Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2024, 19:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://anydesk.com
Resource
win10v2004-20240802-en
General
-
Target
http://anydesk.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation AnyDesk.exe Key value queried \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation AnyDesk.exe -
Executes dropped EXE 4 IoCs
pid Process 5664 AnyDesk.exe 5872 AnyDesk.exe 5884 AnyDesk.exe 5176 AnyDesk.exe -
Loads dropped DLL 2 IoCs
pid Process 5884 AnyDesk.exe 5872 AnyDesk.exe -
Drops file in System32 directory 15 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db AnyDesk.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AnyDesk.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AnyDesk.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AnyDesk.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AnyDesk.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AnyDesk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AnyDesk.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 425808.crdownload:SmartScreen msedge.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 5884 AnyDesk.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 3332 msedge.exe 3332 msedge.exe 2464 msedge.exe 2464 msedge.exe 4616 identity_helper.exe 4616 identity_helper.exe 5524 msedge.exe 5524 msedge.exe 5872 AnyDesk.exe 5872 AnyDesk.exe 5872 AnyDesk.exe 5872 AnyDesk.exe 5648 msedge.exe 5648 msedge.exe 3972 msedge.exe 3972 msedge.exe 3972 msedge.exe 3972 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: 33 4384 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4384 AUDIODG.EXE Token: SeDebugPrivilege 5872 AnyDesk.exe -
Suspicious use of FindShellTrayWindow 55 IoCs
pid Process 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 5884 AnyDesk.exe 5884 AnyDesk.exe -
Suspicious use of SendNotifyMessage 34 IoCs
pid Process 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe 5884 AnyDesk.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5176 AnyDesk.exe 5176 AnyDesk.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2464 wrote to memory of 3824 2464 msedge.exe 82 PID 2464 wrote to memory of 3824 2464 msedge.exe 82 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 4084 2464 msedge.exe 83 PID 2464 wrote to memory of 3332 2464 msedge.exe 84 PID 2464 wrote to memory of 3332 2464 msedge.exe 84 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85 PID 2464 wrote to memory of 4444 2464 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://anydesk.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a0447182⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:82⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6760 /prefetch:82⤵PID:936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:82⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:12⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5524
