Overview
overview
10Static
static
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...2).exe
windows7-x64
10uni/Uni - ...2).exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10uni/Uni - ...py.exe
windows7-x64
10uni/Uni - ...py.exe
windows10-2004-x64
10Analysis
-
max time kernel
300s -
max time network
308s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02-06-2024 06:22
Behavioral task
behavioral1
Sample
uni/Uni - Copy (10) - Copy.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
uni/Uni - Copy (10) - Copy.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
uni/Uni - Copy (11) - Copy.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
uni/Uni - Copy (11) - Copy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
uni/Uni - Copy (12) - Copy.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
uni/Uni - Copy (12) - Copy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
uni/Uni - Copy (13) - Copy.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
uni/Uni - Copy (13) - Copy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
uni/Uni - Copy (14) - Copy.exe
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
uni/Uni - Copy (14) - Copy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
uni/Uni - Copy (15) - Copy.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
uni/Uni - Copy (15) - Copy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
uni/Uni - Copy (16) - Copy.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
uni/Uni - Copy (16) - Copy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
uni/Uni - Copy (17) - Copy.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
uni/Uni - Copy (17) - Copy.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
uni/Uni - Copy (18) - Copy.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
uni/Uni - Copy (18) - Copy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
uni/Uni - Copy (19) - Copy.exe
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
uni/Uni - Copy (19) - Copy.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
uni/Uni - Copy (2) - Copy.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
uni/Uni - Copy (2) - Copy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
uni/Uni - Copy (2).exe
Resource
win7-20240419-en
Behavioral task
behavioral24
Sample
uni/Uni - Copy (2).exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
uni/Uni - Copy (20) - Copy.exe
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
uni/Uni - Copy (20) - Copy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
uni/Uni - Copy (21) - Copy.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
uni/Uni - Copy (21) - Copy.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
uni/Uni - Copy (22) - Copy.exe
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
uni/Uni - Copy (22) - Copy.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
uni/Uni - Copy (23) - Copy.exe
Resource
win7-20240220-en
General
-
Target
uni/Uni - Copy (23) - Copy.exe
-
Size
409KB
-
MD5
b70fdac25a99501e3cae11f1b775249e
-
SHA1
3c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
-
SHA256
51ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
-
SHA512
43f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
-
SSDEEP
12288:gpbJjGut6AoE3hVVdFaC/eZPTMTDlpgfJCKuMsVs:oVaurMLcDlpRKai
Malware Config
Extracted
quasar
3.1.5
SeroXen
panel-slave.gl.at.ply.gg:57059
panel-slave.gl.at.ply.gg:27892
$Sxr-rpL8EItHN3pqIQQVy2
-
encryption_key
Lme7VBS3l58VwLM69PNM
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SeroXen
-
subdirectory
SubDir
Signatures
-
Processes:
schtasks.exepid process 408 schtasks.exe 14 ip-api.com 30 api.ipify.org -
Quasar payload 2 IoCs
Processes:
resource yara_rule behavioral32/memory/4488-1-0x0000000000870000-0x00000000008DC000-memory.dmp family_quasar C:\Users\Admin\AppData\Roaming\SubDir\Client.exe family_quasar -
Executes dropped EXE 2 IoCs
Processes:
Client.exeVEuMWCQBVxUC.exepid process 436 Client.exe 4888 VEuMWCQBVxUC.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 14 ip-api.com 30 api.ipify.org -
