Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05-02-2024 15:11
Static task
static1
Behavioral task
behavioral1
Sample
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe
Resource
win10v2004-20231215-en
General
-
Target
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe
-
Size
896KB
-
MD5
bab65dd3a372c1958a09961ac3a5a762
-
SHA1
014155f21acfd2159f37e062268c1ffe045fe9d8
-
SHA256
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23
-
SHA512
f23b37005821796eaed48e675ffdaeb57768b8ebd134176b5917fafef50c225316829b6ca4b3ad0be3914956a44c9f15743e687a64bba9cbeece66486b35db67
-
SSDEEP
12288:gqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgawTj:gqDEvCTbMWu7rQYlBQcBiT6rprG8aIj
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 15 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe -
Enumerates system info in registry 2 TTPs 10 IoCs
Processes:
msedge.exechrome.exechrome.exechrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 2 IoCs
Processes:
firefox.exechrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{A8A3CA46-977A-42FB-B227-2F529D23D297} chrome.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exemsedge.exechrome.exepid process 3312 msedge.exe 3312 msedge.exe 5116 msedge.exe 5116 msedge.exe 2972 msedge.exe 2972 msedge.exe 5400 msedge.exe 5400 msedge.exe 6052 msedge.exe 6052 msedge.exe 6440 msedge.exe 6440 msedge.exe 3184 chrome.exe 3184 chrome.exe 8948 msedge.exe 8948 msedge.exe 8948 msedge.exe 8948 msedge.exe 8532 chrome.exe 8532 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exechrome.exepid process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exefirefox.exedescription pid process Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeDebugPrivilege 2532 firefox.exe Token: SeDebugPrivilege 2532 firefox.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe Token: SeShutdownPrivilege 3184 chrome.exe Token: SeCreatePagefilePrivilege 3184 chrome.exe -
Suspicious use of FindShellTrayWindow 59 IoCs
Processes:
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exemsedge.exefirefox.exechrome.exepid process 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2532 firefox.exe 2532 firefox.exe 2532 firefox.exe 2532 firefox.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe -
Suspicious use of SendNotifyMessage 55 IoCs
Processes:
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exemsedge.exefirefox.exechrome.exepid process 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2532 firefox.exe 2532 firefox.exe 2532 firefox.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe 3184 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
firefox.exepid process 2532 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exechrome.exechrome.exefirefox.exefirefox.exedescription pid process target process PID 976 wrote to memory of 2420 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 976 wrote to memory of 2420 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 976 wrote to memory of 1396 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 976 wrote to memory of 1396 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 2420 wrote to memory of 4668 2420 msedge.exe msedge.exe PID 2420 wrote to memory of 4668 2420 msedge.exe msedge.exe PID 1396 wrote to memory of 4536 1396 msedge.exe msedge.exe PID 1396 wrote to memory of 4536 1396 msedge.exe msedge.exe PID 976 wrote to memory of 2972 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 976 wrote to memory of 2972 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 2972 wrote to memory of 3800 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 3800 2972 msedge.exe msedge.exe PID 976 wrote to memory of 4336 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 976 wrote to memory of 4336 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 4336 wrote to memory of 312 4336 msedge.exe msedge.exe PID 4336 wrote to memory of 312 4336 msedge.exe msedge.exe PID 976 wrote to memory of 2148 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 976 wrote to memory of 2148 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 2148 wrote to memory of 4468 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4468 2148 msedge.exe msedge.exe PID 976 wrote to memory of 2208 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 976 wrote to memory of 2208 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe msedge.exe PID 2208 wrote to memory of 3020 2208 msedge.exe msedge.exe PID 2208 wrote to memory of 3020 2208 msedge.exe msedge.exe PID 976 wrote to memory of 3184 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe chrome.exe PID 976 wrote to memory of 3184 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe chrome.exe PID 976 wrote to memory of 2144 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe chrome.exe PID 976 wrote to memory of 2144 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe chrome.exe PID 3184 wrote to memory of 5112 3184 chrome.exe chrome.exe PID 3184 wrote to memory of 5112 3184 chrome.exe chrome.exe PID 976 wrote to memory of 4500 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe chrome.exe PID 976 wrote to memory of 