Analysis
-
max time kernel
899s -
max time network
902s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
07-12-2024 19:50
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 4 drive.google.com 10 drive.google.com 11 drive.google.com 13 drive.google.com -
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell to get system information.
pid Process 5176 powershell.exe -
Enumerates processes with tasklist 1 TTPs 1 IoCs
pid Process 6012 tasklist.exe -
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ONENOTE.EXE -
Enumerates system info in registry 2 TTPs 12 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU ONENOTE.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS ONENOTE.EXE -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" firefox.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16 firefox.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Generic" firefox.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings Arizona Games Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads" firefox.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} firefox.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 Arizona Games Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Generic" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 firefox.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" Arizona Games Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 Arizona Games Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Documents" Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\1 Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Arizona Games Launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\1\0\MRUListEx = 020000000000000001000000ffffffff Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 firefox.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000020000000300000001000000ffffffff Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" firefox.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} Arizona Games Launcher.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" Arizona Games Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" firefox.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" firefox.exe Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 Arizona Games Launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" BackgroundTransferHost.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" Arizona Games Launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" Arizona Games Launcher.exe -
Modifies registry key 1 TTPs 1 IoCs
pid Process 5288 reg.exe -
NTFS ADS 30 IoCs
description ioc Process File created C:\Users\Admin\Downloads\ArizonaPC.zip:Zone.Identifier firefox.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\handling.cfg:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\turnlights.ini:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\ARIZONA:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\streams\AA:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\ignore_interiors.txt:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\LauncherLimits.ini:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\CONFIG\TrakLkup.dat:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\SPC_EA:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\vehicles.ide:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\FEET:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\GENRL:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\SPC_FA:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\SPC_GA:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\anim\ped.ifp:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\SPC_PA:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\anim\anim.img:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\CONFIG\BankLkup.dat:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\CONFIG\StrmPaks.dat:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\chat_rooms.json:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\NamedModels.json:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\spec_vehicle.txt:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\UserLimits.ini:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\CONFIG\BankSlot.dat:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\CONFIG\PakFiles.dat:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\PAIN_A:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\anim\cuts.img:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\CONFIG\EventVol.dat:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\SCRIPT:Zone.Identifier Arizona Games Launcher.exe File opened for modification C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\audio\SFX\SPC_NA:Zone.Identifier Arizona Games Launcher.exe -
Opens file in notepad (likely ransom note) 2 IoCs
pid Process 3004 NOTEPAD.EXE 5864 NOTEPAD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 6316 ONENOTE.EXE 6316 ONENOTE.EXE -
Suspicious behavior: EnumeratesProcesses 36 IoCs
pid Process 6124 powershell.exe 6124 powershell.exe 6124 powershell.exe 5176 powershell.exe 5176 powershell.exe 5176 powershell.exe 2964 Arizona Games Launcher.exe 2964 Arizona Games Launcher.exe 1452 msedge.exe 1452 msedge.exe 5640 msedge.exe 5640 msedge.exe 6264 identity_helper.exe 6264 identity_helper.exe 6976 msedge.exe 6976 msedge.exe 6732 msedge.exe 6732 msedge.exe 3796 msedge.exe 3796 msedge.exe 5872 msedge.exe 5872 msedge.exe 4432 msedge.exe 4432 msedge.exe 7020 msedge.exe 7020 msedge.exe 4224 msedge.exe 4224 msedge.exe 6108 identity_helper.exe 6108 identity_helper.exe 6020 msedge.exe 6020 msedge.exe 6020 msedge.exe 6020 msedge.exe 6316 ONENOTE.EXE 6316 ONENOTE.EXE -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 3660 firefox.exe 2280 Arizona Games Launcher.exe -
Suspicious behavior: LoadsDriver 3 IoCs