-
-
C:\Users\Admin\Downloads\AnyDesk.exe"C:\Users\Admin\Downloads\AnyDesk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5664 -
C:\Users\Admin\Downloads\AnyDesk.exe"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5872 -
C:\Users\Admin\Downloads\AnyDesk.exe"C:\Users\Admin\Downloads\AnyDesk.exe" --backend4⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5176
-
-
-
C:\Users\Admin\Downloads\AnyDesk.exe"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5884
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:5544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵PID:5312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:12⤵PID:5820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6685146946707993233,12119927194192277635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7388 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3972
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1616
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3696
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x33c 0x3001⤵
- Suspicious use of AdjustPrivilegeToken
PID:4384
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\a.htm1⤵PID:1400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a0447182⤵PID:4496
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD50ce43eac50f8216943334dea4f965d96
SHA1ca0da0d8e56ce08fe00fd3e94f72dd8ecedc1e24
SHA256ee6a213f8c4ac7a6b57eb3ee40f085c41a7eb071911574b6558f367d031bcd72
SHA512112093d9bacddb79de894c45c05416e83ea0f2ab1232e057d3463d35318e439d62af4bb07f5b7eb856524445f1482449d4cb26d5957c05d0fb1a569a1fed2e4f
-
Filesize
10KB
MD565ceb53f7852fb248c7b5db1dd652314
SHA116d9bedb11345ba0dd7bde85c442da0ff4b7d23e
SHA2569f55bcef75de17f3cf1fdaa96172d00e5f783052710985771a56eda00e96c964
SHA512201d4e3e6b6138d65e60cf980dc15a817b1831adb18355eb2d940ac42306002489c2cbf0adb1187acba760f51c344df0dc6e0c819bedef9e22c64ede9eb05015
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3fffc7c5-69d5-4b1e-a757-f69a37da02b9.tmp
Filesize9KB
MD5ef01704f02cbb7a367d5c0d387970e9a
SHA17547bce4b143d1d17470eb7630ae6a38a8c0f4cc
SHA25644460d8d19371f315b8ee7d4d3ec477701467f9f73954236417788154b701aac
SHA512a6f7295e611585431baa602a5a5b92c56367cba127d762b8448a2e433436ec061eeb985db1fe3e1c3ccdd2efa5c44c549a22d9224eaa7c5aaf94044e564faa83
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
65KB
MD51ce2b4467b050a09b8db3ae749c488b2
SHA1dfccd3da874bca84da1446ce49fe09cd6f0686b0
SHA256a58369e47abc8c89d1d382ed94dee3570da1bc1d7a0c5735402fca7e5a004e25
SHA512a50a64f9b588b7153395b73121459f26066d3a7d6e73c0ba3d100c50b67624fb4615b2417d1fb561bf173fdb0696636e7059a56db8987a700a639358909fbd6d
-
Filesize
27KB
MD57c06ea9f71f9422a4f66b0594620d8cb
SHA1ad475fecd86dc81acf99c318179416e5b30e316c
SHA2569e09100b0334e1133fa2d1c8e343e54d7fb58435828b036812c1cca81990a41c
