Analysis
-
max time kernel
300s -
max time network
308s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
02-06-2024 06:22
General
-
Target
uni/Uni - Copy (23) - Copy.exe
-
Size
409KB
-
MD5
b70fdac25a99501e3cae11f1b775249e
-
SHA1
3c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
-
SHA256
51ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
-
SHA512
43f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
-
SSDEEP
12288:gpbJjGut6AoE3hVVdFaC/eZPTMTDlpgfJCKuMsVs:oVaurMLcDlpRKai
Malware Config
Extracted
quasar
3.1.5
SeroXen
panel-slave.gl.at.ply.gg:57059
panel-slave.gl.at.ply.gg:27892
$Sxr-rpL8EItHN3pqIQQVy2
-
encryption_key
Lme7VBS3l58VwLM69PNM
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SeroXen
-
subdirectory
SubDir
Signatures
-
Quasar RAT 3 IoCs
Quasar is an open source Remote Access Tool.
-
Quasar payload 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe"C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe" /rl HIGHEST /f2⤵
- Quasar RAT
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Local\Temp\VEuMWCQBVxUC.exe"C:\Users\Admin\AppData\Local\Temp\VEuMWCQBVxUC.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\SCHTASKS.exe"SCHTASKS.exe" /create /tn "$77Client.exe" /tr "'C:\Users\Admin\AppData\Roaming\SubDir\Client.exe'" /sc onlogon /rl HIGHEST3⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\SCHTASKS.exe"SCHTASKS.exe" /create /tn "$77Uni - Copy (23) - Copy.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe'" /sc onlogon /rl HIGHEST2⤵
- Creates scheduled task(s)
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x520 0x4981⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ConvertJoin.m3u"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8df7046f8,0x7ff8df704708,0x7ff8df7047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4084 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=1324 /prefetch:62⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6236 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4092 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6420 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.oracle.com/javase/8/docs1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8df7046f8,0x7ff8df704708,0x7ff8df7047182⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
408B
MD54a45132cff29f7f360b5efab1a8ad5b9
SHA1e2ef02cc421d56917ab679ba3bb8469e4cad4fb5
SHA256a98b64870b249c693f1fa5db290d44e6853ae3709a49a2761e99e0e742281dfb
SHA51289e75182c2b312e94ab02eaac3530772842e5b18c1bfcf0ace78a133e1929d692b639f8959b151a8b4b5ffc6a1b4ab338c1d05d77318d013ba42ca01ad078aac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f2444ab6f436bb3de2bdff02196e1907
SHA17ef9cba517ed35c1986eb966abd74c3301187f58
SHA2566f1765f9d8f635910dede556baf63fd7efb169cf634234324db508bd87a4a842
SHA512c7b61d84d61bb8d03288ad7bded44618d1ff8692cb8e0cc8c265fd1b2d1707bb633c83457a1306d94f14f0c0970ff263caffc6b84baa3dbbfa40d4ff1daeb364
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fbbbb95b8200e28ec1e962b48ffdc57d
SHA1464cccfd62cf0380e23b0bd6e0f006a56dfcb19d
SHA25667aab73712a04ce8653e5d0ad5f90761c813890dec9b0f7cbfa3513c325ee01a
SHA512b3f007f163502e92e8291b132c9f947436198510e1d717e4cb2e38919400b7584e807d2f448882a7cadd3c89e41821d7129ae2e55b758549444dcb5359644823
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59d3bc27950292aadc1d8db6a14c8f51d
SHA1d4386bd1b4af809654164ce2227be3e018322f70
SHA256d1b66a5136750e37f39513b5f3ed2ab130bb454b1c41ae5dfc41151aba4ee070
