Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/0yxj41i2ju2lm/Aquantia_Executor was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Reads user/profile data of web browsers
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 19:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 19:48
Reported
2024-05-21 19:51
Platform
win11-20240426-en
Max time kernel
193s
Max time network
194s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8823870A\Aquantia_Setup 2.21.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4996 set thread context of 3392 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3300 set thread context of 4652 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8823870A\Aquantia_Setup 2.21.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c003100000000009a58ed7e110050524f4752417e310000740009000400efbec5525961b558669e2e0000003f0000000000010000000000000000004a00000000004c154e00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 50003100000000009a58d67a1000372d5a6970003c0009000400efbe9a58d67a9a58d67a2e000000439f0200000008000000000000000000000000000000c6bab20037002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Aquantia.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/0yxj41i2ju2lm/Aquantia_Executor
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff223a3cb8,0x7fff223a3cc8,0x7fff223a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6396 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Aquantia.rar"
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe
"C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\7zO8823870A\Aquantia_Setup 2.21.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8823870A\Aquantia_Setup 2.21.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 18.161.111.118:443 | cdn.amplitude.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 54.69.199.187:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 118.111.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 172.217.169.10:443 | translate-pa.googleapis.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.10:443 | translate-pa.googleapis.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.52.110:443 | otnolatrnup.com | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| IE | 52.17.55.191:443 | ad.crwdcntrl.net | tcp |
| IE | 52.17.40.72:443 | ad.crwdcntrl.net | tcp |
| FR | 54.230.112.53:443 | tags.crwdcntrl.net | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| FR | 3.160.188.9:443 | hb.yellowblue.io | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| IE | 52.19.97.129:443 | ap.lijit.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| FR | 52.84.39.108:443 | cdn.prod.uidapi.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 185.239.172.170:443 | ghb1.adtelligent.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| DE | 142.132.249.188:443 | ghb1.adtelligent.com | tcp |
| GB | 172.217.169.10:443 | translate-pa.googleapis.com | udp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 172.217.169.65:443 | 3bc0b5196d3a4d745c2e5bd23131a6a5.safeframe.googlesyndication.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | 9.188.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.97.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.172.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.39.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 205.196.123.219:443 | download1531.mediafire.com | tcp |
| US | 205.196.123.219:443 | download1531.mediafire.com | tcp |
| FR | 54.230.112.18:443 | sys.ctrackapp.com | tcp |