SHA512ef9901dc4b5753240d6f42e3826984243263b423f77e1505805386ccd6eead8d9d238638500f8195fa6749b64d0bc2dc906af84772e52819c97e892071b6ab06
-
Filesize
82KB
MD5dc35c5a27978a4f1ca240a95a46b67dd
SHA1f3bcbdb97ce9608ab673da7eebe3e48383d63a37
SHA25686ef070521ca314b15d6a819845eaf7d8cb252acbb5d864720161793d51954d2
SHA51297daa1f4111107a44fbcbb19a6c1e92ffe858a4e183192945de88d8135e5b34a3dc284b52e580dec469a6fe25bca116ca0fbd6261fe3af2de9679b7f3f5a7494
-
Filesize
100KB
MD57d20a8be5cc75ff1535304f541c79e0e
SHA19341ea8c167340347df16cb9d79d17567393fbff
SHA256eb3d3ccc331b59bdadf109e4a6ef8f5628c95409edacebf5e71c81b11d95dc02
SHA5124bb581e374e4aad2121856e04903ba840cd842357e7e36678d611b7367fb499496e9ca5b44fd3f513608e2a93bc21ece8b606c2099b1fdd32b49b777ddf821f4
-
Filesize
29KB
MD5cf776b128a74f76a26e70ddd68b46b61
SHA124c15fb603cd4028483a5efb1aecb5a78b004a97
SHA256346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc
SHA51220751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32
-
Filesize
36KB
MD528afe735c8cf73a6c88376fbd85508c1
SHA134fdee7096fb2cb28594ce2d5ff63e41f09c22cd
SHA25622de5e30581bae29ba36f0a045e9901d996880838619b2af86d16a9a2c055111
SHA5124b64d34859ebd25287e5d15ad2e622abe7222c38200f34f9e46b6e0673982a6f7384cba8353fcfe55f4ce7370f0ac4fd6126f4acfc5d42c7ddb0ca306dfad250
-
Filesize
27KB
MD533ae0228b052608a2b5b372c364abfc4
SHA187f046d26f2021454c7815479c692b738b23715e
SHA2562d408a1945d308f547ab55b00150bff88869ff67df5658076433b0f723e312b7
SHA51282c077286fa53dc2e1c74764266789d3baf3aa664bae562ce0e9b5d7b3711f8d4e42ff3ea36e7528735ce02621c181edf7f7d3e55ce98cd99af7ab2013e6bced
-
Filesize
31KB
MD5152e5dbb901899807527b83f38dbf698
SHA1d8228d674824fd138c7d8de915de8b5126fa2b66
SHA2567ace4d94352d868240c8b9f4f528ff958713770c98d13863c47b094aefb24208
SHA512795aeee0d9cd09824ade995d5f763610758bd98b1691079501218d382249ad9705b7f04c8cf97aefd51df41d138ee0ecb24f806945f46d0b09d73688a441cf95
-
Filesize
29KB
MD5f09721a2b8b3e47f906a4c91efd81d58
SHA123d095d99d83ec38af52862070e0fb38b0195e97
SHA256c26c6ece208c7920353ad0faa8e1d48cec2d2142ff8d6105d66f3b9e7fe40790
SHA512ae8686f28cf21d4fea6827608a4880dbd7cd59880f98c2a172dd7f99461615be4feb3e3f05a340d862a2cacb7746c5cb68d3402d510da2d5ecfc0e0c1ed84516
-
Filesize
60KB
MD55d061b791a1d025de117a04d1a88f391
SHA122bf0eac711cb8a1748a6f68b30e0b9e50ea3d69
SHA2564b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc
SHA5121ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e
-
Filesize
29KB
MD5f85e85276ba5f87111add53684ec3fcb
SHA1ecaf9aa3c5dd50eca0b83f1fb9effad801336441
SHA2564b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432
SHA5121915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5741ed3f80345f3ec2694cce66bbc5565
SHA1a7b65d53368bac38c0071070533ef33321655f2b
SHA256fc49dd601e5a3c44b49f6f7c3234524a0f7b369f2a20735e504b75ca9d85d97b