4500 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe chrome.exe PID 2144 wrote to memory of 1220 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 1220 2144 chrome.exe chrome.exe PID 4500 wrote to memory of 4612 4500 chrome.exe chrome.exe PID 4500 wrote to memory of 4612 4500 chrome.exe chrome.exe PID 976 wrote to memory of 4984 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe firefox.exe PID 976 wrote to memory of 4984 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe firefox.exe PID 976 wrote to memory of 808 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe firefox.exe PID 976 wrote to memory of 808 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 4984 wrote to memory of 2532 4984 firefox.exe firefox.exe PID 976 wrote to memory of 2632 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe firefox.exe PID 976 wrote to memory of 2632 976 2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe PID 808 wrote to memory of 4640 808 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe"C:\Users\Admin\AppData\Local\Temp\2144519ec73be891c93d29ae30a47c30925dceb2c9bd0719f40a4a04f65d0a23.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/2⤵
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3953352458081715827,4433746614911596925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3953352458081715827,4433746614911596925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:23⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c68e46f8,0x7ff8c68e4708,0x7ff8c68e47183⤵PID:4668
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login2⤵
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13130007693332847423,9729878235812876759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:23⤵PID:5308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13130007693332847423,9729878235812876759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:5400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x7c,0x104,0x7ff8c68e46f8,0x7ff8c68e4708,0x7ff8c68e47183⤵PID:4536
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login2⤵
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8c68e46f8,0x7ff8c68e4708,0x7ff8c68e47183⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1581134170798244105,16203609204377732308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:6440
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c6789758,0x7ff8c6789768,0x7ff8c67897783⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:23⤵PID:6956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:13⤵PID:7376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:13⤵PID:7444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3784 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:13⤵PID:7568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4884 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:13⤵PID:7940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4048 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:13⤵PID:7616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:83⤵PID:7272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:83⤵PID:7264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:83⤵
- Modifies registry class
PID:6332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5108 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:83⤵PID:6328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:83⤵PID:5836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=852 --field-trial-handle=1920,i,15864077877782424691,9533550964601017768,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:8532
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4500 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1972,i,5420954351733628017,2422502010592614023,131072 /prefetch:83⤵PID:7696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1972,i,5420954351733628017,2422502010592614023,131072 /prefetch:23⤵PID:7624
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com2⤵
- Suspicious use of WriteProcessMemory
PID:4984
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com2⤵
- Checks processor information in registry
PID:2632
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login2⤵
- Suspicious use of WriteProcessMemory
PID:808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2008,i,13804870364331894081,15649702401729927172,131072 /prefetch:83⤵PID:7292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=2008,i,13804870364331894081,15649702401729927172,131072 /prefetch:23⤵PID:7284
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com2⤵
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2796646755202396119,7297895753594483556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:33⤵PID:6488
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com2⤵
- Suspicious use of WriteProcessMemory
PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:13⤵PID:6516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:13⤵PID:6744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:13⤵PID:6876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:13⤵PID:6492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:13⤵PID:7000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6564 /prefetch:83⤵PID:6392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5820 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:8948