| FR | 54.230.112.18:443 | sys.ctrackapp.com | tcp |
| FR | 18.161.97.57:443 | track.donecperficiam.com | tcp |
| FR | 18.161.97.57:443 | track.donecperficiam.com | tcp |
| DE | 184.25.158.219:443 | go.etoro.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| IE | 52.48.217.227:443 | id.crwdcntrl.net | tcp |
| US | 172.67.14.119:443 | static.smilewanted.com | tcp |
| DK | 37.157.5.132:443 | cm.adform.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| IE | 52.19.204.214:443 | ce.lijit.com | tcp |
| IE | 52.19.204.214:443 | ce.lijit.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| IE | 63.33.0.173:443 | c0.adalyser.com | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| FR | 18.161.111.91:443 | static.hotjar.com | tcp |
| GB | 216.58.204.70:443 | 9944765.fls.doubleclick.net | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| FR | 216.137.52.72:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 50.31.142.63:443 | tr.outbrain.com | tcp |
| US | 50.31.142.63:443 | tr.outbrain.com | tcp |
| GB | 216.58.204.70:443 | 9944765.fls.doubleclick.net | udp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| NL | 89.149.192.201:443 | sync.smartadserver.com | tcp |
| FR | 185.235.86.173:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.225:443 | gem.gbc.criteo.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| DE | 3.69.205.38:443 | rtb.mfadsrvr.com | tcp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| NL | 185.89.210.82:443 | secure.adnxs.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| NL | 81.17.55.108:443 | ssbsync-global.smartadserver.com | tcp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | tcp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| IE | 54.171.20.81:443 | ice.360yield.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| FR | 216.137.52.87:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.20.171.54.in-addr.arpa | udp |
| US | 130.211.5.208:443 | cdn.mxpnl.com | tcp |
| NL | 20.50.88.245:443 | dc.services.visualstudio.com | tcp |
| NL | 20.54.209.212:443 | etorologsapi.etoro.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| RU | 147.45.47.64:11837 | tcp | |
| RU | 147.45.47.64:11837 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7915c5c12c884cc2fa03af40f3d2e49d |
| SHA1 | d48085f85761cde9c287b0b70a918c7ce8008629 |
| SHA256 | e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da |
| SHA512 | 4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217 |
\??\pipe\LOCAL\crashpad_780_GDWKFMLJRVPOOFCB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9faad3e004614b187287bed750e56acc |
| SHA1 | eeea3627a208df5a8cf627b0d39561167d272ac5 |
| SHA256 | 64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9 |
| SHA512 | a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6d9149ae830f88f2f44d392e6f7dbba |
| SHA1 | 0d826a62232d3b737f9ad059a8bbd83fa71ab6c2 |
| SHA256 | 7d1759f9868a0b8861c674f8224bf8ede9b4a18b927c0b405b95101dc8bc6f95 |
| SHA512 | e07fb426f11b7982b2fbc9c139e65e7bc087bf3f8264ad6f632f227d4ea39a4bfaf59c1acb887cbfce0d2d401cf006552484bf490e3ed91b5ce9d49865188058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 36f165f33d265bf8b3cba925a4741ceb |
| SHA1 | 46e94add1c02c283e2f25d3a8c3b3519d58aaa15 |
| SHA256 | 35d589d1427580575e74bb1084d9bf50b6abef70559abebf9a792d3cfb7de4c4 |
| SHA512 | 7238c01ab802c05c6799763c447bc3ff449fd38af40def59024ccb19f60cd556f05b213221a7d77159e4a49fb2fac13f9c3f317b2975f6b66c494953ac815b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cad3721a4115f3315cae4f293c96b266 |
