Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
25/03/2025, 22:06
General
-
Target
https://gofile.io/d/yLFwgS
Malware Config
Extracted
quasar
1.5.0
Office04
195.211.191.164:4783
92e160f2-00b2-42d9-b356-80ece14c0334
-
encryption_key
099F1FB13EF6C6E200F02163268CF32280EFE33C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Modded Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload 3 IoCs
-
Downloads MZ/PE file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Windows directory 9 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/yLFwgS1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7ffab1e2f208,0x7ffab1e2f214,0x7ffab1e2f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:112⤵
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2144,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2444,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4052,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4208,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4348,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4412,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4124,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5356,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3512,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5528,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11283⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6244,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6440,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6908,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6880,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6224,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=7160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7276,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6636,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Users\Admin\Downloads\Client-built.exe"C:\Users\Admin\Downloads\Client-built.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Quasar Modded Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\SubDir\Client.exe"C:\Windows\system32\SubDir\Client.exe"3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Quasar Modded Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f4⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4632,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6684,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4304,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5668,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5224,i,318956851977441596,10861715171548045424,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD5046b1cdbd636e82e7711ea1fde31d7e3
SHA1f5fa4183cb259a99b4148ee957a5f76e80a77ada
SHA25640328502d95af4c1db45d98abe8c4e9214d80a8df7f0b8f19f81edd5e121f90a
SHA512460ba5792f0df64289ff4057d04615973a7844b2fd2c14df554600c141d720fcf13d9e9c8449ac57e50fa074a81887437918970881b4d48f7a7ee3521bac8eb4
-
Filesize
280B
MD5cbc9fc2d9ad2df85283109b48c8e6db0
SHA1721ea0dfafd882d6354f8b0a35560425a60a8819
SHA2567c21b286b304b2b42ab3502158aef04892b60c63007b8ed7172dad86a4bcebbe
SHA51209594b5f33704cf367960376e5abc8cbfa7baead59c3f199ffd365a9a9c2159b45f6596d597ebdd033db5436c000faac3c5b2fb39e97fc17b102d03831265609
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
3KB
MD5dcbdf30f9f859b86209473bc3d6c54d8
SHA14cabf232350036b83e8cbfb30353f15397fd1425
SHA2560f7b2150abc5363d1040419aee3c4e808b7fc7f181412d41194d346974f632b9
SHA5126c0d6d2b7a5cbf5779d10a831ffd6aed506d57d0c2fa662e40d845b1ba981e1539027e7f73e181f3b5bc751e782d8a013de9d6a073638fe70be2b0a303a19ede
-
Filesize
3KB
MD5571e9de0f31d7057205baf14bdd3436f
SHA15a916016be67e4ec07d4c3d9d7122273b6c3caec
SHA256d6356e5be46e1470cf16bcab055187796a2f6c708c70ca9a315a3172beefce8c
SHA5122c661a575c709c58f66bddf7c90806fc76d8561cb848e15b83502edf3fa9539dd7ade964dcdb1bf867816a9f92d70795b2270e7ab3e456a63cb821cbbbede911
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD51de0eeca0803f8867d8afa06045003f2
SHA1befa9f830a3cf6ec45caa637902fc4a1a2ac1dc2
SHA256d234c1a6d275c36e7adcdacce45f6c4bebd996074cdd299917d6518454ee438f
SHA512fa9d4ef6e2c84dd782998fe0c014a9a2b0af8f756fa02c0eb7ff31ee54b609551dafc0cbeaafb251a3c2e6afc2e0f3127ba2c7e723309c9330be0e6ec443de92
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD5e496a09986942fa92b3cade2c4780b9e
SHA1100229318c684421877765d968a6b6419db695ba
SHA25681ca5753923204f2f883f518691d348380b9b7cba6e0ec4bf91faf1b98752691
SHA512cf93f8a27e9e008000e86874d89116eb25ec71e3f2c9f49c3cae5cf1aaefd9f7a1424fc36d457a0d36de10e9106ff3b2b9e5547be5dc49e93a3203803ab1c64b
-
Filesize
15KB
MD59e0b4ff9ca938f14e90fc1346ad1f960