pid Process 676 Process not Found 676 Process not Found 676 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 6732 msedge.exe 6732 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3660 firefox.exe Token: SeDebugPrivilege 3660 firefox.exe Token: SeDebugPrivilege 3660 firefox.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeDebugPrivilege 6012 tasklist.exe Token: SeShutdownPrivilege 2280 Arizona Games Launcher.exe Token: SeCreatePagefilePrivilege 2280 Arizona Games Launcher.exe Token: SeDebugPrivilege 6124 powershell.exe Token: SeDebugPrivilege 5176 powershell.exe Token: SeIncreaseQuotaPrivilege 5176 powershell.exe Token: SeSecurityPrivilege 5176 powershell.exe Token: SeTakeOwnershipPrivilege 5176 powershell.exe Token: SeLoadDriverPrivilege 5176 powershell.exe Token: SeSystemProfilePrivilege 5176 powershell.exe Token: SeSystemtimePrivilege 5176 powershell.exe Token: SeProfSingleProcessPrivilege 5176 powershell.exe Token: SeIncBasePriorityPrivilege 5176 powershell.exe Token: SeCreatePagefilePrivilege 5176 powershell.exe Token: SeBackupPrivilege 5176 powershell.exe Token: SeRestorePrivilege 5176 powershell.exe Token: SeShutdownPrivilege 5176 powershell.exe Token: SeDebugPrivilege 5176 powershell.exe Token: SeSystemEnvironmentPrivilege 5176 powershell.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe -
Suspicious use of SendNotifyMessage 41 IoCs
pid Process 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 5640 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 6732 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe -
Suspicious use of SetWindowsHookEx 40 IoCs
pid Process 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 2280 Arizona Games Launcher.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 3660 firefox.exe 2280 Arizona Games Launcher.exe 2280 Arizona Games Launcher.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 6744 OpenWith.exe 5628 OpenWith.exe 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE 6316 ONENOTE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3884 wrote to memory of 3660 3884 firefox.exe 78 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 4228 3660 firefox.exe 79 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 PID 3660 wrote to memory of 3824 3660 firefox.exe 80 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1t53BWjHU630WYtHeQe5pAHg2YWVxTtPL/edit"1⤵
- Suspicious use of WriteProcessMemory
PID:3884 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1t53BWjHU630WYtHeQe5pAHg2YWVxTtPL/edit2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a2df33-67e0-4ff3-8bbc-08b02d3dff58} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" gpu3⤵PID:4228
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3914be90-7189-4050-b179-03b53e8a1f93} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" socket3⤵PID:3824
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2564 -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2732 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6522b9ee-6f44-4403-8e6a-2897911efebc} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:2424
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3768 -childID 2 -isForBrowser -prefsHandle 3744 -prefMapHandle 3756 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61024bc2-ab34-41d8-b53b-c6bb13a8b77b} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:3720
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4888 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4824 -prefMapHandle 4884 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6c9a036-f93a-44dd-8a8e-7a424c1a08ea} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" utility3⤵
- Checks processor information in registry
PID:4828
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 3 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45c10774-4ddb-4752-9f37-801c3830028a} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:1128
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 4 -isForBrowser -prefsHandle 5808 -prefMapHandle 5816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b39a5379-2111-4685-a3b3-625061d83aad} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:2276
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5984 -childID 5 -isForBrowser -prefsHandle 5992 -prefMapHandle 5996 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e85b5ac-78c0-484d-8341-c19861a24470} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:2812
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5860 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 5852 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a518993-9647-4b8f-b06f-aa61212d5b27} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:3464
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 7 -isForBrowser -prefsHandle 6612 -prefMapHandle 4628 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43bf7d36-58db-47d6-962f-19e081674cbf} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:1352
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6656 -childID 8 -isForBrowser -prefsHandle 6580 -prefMapHandle 5016 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0198febb-3c97-4ace-b25d-1d166e20af94} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:1372
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6964 -childID 9 -isForBrowser -prefsHandle 6852 -prefMapHandle 6848 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c07a5e1b-774f-4f6e-9a1f-66477ab061a9} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:2560
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7056 -childID 10 -isForBrowser -prefsHandle 7064 -prefMapHandle 7080 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff8bd704-7d9f-4c7b-b318-3f02ad26921c} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:1952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8236 -childID 11 -isForBrowser -prefsHandle 8664 -prefMapHandle 8656 -prefsLen 28282 -prefMapSize 244658 -jsInitHandle 1360 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ac5e0f-61e7-44c3-9cc6-89557ea48e0a} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵PID:2328
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3960
-
C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe"C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe"1⤵
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2280 -