SHA512b923f744d9f8335261dd7ce0f97e066c3593c6874d38dec218f96487ad265019ba7263a4aca1eb6b9d2a0ac2d2beb7a21a0d3dd8fbbbbd998855810a5eab1c9f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD551d9ee10e3dd9ffe24bc92d0814ad21a
SHA1356267292feb8bdc59be8aaf8c79f18814d3ea27
SHA2563f6f224efed2b532814237ede531137ab6bb04ddc5b584353d7123e34eaf4e53
SHA5121b68ba2a6758741829abd43f157feebdf58030f037fa5a4b4414e57b71924142afba7ccf65ffc43eff43ca5091b30496171136793c02e854c28a855d6d2d2a3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD547a59ffd9687ad396fa62721f500278b
SHA19d26be4de0139b151305eb9944d9cf30368be34c
SHA2569e5f2a610a061cbd7130235f389939c3fe5e8fe214c976b32b798021840f654b
SHA512b730e61c2406f2d8e52e418eee536d9c68f11b724319e01ebb917ddd0a5f759b038855f9f1a070acc818fc152b3d28bb17b0f0c43a74d8e707e1d9b3488e9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55dbd60806a7f2dd71e785237600a1c4b
SHA1ec7dde94da72d4c1fbfd1d74a5323312689eeb89
SHA2565b47495b7ac75354aa2df02847c868de304b7db95ee08c5e59e771182b647919
SHA512f3a6f756fdc7053e6753ad6a6666a7c71e9559c0da0e8665f5c32f634a587aab49a4ea5f41ae38c8854a39a4f7471ef59932b0afa29701ead0f56cd636763f40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD503c21ce5fdcff521f5132847b3fa97ec
SHA15814caaf011e938205c1319eaa2f5a791a2640d9
SHA2562592ce1b98c5845f0263a7d6ed410de9af977ba278decccf8d59b0d64872398e
SHA51271ef586d3ae4bbeb514c19ca09a117a124b31af78925bc27ff0ce32529282b05e8b43ffb62ccae6f4d5ed5267dec06957bdbe625ad5a327776ec7c455244e199
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD581488efd3684eff356ce69589f2e9321
SHA12c0909d9499f058a4f9f69e9f38d75f884bb9ce5
SHA256953e96fb18e45236d3d1edce0a44765fedc1db01e1debf0f367064956998c12f
SHA5121a2d71487ee9be5086d4ae3db43c8c9b47ff59a3b87249099e098f0065919d3251f7e0695d1a96e370610044c972b6a97fac969518dcc85c2d3f3652d545b71a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c66f39e38acbb7c8277e37ded398f224
SHA12da4f5008bab9c0078df8834d9dd50b7d41ab725
SHA256d163509d56e34f53076b283bbcdf99b305daf187982624c0c10ef0baf219df59
SHA512b3fac8ad9ec0a61a55361670a60707aadf1871ba65eb3c54472b34c1c606b42072e305f94cf04329dc33e62d0df4b93dc12f73726807ef6e67752ff708c2ae1e
-
C:\Users\Admin\AppData\Local\Temp\VEuMWCQBVxUC.exeFilesize
277KB
MD5dac0c5b2380cbdd93b46763427c9f8df
SHA1038089e1a0ac8375be797fc3ce7ae719abc72834
SHA256d02538788fb57f568ece292f5fc20e9775c86d504de67f57e22534f84adc73c6
SHA51205cc1f6bf25a6545a06c735ae7a4a7fc25489bdb9fbc8d5797be623982662c4a93cba2d20bfe14313ef1548eaaa691e55fabdd8e3d3e45de9ab42dc62f9a7023
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exeFilesize
409KB
MD5b70fdac25a99501e3cae11f1b775249e
SHA13c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
SHA25651ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
SHA51243f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
6KB
MD584d207c2b6bcc8bc60249f8cb9a3be3e
SHA1751536fc6748f3f85ca8967c6e3f18f954ac9f25
SHA256aca416d91f2b3133116e13a06b07f16f13ed140afacf0e912c5be127b9f05e6c
SHA512b127ccff69900a468bedb26907be61e2665b94192472a742dbfe40e95fb859a0c6ab23c6d5a4c9094a1aa257e9866f9854efebde5e480d8b2668048a7cdbad34
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
12KB
MD50fbb140ea4e0845155e666df4fdf69e1
SHA13f9a86e6e3f1f7edf6f0f4c0c78944fafb72666a
SHA256ae55f94b690269016e0595484dd14595aabccfbf857c52eae8f8f9419e81e1bf
SHA5122aceafb67c7e652c02191f246b6213ef8d23730109aac0e06ec4f5703e41eb90db6285e100bb9de48481a016d90406480e05d768d6c3e267ac4b3912de60cb88
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
200B
MD5e650ed7b3140f77e9a959aa1d487bb95
SHA141511a9d58576ade97e6db7d450fbc48b8c6499a
SHA256c7661ad077296461b2277ea87ad32784687f9eb7da076208b002258377386492