SHA51284fb38c3142c4668e329312543f76b3d364d476faa26a2f2a97a4d996faf61e2149e82a774bc7e5e0fcf1c3db80bbe2f8137c2d5a4a28f8c21de6042c38741a9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5e4b73f45993d118d858c4903e971abdd
SHA157477352c51ad5103b0178e4e0794c80a2b73e51
SHA2566a224fce9ee0df2a1b2716b332ec4f26c32253abae05c56df658d54fb049b31c
SHA5128af200692b795b6dcb993d840c3119817563aa7b58dcee73ff616d7fc29b48e72fa3ec4dfcb2dab0012324480d62d4a8015e3ffd39fd5441e92828f22c4dfa66
-
Filesize
3KB
MD5d61ff0a6648836326170a86bb31e3da3
SHA1843cedcede99d6c883544c22f5b3f57d68363c6e
SHA2566b583d16d844b751c68785506418d8798dbd53026d5561a1427d7b9c28456438
SHA51210200928ca5751f0a562c4e42142002742daccdf87fd58b2910bf78e52792c47a64da1ac4a2568161fbcdd2ed8d9b71c9ba50d12db2f94b7c430889f05fa80f5
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
10KB
MD59e0a8c798e05a7a203faae64efbdbcc6
SHA1c33f556fca357e4147b083be91b6e022c487244f
SHA2562a8459d7cfbd714132bdaff0a82ebc979d0d89d549699ed3432d5fd05b3b217b
SHA512fdf9650c53b16c6821267795ede9977bbab30afdb4aca04fa3f55e9fad44529624daff73bfc625905a1df2db63003a4d4333840f0753ecc3a06a933ba2418882
-
Filesize
5KB
MD598cc9d9bce17d8c6a190686aca8ce3f5
SHA1e1d67afb6c4b1cfe4cd5fd5ea6430cdb6389ebb7
SHA25664b7d6bb48b30da90184a6cf17d813dd788cbd1227fb7d84481bb36386af7270
SHA5129ae12cfcdd1dd79ac9266533d392b5aa37dfc45b01250bdb0016d7970389dbc925abaa4696420a2b333c0d6487b3df2673436d0629332aab49078750104a70d3
-
Filesize
9KB
MD5f8aeb4188943b7d8e3acbb7eec1b9bb7
SHA1b637cfdd58bc4e57b651df16e46556713aedd30e
SHA2564660fa51ad44b906d5d44370503ed97ef3b4cf8967779c2607d3d1129cce8f60
SHA512d5ddc0ee25600f7b24a58f39d7da05e536d19311585a707e1805d555307aceff5253d9a83ad04f3ce39f5c319bc2b6345dcedab4cd48ba7df8ae63ee42126112
-
Filesize
10KB
MD5983dd140e8d4825f4c931753c70558b0
SHA102f8c61da4c756f1cfba1190e4319cc5fcddf310
SHA256f61e550d9cae46595faf1825574d2b83db76a369f93a2415ac06ecccd90c5005
SHA512508c78b1f01347b3787a8f0c6ee2590e908ed443fb270c068908352c860c93d843073a47659ddfbdb50f53bc68b4ee47035b80ff8ea732cfce84df36e7b795d8
-
Filesize
8KB
MD572b1b4be161a33a29db587c10e68cd09
SHA1d6a2e46801c017d9437e201d5a9f365dda0a70cd
SHA256fb9b1b2e918ea5c96a4c32bca398b4207eee25379c9c7b383f30025bfc308f41
SHA512629c264ca9d988d3edaa99f7939b425af4e04aeb14fcfaa241e0e8e425b5bc7fab247876332a58b288a5bc83a96aeeba68e8e82c99ee391dafb4f3527df461aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt
Filesize86B
MD540d2c6a1c391614b906d65f3b4194eee
SHA1b55b7e1afbab11fc85a8ba8bd29fcc98621e1ba2
SHA2562e2e9f8ea99beada81df4443b5b416105c4c06353ad3cd0fe08801c3504be2d1
SHA51293b55f95e09c591ed4239647cf396d29f06e0c4f8a7f18455e7e96e5a17e8f29598faca6bcafc965f085a391da59e16048eb31910ded1ef15eb74ffba05394f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt
Filesize79B
MD59926a4c27716e022bbfd25bb24c34c59
SHA16ce72ba221b8bd1b08a6f52f397c0411d138e6a3
SHA256131ad1196e5b3fd6de485da7c1efff2902cb30d2e51ad65ea4bf3707e21c2a06