| SHA1 | a384853d31feca1ba3efc9cf7ec04ee2976eb2ea |
| SHA256 | d49bcdab0db3cc28707f63c75d3790adfffacd5fa136caa4e0615ad149f9a17c |
| SHA512 | 700a31facdc058c8f7a55d3d41d28893899d9c7eb8951c36b5d8f684daed06415f2e2d2340ed18f7d52fce2ab59252844b4bde0c265e193009315287de846c08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48ddb06bc520450694134da1042362ed |
| SHA1 | 18700e7908a46047ce9fe8f0507dba1821880c0e |
| SHA256 | 9ba3b951a31a8a15c694cb77363ad5ccce0faa6d76f1affa5f8947564d151c39 |
| SHA512 | 01811e6de7d7639abfce8d134f0af03b354d7995d1c3f88742a2a69cccb7a99480f7eac72e9b241110069893e8fd6c009ffa3fb08a3be34cc8027731e2539300 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03cf5f73704811fcf871a8a13eee85f1 |
| SHA1 | 5d2264f4e021adb10f58684d8ead14e6752174fb |
| SHA256 | ce97b9d4ce3f629b89c18c4323ed48c95c87347a312d806ef20605d48c444a6f |
| SHA512 | 916525e4d5abe70116cf3193589553466fa9ef16762c3a253515f7999bd3b889d6439871dc5c580e7fcc63b33d4559c501ef78ca05cb66dbb7b7c0c607df1091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5789d1.TMP
| MD5 | dd20ee3538ef23b62cc74207f62cccbd |
| SHA1 | b8ab0be52b87acf5fa47befb29d08c508f105297 |
| SHA256 | d5ad9f41dcf7cd55823d608282655f7f0cdb9efd308614a96f810e5e11a16611 |
| SHA512 | ca35327b1a68c29639704d53727807f01421619ef1b8b979ee8b432f8c10b536084c4a81bda36d13f73f066e83fda9f3c46da7c7408c0b318d7bf4bc9cb9f901 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 194d339e1bdcf6a52a3952e94bc1fe9b |
| SHA1 | 964d055c617063e8b6a62e964a76c0f2f2c69f55 |
| SHA256 | c4c5cc69b25e48d390146e47ca2faa92cff89974de8e31a3874696646d9e6a4c |
| SHA512 | d690da210b10219ac764c83854dd25ecc4ddc68b4df0e32ce86a5ea730ca7936422813701ed79c3929705d33088b73386b1c6dbc3ef0dba9f6a67984fcf53da1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6384937b3e67125825d7376c61ea5fe |
| SHA1 | 1a997c907d6402ae184c1ffc4bf20704ad10e6ff |
| SHA256 | c5cd8979e0fcac592edbf046e6177ffc43234b3c57b130555807024595fb7973 |
| SHA512 | 27f074de61124fedbf5e51278218aa5dc476af46944cdbc8cc0d28eb2bcbfb4326eba208b7ad3a7d849014589d7d0f15143232c1c6a308c988f6ee269ef30a69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1d274ca26c105b36c987fec5215920e |
| SHA1 | 331733617400b92d5ed9e80ef0e278dd0f1da855 |
| SHA256 | 65b24d069645105720ba79dc9d8f64d479e355dda5c3adbae7ff98ea2c74f829 |
| SHA512 | 9164638d622329129bac08b61753306ad33e80f23c2d71833b7324b02dcd4d8b4df35c0957a96fe289d775865a71ad88f698a7bdcf9a6c7f1ae76a1f6b2d1df1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c37bfafa5837f6f838fc811deb8e1bbd |
| SHA1 | a6cd11eebca6b170c1836654faf12ae44f3495fa |
| SHA256 | 19d15db0c8852866baeb964d8688738d232484af52c24764653380cdf5c8ab6c |
| SHA512 | 24cb749540e60deb6d8ebeedaaf12523857ba5d48143a8057a2e11762c70e31071368d159a26b37eba2408872e45076646d00bc0f8ce509cf2ef63fb6b32214d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e72f8f24e49a72d451d13248ddd678b |
| SHA1 | 2c313e44d1186a0b6c0cec8daf9973b6d9b0c530 |
| SHA256 | afd8eb2cb2df892d863d0222cc1b377324437e6616e1be3bc9f2a9cd9b858277 |
| SHA512 | 2e65c123cd525b71c8399834daadf2cf5523e9f6488714338b71fd6d5c7c597e39ace437ab1daec2d95ada3fd10ca86630cdaeb3de6f4cea5756a599c94caec3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 317503ea7aa27b67596ee44defe98a3d |
| SHA1 | 78f27a73a0f6cec01d53493bbb2e75ed077e2b15 |
| SHA256 | 400aed75a0b5fc0e1f1cda2bf8b511705879c7f20a0e8541f99b3417b0a8d482 |
| SHA512 | 361d938cb801d509a9a45ffd547d0a9b1933463f35d731049d3966c5d6e9e3493341ad10253b9bf93364e9e8f168d1bd9439b37ac7cd0fa2d1de322330f4daf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0b129d389a79230aecd3369c10f710f4 |
