Analysis
-
max time kernel
300s -
max time network
300s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
02-06-2024 06:23
General
-
Target
uni/Uni - Copy (23) - Copy.exe
-
Size
409KB
-
MD5
b70fdac25a99501e3cae11f1b775249e
-
SHA1
3c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
-
SHA256
51ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
-
SHA512
43f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
-
SSDEEP
12288:gpbJjGut6AoE3hVVdFaC/eZPTMTDlpgfJCKuMsVs:oVaurMLcDlpRKai
Malware Config
Extracted
quasar
3.1.5
SeroXen
panel-slave.gl.at.ply.gg:57059
panel-slave.gl.at.ply.gg:27892
$Sxr-rpL8EItHN3pqIQQVy2
-
encryption_key
Lme7VBS3l58VwLM69PNM
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SeroXen
-
subdirectory
SubDir
Signatures
-
Quasar RAT 4 IoCs
Quasar is an open source Remote Access Tool.
-
Quasar payload 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 25 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 29 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe"C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe" /rl HIGHEST /f2⤵
- Quasar RAT
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"schtasks" /create /tn "SeroXen" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Local\Temp\paAgV40AbqGe.exe"C:\Users\Admin\AppData\Local\Temp\paAgV40AbqGe.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\SCHTASKS.exe"SCHTASKS.exe" /create /tn "$77Client.exe" /tr "'C:\Users\Admin\AppData\Roaming\SubDir\Client.exe'" /sc onlogon /rl HIGHEST3⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\SCHTASKS.exe"SCHTASKS.exe" /create /tn "$77Uni - Copy (23) - Copy.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\uni\Uni - Copy (23) - Copy.exe'" /sc onlogon /rl HIGHEST2⤵
- Creates scheduled task(s)
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x408 0x4e81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa971a46f8,0x7ffa971a4708,0x7ffa971a47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4664 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=5728 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5784 /prefetch:62⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=5940 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8020959952845075066,10913813856337832051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5536 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -nohome1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5260 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD554929d49151f3d1deb92d4882fd7f29b
SHA174fb1bea4c7ba9b9c69aacab601ad211cc80e12d
SHA25639e5885ca8868a5612268f987e7007fb20526221c11af4e62426bbab4fdc2141
SHA5123900823e9765f7cde1d6148c9d9de8079805d30f421728cf675e1c1264440be1a037394edc9c1e0a4497d2658d7897784a96062b6eb1b829ee1245fadb83087d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
404B
MD5b737991b5b11c437ae8d74c16e0076ab
SHA138c38456d396cfdaba0e42fe01677c48fd9600c2
SHA256b3dfe2b09360cb316eaa02f953be0c0c797d4e1efc75cb5fec4f75d9345869b5
SHA512ff83dae6a2bef6bead1f35fe38ebb2d1d8cefd68092583a73be1b0277b35c4f3d54b9b79509a8b3b8ec7871abe4bea2032a7327284b5fdf7a0709e07001ea9a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
180B
MD500a455d9d155394bfb4b52258c97c5e5
SHA12761d0c955353e1982a588a3df78f2744cfaa9df