SHA512fd8d062a89f686960e8b27b99e5a63c1351570dc261979447e0aa8429910e71065cc5a34fb2843b01993ebb169eb1ae5ac6af689a4ed0306e17c30d535a14754
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize2KB
MD50c2ab112850142c582212dc19a48034d
SHA1e6a55a661381b983883f10324ed1a236a1e82890
SHA256e282c9c8da69563b714c05b00ac003a14c7170df6c5db559b2009577413ebc48
SHA51257bf3318f2b8796e4883acf2b98e5da681f37f57e33faf6c501fbf35d002c347df36ae6f6144df282ba7238bc4c1636cf4f84dbebf89d117d2b23824590f7845
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5389621a99e34a590a324921bccad02db
SHA12fd9dffdb6d99ea49182ec9c48e419d11f17cab0
SHA256e327b07c71509fb813c8d54014ebe7feca2dcbbd021e9ebe946906d1722d51ad
SHA5128aa763ddac5603495b9695b60065bc9f73ff06c9b722d4f7a4c5e78da8ff66fde1e704f8b5fb94fb69b92552e51595769ddcad9f8277e57806e2f334428c8b03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5990ad.TMP
Filesize48B
MD5b238e8a5789b56221faa9bdd8a3b0bba
SHA1c5eddb42f3186829e84e0e6440a91296422e444d
SHA25625b76f170989a502ebfaef48bf064137701e876a015a9f3cd29f5bfe52d8143e
SHA51220dad03cb16faa4a8603499eabdec55e174ad487a3c2b8b137ccc55a42d6456377cc322a107f81cb1729f4bfffff7f4a4fdd3eb88c960804195e1c183b95c535
-
Filesize
3KB
MD579abf98f26b1d30c41202bc303542d28
SHA16c485e1c0448dab62441282b0ef41cb7895e8133
SHA256c6d5b363be8c1b2605ce866e0ed290315c0e7a3a7fa3e457546db0ed14ea713a
SHA51255f1489f954dbd4058accbf14bffe0dcfa72261af5e6085ba0acdfd45f5a4305178b1a3d99b92c97de8dc493e40864ffff9408bfdef208b2b1c3623f3c0dc6f0
-
Filesize
3KB
MD5fd6b45c0943855a94b83cfb6cb110f78
SHA1cf791ac4b0a1da3b2208d4f3e923c2ef54495109
SHA256f603d9080a56d768527c05071cd93cb6fd3164d3372fd46be87de25d0748deb3
SHA51260496df698b0719b8a7fc0038cc2ed1f0c339abfa88e642d9c51ec425929b195e2dba5b5fbeb7e8d2f1739bc3ac03b648eb100edebbccb8ed247397c99f63942
-
Filesize
3KB
MD5a4b39b1ba08c8ab3044aac55f646c666
SHA172b4cd93df463d451341c97031150007bd91e7ff
SHA25680ad785f0e96bfa5cc9ee1c0b4c50e479564815f5f403366dda60d35ec840d96
SHA512b2e1d66ca452973e72615ab1826e642adcd7da7a941c6db0ae8927589691d66a450249efff6c751ece6be9677b629bc1cff2274bcfc4c471608bd7e3397049ac
-
Filesize
3KB
MD504cd35a3b75b0c30bf586fb9571aef58
SHA1067857c90f07a9dc8bcb347110113d421621813f
SHA256f244c4cf6ece39497213863802569e946703d96ce44875beac514dc87cc0e3a9
SHA512b8d9c09e3e0d5fdca852d64057eee377ecad8e0437ec02934a2ba522da13bbf6a8ac47a45fb8c8c4feb9eb126e62da9926c75589cacef4f41c273730f4550249
-
Filesize
3KB
MD574ead38e54e7538776886ac42f93688b
SHA17983bc8247184b2c0eee2094a07c944abff4978f
SHA256bfec79b9a4861498ced82619853bdbb21f5a0257989b55d7cfbbaf8636feb4e8
SHA5126943e89230eb548b5e31e3e8cfefe2367d50daa88166b6b9c60b01a8ea64b13be75bdd2b3f08ed7c0dfb4d543e0e34c8086b8466526f55064013ec6c938f159e
-
Filesize
3KB
MD51b991955367369a6200d637285ccaedd
SHA161c2fbb5d04126e34b19a1a78554e60814d7f862
SHA256694ddbbdc0f0f20ca0a178b2bb171468d0b44627abb294c28e085f460cbfef58
