96333f0f2f15f81db2f1b7a05fac67224
SHA256b88451720c2fd14d1beba3870e9c115464ec91f602ab0f3a4a5f76f008f26a2a
SHA5122ae6ba1900fa8a931c1378029e4d431e492a6e7ec8ca98208c95358e466731df9a245b93ec084309e3515d94e4fba0423366e51ac020ffd369ecd29a03d997f4
-
Filesize
8KB
MD5a8dc772879f13338b557d0a2d91403cc
SHA16a7418a096ed11f5747fd92bec5e5a5708da4a08
SHA256106d191ff6435168ce0d38cf3cd781df602d079ce5b4d34502cf9093ba5fb05a
SHA512886caa45536792663afac4507412c20cafec06c8ceb6ffc6cfb358166d6d4d368765e797768e5c52077ff22b61ce80a2ed0b4fe478171ea525cc156401375a0f
-
Filesize
7KB
MD503b7742aa4b55bf4e6878472c8389470
SHA1f4b365f0f267950cfac438cb339a10ba90bc2137
SHA25628ece82f58884eab6dfa4eb8d00a5e9a62a7f2797405f668b5b266386e075d44
SHA512d4fca73118c632e2ec5d2104e3d6e523bd6c7aac6da1bc247811638252f7fd834390a2d0fd1a824e4210fde41a4abb2d89b381cbe327ac68726139eb385b8de5
-
Filesize
6KB
MD57f111b043c6e8bc110df0c6246671a44
SHA14ee9a7de707ce14bf9530e00064375e68f7adcda
SHA256cea2e2651750b9d6a67c45fdf7b1d1139031c481f74b3f7dad32e661e1d2f5e5
SHA5120cd97763af50d1e3eba2201bd92d0325ae19fb46704c3e86b21ac97c1d7bddb4308f65c61d1c9f12b1459777e3259a5e47b81a4bbd9b7c1f676cea87591d3ae4
-
Filesize
8KB
MD548f022f6decede7ec66fa7576689b92c
SHA1e109fe751292c0edd78eba216aa00ced19c78874
SHA256c40d63f68f506b0f047f377cb8188c98c3fe6c127ff4b0d130242fe3dbd23491
SHA512770d550b5eb14d14e9ea8df5a8af7f4fc91aff8888e9361d3784ddfa4735c7a4a72ccfca9ff02b2ac2214c55f4378eeef47571c29015ea27cc6feebf37ce8fde
-
Filesize
8KB
MD50f40232f580cabc8d58118b6f478f313
SHA1701a6062168fae842198a2c636bf2f990f3aff46
SHA256a022cf0f373c017d564e3a0bd1f0eb0f637641c7dbb0f6f6732427af761b206b
SHA512e06db384ebb432156438fbd0ae9a10ff318710a9d36cd5fad82d5e9f5ae4158ed63cc4925184c7c3c46f44928d99b6fdea0bde229592f847030c7339beb8fd9a
-
Filesize
8KB
MD5c4e684cc146836cc222acd6925e1b0a8
SHA1b571de7d5ebc4e1dd1ea2cc87e31dc5aff591197
SHA2565dd3beb7ddc06b0ec91daccd3e4937ec7a7c0284accada92d197a5e61e87d219
SHA51271d8c57f9fb0c7530444af16aad441eeb387875b05ca41372fa7bb7b65084e484eb72952c09b6a442573b376d287b4726ba9d66a1c86729a8c70205acf5fea40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize89B
MD5146a345c9b33d01747b7046e1aa88a07
SHA1b931cabb86a2da4f5a1538b0f43053f12ad1c463
SHA2565805524f9ab560dab287b28ab38d8d4455c3d98ff31d1a4d5e3fae76952a8d7c
SHA5127cd55d2a223dc3eeff579a042ab1f656d5fc500bb7a1c78a69dab41758360b0c6826d1f5c94dd8ff1f80ded945bcc004ec6a8518d3cbd341aedace68b1382173
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD579134cb25009d88633860be9e24f0a09
SHA1307683c7d7b0a14bb04ba7febc5954b85f7d49d5
SHA2568c9181f1b039c8496af72e04ee7f4a7201b3ee4dbeed9d642559530a7f881ace
SHA5122d20bb2d30b28e6ddd2c182eee5e4e654061c138bf82ef84db46390c500763c2e8ea2db8a034086112f3893e3b8374b6958389fe299a72939372c1c3d93db09f
-
Filesize
892B
MD5c5e7bb526beeedaf7ce2129ff4333fa3
SHA179da94f088c9e55e5b7ffaf5147c4c109d1a53a6
