quasar | fcd5b843d50ec2f973aaa27e54b6bf045931cc3cb8d9bea4edaade352fe0f7d5

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uni/Uni - Copy (19) - Copy.exe
Size

409KB
MD5

b70fdac25a99501e3cae11f1b775249e
SHA1

3c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
SHA256

51ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
SHA512

43f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
SSDEEP

12288:gpbJjGut6AoE3hVVdFaC/eZPTMTDlpgfJCKuMsVs:oVaurMLcDlpRKai

Score

10^/10

quasar seroxen spyware trojan

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

panel-slave.gl.at.ply.gg:57059

panel-slave.gl.at.ply.gg:27892

Mutex

$Sxr-rpL8EItHN3pqIQQVy2

Attributes

encryption_key
Lme7VBS3l58VwLM69PNM
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SeroXen
subdirectory
SubDir

Signatures

Quasar RAT 3 IoCs
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Processes:

schtasks.exe

pid process

3108 schtasks.exe
11 ip-api.com
26 api.ipify.org

pid	process
3108	schtasks.exe
11	ip-api.com
26	api.ipify.org

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral20/memory/2116-1-0x00000000009E0000-0x0000000000A4C000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe	family_quasar

Executes dropped EXE 2 IoCs

Processes:

Client.exe6Rk1m9Vmo9Id.exe

pid process

2236 Client.exe
3288 6Rk1m9Vmo9Id.exe
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

11 ip-api.com
26 api.ipify.org
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeSCHTASKS.exeschtasks.exeSCHTASKS.exe

pid process

3108 schtasks.exe
1684 SCHTASKS.exe
2556 schtasks.exe
2264 SCHTASKS.exe

pid	process
2236	Client.exe
3288	6Rk1m9Vmo9Id.exe

flow	ioc
11	ip-api.com
26	api.ipify.org

pid	process
3108	schtasks.exe
1684	SCHTASKS.exe
2556	schtasks.exe
2264	SCHTASKS.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617832393172652"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid process

3400 chrome.exe
3400 chrome.exe
5268 msedge.exe
5268 msedge.exe
1916 msedge.exe
1916 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exemsedge.exe

pid process

3400 chrome.exe
3400 chrome.exe
3400 chrome.exe
3400 chrome.exe
3400 chrome.exe
3400 chrome.exe
1916 msedge.exe
1916 msedge.exe
1916 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Uni - Copy (19) - Copy.exeClient.exeAUDIODG.EXEchrome.exe

description	pid	process
Token: SeDebugPrivilege	2116	Uni - Copy (19) - Copy.exe
Token: SeDebugPrivilege	2236	Client.exe
Token: 33	4224	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4224	AUDIODG.EXE
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe

Suspicious use of FindShellTrayWindow 57 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
3400	chrome.exe
3400	chrome.exe

Suspicious use of SendNotifyMessage 54 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
3400	chrome.exe
3400	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Client.exe6Rk1m9Vmo9Id.exe

pid process

2236 Client.exe
3288 6Rk1m9Vmo9Id.exe

pid	process
2236	Client.exe
3288	6Rk1m9Vmo9Id.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Uni - Copy (19) - Copy.exeClient.exechrome.exe