SHA51291abe9dab7f024913aa17928329fb0894d1bfb0586af76481a5ae1c73b7ffba8b233a50762c22e5b4e29800a17eeb6ca68522980ee65510ae12e11204fc1dcec
-
Filesize
3KB
MD5cd67162cd1efa0ff88cf3471f36eb33c
SHA16a31eaf43167085759a40ecde1e73abb8a592073
SHA256fed558736f95b6a2223e1663b185322817dd81287ff0697a6bb4b198d4a8f49d
SHA5127e1b82fb910c3c29f07d88c7e260449e7aff3628b937aac5eb9f6853caebb313149299f8fc4ab2fdb4405b06a0db1e5d0fa525897b7060bee73eaa602621d0b1
-
Filesize
3KB
MD53738c547565afdc7a2eb06df1fb6172f
SHA1a38bf877392b81d11252dd9d8e9966f61002bdce
SHA256bd67c4b72fb1ecce12ff5532701db16daa7ed354f0f53bac8e5ce50c8a2bdfcc
SHA512354090e6592b28e7542325f5b83d7c21f93af40234adb6295c771958fb0e3e37d36650f2a2b1673ccf1f9c6d5a2e9122a563af738497c7b2f4c61f896d12e996
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD52e190eefc87ee42172db57091ffd5d27
SHA162b40cdea464b48796a0672a8c020034d29b8fb8
SHA25659661bbc33778b275a1bf9b4beedbb1b2037172dd68dcda00aa4bda6cdde64fc
SHA51230350f96b9e4b3a43b040c7eb5ddb20c64204c8e950f78f57931014544d61db890d35e335828fb58e2bb185eaf325d4d20967fba41c21d2c0b2b6193a5b45c35
-
Filesize
11KB
MD5b0e8428fe39af9565bb48152ba884b37
SHA11c40e050b763d9ab23747e8948909154685f79e3
SHA2561a268b6223000a82df1758930944fe4d3943900190064185ebd2742382e53950
SHA512a7a5f4eb1fcdbd0a93e475c24ee587942d9a22e3b1e09c1e59685f2c0e5341eeec02845c095ffe59e4bf99edb77ecc41222b8d33d267f3521541c80c094cc9e3
-
Filesize
9KB
MD5878cee9c4d5ce69fb2867be6595f3107
SHA14954733125f20c9950796740684de08f92f1c791
SHA25614b6af8143d16daf3487e58130dd863de44b131a19251a29d8a2d014ef574b5a
SHA51242b1783129bb20cbb20f0cc2aff55c5374f6cf429935e419ac61cfec2b18403bc74ae44c246b7c4d52eff1b3ad8ae1068383541f80f537b38f28ab7d11b6a99a
-
Filesize
43KB
MD53e4182f496386258123c3663c520d699
SHA18064215ef43d5e227d9483b087bef78ea575e91a
SHA256b185a109f5d21739293b531120873132ae7da9ee8eb2debafb664101e6a69697
SHA5123c4d4f52aa3de7db019f2319e1332225b20570bf787f550a127aa195857e5aa5ebc02f18683602afb8577075e7dbe79cc951027f1b178cf1390ecc97dd31dbb3
-
Filesize
2KB
MD5c1e0c4a2a900c4ac6542f3044b38df02
SHA1202db56d3d9d00ea3dcd193cd30de5e1157b60cc
SHA2566978ddd14cb619387bda20ddc5fe3eaf84548df31f368d1a839d13723aa43c3c
SHA512f99bf054c8fac53deeeda6e217c92d1708d9917c87d00b8637b9e5cbc5c88d82a8b30921c23d7368c311f9dc3545da690e670ae2a44f6d5ef0fff256179af5f0
-
Filesize
2KB
MD5b1045658eb31d7da68a09d7b6102468b
SHA186c6b7fe2b5da99d44d98645dd27cff9b96b0370
SHA25686a9bfd47d552af811a8d8310399c0986728ca7e145976fff132aabf24d9a1ba
SHA5122bf2b47ca75860f49860b6cd68e0a2f0c6b44f9eacf8fe8f35eb9e13ebe57f723ac042c1f62931782e2594e2bf8211ce5e9f43834cd5b67be362850f27fe7e9c
-
Filesize
312B
MD50c04ad1083dc5c7c45e3ee2cd344ae38
SHA1f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA2566452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA5126c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492