SHA25645a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA5129553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD587d696decdfd21cd3b2c018af3126a40
SHA14eb04b402bf38aae52cfabbbedc23486bb93d5b2
SHA25657ffd8658262e0f336aa1fbebeddfb43836a612bdfd18fb3a32e4d6845a6a35c
SHA5120580109b9523e30016d608600898c9d60078922e7db1ce306cc3173c3113874de52661fe248cd5d8acff2fd1fea79314122cd81f5058a96290f5dac9a1c770ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59fa5d1e0d7bebbd3e2fbf2e26ab18af2
SHA18d5d09fe0403b09f988ee44f8fb14d7dd5e616ca
SHA25683b986d7c9689f90564a4ae6cda4a82f51f32457550d2dc3a76442114718a698
SHA51266b50ad40f11708aee578287c2da713bed1e1b9a99577a09b55695a35f8afde99195abed83fdddb77f3eb6d2bf6630141e1f52b228d7988bf9ef2105977ce97b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD509f845bc88ce283bf96ad42083bbdef3
SHA1b3f0e94bdde4c5eaf7d365e90ea71ec68f629685
SHA256ec76650280160ff3823e547909ccb702da4aaa1634a415ea1b1c71f4552fca70
SHA512cc66645548a6b717c7e19fbf266dcc570a3f0ba394bb94c929019758933fbab8edbbdbbd5892b72a9829ea421372ece6cea4e07fd53b980e02e71b5e584d14ea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5ce4a1bfaeae64d31c94ebbfc66106cc3
SHA1ac44eceb4e7007708fbafed46138a3778570c84e
SHA2561a4c8a0e683cb7e1b192783bb0563d823c469a3590c8abf06bcd68c1197f9ea7
SHA51267f1cb90eb7e731fc5f49e7d70abcf767634eb9f347e0e81d33751cbe6d0c1bcd5023cfc78ea7eb57ba19eef0e88ee106b2d59df52754e6cfb132d382fb2d63e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52cd615d7c43042093d48263284682dc9
SHA1dc2b9d75377fc9c28c100f14f4ee79368d953f32
SHA256b46293039693634681be71693dc1168d0ead1a5e2839299f28a678d67a92e1c7
SHA51252f306884cb96b9524319f862565771795d374a78ee0fd3ec7328400e7fbdf467f035a34f0e26d2f7cb0d2181c24014995871383b7324ce71da10a1f7318cca8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ed823bc3e93ba3b49ce120552267fe71
SHA12b0a74b4679806eee0456553402ce110faf8033e
SHA256e68f41a07fcb782109e49e451418c2880829820076540b38a4e636a8cc75daa7
SHA51258134faf7388eae89e4581e93ec2aa490da7c4d52f74ce0648e5e6c5d3560b67abe96016c0c734bee9f4b31d0f43665b9a4b9c5fcb1f8488567fd77336648f06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD560c1e756abef444215b45599c4969701
SHA181336fe6e1e4bdad85a0e2878cf38b66dd66d8e1
SHA256f772816457b96035e7090eb011372a0a4ffbdadb142d0126cc67336760b28b9a
SHA512f0e3c267872eab0ecb6e47dd60808dda1ca135ed35ba7b12ce5c63658efbb79ef8f8cb8b8d2b38f68fcbacbd383034b7fa7c2018bc30a993866762f47da0ae8a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD534e3e82bab649767711cd4eec952d482
SHA15821d07f8d5df3ae1944695f1ebca72ec815ab0f
SHA25667061835e2f3496ea89852c7c6a099a49ba877f5ec8785e7a5628c86d2112806
SHA51294e1956a73ee8c56bd57f200ce8424f17051419f9db5eef466f71f8a2d730119761b382da67bf24bc1215f98d71eb8edc7f7c5dadb82494e5019fbffeae6c7fa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD548ccac5e97ed63978bf70679922825b7
SHA1c1e11f4e42318263b0d4525e9ba8c28a9c0e210d
SHA256373b3f6136080d829f6e8ec52bef1f22d3c8bd0dc638fe49fa3fe7d171fac9d0
SHA512c4a068c0ffc2065e55eba4d2f9088499c316bab34fb6c829bc08e512c425730396570a3bdcec8869a43fc1d60dea4b91599ecc10338bb96ac27e31a448863c35
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54c03c627e47bae91d48ccc0a4279e69f
SHA10b22a47e16636b66fa9bce6d891f95294f350d44