SHA256ddba73042729fe2d1328b1ddf577bc84374fd8d03504893f905103c74fe2f92c
SHA512012efa5edf60f4ded3bcc740558b398435692a6337c84bc016ce90baa156dd5b63f65aa9a6a734672d6898d4a65600bb9efcc3b421a84d398121083143355c22
-
Filesize
319B
MD5c6c444bd888cdb8a55bbdca14d4663ea
SHA109094da29984fc8a1d9215cd3106b9f1b6706eb8
SHA256c4a1d52a73dba87c564fa611691e5a692daeb2ae64a68c471b8a7454e97860a5
SHA5123a6880cef63dbc3331c61dc1a2d57dae5ce6f1dc07bb64a1ff138012c4c95c9d3420db0dd94992021c50dea5435fec87ff8c2491654e88eba74be1d4a8f9b8ab
-
Filesize
16KB
MD54aff28fa5b30831678320ee917b87a05
SHA1f6cc6c16830bca63bb67c1c7834966f78186afde
SHA256e7f8dc7f2d4fc6b8c55b7677679154f534897cc0e8b2894cdb62f4417fbd65bb
SHA51218da65c6daaeaf70fe9f3f44667400c21a998a0fa552e4bd40b8e8579dac04eb2ec66496beb1c49433112dbc3f2e95c10feae5460b1334621f5ddc0543adb896
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD5df5222ebfc64c0b71d600fe0a21c3907
SHA1c96b9d41aa98eff0debd5294c88ed7670cab6192
SHA25667fa6698c93f87d460ab7ce1809a49d1f7eebbf4847c0538a24f8681e106fd07
SHA5127a8f3933e628e01a3b6a1a43685b06da68a6a03b3981f76ebd733cfbee3626c3e001716fec166511e4a0eec566ef7d5c1ba47eb935c5d56e8ae9494605dfc2ab
-
Filesize
350B
MD58a7521356ea40cd0525ef86363185838
SHA1dbbee265f1898297b68e7598f8ed6b6fafb938c5
SHA256feb666a3ed7c5843b6d3fa21629584dbd3ced7f5cfd9b3ee9c4ab070195d2d14
SHA512f8db68627fe5a42a31c082506f553cbd370bebd5667f5802e297297f81119195ca76d61238191ad02be969addf8219ace12c1326ff7160ea1305ff32d22f717d
-
Filesize
326B
MD52665fea7d62ff709f57f2d94e3aeff74
SHA1627ee3f9cd9b8a1d34bb2ba961f8a4b3eaa6419e
SHA256c1eea45bd4a83d33c6e2ca75922403c84327067eadd15455cf9dec1c731060ca
SHA512616e746b16592f8cf7c68cce7634cf5d69c7bc4e385697b56ed9f2204f09ad0dfe879e698b166dddce2d0a725b77f1f787d98c766baafe07352cb68bebe1c2fb
-
Filesize
1KB
MD51b5c48d42b96d6d074960064ff7e6ceb
SHA187c9ce753a187396a01edacd7e4a346785ac50b3
SHA25621ce19536f992d9e8afaddaf91b06df5ea7a7ba6038c5d64688148a208c738da
SHA512ce7763cfb7965e22f3d63499149ab377d2e81a76cc35f26ddcaf4c0f45da319ec6a8b39e24aa377a1295292029e2d7fd613676d909cedc1c3a8c2995959731b1
-
Filesize
2KB
MD5fc8ad49ecc291e332e5daab1e3b7cdab
SHA1df0f50d413bf41e2b1812da424cfd2bccb654a49
SHA256e7098f6dfb1501748a926dd902ed22d7bf0a6494597ffdce122878957ded6b6b
SHA51207dac810192383e1e02a11dd7cc38ebc545ea058502db8c36d69c06eb3a5fa584adc5928e37a50eb8c72f204a24f658c4a03d0dc8ff9465a4f6324e8be31e00b
-
Filesize
2KB
MD559c2b2c7eb335b6e0932a5c7b7c8330d
SHA1f96c1448eb0a5171762bc375b78a0b7acc572b47
SHA2565634b8c3459a8498045a531537eeebf524fcaa0e47901b003c9abb22161e005e
SHA512ec4e777072c3f6161d9f54682d0603050ab017d35d92d7c3368ab626a5e8a99235b2dc749e0ebb6979477bfe8a2d93042a202ec9052cadfda7379319bd922f26
-
Filesize
2KB
MD5b7976c8f82a12fd527de26a9f00a0a4e
SHA19949015f1488f8ced13b9a1a5bb021fed681e1ce
SHA256acc44af8a0ad6f128c289dc668357d4859193db24e449bb10ba1c158f8b66104