-
Filesize
468B
MD52fdef04eebb2e6826e215c76f2d68378
SHA161ef8e7d88e9210d39a88cb55312ef7092616435
SHA2560c81c37825ecae9375a1e00b52382ed02c6d0be7849e88b589cda922146a1530
SHA5129a1771c79fd90ebd7a50038016ee18002ba9584b317365c91fc53ec71b8bbd259b738ffca33ba103dc8324452ea7182e1b4895b8a3755a56da22b98b1964d7cd
-
Filesize
468B
MD5d22cc3cfd645d7947c556736e0bfb1f4
SHA1b6b03ecd2539ffc5a87aa269b488f8040b4f95b6
SHA256954a14c621ecb7c3d4da23dcf89569839b69e8b5ac83c9e6eb942907cc5806c8
SHA51267777a706ffb02007337a37e594243d57bddcf3ef3f19b1d0560b0cd80423dbe419e4422fb77d56ddf8267a7f922ed3a67d5dbf76e85fd5fedf1452df3358788
-
Filesize
765B
MD5173f9fb512e4c99306d820ac3bfd0f9c
SHA12901daaa1f3f4502eaed550c3508e38f52e27dea
SHA25650e16d3a63abb8ce293c928e3d468bdd155e2ee53a1bf94fd1f2424915dea489
SHA512ec09f2d4c18bcfd96e8fc9034fa4afca167cd8810c054e6b4b57dc198986d07d4f89b4f72154ee93be076c5e0ca63e280a864d580cb9e8ee2542a6e852e85f03
-
Filesize
774B
MD5ff3b40c4ebcd736d27efb83ce55ff47c
SHA10e07ff9ae11a23bf28f90604cf9f1b85fa5af859
SHA256b76c49d10794e3f81af29a2caacdbb8a0bd08469ec898b7041fe44cb3eb7fb3a
SHA512a09acd4054a9a5cbb87d96e43b8f4338bde0a0429169720044464a391a50171c1024ee5e51e825495975f8083e654642643eacf94080534eef6fff836e376d53
-
Filesize
831B
MD5a2fd533d2dc1912af6b1eaafe374ae7b
SHA18f7026df63a5f7b970587318f748f0bc78af0f21
SHA2566a41f2d41d7187eb238d35d6f2c589bebf18ae7f6d2349f10a37d8d2e0cb5648
SHA5127dfe5f3c6d65495a2160cefa2cbc52909334d06aa7c8186d5d72931b8d3c3f56247047e58e3c5a5c1dbd18532d2419c8cda2250cfe5cfb1d2d76a44e5fbad292
-
Filesize
7KB
MD5ffb481ca5feb3147d257229eb59edd76
SHA1e2953985e9318ac0470e92588bba5dba0ff70405
SHA256d03ae16cb09e75936c577415335907de0cf96f96b41ed05fb11e1f45a1a84015
SHA512775995f8801b6d2286b3f166c4175c4b520dfe8ef45e61d8b8f47e21ca958d656c7954d09f5c5f5e8f60d760b294de0d0cdf2dd028a7518daee611281f7f7663
-
Filesize
1KB
MD52b50750b5f7918b435930a1a83750f2b
SHA1364a4ce834cd43e518b1dffe5b6699e516f78263
SHA256ad7e4b3fb1e69116ed3c095814d6bda30a8760bab0c4d0b3950afaa7f82e4670
SHA512e745475eb14db4a188a3e6bcd1790aa4df02a309be8d0d8231262da02d6a911452f120f150c3dde1aed4dd607adc5d21ab0a5cd45490b90629fb5191b8f6eb85
-
Filesize
1KB
MD5ccf1bc639df7ddf9734753f451f7475f
SHA190852415e3839cc6cc794f6d508b9b23b1b07e9c
SHA256e7d9be6f521f9dbbcd163de3fd7d36a15e4711136d819221eb89d3e45d05ce30
SHA51220b88adbecbb7cd8493befcd77c17d07225ad83de2dbba54d419b851db7c8c739edd7ba1fcedfb2af1d021a737df754d3eff264f739ea339a82eaa96e6f59108
-
Filesize
1KB
MD51e9a02df171ab8e85282d8635326c0d8
SHA142554e3d6e7820cd3fc2a21e4517576ee1d709ca
SHA256dd4afe7b2f08d08548560daee546cf2f039bb09e82cb327a2dcdd51fc591d26b
SHA5124171658494634e1f4e56deef5fd67d1ab8c7cee6241339b90604f1acb854508d7eddc90ca4921b988a670d6d8c29383df4a62f623c85c2f000ed00bc6a37e8f4
-
Filesize
2KB
MD54c744925c43940bf31a3ec8b45e8764a
SHA1bb6b364aa58eddba3766c3c454aa2335b7c455b4