C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe"C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\arizona-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1788,i,6576468100551202030,9466191702393104039,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:1756
-
-
C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe"C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\arizona-launcher" --mojo-platform-channel-handle=2072 --field-trial-handle=1788,i,6576468100551202030,9466191702393104039,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:4916
-
-
C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe"C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\arizona-launcher" --app-user-model-id="Arizona Games Launcher" --app-path="C:\Users\Admin\Downloads\ArizonaPC\launcher\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1788,i,6576468100551202030,9466191702393104039,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵PID:4596
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Arizona Games Launcher"2⤵
- Modifies registry key
PID:5288
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵PID:5964
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:6012
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6124
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5176
-
-
C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe"C:\Users\Admin\Downloads\ArizonaPC\launcher\Arizona Games Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\arizona-launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3380 --field-trial-handle=1788,i,6576468100551202030,9466191702393104039,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.ko-rista.com/v1/getLauncherLink?launcher_key=f6318d1234f83444a3dd07599ac11ea1&type=forumUrl2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e8e73cb8,0x7ff9e8e73cc8,0x7ff9e8e73cd83⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2064 /prefetch:23⤵PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:83⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:13⤵PID:6104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:13⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:13⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:13⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:13⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:13⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,5520610380540243484,4144712740576657878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:6264
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.ko-rista.com/v1/getLauncherLink?launcher_key=f6318d1234f83444a3dd07599ac11ea1&type=siteUrl2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e8e73cb8,0x7ff9e8e73cc8,0x7ff9e8e73cd83⤵PID:6748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,14286426876672942629,7871821960379267485,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:23⤵PID:6956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,14286426876672942629,7871821960379267485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:6976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,14286426876672942629,7871821960379267485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:83⤵PID:7044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14286426876672942629,7871821960379267485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:13⤵PID:6108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14286426876672942629,7871821960379267485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:13⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,14286426876672942629,7871821960379267485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3796
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.ko-rista.com/v1/getLauncherLink?launcher_key=f6318d1234f83444a3dd07599ac11ea1&type=vkontakteUrl2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4432 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e8e73cb8,0x7ff9e8e73cc8,0x7ff9e8e73cd83⤵PID:6332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2136 /prefetch:23⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:83⤵PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:13⤵PID:7052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:13⤵PID:7160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:13⤵PID:5720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5452 /prefetch:83⤵PID:7044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5392 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:7020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:6108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:13⤵PID:7132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:13⤵PID:6672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:13⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:13⤵PID:6544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3057031226470086045,18099621706808957486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5156 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:6020
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_ArizonaPC.zip\launcher\LICENSE.electron.txt1⤵
- Opens file in notepad (likely ransom note)
PID:3004
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:4944
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:5252
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ArizonaPC\launcher\bin\arizona\arizona\spec_vehicle.txt1⤵
- Opens file in notepad (likely ransom note)
PID:5864
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5468
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6968
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6744
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5628
-
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6316
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
PID:1796
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5627073ee3ca9676911bee35548eff2b8
SHA14c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA25685b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA5123c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb