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8c68e46f8,0x7ff8c68e4708,0x7ff8c68e47181⤵PID:3800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8c68e46f8,0x7ff8c68e4708,0x7ff8c68e47181⤵PID:312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8c68e46f8,0x7ff8c68e4708,0x7ff8c68e47181⤵PID:3020
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c6789758,0x7ff8c6789768,0x7ff8c67897781⤵PID:4612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8c6789758,0x7ff8c6789768,0x7ff8c67897781⤵PID:1220
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2532 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.0.498007541\1010858043" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28c147d1-9bf2-4b22-80ce-1301f837a25a} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 1944 2b3c2cd7658 gpu2⤵PID:1072
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.1.2047056683\1280375982" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {437c53f7-7a25-4daa-a28a-e4853715b22c} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 2428 2b3b64dfc58 socket2⤵PID:6292
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.2.1175223155\47355324" -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 3048 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd0c01a-0a98-4db3-add2-7251322aef8a} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 3044 2b3c6906258 tab2⤵PID:6268
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.5.1989691113\134313390" -childID 4 -isForBrowser -prefsHandle 3032 -prefMapHandle 2916 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {078a23e0-d225-41e6-b3b4-a6e5ee70e8ce} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 3056 2b3c6a8e758 tab2⤵PID:7952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.4.1989472576\327491146" -childID 3 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2d25cd7-5b39-4b01-93c0-c9b08331277b} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 3936 2b3c6a8e158 tab2⤵PID:7848
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.3.1204687854\1048277246" -childID 2 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72d85c4f-866b-4baf-b49c-aa660f7ec82b} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 3652 2b3c6a8db58 tab2⤵PID:7840
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.6.2097794552\1231330688" -childID 5 -isForBrowser -prefsHandle 4644 -prefMapHandle 4616 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {189d5972-86ce-4ccc-b24e-b98efba389a5} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 4656 2b3c8382158 tab2⤵PID:6672
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.9.1797203639\1000656818" -childID 8 -isForBrowser -prefsHandle 5912 -prefMapHandle 5916 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04469574-0477-4c2b-ae34-8443e82c9381} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 5904 2b3c9b86558 tab2⤵PID:8872
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.8.1030049419\516130877" -childID 7 -isForBrowser -prefsHandle 5720 -prefMapHandle 5724 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aee42f24-934a-4851-be37-6e2e3aa07e4e} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 5712 2b3c9b86b58 tab2⤵PID:8856
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.7.1037706734\816157062" -childID 6 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {427ee107-60d8-41f6-b187-30c9de04a2c1} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 5580 2b3c952f558 tab2⤵PID:8848
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.10.347539346\1813982973" -parentBuildID 20221007134813 -prefsHandle 6244 -prefMapHandle 6240 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a970917-f621-42e3-a169-690790d5a7cf} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 6248 2b3ca590e58 rdd2⤵PID:8680
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.11.526115653\921617953" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6368 -prefMapHandle 6364 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dd50b71-6d92-436a-9282-1453406a2e31} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 6380 2b3ca4e0e58 utility2⤵PID:8776
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.12.1193009204\1831145183" -childID 9 -isForBrowser -prefsHandle 6528 -prefMapHandle 3940 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {350cb6b3-cb83-4146-a65d-3e9f7f5584c9} 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 6668 2b3cac19758 tab2⤵PID:5376
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login1⤵
- Checks processor information in registry
PID:4640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:81⤵PID:5132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:11⤵PID:5380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:11⤵PID:5372
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:11⤵PID:3704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16600029531117211113,1231220607413648918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:31⤵