SHA2562f760cdfa15cd45069ee762fb673ebe0f6252883ed8d187e44d3a9ef6efc2993
SHA512ac7b9b340aa2524dd2d199e6bed63b69f46950306494e425bb02ebb2fec577489d8f7be8da739efc547519c2861b4fba4ce035004814c3a1438b18b580932d2a
-
Filesize
3KB
MD514d7e13968866958dac20db22f97fdb9
SHA10d90ebc35b262829a223878987faa5c1bf41bc67
SHA256dd79138958a5cd04a965ee3e5ce909e42f5acc49fb2569382b0c5ceed8523982
SHA5125db96faf05436b3bcfeb09ff7550cd1e346b62df13edad7114e0876e66f1737bdd8c2434c2956e702afeefb89fd36a51f27562b0a6bfc851372905d8e9a3172c
-
Filesize
3KB
MD563b04bf8eb67369ce5d1a726805993f1
SHA117bba48d7af747c83dbb2d29decc5ade10aaa533
SHA256417f96d0033f1004aa99a6f13ee51bf1825429c5a3894c54fd7ac6707e7a4356
SHA5123078d32ce06fafc610aa53f097da969a6b0380af8f97fa75eb6cbaad5f279dbd6910c5fa274d4f0c090681908c56e4473c5b3390d6c604dc728ed37f8a05c07f
-
Filesize
6KB
MD591ac759df5b12dff5f6a99fe0e05140f
SHA1b4620b969aae383b8477434500ed52cdfa1b3f30
SHA2560064179236afb3a9bd686f2f72fae2de845fea6274df59f14f45834f610c0bf0
SHA512196482e526d4f23c840d5e2aa09290e4ae7ab9222940469ec4938eaef55a8b0eaaf8cadf55fa21011f23c8f7596a83b92c2342923ba1ece520a0815418facbf7
-
Filesize
6KB
MD512369c181085c3df746820c4dd36c840
SHA1607c57e5d340714b808e783378f9cb9cb4d592ff
SHA256a4c6024b83e041c85102eb9723ce879ab0f99e3b7808a6a040be27e4939081ae
SHA51298771dce7ecb462d65763ad3bcdba17e30f6cda5eb0d398cab312397d1c6ac28ff55d862bca00849f22cf61d638ae46885404215475ddf09b6d9129467497e62
-
Filesize
7KB
MD5bf34ed7689cf3ebde34e101cf6a38a46
SHA1f5f09fa2a5020ff0b08cd42d52cddfa204836f82
SHA25602ac7352c35a05237d8905877c38c599b0d9419fd7cd37d3f1089bfbd56be488
SHA512c0f27173a75ec5ad984f24bca740dbe95931298f3ee198b9f5de3f585409f103bc910c7ac8865369f940f4a8ae306419dfc2aeb48be0690d0dfa5b58912934c4
-
Filesize
7KB
MD51fc11d1bd21ba9d10dce5f1229a811e3
SHA19fa4faad85b1709cf17586c3f9a96504c51ea19b
SHA25679d1fdf8676232425c2769c8e79b29b898ff97f9c806fb3de99c1137e73fa3c8
SHA51244dd0a69dd231a0a07d9881eef6d94db446f91b6a39544aba1cfd5fa112be27600487da57390a2c45380ca2b17bcbbfb9a52dae017414e0771841cd1a0d32a5a
-
Filesize
4.8MB
MD5ecae8b9c820ce255108f6050c26c37a1
SHA142333349841ddcec2b5c073abc0cae651bb03e5f
SHA2561a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069
SHA5129dc317682d4a89351e876b47f57e7fd26176f054b7322433c2c02dd074aabf8bfb19e6d1137a4b3ee6cd3463eaf8c0de124385928c561bdfe38440f336035ed4
-
Filesize
1KB
MD54847e2c247319d813992a6f35b059b81
SHA14b5693c8be5067417fe9e02cd769506bb2662172
SHA2569aebe6402f9a32e9e26116891bdc567406eb7fa8c1f23a46fdcaef6d7d25919c
SHA51239d0a4c49a23ae782c1a622d2c0bcbab180fc0b77356c2fabd3e0c5bac5ec480cd2f0249de53ccf141ea9839346a5e761130fd4c243e2f12e075ec12a6c70072
-
Filesize
385KB
MD51ce7d5a1566c8c449d0f6772a8c27900
SHA160854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA25673170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA5127e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753