-
Filesize
152B
MD5f1d2c7fd2ca29bb77a5da2d1847fbb92
SHA1840de2cf36c22ba10ac96f90890b6a12a56526c6
SHA25658d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5
SHA512ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14
-
Filesize
152B
MD54c1a24fa898d2a98b540b20272c8e47b
SHA13218bff9ce95b52842fa1b8bd00be073177141ef
SHA256bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95
SHA512e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e
-
Filesize
152B
MD56136c8743c26c0539e20768df4ba4753
SHA17d887143c1f1790da7e07ec5abbcf357697bda1f
SHA256a0ee2a65bf7a72918af2954cd72f034d2933403337d460646967f648fcb0b026
SHA512fdfcf7fca06541c2d26e438321aba800c5afd4897dcafa4bb6d83cb52fa3b000969db547580492f4bb89d1f848ae8c5b32cd9b88de32e408c4001255f9454137
-
Filesize
152B
MD5f87e4f8d298ddeb5f67053423c090eb4
SHA16da6ecc7cd5b5a8135173e46e039392a5e7b6a30
SHA25687bdd842d7691b6149346cc5bb9e6468ead7ac89b4008b90c081f0bf9e617f5d
SHA5120abf05ccbfbe53828de70f5b6ff4892449f608adfc48ec071554de66126c368a8535305c2f515fd4c5e326777243d3507bb70d420051770fdda4b9b5b61a644c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3bfdfa62-1853-43fc-96c0-52508a2b89c0.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD5ea8496d4de5ef40d958d5a9abebedcb9
SHA107b7b762824296ef72313c529451fc815b91c097
SHA25676ca6b2ac11ab3bc4505b0ba1d853cff6b4f6e570bf0a8f4b33d42661be54ef5
SHA51287283f151c4bdefd1160dd162377b7b9b3bdd6d83392732781b0dd4e3e7df37370ae854ab2689513f476a16994e34fc671835244fe0ebbe9b13c2ea697ef78e7
-
Filesize
264KB
MD504ddf21f2bd580e7a384301842ed3e42
SHA1d51fb5a4c0b3dc97e2a94cca78137662c161bb24
SHA2562952044ca0e837b017feb7088186731852c0c26616e6fdacf05ed9d6fb8d6068
SHA51215b77cf34fa5e383a02608f9147a3331e49aecfabf526d27f38ba69143340be5f85de64a537abebdf6e5ccea092b2d26def71522e00e80c02b81520256d4e2b5
-
Filesize
1.0MB
MD563bc1f3233dcc80aac85e813f519170b
SHA1420e79f4c5ff9488b666220a74f2753fefe05fa8
SHA2565b8541ec6db621376138676917ae4ccdd4ae48858a8f4901958a5b5c72faa4e2
SHA512207aaa80e863e8f736eeb15544214200120e784f1d0fbeacad9bdb46671592479c56ceb07ae7fbd93659311113cb0627b5065e5f9c1b8e2842d4383c7341a9a7
-
Filesize
20KB
MD5729dae4a195fa82b6b72a896ff104566
SHA14d6df876718a25e82e2a51e6e14df284064a7564
SHA256b7dfac7f8324601fb21b055d7152613179c592bffb0094c0ca3765df4e42870e
SHA5127274897fb331acf09781c3afeab80ebdcb4b5d0ace0aada0438bc6245b4d93b4755a4675b3261d0b6ed1086076bdcdc2b7b6dd1f71fca7e518a4973f7bc01101
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD57cb71b6116a47aec833e8e4cd25cd872
SHA1bf2ced1779bf5e4f681bcb176a954f3566560a5b
SHA2567496b55f61f4447a24ffcf946541351dfca36d23edbaa6cadf654f140aceed97
SHA5124fd468f33bbb81115208124400f183381ebef7794f673499d5a244c9f34fd60cca09195c25b8ec8a804d84efca3faa8266e7371e3fe8d01c415555c24951e5e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize96B
MD55e3dda23d2131ef058c9f84bbd4e0ca7
SHA1566efa31a7a663dd238e9290a7f3e2b4d75a0028
SHA256ed24ac4c6d1e2d43f0ecd60b466aab9cc13c8a12c81cb8b2940162681ebaec3c
SHA512d40d18cbdd2034f29f2e32c4eabd4c2b1da463bf926799324c9b284df09ef9e1662148d12af456c7620e35870253bdf1232024cc25fbf25801139f5098619668
-
Filesize
20KB
MD57a77f434cf110f525bc93e88a3f71e37
SHA120a9c36056bfde553b6cca049be41e0982c16654
SHA25688868642c060d53623907212785f10be724b074ed54ea96c2efb4f5ddcc3f76f
SHA512c6bd8b118b0b48d0bf5c322049da2055e938112826d62ddf958f64a4c9612889a746cb871cb1f16119941a8efd2250204766c57457eb99b303e029559907258d
-
Filesize
319B
MD569a223060b4e05f297b5752bc7d86eb4
SHA1212de6fa206186fab85cdc3c5997bca0d7e0d584
SHA25626cbd69719aa8c08aa6f84c69377fff8f2b966d0270b5d44072bcb6169f3bcf4
SHA5121b5cf8b4141ed2bcbb32fd5f75dd72966ae0253b1249d0255e09c4135b3137d3e5d52e70d3851016657508c613832ce56a680e40fba0f646d877ca3abc30b690
-
Filesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
Filesize
334B
MD534d4d19a1911a3e13cf17284b51fa469
SHA1976087426e87119df8843e2993450098d4e275e7
SHA2569f5af1a833795f88dabdee3dd6929962abfc16727de75e2837bf73c6f0dc1707
SHA5127d02b5ce345c71daa97bae8c066766b8c741608811cfcd69e5b8f81b19a526d2ac389e89ad6073dfee06476141b45f768b11d49d148ba971cf4139d6abedd10c
-
Filesize
184B
MD56a8f95a54e70325602dc239aca9ac263
SHA14a20d76b8aab88a16df5208551b21218877dac69
SHA256d97bf98a5f35845a6992e04d035675fedc99355452152da3cc048b2ca200da90
SHA512b7357a4d83a7b7f2916196c9d5e2768512d56b8045616aed481f3e02bc6f5b9015eb972783de1687b62cc1c2a259a50613d46d804093d7598fe25690c3e926df
-
Filesize
1KB
MD59c8622442d9a89b8faca95962352d755
SHA1482e17aaf91b35f19ec7bb569585e2859f02f7d6
SHA25686b351d9cfb4143a9a5566858f2967ba266d2f2337f7fd478b4ca37dc03aa09f
SHA51237a2ef9988116de2b6df8661668c27bf7667a32f0fd093f818611b57da5ac8a3626ea39bac444bf7a498bb1058b6092cfbe8aa66bd709ac4891206b137048bf3
-
Filesize
184B
MD5583900b7bf69cc670b582a41f90f3d9f
SHA1f94a66c20f394aff95a231cd6580ebee29ef272b
SHA256253f80e2b3a2f4b49c3b78b4d5d50e4d707cdc4a0a14c2712d04cb5f457af200
SHA512170ff654bf0b46e4b9ac532f7c3d36ec61760f621c28ba96eb2191ec318c1080ec24991fdd6435eabb02d9e4f2409e0dc605e0fe548364e2390d90f15c9049a8
-
Filesize
5KB
MD5eaf59ad6dbda9620091af6c8cdb39198
SHA1d8be1e1d7d6f0fb00b83f32954448e82559f6df9
SHA256ae9c6db3133de662ec365cb5a593a2d7ae2596e75a45b864ba6cdad3461767a4
SHA512f6d6d77763fd2649d85d3e6bf1ee6c10a1c266a5ebb9456f827ac31d024a35a1c1f9aaac2eae131aa6430e180501731c64086ab7c356b641098c7d2c965729b6
-
Filesize
6KB
MD5c7e8630a16020d6a08afa1c5577ade55
SHA18b0350777e245779926c6a6fd5430c7a273755d8
SHA256ffe0622bc668201ec19f46e436874aaedd20d998c537c209883e1dc005d8fa79
SHA51218cbf185ff848537ced8bb6fa86ad1b4221278a3b2bf26cffb81410a32fbc6f2ada471273ad31c3277efaf1e7962144a700e203707fa43834485eb6875ae8d86
-
Filesize
7KB
MD5ee5a6f5cbd8b430461c10976346e2682
SHA173dfc058a4b991f42d457b09c502d0d5e48a6ab2
SHA256362ebec8f2aa4d36e31cd8501a29193ae951982c30f76be6b118717d5f4d02f6
SHA512d1b42e2297e61dc45916059d77ac52b57bff20268c83e0ed8463f5446b531a6ee0ee8a436fbc0536d5958ae5bdfc580d2b95f8ae332ccf2d62880edfab345572
-
Filesize
6KB
MD50a91c1e9ce49bf2021cbf13af650cfc6
SHA1168cbfed36e3b87607f2f095a85dc71d4507db37
SHA256262aefc7aacac3eb02f0f1b2c39a3eb8514f4c0c9fbd950b89a04d4c70cbc45a