SHA10f757256e8b43e3d0357cfa390a932d7371a0f74
SHA256019e41c7b7110e2578f46c4b3835a2760c713487935b96dca8e8fa91ced976b3
SHA5126f170f3fdc9165d48b9fcaeada00362c3719d913b7eb7b7af1a79e04efd08ef2732e507d94339e05f8475b5195c45f525547a6593c6aca88f01b41668293b2cd
-
Filesize
14KB
MD5d14898ae2514c61b0da0cf71494ea892
SHA135edf009ea3c58a567e4a675016933b3a675b79c
SHA25610209b4434113f2da063571e7c346d482a5663366bb598c5047c0b92a0a7423a
SHA512d786858bf6a699fd6f7e102120d42e30d57da95d5510bcac99cf4379e39b8d16d0bf27c903a6746fee69dec9bc1edbee54f20e6060136d6d9acbc814f9026e90
-
Filesize
37KB
MD5663b75aa3457f50b391b5949cb294f32
SHA17f05b613701e598c884259858b7ec33578905513
SHA2561c2db215c883b13393cfaa0923a544ad34e571d42804732c5f4b3d21e14dfb07
SHA5128f540ad6a3935c358ba03ceb368feab7c178b5e6899077f82e8160987886ca99525d06abf0d7f8e8e263717f51115ef9da1a9a2a5997649b4c2215aea014ba13
-
Filesize
876B
MD58ce91c20459e7b7bd266b113ca4bdaf0
SHA1a504150c0e3600860b23ba77c0ab828a511c842e
SHA256b39a4aad19efed91c28f6e20438c7af59a6eed943a224d980cd8ff8ab6406474
SHA512966f8367d5f09cc69e870f31b46b142593df0d902e41b27fc40be7bca1c642a32d9d0c7037fcf81867e93b87241e9e5b53f77f1b1784b5bba531ca2cc95a27da
-
Filesize
23KB
MD5511d515b12e01f12377e95e5a457a406
SHA1998187a2f56239ad19d047f496ec7962e2967021
SHA256f64b3cef736e726be201585131bad97d18af965c345cbdfc58e4141fba8a19fe
SHA51264651370c6b6ad503baa6eb3639aec1e2aa8f0a4d370a206f5c1b7a32107b493a32ae29dde7101d44e444075ea4b66935b4d4d9b3a8da10a1770c375f13d939b
-
Filesize
467B
MD5abcf0909f281de09fbb6093b0fa22c4f
SHA152dfb28ab1de589c2840ee2f7dcaa82e932c04f1
SHA2561784a5a499545a8dcc795fc9bda2c9a83c8b7ec0b11c5968d9d945f7f540aff1
SHA5127996534cff6dac0ebb707e34cb70118f173394a12b91ca5120ded42093c651bf8cb76b55545172c4c52d3601111f3cdb1f740dc929b68f883eb126512bc4c561
-
Filesize
21KB
MD597ffbea42e9a0795865f12dedaa14292
SHA182b1a9a09d849ca8e55914ceb05677991729de10
SHA25684db83a7515ea99283ea322d6ae8a7e806287e7e98771a53a5d0e3ff362ecd16
SHA512884e56e3e7419a5ce22725d8b39b6d9424c882185762fe6ebb3a5c67d65e87b846ecce8a26491019acd3ba79641f489a32e20e2c7b99576315352cca1f5a13a4
-
Filesize
3KB
MD5c7569efb2fa9fe93c0ea2f0896f54036
SHA1e231c700b778b624f6065b035e5803fdd8b4db4b
SHA2562422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f
SHA512c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f
-
Filesize
30KB
MD55d588c2b518aae0d8926e46ae0cff52e
SHA18384f028f627453a4cd3a191589cdd8286df9a26
SHA256a71c5959bcdcc936d3d5b053430a4b83c5d85119c95bd685e266c17b25b71968
SHA512c7bd304ec391926ecd1aa3cf29c932890ebe9f5cc3e950a064f3f7f499a0ba54b865eba929301aece15e3eb3c1d65a7bbff1f888309b08a12175e734ce853524
-
Filesize
30KB
MD58cd0305c8017c9169db641388af2355e
SHA13ba4b1c936c369b1976843a54768f5a2222d5142
SHA256207dc31235ddd786638916599f4f8f8ef4ad56f2278b6270834cb2947ff3ec49
SHA512ea65787eb2ba1f79ec70d604a8adcef5bf60d8a0f97d4d86be5e84b017a579d117a5dfbcc9ac49cacaa1a88833645079d67fd36dc24c57c87ec003822770105d
-
Filesize
39KB
MD53ce1fef3852e7b6f4d8a025eb995cef7
SHA105b2924c9e38ae46ef7e8d7d8e7520381ff27f82
SHA256ee3506c180f19d2c1e33d6eeb415ab0d31b0228f2698f6c6cfa1864e1c23ea04
SHA5122e67dd2ea6ec207c1a811c80198e30c9591a2dfe2bb6aae9680c8f1dce0843cbf5f86e3bb664f18d0d2533baff8c6516b73bf56f5a8fad08a66f71e0bb4201c3
-
Filesize
6KB
MD5121c37307e180d2beb292bdd5451423b
SHA1b44fdafc6d55acc5fee3429e085f66137d023daa
SHA256e626d0aeb23e9ce75cdc6d67ab3aa3d37e622fce1f6e159a3b2606a5f75b9bed
SHA512bc8f51b7a6b16b016f7597ce65708925cd1dbac6d06f474b7f9bab2b52763d00d1904080bc6e276a0f9d26abc8ccd53fb624d66ee7ab9a2db5ced54f327cea0e
-
Filesize
7KB
MD546c8dfab852d927bca6b90772c8e7aae
SHA19467c3d66e7d1c08e42439cbe66f1fe66e37ddfe
SHA2560f396a0501ec40115e587ae502b187e5a82231bbeecb4ac6c9dbf7b2d71193fc
SHA512a2fda9cd01892c753964566198a79f7ce78f8d103ef4c30fc8fdccb39414e9a715c364903630c937949633779790607a14d910592c40c69aee3cf6866fc3e2ac
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
1.3MB
MD501c08d94b7556426363011a8dd309e96
SHA1256f654bcb9c280a1fefa106dc48ec2d7d8cd12d
SHA2564662861557ef8170d79e42695bac7c6ed073aeba1e2203876395a63afdef7af3
SHA512c9d7eab4d5b761d7410bffe9e5a05269ca64fa4518652e529e103f85e5374bad7302d9cfb6165d6e04bb425236ecb297a761de071add92d67fa588107e44f5b0
-
Filesize
58B
MD5f328e184c322cba91dc3c014fe2ef3e9
SHA12aab1f0a70009051dcc87350e0f3b079da02fbb2
SHA256fe25e31061b432c3a3fdd8f797c6dadad253e83dfb305ee997a7302cd70b618d
SHA512e59501b550ea64155d134ae832812004ec298a44519eb03183542599174b7691be3225f6fa5064d45ed7ec81f0a93721eb8f401d7e2a49c4b91a70ded006c97e
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
104KB
-
Filesize
1.3MB
-
Filesize
240KB
-
Filesize
72KB
-
Filesize
320KB
-
Filesize
712KB
-
Filesize
312KB
-
Filesize
72KB