SHA51208a364be125b1b04d79a26c48db9ed1b3cb5079a2a0912961c0840f5aeaf12085f147d8a39a4bcbbbf085543d95acc0eeee73062a3df8bd137e2eccce543b75a
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
447B
MD5b861f628ef8f556ea30c10fbeed4d92f
SHA192e76a8ec8a258d8f172be50f734ecfe7f5722c4
SHA2561e319cecdb2dbd83a77831fcf10b395a1b7a758eee034cd88251e6495f6977b4
SHA5123992d8c2d632b98ae0793d68093642992ee41cbd6959f9966ac35130debedc7969e83e44866eff4a7254180904e7b7badb67c01f32d52a67d41fc4c1dbd1954f
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lockFilesize
18B
MD588d354df6bfdc291719ee8a308ec94e6
SHA1d08c1dd34cc03fdaca9054a0498ecd1a99bdeb01
SHA256507c9ef590d028b02d23486fa3903856b7eabaf8356f360fb50340ae038a883f
SHA5126bfad5117173923d107292771c6b65d95a7fa9107bad60b9377c67940cc8579502291eb5365e9aa9a54d90e32cb5b72daeaacb5566397429c0113486cea29ef0
-
\??\pipe\LOCAL\crashpad_5004_VYFQYPTDZWJSGGRBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/436-19-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-20-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-12-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-13-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-16-0x0000000005D50000-0x0000000005D8C000-memory.dmpFilesize
240KB
-
memory/436-323-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-18-0x0000000006370000-0x000000000637A000-memory.dmpFilesize
40KB
-
memory/4292-65-0x00007FF8EE6C0000-0x00007FF8EE6D1000-memory.dmpFilesize
68KB
-
memory/4292-67-0x00007FF8E58B0000-0x00007FF8E58C1000-memory.dmpFilesize
68KB
-
memory/4292-72-0x00007FF8E4EF0000-0x00007FF8E4F01000-memory.dmpFilesize
68KB
-
memory/4292-64-0x00007FF8F3FB0000-0x00007FF8F3FC7000-memory.dmpFilesize
92KB
-
memory/4292-63-0x00007FF8F3FD0000-0x00007FF8F3FE1000-memory.dmpFilesize
68KB
-
memory/4292-62-0x00007FF8F4140000-0x00007FF8F4157000-memory.dmpFilesize
92KB
-
memory/4292-61-0x00007FF8F44C0000-0x00007FF8F44D8000-memory.dmpFilesize
96KB
-
memory/4292-59-0x00007FF8FBA40000-0x00007FF8FBA74000-memory.dmpFilesize
208KB
-
memory/4292-68-0x00007FF8E3710000-0x00007FF8E391B000-memory.dmpFilesize
2.0MB
-
memory/4292-75-0x00007FF8E36F0000-0x00007FF8E370B000-memory.dmpFilesize
108KB
-
memory/4292-74-0x00007FF8E4730000-0x00007FF8E4741000-memory.dmpFilesize
68KB
-
memory/4292-73-0x00007FF8E4750000-0x00007FF8E4761000-memory.dmpFilesize
68KB
-
memory/4292-58-0x00007FF6B86D0000-0x00007FF6B87C8000-memory.dmpFilesize
992KB
-
memory/4292-66-0x00007FF8EE6A0000-0x00007FF8EE6BD000-memory.dmpFilesize
116KB
-
memory/4292-71-0x00007FF8E5890000-0x00007FF8E58A8000-memory.dmpFilesize
96KB
-
memory/4292-167-0x00007FF8E4270000-0x00007FF8E4526000-memory.dmpFilesize
2.7MB
-
memory/4292-60-0x00007FF8E4270000-0x00007FF8E4526000-memory.dmpFilesize
2.7MB
-
memory/4292-76-0x00000284E95C0000-0x00000284EAE2F000-memory.dmpFilesize
24.4MB
-
memory/4292-69-0x00007FF8E5320000-0x00007FF8E5361000-memory.dmpFilesize
260KB
-
memory/4292-70-0x00007FF8E4F10000-0x00007FF8E4F31000-memory.dmpFilesize
132KB
-
memory/4488-15-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/4488-0-0x00000000753CE000-0x00000000753CF000-memory.dmpFilesize
4KB
-
memory/4488-6-0x00000000056D0000-0x00000000056E2000-memory.dmpFilesize
72KB
-
memory/4488-5-0x0000000005170000-0x00000000051D6000-memory.dmpFilesize
408KB
-
memory/4488-4-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/4488-3-0x0000000005210000-0x00000000052A2000-memory.dmpFilesize
584KB
-
memory/4488-2-0x0000000005720000-0x0000000005CC4000-memory.dmpFilesize
5.6MB
-
memory/4488-1-0x0000000000870000-0x00000000008DC000-memory.dmpFilesize
432KB