SHA5128a7afa04fd6fc7e5e06301008399a7ef6a38b88d9a89dd469afc38a87f3cbc87c5c6956837988cd02bd0f6a72f56057941285ae5d7264a412645a246970e52d1
-
Filesize
6KB
MD569e2aed838ceb5f23a4700ee2ec2e43d
SHA18ffc513eef5871cd62d5bdcc8c98325dbf156bf1
SHA2561d9953b4399512b73295986cd2f50172d328f7cce66e09c699109ebfdb5110b5
SHA512d53d2680c155d73d69cfd57da21494c11071f05f1fcd875eee6fc20beb0de6f6b12f9016394135a8e37734dc159e4e85a4caa8f15335305ccc53671a6314c743
-
Filesize
7KB
MD51da1f2b7cb5672004c57b5d092590c58
SHA1628d9cf1c21458368c9c0cc2784936614298e5a4
SHA256e038ae0e1ffc465e4e6133b5940ead9d6d9701013ac88856a38c7a2b9d7d59c4
SHA5129198d7cc1c980d89120c5698ef83fded549e925031c9f0cd30c559dd827e98c7c48a55469655e47e6588c972873708964ed343d518cf92f0df2c59362e0e57fa
-
Filesize
6KB
MD5c3013658b9b2643a5555391b52ce30ff
SHA1e6609d882380798b7dc72f1aaca83268f6c35c9f
SHA25685c08d78da0b835a3c094a823d308f0961ba68100a36c356820bd1855d0c3679
SHA5121c843ffe844db0fbcf90a7320c0182903576f4876f499dc2cda293e34442755be519f8dad27792ad7ba04f403d2c95cf8ac92d651af70cab34fb2efdeaf6a917
-
Filesize
6KB
MD5bef32a44c2b9d215719f77867e0981a8
SHA15cc01d8a574d41363df9c27c4bcdc26f2d3663a6
SHA25668e32ba30f13a971b7b1a3b69d6738485be679625f02c31e46f37153cdaa3cac
SHA5120104c844dcce80a2dd69c68210e4b67d9b4c90dd3b4a799c4a398063ccf9b77e92cc6b7001d42b6448bbc9f1cc861f9b1989ee6ed6b65c523bb81f8c0d3ed8d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD56b38bd13dd54b17c12a93d35d173fbed
SHA127e81fd0779ea0424f70f8f4aca244fa9b612001
SHA256a63d928fcb02db42ffec3a0a6438c220d5f594b5bbe078b0c7414a59d9b994e5
SHA5121712fe711bd892e7ce2c6c144096c131e3d9195b561a423991d4702fc6afb217868872af25378d052f6d97eba83d6696fa27611e9cd35e5e0d64e993ccf3fdcb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe623c29.TMP
Filesize48B
MD57d758a7343c9b8eb49d9e4de2dc16938
SHA1c87e23c692df3d6657474e5188ff94b3094100a1
SHA25630e026e85c4e3268a6e284157eee41c334b12460215cce52798e90745420a114
SHA5128925793cc154ffbfb1732da524d94b768b615f7acbdafa87bcdfbb192860f45f094dd37cea9c179331ef9e6c21a56b507fb9eb81352fe07f018988118a3845f3
-
Filesize
156B
MD5fa1af62bdaf3c63591454d2631d5dd6d
SHA114fc1fc51a9b7ccab8f04c45d84442ed02eb9466
SHA25600dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d
SHA5122c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77
-
Filesize
319B
MD593ff27cb4a6798393845c37923fa9863
SHA11fdd46aae3dd0fdd134c402097a9507a1345191f
SHA256a9a037e4f7480a9e58c14b88c61867b740c6bce44b0c0c52bd2abc70154c9e0f
SHA51254e4579246c971883df2d3ded50d926a4edca426b73a2ee5fd00fd484f11e8c0ff5377b02804a2f2bfd56fc0b5e5ae3d3d2fe05b04fa879052f108c5f6683da4
-
Filesize
1KB
MD575e97ff2a89afe4da3efe7ca2bd847eb
SHA10c3fe2e491573aef8a23459c6f031a3b9bb892f7
SHA256e639b3bf145d5e12eb56f4117401bd1fd7d239fab9c84f1759a689ca15fc6006
SHA512c996611497926b201ea192745c4c0bf0508f269b6885711c9ea1739c2a09e747cf5108cc7ed08f83694108534b698ba50304d7e18aaf39dda8bf0edc3774f530
-
Filesize
1KB
MD58b096a0b89738d21dee5d58d854f35ac
SHA198d4d74aa44026f385fc350ce2cdf9e52b4769e2
SHA256daea9a95e30a3e8569a4b8b0abf215b185172d5825a75a6791cf0025def80efe
SHA5128491524cad1cd0cbd242bbb8b00e98c75c615ea4529d1380ec58a48d2b65dde7312f5a2d48948c59529651f09957b88c625239ae51fdce6eb76fb0baec33bc89
-
Filesize
2KB
MD5774aedc29899d457a7311526bb4724a7
SHA1a0fbfd527d80d8eb8333899a150fcc3c237c073b
SHA256eb79572cdbc9eea1071fd72e0b90c6966b9996f361fbc25441d8c017009515e7
SHA5128a97610c523a25bce972b2d3a2c1ce62857d5103a997e6bb98c2dedf62299fdb295bf03b1861309c9e41b90d971b4b4db7f35e2b1f55823fe853a589fc577793
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD5648673ea93ad876fa88248fb4e4e65b2
SHA150d95157086555afb0b9a8b96fb3643ec22ff7c8
SHA2566075ad69e8688c6b539787bb903b7bc7bea0db9d902cdabcd031874fb4dfb01f
SHA51227269fa2c0e9effadc742a1d06f2844f5d3b2433980092289f7325b2b746b4edb37f0f8abb11284ffdda65eec2c81012585cf6ac4813dfce97224fff0cad72c6
-
Filesize
347B
MD54cdc4f787862d15adcd01fb80c88e592
SHA1717e8ce396d03402b7bad7b3eac87ce31204d250
SHA256b2621590e5d1deb06dc2dc1dc39ed30f537f2c62e6ba7d5a7e8e7538a4472801
SHA512cf65f45fae4ab3d9ae9d83807a7d460cd1c68236715fa858c4fdfa520d5a819e76d090bdefd542aaefc5262e4eff3f330604948192f1eeee2b55e65af99b44a5
-
Filesize
350B
MD53bad84f8ce5485e487599192bc57ac0b
SHA13c621d7ada8ff1c1996e4d15f6af9aac06ab388c
SHA256e13383429c253e196432e125e7120b5f97546b6e92fedf2e8e38259da1fccd84
SHA5129e53872d8f6b87876f201c53c2b15ff05c36be6dabb7b2417fbe9f415fa61d7a104d04a70a252a2ab7ba843517bd7d0acc02775e1b39e1e749bbab86a8389a12
-
Filesize
323B
MD5062b7b0dad5bc5def00d3b74b1e6fc83
SHA172062d83aa55cddde6190d9309c2cd372c5f4a9e
SHA2565bdf0cb32fcdb386ded1e9beb89f7caa2509366801bc98284b87eb188ceeacb9
SHA5126f411c143f11ef5730291a29d0250938d8b3df688e700c8669ccf648c0d1fcb7a4796fd780e1f41a18fc0424435af280cdea983e2f37081e0049bc65a2a25d78
-
Filesize
326B
MD544121e4e623ff21b6150dd7fa46152d5
SHA1c64349d2ab23f2ae4bc7e7131bec1c1cbe1e09fd
SHA256ea7ff2e9f237d93a85e914d5f288da643c797dbaafe890392cc0e0e4f237e388
SHA5121ef8434137d6c612afa17e5da7098685551936de3f3856b60b3b9bda6cd727eb146231a751426800e043e305c30014dbba55716065fde608ba6470a12872b188
-
Filesize
2KB
MD5bf88a1c76517753c9cd871cd3e75ae3f
SHA16b9632929e9294da52e4f70959699783d2f8be66
SHA25623dc78d242b1cbfc628bbefddb25f9b74d6d88af7c5d08e9744a73904f5c87e5
SHA51263854601dd761c1661e7385e551e587a0bcedf31d581e52fe182dab2db6d82c592e09b4baac5f80b68c2949aa02d3d44552024f71df3ef9339f4d5e25d3e741b
-
Filesize
2KB
MD5fd085e9aed8ac473ac6f39a840c73007
SHA1cc296cac62f7a7a7299bc2b629de605bdd2daa2d
SHA25691b10ce9ff58390a9cb11c14fd999133af5908d826c66ec9fe8da3b384669969
SHA5128bd7606fb4277c647fed2c7eb47fcb9147668e322f63db4824fbc97961ea8cd6b0430bfab6c940d6b567eb2d4897eaf035c8b9eb07fca7484baadd50bd5f3b07
-
Filesize
2KB
MD531486be2257149acbc6a180f118a418e
SHA17c33e41e060ae3627e35d4e7eb8ff804e207b069
SHA256df245ed8c5f94c1d2bb51fad210f8f3f884cf18b0e5fc18f2d2c845b308a1291
SHA512310b5cb43403e560c746c4a3108a19e411f348f5e2c1d19cdaff59e7dab1e4e0fcafa31bcd77533ed17236c12bed28c3792ee7dacda42e738699b45db3e86eb9
-
Filesize
2KB
MD5bee12ccfc656e87f4318e1873896efca
SHA13263ac32b858672a460cf5f35e7ebb904b3d399f
SHA2566590965023d65725fadd1242af89d15e646a4bdfad6fcfa6a8173b6aff610a18