description	pid	process	target process
PID 2116 wrote to memory of 3108	2116	Uni - Copy (19) - Copy.exe	schtasks.exe
PID 2116 wrote to memory of 3108	2116	Uni - Copy (19) - Copy.exe	schtasks.exe
PID 2116 wrote to memory of 3108	2116	Uni - Copy (19) - Copy.exe	schtasks.exe
PID 2116 wrote to memory of 2236	2116	Uni - Copy (19) - Copy.exe	Client.exe
PID 2116 wrote to memory of 2236	2116	Uni - Copy (19) - Copy.exe	Client.exe
PID 2116 wrote to memory of 2236	2116	Uni - Copy (19) - Copy.exe	Client.exe
PID 2116 wrote to memory of 1684	2116	Uni - Copy (19) - Copy.exe	SCHTASKS.exe
PID 2116 wrote to memory of 1684	2116	Uni - Copy (19) - Copy.exe	SCHTASKS.exe
PID 2116 wrote to memory of 1684	2116	Uni - Copy (19) - Copy.exe	SCHTASKS.exe
PID 2236 wrote to memory of 2556	2236	Client.exe	schtasks.exe
PID 2236 wrote to memory of 2556	2236	Client.exe	schtasks.exe
PID 2236 wrote to memory of 2556	2236	Client.exe	schtasks.exe
PID 2236 wrote to memory of 3288	2236	Client.exe	6Rk1m9Vmo9Id.exe
PID 2236 wrote to memory of 3288	2236	Client.exe	6Rk1m9Vmo9Id.exe
PID 2236 wrote to memory of 3288	2236	Client.exe	6Rk1m9Vmo9Id.exe
PID 2236 wrote to memory of 2264	2236	Client.exe	SCHTASKS.exe
PID 2236 wrote to memory of 2264	2236	Client.exe	SCHTASKS.exe
PID 2236 wrote to memory of 2264	2236	Client.exe	SCHTASKS.exe
PID 3400 wrote to memory of 3428	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 3428	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2976	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 996	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 996	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe
PID 3400 wrote to memory of 2284	3400	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (19) - Copy.exe
"C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (19) - Copy.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116

C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (19) - Copy.exe" /rl HIGHEST /f
2⤵
- Quasar RAT
- Creates scheduled task(s)
PID:3108

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236

C:\Windows\SysWOW64\schtasks.exe
"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
3⤵
- Creates scheduled task(s)
PID:2556

C:\Users\Admin\AppData\Local\Temp\6Rk1m9Vmo9Id.exe
"C:\Users\Admin\AppData\Local\Temp\6Rk1m9Vmo9Id.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3288

C:\Windows\SysWOW64\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77Client.exe" /tr "'C:\Users\Admin\AppData\Roaming\SubDir\Client.exe'" /sc onlogon /rl HIGHEST
3⤵
- Creates scheduled task(s)
PID:2264

C:\Windows\SysWOW64\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77Uni - Copy (19) - Copy.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (19) - Copy.exe'" /sc onlogon /rl HIGHEST
2⤵
- Creates scheduled task(s)
PID:1684

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcd9cfab58,0x7ffcd9cfab68,0x7ffcd9cfab78
2⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:2
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:1
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:1
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3076 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4284 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5240 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:1
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5412 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:1
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5680 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:1
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3364 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:1728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3340 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3248 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2916 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2688 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=1944,i,4694204052058755493,6167339560130344192,131072 /prefetch:8
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.oracle.com/javase/8/docs
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd59546f8,0x7ffcd5954708,0x7ffcd5954718
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,1834802535544705672,1887860290072084186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,1834802535544705672,1887860290072084186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,1834802535544705672,1887860290072084186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
2⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1834802535544705672,1887860290072084186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1834802535544705672,1887860290072084186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,1834802535544705672,1887860290072084186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
2⤵
PID:5512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5668

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
27KB

MD5
97f07e182259f3e5f7cf67865bb1d8f0

SHA1
78c49303cb2a9121087a45770389ca1da03cbcdf

SHA256
c3a70f23a2cf331852a818d3f2a0cf7f048753c9b47aa4e7f0fee234c46b226c

SHA512
10056ad3a71ee806a8d8aff04d513a079568bf11799016f76f27c4255be2141a4c2d99c1f46bbfde9c99ba0f8b44e780a92b59f514d3cc1c248ead915c31b5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
7a6a4085b9ae3e4bb8974ddca6a5a6c3

SHA1
71f7e332d085cc6f25b8181377b6d997d2e94cc9

SHA256
c5cf91f25a7f06ac8c199c01783390552077b0a8488553a7b2fa55837977f292

SHA512
e4f29fb95fc63230b41ec1907a8c5354c74699acd9254a644be040d5ccaabc11322587b5f5e12d9bcde9324ec4fae20f339c0badf9081096091b884651ab325d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
a6b522c3c0d7979ac0f9e946b4a3e5f9