- Suspicious behavior: EnumeratesProcesses
PID:6052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16600029531117211113,1231220607413648918,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:21⤵PID:6044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:31⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:21⤵PID:4684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12309836490871903523,3901911427125492007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:11⤵PID:5932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6948
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:7792
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5bc16ebe41a9fc2938c4060992a92b0af
SHA11719af3e339b187d984a76437eb80cae5dc50e6f
SHA2565874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae
SHA512c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c
-
Filesize
34KB
MD5b63bcace3731e74f6c45002db72b2683
SHA199898168473775a18170adad4d313082da090976
SHA256ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140
-
Filesize
16KB
MD59978db669e49523b7adb3af80d561b1b
SHA17eb15d01e2afd057188741fad9ea1719bccc01ea
SHA2564e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA51204b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a
-
Filesize
46KB
MD5beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f
-
Filesize
49KB
MD555abcc758ea44e30cc6bf29a8e961169
SHA13b3717aeebb58d07f553c1813635eadb11fda264
SHA256dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA51212e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454
-
Filesize
46KB
MD5621714e5257f6d356c5926b13b8c2018
SHA195fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed
-
Filesize
1KB
MD56f0ab457af749c03642ac7163655e3d2
SHA1242e60948eb2a0e39514cc526c9adaee278f0308
SHA2564b82bc84c6af30112541fc3b22b0197f90842b3571fc7f1db8d21a9d18514f28
SHA512db2bbc8df74e60f9882fd92d7749ee729f428ae44e5f02941f97c1fada2b6b6fa511e8e207b8c8e561251ce5d6e5249e2bbe66d3d4aa70053075a33d5d216723
-
Filesize
1KB
MD507cc617817bab0ea565a412901ca64dc
SHA112a5e3b59529b2c70c01ecf30c2f1fb7c43fff8c
SHA256c1a3e063910512420d97f758c15f32746bda9dfe4875e484e46330919918e48c
SHA5121456ad630a5b5d49be15ce1f6b9badff85a214287971417d973e83fa097e229b113f4579499459db4b47b07e1c2a2b055a7c3528f5ceec69f72f16acefd1599b
-
Filesize
3KB
MD55c673c0de17e765f7da1f9a1baa1e771
SHA1e8208d83534d62bcc972a50c709cb1dafa7021f6
SHA2567ce200ee22b606b4cbb2e0577f6ef6bd26adc685109a883d3d20ecc62765a286
SHA512602a9522d69111f7ec9dbce19d69ba6257d0022c1a920ea6f064a3e2fade2014a3284f4a6f2638f96d8040814f84080a979e75600696cf25115ca49f638db41f
-
Filesize
3KB
MD5885e71a3312b96598e311c88e79eace1
SHA1c513a113e174cd8c1a80d27a1988e2885ad4828b
SHA256863932d16421b50e091cd4bf7c4ff01b1b674f738f3b930ed7f2472a7b00350e
SHA51210b94086c0b068442e6b529bbf7d6ca9540c799a55c13e1eb1192d5d0e6c925df3741e3d4b39fb3c460a9471a24336092b663081d573edb32ee40a635b645424
-
Filesize
1KB
MD531b770908b4b494b0695ab4d206b426a
SHA1274616f69d114b5e4b295e71ba9988ed80845e6c
SHA256ed52d0c02dc75dd491729ff2a691c0c01b969c756ac21d833a206302ff41d867
SHA51257f6ffade930e168afe2cfe94ff1aefbf26c1b4d706c2696def5ce1fa6beccd7155288860c3ef557b28cfcc7a9f8fd2035c4211176518a7abe9c30200026b41b
-
Filesize
1KB
MD59085c23abed92f812513b76638675796
SHA11e77bbd9537f236a712d0812bdfdac119989de45
SHA256e510ce5daa5a9d9d065c6c1fcf08d1ea671f76c4d39e3ba30cc0301c606c5b43
SHA5122923a8481a256d2504fd11fd524fc34e961a2a852998d64f626c28787b102420d2423b6ae7b734438d36010af7f8ca3569298de1f53d1d8ad5af81ade19cefd1
-
Filesize
707B
MD56a4d0519eafff29b7cbedab9e5457c2c
SHA17681fdfa2d89f7ca274a6ae1380d41e0a4b8c641
SHA256a87a03e18a8644900c421d47cf13daee7f61afe784fae18c6fc577d6dbe63b91
SHA5121a4ff984b3d8f4358f1247a4de5a350633ad0399d7206438aefe7dda73e94e60b850a1819b3e925176932f9dbc2402f9be21616a6009d36738d0f70b223a6496
-
Filesize
1KB
MD5dcadf26c8e13007fa5a3293fb3f7e2bd
SHA1dc8df8e89fc8f9c8749d4cd9105db2b93afcb966
SHA256ba4683b973866a632608b323e643302118d3a9da14c740c427b89b10cca7092e
SHA5127835ec941dd598600ae25627eaf55e317f0e65d26606892025a065ec1bdcedb74766b229af4ca1bcbfcc6a7e36b416f4008bf69bf2f270e10308e67cfe337201
-
Filesize
1KB
MD51bcaafc5752b3459d9f7c80407357318
SHA15e4b6b7906764c4ffd4298c6b6de9ae28c67848e
SHA2568fb3c462624e031d9d0b366c0ecf0865271c0143f2497032bdbdd1615fce4d75
SHA5128053e92692fc728436dda5d1205af49528344e3cc6b4c4355d23a048eb8788a27d299aeba15a5143ff8f6beba240e010906e41f3e613ee3ea3dae61476c9f175
-
Filesize
7KB
MD5bc036c7b6416de6b21030eee84ca89f3
SHA1d9a31e561d08de020ae2e5937d75258df3b2a0e6
SHA2568b7b95966bd5c37fb1dc5c94e4c9aa84017de779d562aa1f35efaf2cd15f2b8d
SHA512b28e82ed1ae57c08472a11f650cb729cd5ea09a04dab76eb90c421184bccef3b1819bc8f14fdfa8a1b51f75c12a4f055c6ad8bdacbf079d81b80331f98bbc00a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\62fb3508-a79b-4025-b634-d88a60903ef9\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize176B
MD5c1d1cd1bb5a732e5c42c7889feb91ba9
SHA1eaa98f872dced76bfe51793b955ebe79602b8eb2
SHA2567be1957dca28c5c7a1336c8cb0f3d47ed9f20dd8377921ac93293dc6627a7c4a
SHA5120f4345819fa1ca61d19783c63414a31a61ae856a5b3dd174284652f94fa6fa26d2fbb1332a9ead8c216f8722db1c505af4a2f0aefd8504206a6ced72ce4611b9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize112B