SHA512d73a442316dca462817ccbeb4ff6a42696c610962c2fe8290acc7ae484b27a06d7ede57b13d4bf2170c1656176def0137199a1a94faed1913ebd370278b1bbd8
-
Filesize
2KB
MD56c4d20350e8cc7a7a57221c92cbb5b00
SHA1fd7593137970938691c38a4e49d0d86be4f5c743
SHA256b8ee8c5e13317d696cc0ba78fd9cb65476521751088c95b54365fd4b435f5b9a
SHA5124f60516b1c699486e30194aeaac6f43cac79fb73cee8ff1cdc285b9daae4d4c28a33d662bf196c56c1bfb024c53b61d77e89b6b02f9c7d6df81797d9470ac241
-
Filesize
2KB
MD5fd67f5e233f9412123d673b6890854e4
SHA1a310dfcc383729d634cef178c5f2fffc530375b7
SHA2566d35bf281bd473bdef578fff5b50d6775c32a1b5d6b8625cb91c002deec3e81b
SHA5123ec2402d064119f795249996c8bf00b21bfb283b44ac3666b8add113b149f12924786a032d90ba1c0a7749d96e90fd30107def8ef13be4636279af746dd8a4ed
-
Filesize
2KB
MD594f81f9559ad38f1072197f497ac482b
SHA151050f0784853e776e6053c8949166edd46e91eb
SHA2562dbbca51656d84b2c307e331b4e6339eef42b10f8387fee43f7f0bcf1f0fb6d0
SHA512944d09b315a1a39433b589c3c299de05292b2c178bb2a62cbc914b590689f5e9a8c36b27301ef3e7f1f13f07d6f5c75b3f28d98cb5879f6b3c3450ccf712b4fa
-
Filesize
2KB
MD556260977e735edf7a463a33271f57fc9
SHA1b540d2cee708941b4bb1257e98c2a008c0692800
SHA2561daab262be74fedd946615ec2408c5aa163cfede6016aecd09a98b11c3a0ec3e
SHA51285e40f093eda6ae3292d6f1329a81f19d8913bf924d97b42d30afeef9ae8fa9937d843e6202101fdc155f86f3beccd4dd1f667a1211913f4e953fec63fbdf898
-
Filesize
2KB
MD5889f5a5bbfeeeb964f544082b05752b0
SHA160f6635962db889b8132f2d7eed404302dc2b851
SHA256226b64e123fbed3e74ab91570d21fd0d08c43fa278fe2bcd9cb4666ccc721a28
SHA5123d56e54e0ca000dd1a0b3c63565c9c40a6a1ef13132e5027bc645de0a11a6c91e1da8658f63a9bad088429f4bea107340b32c10af33fb5833694590cdcbd0722
-
Filesize
2KB
MD5ef58017bfb51cfed5620cca3e1218239
SHA1b70cf2d85fe0479b79925f7ee76287eef08be86d
SHA2563bd9eafe9e4a25eef201fa40025494f0e402a988104fb4c7d267faa11adb0af1
SHA5125da5a4b879e8802fd0b54ca80e1560f31a38999db7a39abe4822e3fcb7d9245b6e3fd25ecf9f6c5955f4a4463e0a0a22be00649e09d21cc598b6dbbd79e04cfa
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
44KB
MD57f19f96fd417a1b65732671e489e9e31
SHA105a2a1abb2f6c6c32b0543b340929af8733209a4
SHA256f78e56e49b48d9456dc199e0fd73cd487fa5b792936c410a68d7cf56eb4bf839
SHA5127e288979f7cdb02288ef435097143f59417bb2cf0f270a7f65b9e6c3c71865b9ec60aaad46499ef505674fa2905ec9e9225442e3abb448cc27317e2fc178bfe4
-
Filesize
19B
MD50407b455f23e3655661ba46a574cfca4
SHA1855cb7cc8eac30458b4207614d046cb09ee3a591
SHA256ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
SHA5123020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939
-
Filesize
322B
MD524387ecc51ac3da9e191c7ed3e331502
SHA1b0b6fbbc5f79b7fe2e6fa5c4cdeb8bc16e8bab3e
SHA256a465b2cedf408258e9c3bd9ae4e93afbe2df2d03853a1a9123d831d7f11cbcc7
SHA5121fe6038e528bb8638e33896c48216f371a59725cb4d904fba6229e1c0a6ec4ccb1b2209d9869afdce36e064fa15e46f0b775d75ce05460e678911deaecdd876c
-
Filesize
318B
MD5a79b0aa502b15fa052f082d4a519bc72
SHA1f9642158d5ba0079cadfb659a589a1a5f0edfcf2
SHA256fd7ceb5a5aaa810d9315d29449319690d091d62398e867e22a8fbf2e857ecb5f
SHA51282099dae5dcded05c6c4c05f1d53a907a32dd00083d15eef5340474023f7c328ac32a5f159afac053f47fb8ae94807402e2a26163f48963ea6266ddb0f9ab4b5
-
Filesize
340B
MD5a57e476c3562a7e160f5004d53e756f7
SHA18ee81e189cc33c58bbcb0da7d8cbff2c7d63aa24
SHA256811b1bc28eb89d95f5765114b17dbf6c95dc646375e83eee50914c811859502b
SHA5128bdea107f57fddef5bbb5b7bfeff88c8e03f0d2ce8ba69069ad7e55bb2716a78a5a1efd1ec5894f3c86ca8668f4a4515b67836920bff56491aaf2a86635e4e15
-
Filesize
44KB
MD5c9d686cf8f4151e5ca8c5c1f3c4916a5
SHA1042ada3a3587051e7c60aa78359bfa0d0f0d6d2b
SHA256beade329f7a9d5351a02728d93b608c1a8a8deed1cbb1a49d3d63bfa036805c2
SHA5122ca5e86662c34aa5faf1f2a0f10d9c5e1731c4b23f7b3d08461fcb17a43b301b02d25256ee19b8e7d8034d1906421470895ca025766d5c0d6249f0add8c3560d
-
Filesize
264KB
MD5428036d0d75d0740a04444e238fe8ff9
SHA170a534481005c94ca1e0b7b06ce602814ce9777b
SHA256ecd0e0c00940c2cd54553814842945ee519df75dbd96dcc112803a426603033a
SHA5129a87a27627b7405edeab174a0ff8fb5093be7aad9ec3eb90f2ad4b509d58aff5f70dca0c09c1e0a22a6c91b81f83263085edee327bd56d83572fce3240783170
-
Filesize
4.0MB
MD5cba157d17692f95e7f5c3e5a7ea2dcd3
SHA1b1c5742e5cbe66caf8c0b5cc43ea07f477ac751a
SHA25615c8ae8f82824b04cdceb2d0a5a5abb5402a2508d5ff01c68da4f53437bb3837
SHA51274f9fd1c3047b3a5890a00542d8c7bdeda8224f558fc3bead8a9da2b60c173e0b1640ab0a7c1dc36b11ebb16f5e2d291e8763c90a7f6e0dc985dd3f3cc309aa5
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
11KB
MD5ef0cf7875311d2946186ca724a85dd4e
SHA129fa14d22cdeb9c5e69616f76a7747dfdf179c4e
SHA2569357034c4fdab2d9a4c28c8aadbf6b7db7765bf88b49b70f084d72986a63bff6
SHA512a64a6d96e1e0d07355d5b616fe3658af6b8019ef077e9bb3c73285d5108e974f4202b70576eae545dfd44a78c5a433bbfccb56eaac8eeb177c8c074c297bfe65
-
Filesize
11KB
MD5693c4fb8995cc36930ff8196ca6502b5
SHA1a9dff7d2f3ce6f81d513b299fdf6338a4f14c83e
SHA25691ecfe7a953fa69ea0a7cd2a0f588cc489f222a09e7ee26d9f660276bb4fec9e
SHA51229ea7f1d887d79d7fb283ed5fb3fa6623934c1487ec748057cd3c392342e97588c4f33394a07920a8da60d8ddb5ca0726bcd7fa939e68d3786f91303484df731
-
Filesize
10KB
MD5783258de76e72c6bcef5e9e86a8666e4
SHA11a780a428e879442cd104e578c4c32dbe9edff8a
SHA25637ca3a39cccb284d2ea007795839b5687270e23f69fb57c85f1da99824bce791
SHA512506131fac2e049edfcc1dbed54c9790908e7ead485826b5250e1c344af71f2c3d3e1385569962735b931b35c8976012c2ded5c35c5bf0eed1e53bd68e2af99b8
-
Filesize
11KB
MD5cc3b72266c37af05075be419a2fded40
SHA1b45330c271d0f66a4cfe5bc23ec7ec677e89753c
SHA25680af079dcb14bab487a49899fcd86e4a1c0a0492439cbb4404dbd5a0b0f09106
SHA512555dd2521dd0f0ed7a7ee66d051793cd88ee562ebf5e2cd74957ccbf72488c6c898fdcbc9929243fbc54de0434c89f62049fceb168c2484ef4dcc14651013ced
-
Filesize
11KB
MD5a03b368e4c0ecfbaf4e622e7535d0445
SHA1bba34e83f420a1ed6b83ffae5899a9f9e2b387e8
SHA2569c657411f79e97d10363dce454abc820b8e921afec3a6598d9b080d1a1381d32
SHA5123a9fa07364bd684d4b97ed98efbb6a63fab53761635adf35b3ca1f5085d969e493a10ba1e38cf0911061506935ef78f23e2ebc9e98babf9ef841e84f0a0ca16e
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4B
MD528d6d69da9716f4bae30840884c994f7
SHA12d697ebe59efe97c672b5eea2b38de61146a2bef
SHA2562cf4b1cd74d1e297ffa5372fea97af28358f7488f75cf8c0288dd167c4948544