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeSCHTASKS.exeschtasks.exeSCHTASKS.exepid process 408 schtasks.exe 2424 SCHTASKS.exe 3336 schtasks.exe 5752 SCHTASKS.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 4292 vlc.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5004 msedge.exe 5004 msedge.exe 3940 msedge.exe 3940 msedge.exe 5140 identity_helper.exe 5140 identity_helper.exe 2192 msedge.exe 2192 msedge.exe 2192 msedge.exe 2192 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 4292 vlc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Uni - Copy (23) - Copy.exeClient.exeAUDIODG.EXEdescription pid process Token: SeDebugPrivilege 4488 Uni - Copy (23) - Copy.exe Token: SeDebugPrivilege 436 Client.exe Token: 33 3348 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3348 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
vlc.exemsedge.exepid process 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
vlc.exemsedge.exepid process 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe 4292 vlc.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
Client.exeVEuMWCQBVxUC.exevlc.exepid process 436 Client.exe 4888 VEuMWCQBVxUC.exe 4292 vlc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Uni - Copy (23) - Copy.exeClient.exemsedge.exedescription pid process target process PID 4488 wrote to memory of 408 4488 Uni - Copy (23) - Copy.exe schtasks.exe PID 4488 wrote to memory of 408 4488 Uni - Copy (23) - Copy.exe schtasks.exe PID 4488 wrote to memory of 408 4488 Uni - Copy (23) - Copy.exe schtasks.exe PID 4488 wrote to memory of 436 4488 Uni - Copy (23) - Copy.exe Client.exe PID 4488 wrote to memory of 436 4488 Uni - Copy (23) - Copy.exe Client.exe PID 4488 wrote to memory of 436 4488 Uni - Copy (23) - Copy.exe Client.exe PID 4488 wrote to memory of 2424 4488 Uni - Copy (23) - Copy.exe SCHTASKS.exe PID 4488 wrote to memory of 2424 4488 Uni - Copy (23) - Copy.exe SCHTASKS.exe PID 4488 wrote to memory of 2424 4488 Uni - Copy (23) - Copy.exe SCHTASKS.exe PID 436 wrote to memory of 3336 436 Client.exe schtasks.exe PID 436 wrote to memory of 3336 436 Client.exe schtasks.exe PID 436 wrote to memory of 3336 436 Client.exe schtasks.exe PID 436 wrote to memory of 4888 436 Client.exe VEuMWCQBVxUC.exe PID 436 wrote to memory of 4888 436 Client.exe VEuMWCQBVxUC.exe PID 436 wrote to memory of 4888 436 Client.exe VEuMWCQBVxUC.exe PID 5004 wrote to memory of 2752 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 2752 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4620 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 3940 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 3940 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4660 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4660 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4660 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4660 5004 msedge.exe msedge.exe PID 5004 wrote to memory of 4660 5004 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe"C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe" /rl HIGHEST /f2⤵
- Quasar RAT
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Local\Temp\VEuMWCQBVxUC.exe"C:\Users\Admin\AppData\Local\Temp\VEuMWCQBVxUC.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\SCHTASKS.exe"SCHTASKS.exe" /create /tn "$77Client.exe" /tr "'C:\Users\Admin\AppData\Roaming\SubDir\Client.exe'" /sc onlogon /rl HIGHEST3⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\SCHTASKS.exe"SCHTASKS.exe" /create /tn "$77Uni - Copy (23) - Copy.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe'" /sc onlogon /rl HIGHEST2⤵
- Creates scheduled task(s)
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x520 0x4981⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ConvertJoin.m3u"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8df7046f8,0x7ff8df704708,0x7ff8df7047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4084 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=1324 /prefetch:62⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6236 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4092 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6420 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6153922820586656742,11536970590265740494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.oracle.com/javase/8/docs1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8df7046f8,0x7ff8df704708,0x7ff8df7047182⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