MD5c26984cb69416f03a6134f1e7a36b239
SHA104d077de55b47ddbb0e3d1b34711d983d0374592
SHA256b1342ae0270b5ead943fc08c708f85666f9a4248ddb1cb74890ad9f643439689
SHA512daa361d1ff0195e6b0e68bb5c4389fe0749841135bcd04f3625f183fd7b8e0bd09d50b18710939b50ae0ccc8a7825c6f2b96cd981a78631050bab7a1dae0d34f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57921e.TMP
Filesize119B
MD5f0ec5ec3b4b6d615e1ff8d546a0c6406
SHA13560e287a35ce40647a42f38d75e0470a63ac63d
SHA256069adbad45561809a64a1a0f5c42dc635a2268e7eca0c8234ccac1160ba18673
SHA512341267250a1c59381e7763a563365af1cd9eb170e39e42403940702fa600d20c0367b1d8d468a80a7740cb52908ddbb31240c4d2b5373403eff692fb768e8f55
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD51e3ce1e0897c1a89a450618dca38dad2
SHA14e82eae41c292737217e4ab341a0f5f2225de3a1
SHA2562004c49fb3cbf8054158cc92568caf20bde0ebeae8f1a8c7909477d64954b038
SHA51286ba631239115470723e1b926ba4a12fe1e7b9a68b9bd55f680df11f6ec232776ee9088e23076277f1312afe971b3e162451d9e68930accb19305f5c063b4407
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec25.TMP
Filesize48B
MD5e589bc33a8aac41848e661434385454c
SHA147308d02bdfdc84ed9a28c0dd9978199d6e3ecbf
SHA256664dd896f1bb7923ae369ddb771a2a09615912cea193fd3184232d3d5f1074c5
SHA51206114a6018eae2d0a13a12b3b7e5f545fa202300f05b277617189badfdc8a04a96685908b1c7e9aa8896a87b4be72dc5715cc16ec80adca395ac2bc1a09662a6
-
Filesize
114KB
MD565805262399ed915936ca8570fdc56bd
SHA17c960fb75a90f4438ae94ed6feeb3b59c04e8724
SHA256227234fc81b1b2af85af49348f9b214da2664208f816ab298099348f0f76c5cb
SHA5125e475222ad4776ff52d5acc1c3dc81d833cdc8ba39746ebcaa2e9aeb76e1578df931ba184beba2ccbde6439c6c58274cf79b4212ee79a2d92ee87fbe3a3da475
-
Filesize
233KB
MD5386366b01ae52b3a9df526a4a19a55a1
SHA1b6319e6dfcd02b0eac2f5a65a8da9da5a1956e40
SHA2568e26de402e725f95eb7c0c1e09d0e71ade2d3b052b13763e444688bcf7232f12
SHA512f40f57a7916fa23a87d30bb0282492b73f4441ea1aefbb9f2cfa398e04add86207ea30083400941fc2c5b2f4024941f6ebf983d65f001c3261b2473e32293e66
-
Filesize
114KB
MD5753a1cdca8e07d09d67fca5c332a916d
SHA154a990e9add504b50efea4e769fb63b9195eeb32
SHA256054091334352db28206b4dca089445713aabc2d666012d82d87fdc5b3f63e5dc
SHA51212b54275d3e06d2b117a3755a69a252ab8976a2bb2ba5268b01e9485118ebe236a18732b2cef411c71b78064a58f8e225d88a61630c61f8532bedddec83ff127
-
Filesize
85B
MD5265db1c9337422f9af69ef2b4e1c7205
SHA13e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA2567ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA5123cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529
-
Filesize
86B
MD516b7586b9eba5296ea04b791fc3d675e
SHA18890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA51258668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771
-
Filesize
152B
MD54d6e17218d9a99976d1a14c6f6944c96
SHA19e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA25632e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA5123fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47
-
Filesize
152B
MD50bd5c93de6441cd85df33f5858ead08c
SHA1c9e9a6c225ae958d5725537fac596b4d89ccb621
SHA2566e881c02306f0b1f4d926f77b32c57d4ba98db35a573562a017ae9e357fcb2d2
SHA51219073981f96ba488d87665cfa7ffc126b1b577865f36a53233f15d2773eabe5200a2a64874a3b180913ef95efdece3954169bdcb4232ee793670b100109f6ae2
-
Filesize
34KB
MD5d1a0d8504b6a46215e2a4cf521ddb7b5
SHA13d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA5122ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570
-
Filesize
18KB
MD585b2f70f7cca6ac183b1c48cb0198d98
SHA1b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA51279cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48
-
Filesize
202KB
MD5c9e9e7c575c62582432f0a182dbc3a59
SHA1759f00b176a11b59af4a4618a0cd992e760e6e9f
SHA25622806fbcc9e20d0a5fa377b2915e2adaf86e8ed3ab66220f1ad27e00b3107b25
SHA512e5188285b531bbf830026c776ea115d360c78ac0936b313adeac62d6534094b2ccc5df60f0c98b3f1ef40cabe5f2de87d7a3f626f72be95a813a1aee15837f43
-
Filesize
22KB
MD57a204d478c8dfe822bf86f9103bbd9b3
SHA17114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e
-
Filesize
21KB
MD53669e98b2ae9734d101d572190d0c90d
SHA15e36898bebc6b11d8e985173fd8b401dc1820852
SHA2567061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA5120c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3
-
Filesize
20KB
MD5c1164ab65ff7e42adb16975e59216b06
SHA1ac7204effb50d0b350b1e362778460515f113ecc
SHA256d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA5121f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509
-
Filesize
17KB
MD52ba277bbbcc8715291613160a997cebd
SHA1e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA25600ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e
-
Filesize
1.5MB
MD57de64ee3e0d052079161ca100c797ad9
SHA13135abc12042890b8e6e567afed168e981f18775
SHA2563d62caa23fb0401f551a9f8ce3f492aca9ad3fa33a7b86924bd85843b025bdb6
SHA5122d8dbf225d60f5e75f935f714b118aafee02fa23a862e083e08c19eff02943d237f68c0c9d4f4ed4143adff08bdaf30cce5a81ac64fcfb22faf1fe67a09756ef
-
Filesize
16KB
MD5d8e56edd91e6a8e254c9df3c3619f493
SHA1e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA2568b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA51246d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b
-