SHA5129e722e2716258dbfafbbb3357c04fb7baa9bc22d3158b91afd2e28e6c75a2eda0b8c031ed1c34cdf7a7c35070de0ef4fdfead669cc6360ec6201eb2226b2bd47
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json
Filesize19KB
MD5e3654d5fd278943e1cf92001634f284f
SHA17e49d431a6893cc5bc7173e467ad6f8d0bf4aca9
SHA256e6af8ecda5d2c2716798610dbaf8b6eecf0005fe76265f3c239be5a2d2e9c89f
SHA51212955251b394a6faaf2d37635597cdb3807d38640a2a61f392d6c139cbd967a7ef69ca9eb735da2603a2de74cd295c4c12bc5943bf9a1bf71971ae0b3c7a5077
-
Filesize
26KB
MD5161fb03ca4c65aca0f0e4b9957227bb4
SHA11fb0584cca858a886e410a042efab1036cda8c03
SHA256a95eec0ddc7ace06c047f7e2dcf2b97bfae7542d8783dddee17313f0d0e2b72c
SHA512a1422ad08fa1b4a765f1d8474e8beed6c4968cb6ea3af820da98feb5a5be7bd0f4053018737aa617d899eb69cf7a2805937c735e46cfdf3e84c512bc820d34bd
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize14KB
MD56c151603e4ce300bac87748c14041744
SHA16d46b58864397229598b525a3c377be4a535792e
SHA2563fb150d42e89d16482ef80f863d190279f94ebf8c325eed9a8e9bd88e560f08f
SHA512e16d6a49d7e97ef1a9cefc53dfa7abde34b0447d5cdf5a4b2d6cb0fded83fd492ded5eed541dd97032a78e1600ac9940f36feb562abf029843c54f4c4a288063
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Filesize6KB
MD51d11d8c774940adf33bf536c67e23bab
SHA16a36341d3ef572c474438f9e6152974597cfa441
SHA2562eee04b8650d2abf9714a683f4d72c15754b72bfc66bfce2993b024063c8b3c6
SHA512ac386e4687e93837b11868e26943728f67abad2452cb092b43bf7e12b3d45fc4458f65d41acbdca3a584caba7493ca16e4fcaf50dfe54d8c57d6a149bb5fd7ed
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Filesize6KB
MD56e8520f7546c96aa229075d3d868c90f
SHA10b7597ecd35816f7a13d99ccf4b9d55434459619
SHA256693a00c56a7af841f56c5a817eb0fe8f0eb38cba33756a20e4c27f5b013ac205
SHA51260e36c015e14d904858bcbf45050c50bb01186957a9955409168637dd264f14578bb1bb753c17618efe61b5a71f93b1e7b62b14932c4316a11e65b18ba9fdbae
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize19KB
MD528baad77674667ea587e84d60efd85ee
SHA10b87d3f71fe556a87284ed36a42e61883588ce54
SHA256495d22b3e6ccd259ac581cc55c3c9eefa4555c61bb8841ede2a1781004c1dc78
SHA512a68077e5e52582812c20691bee6d5b288d23ea5b6402edd1beb8ef052ccd7dd3cbe23b781605e0e438a786a10a038cdb2092840b7edf9632d42493eaec7d70c3
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize20KB
MD585eb639f843ad4624e808494fce11bb3
SHA1cf04e785147b07c823b2b846889ff308cc27d212
SHA25694256a08a5d0adbca80e57716e54aab49389f7f2f1aa5dab7e575457ea1cea40
SHA5128d3fd59256bb9ac3532cfded3ffb3824a08940f7cba5453c87a828c41996777b035689004710662dc89861f77a565840a9a0b2a5ce988cb5ae4ff565af3f0ea4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J8R58WGY0CSJF8HNDCVI.temp
Filesize11KB
MD53adab5a0a0d126b8ba315f0f47f8bf70
SHA108da0d19f05ed957528622035aae576a4ffe3111
SHA256af50579fdc77ef4839666a6f493f35d2237883dd9000e93eaf9557779ebf340a
SHA512eda2601d6fe992fc43a5dc5fa42b2a5c6d165c4d3c137907a2d9244683a5d102b8f2deb3d04f2689850fa07b6592e4c8cd3cbe1b244d2ccfb4a73167e02d872b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
Filesize31KB
MD56ce49a5f5ce7c1f24a5548d5c67bd6f9
SHA174d0fb06c9bab38df88ea39591b002e66a910235
SHA256e654d61018e8eb15ccfe2a9ad6b237155be7c642f0257628796697e6e1331bdb
SHA5128abb70825d173d3fe00fb04f048f47395af62a589bb8b8146905c24e5e8398264bf30c9d1b320f5000019c28178bad8d01663000378bee2b9e51264efe181926
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
Filesize6KB
MD5b1f44eec9330e585e334fc1e046dda74
SHA1024452b593427a66a33fb19852e039c3f8373393
SHA256d047cfda0258541bcae4183ce97dae4b09ac4e7b6363c464a37c51674c280c92
SHA512a02f408bdf0a07893afba0512989eeefe2244012f778b9ba48f60985962ba764765901985a779aa2dc57f007ea765384d854df9de5c42c3ee7cd8760ca35dc41
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
Filesize10KB
MD5fe87fb58f959c2dc5e4b189f7bee0388
SHA119a59238ff4258ea42105d323c83ec9ca643cb50
SHA256d9d9c38cffe0a137db9e10163e52e8beab1fa37b75dd5600dfad7e2cbb29f7f4
SHA512250bcaf1d5c7d72350fca0474fd2350efc63066042ca9f965fe439513d163f7290011eb4ff8261c262ad288830206799e30292337dc973312ff6a41ee01bdb93
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
Filesize11KB
MD58a2045c7a346cb8b4bc64de96e97738e
SHA1af42c656743462a917bd6c6d4ff4e91bc1dcd42d
SHA256a16e1fb29feefde03b346f882e08b999b3e34d516556e120efa28abe2c7d1dcf
SHA5124f6c458835460596e925ac7f6f6dafd759d484ce9a0051a8ead3b881ea8a249b53be6857df610c1b92e0f2495c9a3379e223fe75adfb3f79654b3802180b997b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
Filesize26KB
MD5913dada64aaf0c0fc60f17ac1f338c0a
SHA1ab92fb2edbe54fd5bfb5f1b54f82fe6dd10f8e85
SHA2562b2467e614fb9693ff52eb2843ccd319d0c4c0c168121dbd922f2a5011db0946
SHA512e4a70566fe99067b78cc897f78ae4ca1ed79e280b7f21112eb9cfde4991ce72efe58f365d39973c3825d0790890345e8b27d722c39053518711e37c96d26ed4b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD51fcb3fa903e4cc3ee3e8afd66be10e1f
SHA1c47e77be31870d7590e16a595f7c66cfb0c9d2b8
SHA256abd06b9d3d392ca090a207578765ca56ae613140409c586464cb537cf0aca96e
SHA5120ee5cb0cc42691053a29b1cbb7f34acaa4fa346f629945f702aa2551ef0cc764aeff4d11fc693cdc6971d0b33c6614c468efce3e14c31e4990ee644313c2e32b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize41KB
MD545a4908be4b63b6f500b8926f4bd8a1d
SHA11dd07c5d8e004b27d526609c5d668350188da16a
SHA256cb54f6db1f922f28db2e1380d88ce93d173f376950c1eae830e420fd2c2e1f7e
SHA512c5b82cb1271e47689af224d7f25887f3c2c2d3b0d690ed4fa69e4717891d2686c15b0017548bbe6fe733e96e17f655df285c322daa9f744c21ffb9978ff47848
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize32KB
MD548ff5c6d349a2f6cf027103fdfb87292
SHA1d5029a857e2eb9bf87fdefd6b3377924609c11ce
SHA2564f7d932f45dae6dc37e8df2801b9388cfae2e6e506f73b4038a8e895f3c3b177
SHA5122e83b900caec6f613e0a5c9ba533ab810e2ccf482e1894e73bf0cb73ec480f3c459a7bd4d8e5b6393bb33b07ffa8cbdfc59713ce7db92c6f2a9eb6c889efc88e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize41KB
MD519dc889de42f14e90d0891f71093a845
SHA1e1c2fc266b48bd71147306b162d6432f908ef75c
SHA256fd8fbebab35043c78c54c47849f2ca65849ca5b0924e68653fa1520c210d432d
SHA512d62f05d2e5ab361eb41e559b16273b337891450f9ef364195de6b6cadf10e6ccc1c4d6bbb8b6ac5cf9026202396efb6b9e5761c7513ff069d5290a42c8b64888