SHA2568ccf37d9265215ccb2771924e443ab8452e4aae2c8f44ae2a2192a804465a59b
SHA5124c394d5e1302a4dcad9f9bafcc107fa5d5ea5fda482ff404d7463d232359e6eeedcba3d2cbccf4101f78a4e1e080c294fef8cf49b9d401b7b3aa33762df27966
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54fb2b7c8e1c99df960dea4ca82a4f614
SHA147e21332e85d3e7471a7ab4ee35a785bd0bf42ba
SHA256ff045924024bba61b931095124fd706e7310808107021dedff17a7eecbb9906a
SHA512c871e434765322bf5d1333e33c16959474aad15d5a908cf785c56b7be490281a37201185b7031e3bddc687949b10c7ad85990a49ff16c7edba440148e8e18212
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD554f1caf742a43f223981bd74312c62e3
SHA16870926b2514fdea9098337f0e7de468a5f4403d
SHA256047ad1f2bf28f51ce3be87d1fd751bd925733619ca00ccd32d6bb73346864e40
SHA51276603e0aeeae33af8abda565fa47f9269d667b9469fd2f720e5c2033e5b9f19f496c0119a15342419af4a71c53b8f0f7bc8603e9d6984ba052e301d90971fdfa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD575ea909b821d83da4bdf5426fd93221c
SHA13efff9640029c4536ee29a43aedc7050c37f21cd
SHA256cee921cfc9c041a5f79fbc80d710fef0d03c31d59a3c6a8520e1641fd235336a
SHA512ba03269fb686ccb304ace217ce22c19c50e0f9ca4701f4c5af52fe39e63d392b1abc4e234f7b242440412bcd39cb620328b04b79ef1b6d60a72cf851d1b782f1
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver6202.tmpFilesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
C:\Users\Admin\AppData\Local\Temp\paAgV40AbqGe.exeFilesize
277KB
MD5dac0c5b2380cbdd93b46763427c9f8df
SHA1038089e1a0ac8375be797fc3ce7ae719abc72834
SHA256d02538788fb57f568ece292f5fc20e9775c86d504de67f57e22534f84adc73c6
SHA51205cc1f6bf25a6545a06c735ae7a4a7fc25489bdb9fbc8d5797be623982662c4a93cba2d20bfe14313ef1548eaaa691e55fabdd8e3d3e45de9ab42dc62f9a7023
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exeFilesize
409KB
MD5b70fdac25a99501e3cae11f1b775249e
SHA13c59226479bfdcd1b2927bcfb1a7516d4cb8dd71
SHA25651ff3eb450a786c1aaa75ff889f2fd256412a7b75d04277fdf9fcccc20e57246
SHA51243f0d5d6e5f0d5febba537c109ffdbc250bbb6e9725e635a43ec975b0353048eaeee50b6e9274cd5e072ea6b0cea32439bd37408b2528832f467f2075f74ca44
-
\??\pipe\LOCAL\crashpad_2592_LTDDITNSZEWJKMONMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/464-19-0x0000000075380000-0x0000000075B30000-memory.dmpFilesize
7.7MB
-
memory/464-17-0x0000000006960000-0x000000000696A000-memory.dmpFilesize
40KB
-
memory/464-86-0x0000000075380000-0x0000000075B30000-memory.dmpFilesize
7.7MB
-
memory/464-13-0x0000000075380000-0x0000000075B30000-memory.dmpFilesize
7.7MB
-
memory/464-12-0x0000000075380000-0x0000000075B30000-memory.dmpFilesize
7.7MB
-
memory/464-18-0x0000000075380000-0x0000000075B30000-memory.dmpFilesize
7.7MB
-
memory/2188-0-0x000000007538E000-0x000000007538F000-memory.dmpFilesize
4KB
-
memory/2188-5-0x0000000005840000-0x00000000058A6000-memory.dmpFilesize
408KB
-
memory/2188-4-0x0000000075380000-0x0000000075B30000-memory.dmpFilesize
7.7MB
-
memory/2188-3-0x00000000057A0000-0x0000000005832000-memory.dmpFilesize
584KB
-
memory/2188-2-0x0000000005D50000-0x00000000062F4000-memory.dmpFilesize
5.6MB
-
memory/2188-6-0x0000000005CF0000-0x0000000005D02000-memory.dmpFilesize
72KB
-
memory/2188-1-0x0000000000D20000-0x0000000000D8C000-memory.dmpFilesize
432KB
-
memory/2188-15-0x0000000075380000-0x0000000075B30000-memory.dmpFilesize
7.7MB