Filesize
56KB
MD557ae6558fd495a4c05692113c7315b1e
SHA1edcf35929545ae68664779e0254b67e720e1a0b3
SHA256fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA51251fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4
-
Filesize
37KB
MD501ef159c14690afd71c42942a75d5b2d
SHA1a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA51212292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b
-
Filesize
31KB
MD581ac05c6d01d84d913a56c11909cdc7d
SHA155f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA5120925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae
-
Filesize
46KB
MD53ba7e6919bc260bb6ab523197f2be3e1
SHA1ce2d7fe3aa42d99d733266d023f6aef3766e7785
SHA2561032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818
SHA5122806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc
-
Filesize
771KB
MD53b2df667a176193cba046f74787e731d
SHA10525109b7a249a66df8c8eb7d24b49852cd076cc
SHA256f38e1d77aa0173d1c110ebbc24f55704f74d28b33c70302f1170c1f4213f611e
SHA512f6a90da9852126be776f2b7b488e04d8ff3cc6e0f4b222e1d9fb7aa2c938d586d4c88150dae1fecc24606c5a80270eb7c70ca4286a0efd2c2478aa2701056ebf
-
Filesize
30KB
MD5aaba5e872ba07d60f556b78df854279e
SHA193d1494959f4027195f527db143e5aa89d60925b
SHA2560d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c
SHA512fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346
-
Filesize
32KB
MD5bbac7bb99faedea9a0cb17dfcad195af
SHA1409312e9c3a5eaa03f2c8227a3693e8a6dc850ff
SHA256b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3
SHA512727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e
-
Filesize
19KB
MD5e337014ceba65092b027bdeddc48b00b
SHA198ad97b8adbb411d6d4623fab506924aa6772304
SHA256c8376c9fa189541da0b65cbac556fea079eba00755803b97808f79b6d2b07c95
SHA51224dc7ea8954498d7eb926f6ff07d245d82dff98ecbf77093b717351328434306d37c0a95aac208f711c8f3bb901ffa05daa974aa719518eeb14bb844df5e3d6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD577359a051fa06ac630d2b8b4b4995ffb
SHA14d21e6364f5b6b0b13e355b13b653159da826724
SHA25687ef32b38fadec3e092d71f393c165535d4f5e4f3394282cd1caec94d7806422
SHA512d2b38d11825df985072bd8b5adce2f8169d72e46eb2cc3e40a69909a1ac8e480663fc90391a03d094c3957841f5fb318497ac86a3a77b5d13013e40c51e21746
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5c968cf240f26a017a0f353a8744afcf1
SHA16098a8ab5f42c750c1355282470e08b94cf1fb0e
SHA256e797f7a6fe6acfa871e11c1855801c3f06e1b45ee23ea6a5fad6966af02544f3
SHA5128fc06925c4855f21134a7699e3aaaaf5b7be43b0ccca414acaca7fe41b013a4aba73bad6c5e490c184e3e9cda42be24394e8876cbfc331f47e981f709f2a18a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD565710cd77a14bd9db78e9bb8be2ba075
SHA1b6e26cc607fb7ea8f51ff12044aed0132079f5bc
SHA256056b9fc1176e8ffc4a3967866f74ad17197cbb75705704866958df108a4282aa
SHA512427e8f3c971908f026b012757febc643d31419af053fbe80d69d8f91afa1aef5fcbf272ad0e84bcd892f3f893c82c14f1d4728b4aec5f72c8384b60186474b86
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD501bfb77c83df94d5aa93de3f4c8bccec
SHA1c809a460bcffae9f47075567dacd6a60596ca5ab
SHA256984894334b809f7b2811e928a98abacb45700306fcaa1928f19162fe466a8896
SHA512388bef199724b3d6405f4ed0c12e9ce2a04df9950b5f3b9bd8e3bef7d858d014ea0f953c1d0912086550bf8f2e2c779f6c8afc7d77e849939417eadccef8d7ab
-
Filesize
1KB
MD552bcedc14982520d216186958d73d1e1
SHA1062a5b6fed444eec7a0772964762911456ea48ea
SHA256d85852644ade4bacb68161ad426ea8c20d96e28d3379bf1dbca153d6f1b9d824
SHA512723748089a5844024b50b7a925a9adbb6b4f7eb4a1deb302c9490998ce76a5fc629e590e32ab3d36cc01e2f672e179a77479185306b90d40ac20c278046fcff4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD55136afef776b50ab2cdc6161bf67a3be
SHA1bc068d25a3df8f2bbb2b83070147ef9f511a7d84
SHA256da502caaf51e41c27816cb8fc7aaaef406a65d1e573ff9146dc938d2cb784964
SHA5124798cf898c6023ac34a9fa50f9cf3b02d77013235e77c70f07ffda30f120331c10745d1cd9f5541405bc13448aa19fb3c7c513a336ef7848327a40398dc602ba
-
Filesize
6KB
MD5c679f36db395cdf7d1b921e6bc50699b
SHA1a0353888cbd043351c3ac600d75b2a142b4f82d4
SHA2564bf8846e7b166057fa8190e340b5520ae2867489230b9cff2bf96a1a411797f1
SHA512a5d028b9c29184cc3de255e7aa80edb7f37cea45a9f03e88c1236417aecc8d6644a54d3427121329629bfc91c6538112cd9d49f140d566a56e345d752caa1ede
-
Filesize
7KB
MD5678d2a22c595e8ccef6306f26bb1775e
SHA1755e0fab178200e4659c9b8fb418099b8319214f
SHA256b13e783e7fc6408cb46697d1178103c340ca06b0c0ef968db5ed290912ef1d11
SHA512091e619cf3d940e2c35c1a593696ca3e688d00487305232cbff67db83a1bf329936c1478f4db8cc85c470d632f50f1ff660053cb38ad266b8056de5d7646a895
-
Filesize
24KB
MD5c2ef1d773c3f6f230cedf469f7e34059
SHA1e410764405adcfead3338c8d0b29371fd1a3f292
SHA256185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA5122ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize89B
MD573026aa4759fb510b46894cad6d8ea14
SHA1ce76be2783d91d33a553dbdd51ca45adde4e5238
SHA2561eef94ffda770c10f75c7a53a955bd250287a9fe890da0b65adb89c2047adb2c
SHA512d90677d907f1561b766c0e001dd2dc2b19ed10066adfbaac9360e01c69cffae3f82878cab852ea8569dc19a856c2a084a31a248e709bca3528e0f31977d5626f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD544804253e5511136f2099d8faddbb517
SHA196b1be0e4b316409b67943fe50eaaac543254f62
SHA256af85389bb4a4f61f33f8a2de8ba0a83967b59039e087b3fc0ee0ef016bd1be58