SHA5123128fd2f96dec140e788886fcfc972ca8c5ab3134f15fe4dc3ad857786e0e898e8818633dc5456eab98c2234f9140cda2dd2bd623b03d25d9a649b8c356385e8
-
Filesize
2KB
MD5f1ff6a5d182133589e95d9d7a4301f27
SHA1a30bcc72b888aa80c9f9d789503885a4b59dae7e
SHA256b6bd0fef18565a0596c6400e44f45da90f7d7e3de4708e9688ee67672b831962
SHA5129c63e151d7d6cc27ebad265790aaa4016b89e3079fb4c46cac86223ef1768576aef5c0e84969bb5e6f05d99ebe352110c704a209ef296b198cd087cfd24fbc42
-
Filesize
2KB
MD51b5bcb1bd27b9713d7f55858ea001b9c
SHA19325bb6f16bfb72d3dc897b61f81af3780b8e6c6
SHA2563a28ee2840fba700fae36b459aa746a235914388f2230a332f9676f971c54d7f
SHA5125773a09537ce7bfae1218677959c7d1b76d06379ae1b04dfce444127cee66ce1615b64e96c4e48e649e7af8e5373c85846fa4c31d2474ee0e5b99b498406c405
-
Filesize
706B
MD539543b8f7fcbf574862cbd437e4bc6a8
SHA1ba30bc3e0138af7443d0c7a2b702eeec5a510a29
SHA256e3a0a0c72a957132da0cce60fb2528c255dbc3a7867add64e0f4266ad1d6f218
SHA51294dd6365207ec01e28532c1c1ffd366637c838d49eea517c0b61fdf369fc366de8449281609de0be19062920a0b9ff1bc803358e98a106f9f73c1404fa0bb31e
-
Filesize
128KB
MD5e44397f99eba53634478397bba9035b4
SHA1aee08aa8b3d3177024992d0cea348eab743369e6
SHA256c9c0313c319b3461cc05923632430992fe3637b7217d560995e0c2a9cd8ee2d6
SHA51295ecbcd31a648c1cf318286cc8f968ecd425212d190efe1cb5c8b1d4d86ecadb28e4917e0812ac289a4decec6b5463acb22da4769e7bfc3dae280fe976d1a8cb
-
Filesize
116KB
MD5c6a28ea0ec00c71fa90087a2d311338a
SHA1501e3d72c554894831d9766154b5404d6b82cdf4
SHA256e6ce62b2eedd45ea2f85f9fdf9feb1b099544c58ebf555f56656fa565f6b358f
SHA51233366ba8e14697e9011e0deb2b4014ae1b97d998b0e6f53fbad6981920b9e2d46515451893cbafa3aa343080575ff249f7814e2459a1398afcba58d8a0787a39
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
Filesize
72KB
MD59d988f36de8d7279f04e9b4c65e5cc74
SHA109d2a5da6509dca3c215e4c1479a333e7443f756
SHA256e8b3d92f9080fa32bc0646155d0a9b991c8af65a5f27375a529fb13c9af83372
SHA5120e17a8b392e7696e52a8c6358a057932e65b3eda584f9cf8c0449b25acc2fbf1714d7360bfa39e4f4902e6239b86c78b65c65cccb5c98f6052942ced2a1c95ef
-
Filesize
5KB
MD5cf52dd82fa7f5d925f8103baaf8a7a2e
SHA1cfea8004bab37b42b6d087674cf8442e2235f65b
SHA2564132cdb96def3824076fc134a4d9fbe3d1fec064518e40762de3738baf9c2695
SHA512e219fbe32eddffb4990bd09bd548e3c3c50d5afc2d7d7110ab98fe4214be1f7dbd35c1e7b6b27c8dffe3f29e40835351f55ae6d2d72f80ffd3a9a66146cc9ce1
-
Filesize
319B
MD55275079e9bd410b78103c90d8212944c
SHA129553f83e72110c6e9077266990e7483e44c5bc7
SHA2561a6b1cd013e13c813c3f3a192980ecf3d72dcb017fb3b3e1853514980fe2d310
SHA512f626a1777c88eb7237609b91901b9d77f5fc83ae03d94103145c737f20739ded8f30fad06d7c09a61e093c411906db4b2cd6c6b40fbd4d5e7d1b2071abb38864
-
Filesize
565B
MD51946874c4a2832e3142779c2954adb44
SHA1032a9bf622565b3fb94305af3defdedf6408be6b
SHA256fb63d6feb3f48cd9882493df3e5fcf8f512ee4e44ebbf9dec1fcc4f096113fcb
SHA512787b34a5976d244ece201a65c1ddf23befae9a4537d0bb05b434a3791b1849f796752a8902b210898208010dd5eb57d7b8ceae64609147d528f650cd577dd636