408B
MD54a45132cff29f7f360b5efab1a8ad5b9
SHA1e2ef02cc421d56917ab679ba3bb8469e4cad4fb5
SHA256a98b64870b249c693f1fa5db290d44e6853ae3709a49a2761e99e0e742281dfb
SHA51289e75182c2b312e94ab02eaac3530772842e5b18c1bfcf0ace78a133e1929d692b639f8959b151a8b4b5ffc6a1b4ab338c1d05d77318d013ba42ca01ad078aac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f2444ab6f436bb3de2bdff02196e1907
SHA17ef9cba517ed35c1986eb966abd74c3301187f58
SHA2566f1765f9d8f635910dede556baf63fd7efb169cf634234324db508bd87a4a842
SHA512c7b61d84d61bb8d03288ad7bded44618d1ff8692cb8e0cc8c265fd1b2d1707bb633c83457a1306d94f14f0c0970ff263caffc6b84baa3dbbfa40d4ff1daeb364
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fbbbb95b8200e28ec1e962b48ffdc57d
SHA1464cccfd62cf0380e23b0bd6e0f006a56dfcb19d
SHA25667aab73712a04ce8653e5d0ad5f90761c813890dec9b0f7cbfa3513c325ee01a
SHA512b3f007f163502e92e8291b132c9f947436198510e1d717e4cb2e38919400b7584e807d2f448882a7cadd3c89e41821d7129ae2e55b758549444dcb5359644823
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59d3bc27950292aadc1d8db6a14c8f51d
SHA1d4386bd1b4af809654164ce2227be3e018322f70
SHA256d1b66a5136750e37f39513b5f3ed2ab130bb454b1c41ae5dfc41151aba4ee070
SHA512b923f744d9f8335261dd7ce0f97e066c3593c6874d38dec218f96487ad265019ba7263a4aca1eb6b9d2a0ac2d2beb7a21a0d3dd8fbbbbd998855810a5eab1c9f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD551d9ee10e3dd9ffe24bc92d0814ad21a
SHA1356267292feb8bdc59be8aaf8c79f18814d3ea27
SHA2563f6f224efed2b532814237ede531137ab6bb04ddc5b584353d7123e34eaf4e53
SHA5121b68ba2a6758741829abd43f157feebdf58030f037fa5a4b4414e57b71924142afba7ccf65ffc43eff43ca5091b30496171136793c02e854c28a855d6d2d2a3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD547a59ffd9687ad396fa62721f500278b
SHA19d26be4de0139b151305eb9944d9cf30368be34c
SHA2569e5f2a610a061cbd7130235f389939c3fe5e8fe214c976b32b798021840f654b
SHA512b730e61c2406f2d8e52e418eee536d9c68f11b724319e01ebb917ddd0a5f759b038855f9f1a070acc818fc152b3d28bb17b0f0c43a74d8e707e1d9b3488e9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55dbd60806a7f2dd71e785237600a1c4b
SHA1ec7dde94da72d4c1fbfd1d74a5323312689eeb89
SHA2565b47495b7ac75354aa2df02847c868de304b7db95ee08c5e59e771182b647919
SHA512f3a6f756fdc7053e6753ad6a6666a7c71e9559c0da0e8665f5c32f634a587aab49a4ea5f41ae38c8854a39a4f7471ef59932b0afa29701ead0f56cd636763f40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD503c21ce5fdcff521f5132847b3fa97ec
SHA15814caaf011e938205c1319eaa2f5a791a2640d9
SHA2562592ce1b98c5845f0263a7d6ed410de9af977ba278decccf8d59b0d64872398e
SHA51271ef586d3ae4bbeb514c19ca09a117a124b31af78925bc27ff0ce32529282b05e8b43ffb62ccae6f4d5ed5267dec06957bdbe625ad5a327776ec7c455244e199
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD581488efd3684eff356ce69589f2e9321
SHA12c0909d9499f058a4f9f69e9f38d75f884bb9ce5
SHA256953e96fb18e45236d3d1edce0a44765fedc1db01e1debf0f367064956998c12f
SHA5121a2d71487ee9be5086d4ae3db43c8c9b47ff59a3b87249099e098f0065919d3251f7e0695d1a96e370610044c972b6a97fac969518dcc85c2d3f3652d545b71a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c66f39e38acbb7c8277e37ded398f224
SHA12da4f5008bab9c0078df8834d9dd50b7d41ab725
SHA256d163509d56e34f53076b283bbcdf99b305daf187982624c0c10ef0baf219df59
SHA512b3fac8ad9ec0a61a55361670a60707aadf1871ba65eb3c54472b34c1c606b42072e305f94cf04329dc33e62d0df4b93dc12f73726807ef6e67752ff708c2ae1e
-
C:\Users\Admin\AppData\Local\Temp\VEuMWCQBVxUC.exeFilesize
277KB
MD5dac0c5b2380cbdd93b46763427c9f8df
SHA1038089e1a0ac8375be797fc3ce7ae719abc72834
SHA256d02538788fb57f568ece292f5fc20e9775c86d504de67f57e22534f84adc73c6
SHA51205cc1f6bf25a6545a06c735ae7a4a7fc25489bdb9fbc8d5797be623982662c4a93cba2d20bfe14313ef1548eaaa691e55fabdd8e3d3e45de9ab42dc62f9a7023
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exeFilesize
409KB
MD5b70fdac25a99501e3cae11f1b775249e
SHA13c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
SHA25651ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
SHA51243f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
6KB
MD584d207c2b6bcc8bc60249f8cb9a3be3e
SHA1751536fc6748f3f85ca8967c6e3f18f954ac9f25
SHA256aca416d91f2b3133116e13a06b07f16f13ed140afacf0e912c5be127b9f05e6c