SHA51201f4a09ac869acadee089d199caae8cc61ba6b9a2e9b2a0d19ed5350e479bfe2be3cce38cd5e6049d4094ece4d000e7c19110335b0c1bae5cf8876982b099b1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD599c2acf9e15685105b07887aa71b3f37
SHA194c3720bb5e9f4e380885fde4d1be41d0155a598
SHA25662e5e335ce7598210567b4810f0d54c4648cd4c9b9716b26ee26079da299b7ea
SHA512aada31060c37736332068d14725889214dfb228b4a13022e0bf6215bd8eefd9c0c62ffd8742aba3b97c9e14a4826513c8e3bda779512ebbceb2410d50df0c0c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5bb2c64b2a6f5e8b078a8ec6ac0ed8c0c
SHA11b1c4f920482f05cb045d27b9b71a3122fad0fea
SHA2569addba0053b84cf97a3264017e5a8557ac68a45d8d53bb74af1d6222bbfea2ed
SHA512bd82d709ba16ae86a16f1764529c3d9be8629561350ac39122dfc3967ddb5d6132abc31f7cc2b985de102c68336d6fbf928993da7101b99bfe4546d06320289e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5eb065c44d481192f7dd6d3499b63a010
SHA1074d52099d7d4a8e83d090c9a568376315f8dd9a
SHA25643102aad63966f350458c01a36eed2ede49684defe36073b138efb4f25a634a7
SHA512be3586ea8ecc6d2b46ba54eb6674eeed6b15285459999ca51eb79afa20c118dfe77f6834a35d5bd11aaf9739220e21e5e80e24cdba7d3babb85630d536603737
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583a45.TMP
Filesize48B
MD5e944237b3b62c8d45cf5f7aae5b5fd93
SHA193fcbaab02c99b25e9215a48f00e6f2667005379
SHA2560612803157db814e29e56a15cfbeb897d1d5d7eeaa9401d110191413a39bd9aa
SHA51272c5c6ecb46c3c7ffbb4bf5c211859c203fde54226d09ca6b4663b6f6b82e84a992db86d082cb8203dd263c0bcc917df60d52b98d6ea4f56707031b58d642b6a
-
Filesize
1KB
MD523e2cda7d8a4dd38340abb81a62ead69
SHA10a836b076156dbe5154ff9eca6aecb82bff17848
SHA2561e0b9cd5342a772772dff930ac2c630cfed4a28be54def6ea7d5fbcb8c1e467f
SHA51262a526ece00e20a910a943bb39f56e3db94613b379a59de4b97d2ebc2662fbb603a9cdd22ce45489869b1ce31ade9c2b8e8fb5ab4ad7ad0a888636aca8c4edcc
-
Filesize
1KB
MD5226a94e0f0fcd178fd58a8495c3eed40
SHA1c5ad6544934be1c486792199d942e477f9d8ac9c
SHA256bdb204e65c1fd2f78e305c76d04aa224a510252fb65313904049fe4fcaac4feb
SHA5124c8d76a2769a867870e67729937656059074a4840d8b0bc1fccb015e1efa5254248c870a620e2ea29a7c738417ee140718a95edbab98037f4722496d861cf079
-
Filesize
1KB
MD52209a81e77ff40de768191178d91a18a
SHA1c51087835ec4a031ba9937fefd5e0c77be05a082
SHA256c43eb1d7ee2c5ca439044bd0b0b80ab33454757fe10ca61f0d50085a39bea79a
SHA512d8fced511358065ecfea5d7715d13e9d660522186f01d8785c5af89d6fe28e8807686043e7ce7fb5a799e2233d639bf270ac5acf1614a004b66d89433b9d37af
-
Filesize
1KB
MD57c1346ec7f6d58fb4a55106ea564ae4f
SHA1c4eaa93545eadb217cd73396665610e43cede412
SHA25661f8e94ae88aa7da81d2b6c3cc2c2c4000f5acc6700f4a366b3e62a048e7de8b
SHA5121c0907449841f3b7783931705d34b449fd9ad301bdde3ebe99b673407e041a90f67a6f579d701302bacd4142ec542775c2bf4c4aa523a875f17509bfa9bcc899
-
Filesize
1KB
MD5a3cbc1471e37caceff3c2140567f667e
SHA1e457e793410a15c115de71e0888c3b0c52447f6f
SHA25697732658b6f651743219843ba45eb965d927e204264ca45781975ef296ee8e9a
SHA5122b7a4f32dfea363b9b1a2fc97fa79aea2e01cd4e281ebaba2b908b1d9beb9d1c1eabff2b350a6822fa9b8639452a9df9abf4f232f26097051e39f9651b3269a4
-
Filesize
874B
MD5c69dfecfbb88f114a70dfd1fd4d73004
SHA1e2f056134afafb8da17442a10d07eed5e7d3be74
SHA256a160d673ddbd396ad02fd55b8e011c4c9d338c4d250ef9277d8d9f53808943d3
SHA5120b32c4e99b54a5572e3bf2dfa4c3d5ee7518a641d18fe40bc59c8a54eb207e070f2c3194a3d427c83eb31a05116ba7c12dae57a6ed486d09165bd93cba8f292e
-
Filesize
2KB
MD551254eed5a453f48cacb0d2e34914c6b
SHA170ccd79dab7fe41e006dc7a442f0401553b54308
SHA256a567c9bb2939b9439044b3f220864197c1fa47cdccc2f399075e3da18f8dc13e
SHA512f198d3300f98711bc8ad3bffa8bc8ab042df9acd152b630238c02234febd8f0dfb7118c76a4f69df8a87e1396bee97f2314686c6b3b3acbc54c5c81ca556d04f
-
Filesize
2KB
MD5364b2828b6eb24bbbaff6aada35be16f
SHA1085f640286daa389f2aae5c729c4b66ada809ae4
SHA25699f958e6288bf632cf82c9475888f070c5d1e47ae3b64618c072f9d1a8af9296
SHA512ac1a0b802660265ba13f301996e3d0976ce0549a767bc83c9097bd39c81b83f96b85e077888a1a66e911104ae9de44b12d03873801681f4ea7b423c04fd4dbc9
-
Filesize
2KB
MD533557219d50ca31f91c5422d9ef9fe3b
SHA1b566871b7c45d153debad5fad55e4a93ba9b672d
SHA25618fe645246a9078d50d08cbe977e96c344af26273298649f387daea4151bd6d3
SHA5120d3e1ba3d13f28962aad1c1744b0a197e559f0181af4e1d7cc96249e2ab48e035f1a31c9d2c50b685f063783580f93878c83844f64755c7567cfff2025f93454
-
Filesize
2KB
MD53d67b9042c900bcac0aad4ffde55b490
SHA1b11e22615ec15c5f1bb2c864aa7bb5324500c51e
SHA2566ec8f7b7a2c337245c9c9d8643250edca7913da644655fdabf8dfb0f69eff001
SHA5127226dafa211e530323d1f5f0735f91049338ef4f55be475db20de23eb3fd779d3d70be250df9b4a5a21cc47824c17f22d4a0dfdf953fa47a66ac8245f2dc61a4
-
Filesize
2KB
MD557fe18114c902fbd93922baf3c1ade5d
SHA160a17987434d48dd5149230b58142194ef9c2b9c
SHA2565e42db154f367cd5b1ac51cd60f81f6227760c62065afa902bcae6d2bd04e426
SHA512846f044120704649e0587a93a7075fec9f44109570d78f57bc46ef5404c6312b147487c453e0c011d8e25854026ea8186ef5b6734e617aa95e22999d24f647a2
-
Filesize
10KB
MD59f50c4422c8cb8f994e05f5216ba58e4
SHA1b633b9c2aa8a228baf70d7ee7aea7832ba9c2130
SHA2565d7526e3cf8b8f325c2e6642906c6c92db4e17d4b39ddc8ccf8b05f264f26c36
SHA512e23e015ddc5685f84f2c24b1db658cc3b2c73bc1e8b2eacbe852a457e125d62d1518e05dd6b8461cedc1f971eb7ee039cf3c2c7d0fdbbb2b493a428199d9c9e4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E