-
Filesize
337B
MD58300f847e05400defe36f5c7670c327b
SHA1b868b7dece09e961886fc0e86714026a189db3f1
SHA256ed3b869254634ff46fb414c4d9d794b79b1011de2b4d98f15ec2914b8303efbf
SHA51247c3ac5353c376201b4b000a518e0a6065fe2f4ccf7e9d4d50c4a44ab991e9346d8b3b0c769b91dafe409aee2c79cf67e7768a5986abb5c682e947b83359f4f8
-
Filesize
44KB
MD5827abb8a49a5e55ff48533c8bf447ddf
SHA1423eb89ae53ef2377ca800faf22160d6efd49b88
SHA25646f59f3b4c54bd48eee4f71452e54dcc28543e4ccd9cc7a1826c9bb945dc54a0
SHA512445908b25f8ec5b11754f39942307b89e8097345657fea66827c38d88a5c94d9dbfaf6b829a7e0ce161eb848541144e3b9201e7bc8c0009040e93d810991cdc4
-
Filesize
264KB
MD5b217d0ed0a51e8fcbecad13dd718ef0d
SHA186314346ba40aeafbdab293d41def55381064272
SHA2561b0418918a4de28af22699ffc6933db52f40f8ca1158a0feaaeef13d29f652c5
SHA5127bb3904b518d534c5fb0972ea2a444a9b2e8003ea7356b91d06b134454c2fc625e59a1751aa1e6a546f0804b806fb23fd611226cee0a371b20a5851287f4e420
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
12KB
MD5a36a3e8796ed4129185ac039187f0652
SHA1b397ba04fc3872b578648dc161da22aff71820a1
SHA2567362afffd7bf4a1bed35c3659e9a9e017740f9abd613b5f8ef40b147864da05f
SHA51247bf73e6a1cac56c8b659a3da1bc2c4f6ec01f3005c1da88fd7aeae7b1190eb80f546cf99e7cfd14254421f5ca2da7591734fa495bbbfbb3c2fc82d0d5c8e8eb
-
Filesize
12KB
MD506949332afc9f24d8bc890e7bd91504e
SHA1099150626413889dbd228011ef3973b443fd6aae
SHA2561502e107bf95f9462d89d8bd964ad52c4f7c5201009c5c03260c3ae8c2518ece
SHA512295d5978dc30653418d26970c0b2a7a94751233fd1e2e67a201886459eb37aae0b7e1a9694b8ded3f988dcd02d3fc01958200664fd38fecb148f79e2d6ed950b
-
Filesize
12KB
MD5867e5d16e35784cfc71f86d6cc86b2ab
SHA1f800e45b48292946d14794508c8f6bd3bffa6152
SHA2568650a905c51051d47c8d5b3a2c05086bd8bc2b0e66cbaf71be13480ac0ad932a
SHA512457e2d44510f892e3b7eb3d6c757815d784541b71691b6e3ea071981cf3571955014fd062dcd6a78f3cf00f5c9f1ceeb557a6c232d2eaf3ad686793b8c80bfe5
-
Filesize
12KB
MD5e97e995bea27393017a6dd8d350cd341
SHA160ce2737b68f102cce28537949193a5bcccebddf
SHA256189ea017df7082ed9fe5bbf05f9de982dd69c0d909aa428f48bce4855a5caf86
SHA512182c97a9b75fde8b64b41d2a57fa20fde5ad7d01c0aa54e2a7d8f1b106b4fb14945193a2f55cc9f29be1c6db10d100ce50f1302fda64f834db1f744d47fb7b88
-
Filesize
11KB
MD5069e818d0546b4fc7a991672bd62f6cf
SHA16b6ed8e50bd0b24c4c0c0c10c45c97389d74aee3
SHA2563a51f92be2ef369731e91a66a76a52d505cbd5218060585d99184dcc0c6d926a
SHA5126969e834607d55884d500f5f8c6a7c05732399ae713de1a292046cca8d69a4e6feb8fc391ecdd44187aae0354669def56e873d636b21e4ac1be95885d43d914a
-
Filesize
12KB
MD58f0fc62cfa2d4cf4ac21e0feb889013e
SHA1255084dd57363a606be7f33a4af871e5acf64fa9
SHA256a63b99b590b3280b00535581175a45296bc0520dda97e56942aac4abd42e1a26
SHA5122d2dae288e9d9660a6f0618b310f7e2fc4b6323d8ef50d11e6f8dd47f6df8ff2182bf950d5da843fc184fd3278672a883b4b4df1b35023eda5a1511188eb8bd1
-
Filesize
264KB
MD5319fc2ee3abf5d92696509cab78de7a3
SHA1c6d40626640a8cbe139b04093d99cc71ea042428