| SHA1 | 530f07188892101bfed640b7cd6e8e12f032f3b2 |
| SHA256 | da4821029e828a2ffa02a5b4839ee264685e4ebd17af86d436b728e2d5750724 |
| SHA512 | fa08c09977da94f9d7feca2baf17b539f3960c11bee1ba77f67084783dfc66ac03edae6dbbbdf7aedb76fb59e1e3a44bc745bfe8f45a6bcc4259ad6c818e4b5e |
C:\Users\Admin\Downloads\Aquantia.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39e63a016de50919762e1c1b42624e67 |
| SHA1 | f425521ee8422facf73ed3566b4cb241bf17b052 |
| SHA256 | 046fc8bd16bea1ae2cc5f382ed150e54d371e93a33611521fa236ad63e8ffed0 |
| SHA512 | 213b9bf9500035ec58de147ecd81268f7da0df2c85c8ee069d6d591a9561af3c87b67907a7da1709313073c2f6a348dd8e21b45c7f634f14f82682a75030f588 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d09f07f8481029365ed54b3db4f62e9 |
| SHA1 | cf61a01a16ba493228448a56ca48074bbc286d18 |
| SHA256 | f17fa868f9c2ee9b815bcfe393927ebfb4ad76ab6dbbd06f562f102daf89343d |
| SHA512 | 121c5e1ffb395471b8deb24c5fb4bf21990d08e83ff27dce598c6895b93482e82cc3d4f2ca48ae7a2946c12f2e991fecaa99c3170ab3f42c5951519202a00171 |
C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe
| MD5 | ad1708f917673ba3277c7d716bb81069 |
| SHA1 | 96796024e1e09ae12631a4bd6547c2cb1ee95a0a |
| SHA256 | 1bfb5bf80575431126e0d76adaf099bc065b2527b0faeffe5fc8009fdfcf6792 |
| SHA512 | d1472026b3d1d659e846330ff11498a0d9abb3096ea4887f6520afe8d5ef06eb012aa93405c9285a74a16230c029673a74dc5368089c81dcbabee304f0dbab34 |
memory/4996-557-0x0000000001310000-0x0000000001311000-memory.dmp
memory/4996-559-0x0000000001310000-0x0000000001311000-memory.dmp
memory/3392-558-0x0000000000400000-0x000000000044A000-memory.dmp
memory/3392-560-0x00000000058B0000-0x0000000005E56000-memory.dmp
memory/3392-561-0x0000000005300000-0x0000000005392000-memory.dmp
memory/3392-562-0x00000000053A0000-0x00000000053AA000-memory.dmp
memory/3392-563-0x0000000006940000-0x0000000006F58000-memory.dmp
memory/3392-564-0x0000000006480000-0x000000000658A000-memory.dmp
memory/3392-565-0x00000000063B0000-0x00000000063C2000-memory.dmp
memory/3392-566-0x0000000006410000-0x000000000644C000-memory.dmp
memory/3392-567-0x0000000006590000-0x00000000065DC000-memory.dmp
memory/3392-568-0x0000000006710000-0x0000000006776000-memory.dmp
memory/3392-569-0x0000000007060000-0x00000000070D6000-memory.dmp
memory/3392-570-0x00000000068E0000-0x00000000068FE000-memory.dmp
memory/3392-571-0x0000000007D30000-0x0000000007EF2000-memory.dmp
memory/3392-572-0x0000000008430000-0x000000000895C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | bef3680ec3b9e178a8fd8677baac3ba8 |
| SHA1 | 0a7006ff73c57499d70d2c63d6d088f197a97f25 |
| SHA256 | 915ebae6d3d91e32009123c057c109aa80ff15149526923097c0617e7e25f302 |
| SHA512 | b9f5764e8bed9e4b657ad9c05253ac814e4e51f5d4ff21255083eb3156d0be16c8b3d7e116807ac659d938a493a0c63491c61465664fe08be9c848a88f27d940 |
C:\Users\Admin\AppData\Local\Temp\tmp66D.tmp
| MD5 | 14ccc9293153deacbb9a20ee8f6ff1b7 |
| SHA1 | 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3 |
| SHA256 | 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511 |
| SHA512 | 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765 |
C:\Users\Admin\AppData\Local\Temp\tmp69F.tmp
| MD5 | 87210e9e528a4ddb09c6b671937c79c6 |
| SHA1 | 3c75314714619f5b55e25769e0985d497f0062f2 |
| SHA256 | eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1 |
| SHA512 | f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0 |
memory/3300-625-0x0000000000620000-0x0000000000621000-memory.dmp