Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
267s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28/01/2025, 10:52
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
quasar
1.4.1
Office04
112.134.23.228:4782
a23bce0f-c3e6-43a8-820a-7cfa22c21513
-
encryption_key
F1E42F6B387ACA92BE1CFEF6D75DCCAFC88ED8B1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 2 IoCs
resource yara_rule behavioral1/files/0x000200000001e780-79.dat family_quasar behavioral1/memory/1592-113-0x0000000000A70000-0x0000000000D94000-memory.dmp family_quasar -
Downloads MZ/PE file 1 IoCs
flow pid Process 11 3884 msedge.exe -
Executes dropped EXE 4 IoCs
pid Process 1592 Client-built.exe 5308 Client-built.exe 6072 Client-built.exe 4316 Client-built.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 862597.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3884 msedge.exe 3884 msedge.exe 4264 msedge.exe 4264 msedge.exe 372 identity_helper.exe 372 identity_helper.exe 924 msedge.exe 924 msedge.exe 5696 msedge.exe 5696 msedge.exe 5696 msedge.exe 5696 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 1592 Client-built.exe Token: SeDebugPrivilege 5308 Client-built.exe Token: SeDebugPrivilege 6072 Client-built.exe Token: SeDebugPrivilege 4316 Client-built.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 1592 Client-built.exe -
Suspicious use of SendNotifyMessage 25 IoCs
pid Process 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 1592 Client-built.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4264 wrote to memory of 2992 4264 msedge.exe 82 PID 4264 wrote to memory of 2992 4264 msedge.exe 82 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 1088 4264 msedge.exe 83 PID 4264 wrote to memory of 3884 4264 msedge.exe 84 PID 4264 wrote to memory of 3884 4264 msedge.exe 84 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85 PID 4264 wrote to memory of 3416 4264 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://buzzheavier.com/jvl3uzhlldq41⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa97c046f8,0x7ffa97c04708,0x7ffa97c047182⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:1268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3472 /prefetch:82⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 /prefetch:82⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:924
-
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1369495246454309108,13342755301509731756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5696
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4844
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5124
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5308
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6072
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD51d9978d73c74c6d7b9e1494eb7d18a10
SHA15a3af54bc4977beffa4b35fd86aa439226c0fe26
SHA256e5857f95b1fe92af0de3ee9bb213f86f8234cb74424f6b6b3d3809882849eb53
SHA51208f98138895dcdc4bf1255cee29f29dfe7eb830cd47afd0da5bbcd1168c2e7fe4573625d17151232c3d2153f80e09ece78b937f4c6cc6419d9d4ffeda4436512
-
Filesize
565B
MD5e00a374aeda71ea893bd692d522f7d32
SHA174646cde69303ac66e1608989d32ef925eadc86e
SHA256abaeb5d386bc9e125dd8c6e5d58f5f4a848d4d727ef458aa16cc74081ffa0a05
SHA512eb399a54b4c157efedd04305e884ebda4cc52d22e52c1689b0d07dc4e83c45bf7497fa312e007f1cf3ae6b95d120d534d4505a70c1b355c09015431668b30b0d
-
Filesize
5KB
MD5e1de10ad3ff28d62a98a2918fac4ad1c
SHA1496a8f3d5132112bb68d72223699a166d93a41c5
SHA256ac10551d252fb6fd9161d7d91c844f4eef8b0021c656ffcb82ec49f20b02e1e9
SHA512cc33b61436251065c0a347e176f4c4058b4aa1b93e0ebc66b78cebe94d8abd5d19f4f868cc5afaca634c592a2c844ebb9fd0f075b1c9813f6ca9690f8c821e47
-
Filesize
7KB
MD57c997965884cb2b32b10fe6b923b4e57
SHA146f9a6e9c8ae39e97c43205020578ce0c2015172
SHA256c27167f67b63b1de075bf2414e369b4d2a1bc4cb355e6f55cee73475408101af
SHA512e70abcb0f65da094b1554e9ab1dc6e13c0269822c02466325c99faa4ab92d2be438163e452efd665bfcc15e6c1d2a1eacfa5dcde677b1e322977f478b4499fbc
-
Filesize
6KB
MD5662dd662b6df49ea39e952b0b6daba1b
SHA110ecca28909158a90ae215db82c54b04304db4a7
SHA256b21ec04856e401c5a0cd032f5a609ffdb9b1fae07cb8b74a78a40512bbefb54f
SHA5127af6c1a392f259c78ffe831df96eb058ca8bbc83e1f41f7068e88b45a5164a8803097f260ce447fa687b697cbe1e6203edba2a9c227cc17c6e30072a4894e3f2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD520a5756306ea0c272c68e0c8777fcf0a
SHA167e18c3e2b3ab8dba713337ad0ea903c4f86860a
SHA256522187c60d6afe89a3aaf7855c12c1acd94db77bed0abaa8b1e42e95f520dd8a
SHA51242b5397c414f22462b2dbf9b8480ff957de32268765b87c0603b064705a59f5789b15d08adc8a91f1f892a912f2dece6b283d6ed1f9e02d85c6b39f4b6c35220
-
Filesize
10KB
MD54065c46d268dceca6fbeec36aef91a8c
SHA1e6bafb347c8148c0b95659989cca9dadabe5db67
SHA2561ffd57753718bdf9b6ec0027896ab568bfc11d10839b755ee304a4bb73321821
SHA5126229c9db400ecb9ad1bdbb9ae09aed4e0adab299f51ae36f7e2fe5d223ca964982be8b6ceeb3d8897145fc663ea7082c08a4c82e16fc479f12b8e70f971b8c8a
-
Filesize
3.1MB
MD52952a140e6cb69740588ba3ecd3a31bc
SHA1003cd8a9064396c07478a570118109dc01c08fd7
SHA256ca0f6e98b9e81ba13aefa674889ffa1e7c37640fa8e3644481e33323fc514392
SHA5123ef8b943c73f84aeb496ddf3b183ab663a56ce25b82f5623bef0be0c0d75feb84129313b33a463c4207881392d8d8230d884fb1de3a0963299f70291d9102fee