SHA2569ce719bb86c365f73320ddbbd9b15142de4a4db24addcbabd3bee3eb1bb4f75d
SHA51281069200c3cce4b6dfff5d4edb8df2b4732d737fd868f39aae19845b460d5823e02b7179f6d4232064b538a5ba20ca9658d15784b419abc3c660474d9d51e114
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD5faea0a493502da28d06bb7ed833edda6
SHA1a6a5ca440e4f1524bd959f2c4341d8f089059cbe
SHA2561fb0fee73a8cacace3ee150ffece7c24c1c208569fa40a98251d814a4fe2fa4f
SHA512141434f133916a3563ee627ed58315393c5383b8ebb337d149a4b0c041d1cdaedf09126e08e58b1e651fe2d403ff3509744928f892a7edae89cdbadb2428c09d
-
Filesize
1.8MB
MD5de0724e9b662c97a8131d593ae03e1e8
SHA12367807d0405ef6d7cef00f0b145c29823dd5128
SHA256aac5b302910be9b2c904f039129d3c42eb1e4b1539ef6de621669793a95c7e69
SHA512753baf929259237f987d1c8251c13a2d0c72ec34c332b1c103ea501c5ce68628d41092d404ff02b7c58709fb51c266489a96453e502533c2804a884446c18e64
-
Filesize
2.2MB
MD55e9879dfb0eb64e734c28f514f208418
SHA10b5e8d1f6c777a07b6da9de781e7525d6c0b7562
SHA25672029d0005d9b3130cdbdba3d6d6129a817f073b5eaedd79345729042e586a25
SHA512df9017285c26e528765e89f70d148f5654dad3797839aff610e017d2afe30b55f3df54a46633ce9dc8de8b984ab3b38db6bcabbb8adf3fb561fa36c9fd383bea
-
Filesize
9.2MB
MD56a4984809b0b295b75d8a52095a70f73
SHA15b7fd2737d6f7c5541c17704534f7602f7465b8d
SHA256902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96
SHA512f54954b82b36c57604960c020e5674e413ca61a61111290c1712036d1f00175f1263967c5ce3674c5d28e606d3c06013d0d331faba24a3a1d77bd38429f22a1d
-
Filesize
3.3MB
MD513aa4bf4f5ed1ac503c69470b1ede5c1
SHA1c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA2564cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d
-
Filesize
295B
MD5974dd16df8c211da21a85a8e87259f7e
SHA183d7c063acdfd1aa5f266db4af03496f3b9b20c7
SHA2563717ea0b89c1a37fd99d22dddf7ccd448cedf3bf88027f9eef76c8968b8292ac
SHA512e22a6d250a1881e948e8c9606cddbd7489fd55956246475cdaf3260e9eff76bba392faaef5702dc6eb659b9fde9fe596ad69af7773eff0a0381322af39c380bd
-
Filesize
1004B
MD5ef1e8d1a915b5c7ac5f47a6b2fe70583
SHA1be20868a7f6e5e7c27be6d1f2bb9dae37c4abb53
SHA2563d15ad3a96ab972a9130cd522c492c914aa1960c4a1bbc3acd59b70226996212
SHA51245cf45e10617221b9f345f95710b3a2bbb8432799d531752e057f90934465e49bbdd930b4cef137395fb250324135ec034d266239f4b0063ecc792135b22db37
-
Filesize
4KB
MD5c67f2ba9ff375923ff9f967c6c50d24e
SHA13f9c60480f9a2b452194647e88717dd9a7377626
SHA256a599b504cfe502a1925efda741afa283d9bfa270aa62f85ad7b1e9beb3c91609
SHA512ea20e6408aba722d9497630efe84f129f6579ff719805c8fbbe7b6bf1888de0203d1c68b0f78a2a15ee428251425cd473d5baaae985ffb30551c58244c34adc7
-
Filesize
15.8MB
MD518b9e23e509ff221ebb1b8a0ce4bc82b
SHA1bacab6a415515e94b3083c4f7ebda6a82e1d4c7f
SHA2564b649c32035e383706673ffe6471d6c711989a206d6f96fdd905dda207a5f0cb
SHA51226091095397f3b229439bb4838f3321de63b9084beab20391a3f85fa8038836d9d0a96a44c7de1d860b182d0b072e0c752494201eb50fd36444cfe742d310ca1