SHA1
2c71859578b973c0ea874cf7d15a35bb5121e8fe

SHA256
32dca15421d73dc4c91ed099695decf5926c1fcf7dc21d9e2a57d10b12da5005

SHA512
4e34e4428924a8935dd036ce76c56790802b39f8acfd8d6f1dca0b0b260ed610dccfdfb115b7ec677b81dd590a62823b9e050ffcb1196b935dfd58e496dae703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
8d1fb3f814545260629dbfeb473eaa6b

SHA1
65d8bbf2f9e26f91d60ebf38255a7911a667093c

SHA256
23895c12fb39286bb3e264953822ce02da63faf079f2f535580a914586d67af5

SHA512
9f5d51a3934cdc9c0d254942278279f8e3a7d07cecc245bdef209c5c0a7310dc71a105f539f0bf8a93caa2aab09ba0a29110e63c552f1365fdfdd3800a6fe0d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
a11b67fbc808373f93d248c739d8993f

SHA1
e054c879b257b657d3c8fdc688ef2606f8cc515a

SHA256
7d4a2b53faaff972582156777169a00eafbdc607032bf4a91f02f8eca5c2ff60

SHA512
973ea40a52b108202417aa661cb4181d9538a861d4d1bb505ecef0a7e744d7b1b7e0123614877f23755ae89f1c6d3fd0d3179657387493e9a40860b529caa8a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
eae2c7bef8a648d12b0a7d11646470e9

SHA1
3ae2fb24381d0f0259a4fc9e919f1e8059442021

SHA256
e8c0c4b18662f90ecce15a17b325aca0a05155293a44017df6b734b67b433c98

SHA512
56088f2fa3267fa469888727c98eb1d7b40d4744598d17ef794bb7ce96d0c40f397cf0bdc6c9ce10e896ce9348a67766318e94277f2e09968488dc023a2d4b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
893a768a38913af30a2e1b0960a55591

SHA1
7ef20b0a04be3d54f3d4432a1e2cc56f18d03519

SHA256
c82d31c89b5740c9f07d956bd198986c9411b2840e8da2f0b40dd2b1c2e91a80

SHA512
97a5f7cdc1ffcaa0d997e92abac9478516987efda4d0ca8df781d60f0c3efc5f49e8a7457046ca5f91aa1a8106b887a22dc03a45289c33c2d0377f732fe2f9c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f3a74f6d28325e2bb768beb5112e867e

SHA1
7d486c14e5566ab540f82428833ed71cdcc5419a

SHA256
c4e343dab6f7e088923a04578340fc9e69045d08c74a93cd3ede2bfa959b28a9

SHA512
0dd452352957046f3f6d8cd07a3b482c6a1f66afb5f94cfaa7a99c7e6f216feabed0e07a4b5c2b89f45e6f1fbc1ea78cbf31f111a7b54ea71e4dcd1a5a2b2ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
4a94f373d8d7716067cea2e892654a46

SHA1
d1dbf8475b97618dba22e1c786d8587fcb8c2162

SHA256
5464b515703d6a4c929783eb3eedc9973b920609b5f61a71fc8980ab99354ba0

SHA512
ba2246ad3543f9619bae1aca2ef0e4839badb59476c68bbf86007b4dbed8782f084545651c6b47990e25b91042c5e7f591db75dba6277da5ab12eea4a5123524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
7983a2a488ddfa7dee34b4a036b7123e

SHA1
d5634281f6dbde26f3dca4bc657dc1c8183c8e87

SHA256
0586bc8c2a858ccf070821d388d176dbdab501736d7b13bf5c738a80c3f318f0

SHA512
1cc2d5c9581e9af22a5a9bdc3c5c5f3c8d997223682741c6de103d5c7d7c93417cb9d7bbd2e1595a08378190bab68e7419d36e78f2fef81211796a59ea9aea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
7df0bc84cfce3182bdf44e5d1f8d6cca

SHA1
1dd98e2c2231cbc883f66246d742ea496fa64195

SHA256
eb2b59bbdd421a6117e3054d74cf44b6f6b143e1a018b1bf4071b40b1bc7a376

SHA512
95f88cab6357d4e7a7fb838f0d4b89c7bef2b390eeec9e23b5a3da13471bb8286e1ad1b772f16c373f126f7eaf9c6578ad2140c6b6617d017224fc1c17368f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b42b3.TMP
Filesize
89KB