SHA512b127ccff69900a468bedb26907be61e2665b94192472a742dbfe40e95fb859a0c6ab23c6d5a4c9094a1aa257e9866f9854efebde5e480d8b2668048a7cdbad34
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
12KB
MD50fbb140ea4e0845155e666df4fdf69e1
SHA13f9a86e6e3f1f7edf6f0f4c0c78944fafb72666a
SHA256ae55f94b690269016e0595484dd14595aabccfbf857c52eae8f8f9419e81e1bf
SHA5122aceafb67c7e652c02191f246b6213ef8d23730109aac0e06ec4f5703e41eb90db6285e100bb9de48481a016d90406480e05d768d6c3e267ac4b3912de60cb88
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
200B
MD5e650ed7b3140f77e9a959aa1d487bb95
SHA141511a9d58576ade97e6db7d450fbc48b8c6499a
SHA256c7661ad077296461b2277ea87ad32784687f9eb7da076208b002258377386492
SHA51208a364be125b1b04d79a26c48db9ed1b3cb5079a2a0912961c0840f5aeaf12085f147d8a39a4bcbbbf085543d95acc0eeee73062a3df8bd137e2eccce543b75a
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.iniFilesize
447B
MD5b861f628ef8f556ea30c10fbeed4d92f
SHA192e76a8ec8a258d8f172be50f734ecfe7f5722c4
SHA2561e319cecdb2dbd83a77831fcf10b395a1b7a758eee034cd88251e6495f6977b4
SHA5123992d8c2d632b98ae0793d68093642992ee41cbd6959f9966ac35130debedc7969e83e44866eff4a7254180904e7b7badb67c01f32d52a67d41fc4c1dbd1954f
-
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lockFilesize
18B
MD588d354df6bfdc291719ee8a308ec94e6
SHA1d08c1dd34cc03fdaca9054a0498ecd1a99bdeb01
SHA256507c9ef590d028b02d23486fa3903856b7eabaf8356f360fb50340ae038a883f
SHA5126bfad5117173923d107292771c6b65d95a7fa9107bad60b9377c67940cc8579502291eb5365e9aa9a54d90e32cb5b72daeaacb5566397429c0113486cea29ef0
-
\??\pipe\LOCAL\crashpad_5004_VYFQYPTDZWJSGGRBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/436-19-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-20-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-12-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-13-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-16-0x0000000005D50000-0x0000000005D8C000-memory.dmpFilesize
240KB
-
memory/436-323-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/436-18-0x0000000006370000-0x000000000637A000-memory.dmpFilesize
40KB
-
memory/4292-65-0x00007FF8EE6C0000-0x00007FF8EE6D1000-memory.dmpFilesize
68KB
-
memory/4292-67-0x00007FF8E58B0000-0x00007FF8E58C1000-memory.dmpFilesize
68KB
-
memory/4292-72-0x00007FF8E4EF0000-0x00007FF8E4F01000-memory.dmpFilesize
68KB
-
memory/4292-64-0x00007FF8F3FB0000-0x00007FF8F3FC7000-memory.dmpFilesize
92KB
-
memory/4292-63-0x00007FF8F3FD0000-0x00007FF8F3FE1000-memory.dmpFilesize
68KB
-
memory/4292-62-0x00007FF8F4140000-0x00007FF8F4157000-memory.dmpFilesize
92KB
-
memory/4292-61-0x00007FF8F44C0000-0x00007FF8F44D8000-memory.dmpFilesize
96KB
-
memory/4292-59-0x00007FF8FBA40000-0x00007FF8FBA74000-memory.dmpFilesize
208KB
-
memory/4292-68-0x00007FF8E3710000-0x00007FF8E391B000-memory.dmpFilesize
2.0MB
-
memory/4292-75-0x00007FF8E36F0000-0x00007FF8E370B000-memory.dmpFilesize
108KB
-
memory/4292-74-0x00007FF8E4730000-0x00007FF8E4741000-memory.dmpFilesize
68KB
-
memory/4292-73-0x00007FF8E4750000-0x00007FF8E4761000-memory.dmpFilesize
68KB
-
memory/4292-58-0x00007FF6B86D0000-0x00007FF6B87C8000-memory.dmpFilesize
992KB
-
memory/4292-66-0x00007FF8EE6A0000-0x00007FF8EE6BD000-memory.dmpFilesize
116KB
-
memory/4292-71-0x00007FF8E5890000-0x00007FF8E58A8000-memory.dmpFilesize
96KB
-
memory/4292-167-0x00007FF8E4270000-0x00007FF8E4526000-memory.dmpFilesize
2.7MB
-
memory/4292-60-0x00007FF8E4270000-0x00007FF8E4526000-memory.dmpFilesize
2.7MB
-
memory/4292-76-0x00000284E95C0000-0x00000284EAE2F000-memory.dmpFilesize
24.4MB
-
memory/4292-69-0x00007FF8E5320000-0x00007FF8E5361000-memory.dmpFilesize
260KB
-
memory/4292-70-0x00007FF8E4F10000-0x00007FF8E4F31000-memory.dmpFilesize
132KB
-
memory/4488-15-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/4488-0-0x00000000753CE000-0x00000000753CF000-memory.dmpFilesize
4KB
-
memory/4488-6-0x00000000056D0000-0x00000000056E2000-memory.dmpFilesize
72KB
-
memory/4488-5-0x0000000005170000-0x00000000051D6000-memory.dmpFilesize
408KB
-
memory/4488-4-0x00000000753C0000-0x0000000075B70000-memory.dmpFilesize
7.7MB
-
memory/4488-3-0x0000000005210000-0x00000000052A2000-memory.dmpFilesize
584KB
-
memory/4488-2-0x0000000005720000-0x0000000005CC4000-memory.dmpFilesize
5.6MB
-
memory/4488-1-0x0000000000870000-0x00000000008DC000-memory.dmpFilesize
432KB