Filesize30KB
MD5ec55ff62e25489ebed6f595df70cf255
SHA132dca363f42ddc7a2b86a6a4b516c19e84d4d5eb
SHA256818ec19dfd1a001465816441193005f1c98cec6eb7445864ea9a7491cdc569aa
SHA512aaf0f45a81847477899aa064b554244f6232d3a9132f8412d84f2957d152a5ac4eb90d570cd1ee7db538597756762a7960b443be81882ca580f90855939b38a7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
Filesize30KB
MD5f478a071f54d7b3d5c76e12de95b0415
SHA1f33c381fa8dd6e343aa551ef85a27b01cd71c19d
SHA256db30cdb99c018aa264880f2d168788159f0cb662bbe9ff6e23807a9ff0d2b03e
SHA5126eb63d22ddb54fdaa3e447589d959adbc02d723d0d97127ba47d80a7495eb117c99c39502a734adc9794f53a37eab2aa13ba5444face8a1af3deb346e7faa7df
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
968KB
MD5b21a1cd98c4f128a25dece30548fc1fb
SHA1465b68b63ebaab98305911875c5f8655e47e1f86
SHA2564cf80d766e86f3924a01feceae0eaf606b5700dbecfef96e4c871a6f9a304a95
SHA51260d111eda0816f48189261cd7e3eeb2a22d6d3eca963ed7cdaa79495efb99445c686c3371b1acccb9f1b0cdbc1e51f2c165689dd30b927d58c7adf9cd4fde20d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5d5eb36128c6e741ea09e473cca9a6b09
SHA1ae3ac612594ea1e16b0b53012debcc052cd2644a
SHA256694f58f46dfd632dd03a50e5d668f16c8df6240fa6110f30f6f82ee24beb8dbf
SHA512ddf94aaaeddbf7c111a8c3d0525814f278c3faf4615b7b89c710af991d6615169768e0a213a3315cfba2bd9ad15d1fa73503094cb28383182bfc739de31b2cb1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\c573e8f4-0a75-4b11-a788-0166173c4eeb
Filesize746B
MD5fb51e47c4cc692bcfc3da7fca1718a4c
SHA1ba8a20825f3185926a2c6754cbdd41ee1a5c9461
SHA2561eebfe0762bc410dba6c5510d68c9d9e851183d9a9f28544f8ead8fc8432ccad
SHA5126259c78be26ab3124861c214c4cb240884353edfc6f2089fa63ce4756a992585178b500f48a45c2983ce604aa11ace73d32a3d9ae479f1ccf039e39eada0d1b0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\d34c6bff-9233-4fab-89f3-a25da663f8e7
Filesize10KB
MD5896346119d226e18999f38807c3ee557
SHA1e724e2efdbc9cf9ce200441b77f0e2a4bf460413
SHA25610f3438e18dd0c6d33f962e98fbc3a419f72a3087f97017e41fc27a3f725d735
SHA5125e11e25388456b48ab9be4bdf8a89a306986f99ff4574567ce3dd9126e3784983a38ee98ab599aa86d67facdfecfbafeb385fc90a30b9e2edf3fb3beb8e4e8c4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize934KB
MD511ca1312017178aa1b1e7fb12d5ca0e6
SHA1ec6fafa22541286720f0dfc0af90f1c22f873000
SHA25638836f438400da8fe0067778953d59435e2785462eccc7a4180230e0ccee831e
SHA51232e45102d372238147366986375f4e6a315512eabd30bad304552bc948f8ae67b1cc6c1bef401238993f348433dab8f2391d6fca25ba80c91ee963a8398f9b2e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD555053b7dd97537e7b251585fe5b67667
SHA16b63c37117c38902abb7f8e025e5fa9e464b95e0
SHA2565b986950011852105317986945ec2768f538ebbad1240a2fcdf662225fa9039b
SHA512970e7b50a977282f11b5f49013fc83d3538cc4444e7c20c10d57aa99985c432557eb60ee68a86b998e4a8716ba568f5b153881c39031b235b747afb0e8f6a36d
-
Filesize
6KB
MD518fb2f6330a9ecaecf185a96b829f048
SHA19045b3140eb754ba6b35b5bf5eb890065c0c5787
SHA256bc974cb96cc603b3d4e505cab48da67de05b3f4b5d13f68b25a23c2c1760ecc2
SHA512dc2f718c9a4797c8fe4036c1b62655c62753c8ac11b768690a87444d69206eac408213451e0deed481f5c50b9c8f28dd9bd1abd1191f6538c51815ea7873a9b7
-
Filesize
6KB
MD575a14c705960e938f8d74f494fb5cb77
SHA19f72a3b56075fc7c69945bcea5fc66a089276f28
SHA256cd676e6e961e5db3a4a5686c794ba5da4d04f9c799adf91b99a9fc54104fc28f
SHA5124dd291b4cff994b46a0be73643a62e15962cad2204f81bd9c92b7f81c2331f0afe6509961dfb4b63d30c8706ddf9ba9e9c8bab642dfb5d0224bcce5c2dcb7cbc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD568744d7470fcbb07c1c6b57f43700aea
SHA10f0917f6a738684d500820e4e96b45f1da7ba7cc
SHA25697cda97c5375db453be469e4bdf61ea5954e506c5bb2bd6a052de53f12077be1
SHA51202a4cf5dc1510dd3cdc6a7d35f03c96c7e360d784d29c6768c14d2728628f0dcc3e24bb6a211d5e820eae1b7eb6a579327fe7b162de31d2875c4060a336ef854
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize6KB
MD53789accf245aa2d07decdab2858f5f09
SHA1555a98b37cb2ecf84696c44eca8671700c4b9dfa
SHA2560d87370de99d8bb6897707f53a48e548d0b477e1790520f9acee25a892dbeab0
SHA512b010c122f5c0d83ee0a5772a18c5acdf4c99ab33387b2e1148aa9a3655767c1740d6a9dab4de2a5d1f7f13dc011eee2d0e16e12cb3bfd5e97bd69928070ac877
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++www.youtube.com\cache\morgue\34\{379c3d0f-55c2-48d2-9f38-c0285aef3122}.final
Filesize192B
MD52a252393b98be6348c4ba18003cc3471
SHA140f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA25604cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA51207af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++www.youtube.com\idb\2151137500yCt7-%iCt7-%r0e8sfpeo.sqlite
Filesize48KB
MD54ec915e2fb41def27d9debe6d40cddad
SHA10c6c911ac0143a4bb184b17aebb33353bb67c33d
SHA256e3a1b1e21fe06964ba4ab4f4d1a8926872f0952d3ee2d514e826171e78d8264d
SHA5122c4a84047e7e4988a4475632c45c8fb1ef31063b5f0957ad1a577c2c47834da111a6f86acc8ae1e6ec2dd67996805b6c3e7cb7a189bee0c7bbf3b5dfc73f8bac
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD58eff070195653e2a131a916680cd18c2
SHA17f5dc88fc5d5969b25d5e75cccabd37362b31a94
SHA25661c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3
SHA51218ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e