MD5
4bd1f36ba72a7b17ac2034c8d18411d7

SHA1
b5c7a0c179323940e1dacd5ddcbd65a61b6e7ba1

SHA256
b0017cf901719c761d55ac65695132eab9ed871921843eedb3b2ccd086f8055d

SHA512
e8782d69d15b2884c2a062daba9a0e83af5052cbccc014dd79ae378f5a39b4bcf99bd4267b5c5e18feefbfb821509267dfa669829c53c46d2b449a7f54a859a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f899ba85f917e0ffc2f30491b4ed24af

SHA1
7fa839688a955e86a1ec32453e0b7e3856c5cfde

SHA256
6a82c339df01e3f5a46f415bdaf013b997cfd9a17b98751fcfda00dae708bec0

SHA512
aff529aac0f056699a21e1b51fa7c3e2a0f942a2a6739b679838ff211ac47b4477f61b43c888c599ec0fdbe06842056fad065afa69319f37f15e7798aef00134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
28635af53ec9e3b1190f34d5ff563b0e

SHA1
758ba1e31298c5afa62d98b7cb168f338862d4a0

SHA256
765ed21f5846773fe82d9b5bfa65d15e747bf88f8957f13637933718529367a5

SHA512
97ee40ec613ff2e0eb4111c7e0aacd75a79bc9311af3c17e6fbdabf14fc976d97c6f5f2e426f5f7089b95367a1803f5ea9f1e5560dd108edb5b263d77d9b0f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
ee2234f6d809de9f5a13934641169915

SHA1
83ff861c07c178d54b3f68607fa50ae8315e35af

SHA256
1b8ab2e34ea4982be90828d812a5c0a9abfc5501ca7e3c4d124a9389f81baa1f

SHA512
4b4ffe7e130cc5d7445f4557fccd737549b56a79b2b63791525b2d26b87c1996ff2aa4d5decab37b0330e5e7e2f1022deee7b61c96915a0790d3021ea1f3ead5

Download Submit
C:\Users\Admin\AppData\Local\Temp\6Rk1m9Vmo9Id.exe
Filesize
277KB

MD5
dac0c5b2380cbdd93b46763427c9f8df

SHA1
038089e1a0ac8375be797fc3ce7ae719abc72834

SHA256
d02538788fb57f568ece292f5fc20e9775c86d504de67f57e22534f84adc73c6

SHA512
05cc1f6bf25a6545a06c735ae7a4a7fc25489bdb9fbc8d5797be623982662c4a93cba2d20bfe14313ef1548eaaa691e55fabdd8e3d3e45de9ab42dc62f9a7023

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
Filesize
409KB

MD5
b70fdac25a99501e3cae11f1b775249e

SHA1
3c59226479bfdcd1b2927bcfb1a7516d4cb8dd71

SHA256
51ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246

SHA512
43f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44

Download Submit
\??\pipe\crashpad_3400_KOADXHDVSSFHBAMT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2116-5-0x00000000054C0000-0x0000000005526000-memory.dmp

Filesize
408KB

Download
memory/2116-2-0x0000000005920000-0x0000000005EC4000-memory.dmp

Filesize
5.6MB

Download
memory/2116-6-0x0000000006260000-0x0000000006272000-memory.dmp

Filesize
72KB

Download
memory/2116-1-0x00000000009E0000-0x0000000000A4C000-memory.dmp

Filesize
432KB

Download
memory/2116-4-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/2116-0-0x0000000074DAE000-0x0000000074DAF000-memory.dmp

Filesize
4KB

Download
memory/2116-3-0x0000000005420000-0x00000000054B2000-memory.dmp

Filesize
584KB

Download
memory/2116-15-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/2236-13-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/2236-17-0x0000000006540000-0x000000000654A000-memory.dmp

Filesize
40KB

Download
memory/2236-12-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/2236-18-0x0000000005EF0000-0x0000000005F2C000-memory.dmp

Filesize
240KB

Download
memory/2236-19-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/2236-30-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/2236-20-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download