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5f1471272f8f36e8bf2ee6eb5e7dbf7e9
SHA156b17f25e1ce49fe4df483786b4d39e2052cccbd
SHA256eac632e80ffac4438f13fda8628b79d89c12583e9858582a1801a5d1524bdcf1
SHA51234c61bad108865c7eba5a9d70a948f492c15ad34ec72320435c50f66c456ec04cf318a5740e53283763c8ff27655918a7243545592a8bc66a4fb4459ae05362d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\081112eb-2687-4e2b-afb9-a815a3260040
Filesize671B
MD5d1d530b13855fcef7117e7469f2d93e9
SHA139a31745ddaf106b03ff39a6ef33bd80ef755be0
SHA256930b9697a7ecbf1977dcf245eb4fdcdf740d72002036312119e20c59697749d4
SHA512a640fe72776139805b3555566ea40e03ae196b2da40b8a2c8981ee4343d53952da8f9dffbb5bc826c2b3d285fc88bea51ae211ed3b8b4c3e2801591af57f95db
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c3f2441c-ee68-4bea-a897-ac1f3e4e47cd
Filesize982B
MD5f779476c84d2affc0092da28d82e02e3
SHA14b1bb2d18606951e0e10ac34992ac14acb093153
SHA256e5224845c58fce9331f8b62cc329c9bc4307b99b8b66c7836ba6cf2c6d15ef62
SHA51211dae18dd5b95922df22f78da0644bc96e375156d0eea7efcbc6b54335493f0e6b49b81d199a971fe42db2a62c156d9549f8317afe6c4c49f01c1c52bbd99459
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\d87d7d62-733f-45f5-850f-28eab28e1eac
Filesize24KB
MD5d9986fa47e92c7fa11384698edc0aa30
SHA1f4314646313e51558a30ac1a060bba2536937f51
SHA256393d9c4447acccd39419faddf2cb8416cc1f4e1d7e896f8e42d170c9a3c5a429
SHA512f59005d37840caa454ccef02b52c8c5f962cb320db45b9aef49582d34e81aa88cbeb5203afa497aa46e926011bd1776c25107a0e682559684c222cfd387ab567
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD57f43bb26e86d5082b668ca25c06de159
SHA1a515bf53a27983c0f15462924e18791dff23e619
SHA256aa68f07c11d8c0baf5fbe1b328fd6e03788adb8e17bbd5d68c3b45ae3d8609de
SHA512d0d42c85c1c6b70b6c1a06bebdd1f213cd2364721cb8b72e97e05fd0c75a00e41aaa572db2012c46743c63174dc82981f726410c93e0d8e083edbb2924dc7dbe
-
Filesize
10KB
MD508451a4b8645a0274231b2f1247276ac
SHA14c21d44a77d71f23b241ccdadf52a2a3d63ce106
SHA2569efebb5a235afb5f34cbab1190cf003ae6b481a8fbc23fbd5d4da07ade67cbb6
SHA512c3afc83f11178cecc170f46f090f71e765690144dd151e5120b5c869bb851eee3885d3caf9911a5b2c0797e151d48bb5e8c50ac87ef486c49e2d2dd35906b74c
-
Filesize
11KB
MD50e6d0fd53365ad90e5e1a89224fe4153
SHA1c36502ee5758897ed1c0e9032f9bca0d63e83f1e
SHA25635839db57a6da1fb97dd3de720d319584f4b667172b80f39a1558fe82a43f0eb
SHA5129636eec52f548a77f863b4486a12cf9de648299a85917bfcef39a0ff977706a09c0f4abe6333bd43a421f708a0380f58f3ecdd675eada37537d052006a9154a4
-
Filesize
10KB
MD5c326ef68971d3b7c4f86f56a450c492d
SHA1927d6d6f549956c1a680b818afa0ae69a00d0782
SHA256d57cee29ffca43c5c44ef95bd59009f74f9f8d76454894d31bfe9f186975badd
SHA512e586274220678be508181ec79d62d163569a0e56580fdb6dbb9b59aa599f390dc7cac189ba16c81243cc82b5b88aee7c45982bbf6df76be51bd394cd750da4cb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD5c7594920c8b7cb6ff9800b81f0e0132c
SHA1af894a3f0a2a30c756f0b52d863d4b2753caebec
SHA256079027484a00844b490f4718cb90e2739fd19ee58784ca93c8edd39837305af6
SHA5120d476c7db83fc6452cd18d702dd0946eaf4dd85c6c1bf6a68b99a7fc03593f49df0ce260eea000aee8b966293ae4886e475bae1678803a88cd8e1448d90c0172
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize2KB
MD5c3ab38c0a885a94c02939e694ade3802
SHA1046fcea7db6054fc1552fe1b7f968e7b3c2eb374
SHA2564a204448dbab00205b3a3359519ea1a15cc481e41842852e8f1fe679e141af9c
SHA51224b3f01736b46d970e233681c8163c4ce3f64321aaa4613db288ad12984933746709103870894db0d89bb7c4304b5fe6fc756f1fbe65ab64b8ec91ff2cd70806
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD52eee2dac08ab048ae602fce06fedc382
SHA1f3eb451c33f54d6a4430d1dc3fbb1cc982a64412
SHA25626f6ac94cd50c2a732013fe101af01e3dacfb120f7fed889913e76537eda78db
SHA51208011851674560660714a33712da55a5ba04da3cb197539a33958cba9ecadeb5a35c301098d640c3f5bfc2878f3dac5eac38c02255fc856fe6ce2ba26e7b7efa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD529bbf8a1d9169f86f8c4a821fa925d3a
SHA12797fd8d4b54b52bf8e0086652b686336b43846e
SHA2569efec8d9fdefb1192761d592ccc4b1b3f6d6603bc11dc71fe494cdd0973502c4
SHA512f13af5f735d5d6944b6cd156b09111a3f1f456a93e353f7e0e0eedf8025f624580073b3f7c25d987a2b113808a0a9c63bf8e4d7a04e71751712a5a80496e8c42
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD57245aa7c3b1e1b6db49ac8002f0e14a2
SHA1dc6539924f3cb977dd4a622f7846b90edc4d3d7d
SHA256703e3221ba3b1980a7383cca8f899962f622b2c95a8ebea12dd05ba27a072949
SHA5122375f23acfbb4250f9b3a3cfe35e6f382a77b02414adb9dd7b3874866770252bee76e8fa7410fd34594e88a84c7da32c8ab625db5756e5d885cf8896cb5971e0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize8KB
MD5e7806e6abc20ad35d6d130b55a9ba8d7
SHA15c39087dcac7b15a83ee316ea52a9e4d5b8144a2
SHA256e36e06b2a80a494bdfb550318454207a6d8a8d6e02aeeb6f02d007d034b74722
SHA51218899983a92bc88ba53c0b38cf17853db45a1f6e84dda388a4b55ced93ccb30193eaaacb61591eeeb91394dbf38a603859065b7b18d33e4554243ea9e532684f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD5e85c9240e6089b2b79c5049c8feb80ec
SHA12de887d0dd85e30ea093f046eda5b119e658b13a
SHA2564712e40f1b0c3a5d55650cd8e98503e9b9ec37f988bb163ad0b3cc87dce95d60
SHA512e5bdcd888149c949ec0dc50633dcb42c78f73ff96fcc7c239666c95d69b2e233d76b6ec44dcf396bd431c1ac65b021544f39827bd6b54f7a332a00fb9efd39cd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD5c953e396ec4a3dc759859f505057017d
SHA124ff439bac63d519728321f11599e9feb04906b5
SHA2569089455655443ee98ecc201258968e1ab66a266e3c524dcb70c90ea9d56c08f4
SHA5121ee25593c0dca48735e71fe7060f3858505d4ae70d3996295ac4d0f0395541f608324a911a41e09a472f7b33cb7d825a57bccfcf0cafec4ac45c24bf3dbc94d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD5850421b03e0b65dc2ac3426712f6b366
SHA1b2e3b3e20c4258d19c6ac2562d9554b852deb107
SHA2568258b283a935b22c12f321fc220e835dd947a3b8dfd382933ef2cdd53cd4e6e8
SHA512080a8f4a0956b206784b6906431d172e0206fd280554fb48ee2e71f3e1701f21edc364224496c6210146d769a88021133dd7fffbae67ea110769713c5386f157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD5e9bfe5065f449924ebc28fd0e5695047
SHA138ffa86691322200fd780c144f32bf32d737b265
SHA256a1a22ab0be619e0050eeb1e9ddf5039f01199217b7181246e9a0eebc0cc39a39
SHA5129eab7d0c7b912d4cae9275c86c231a0e24af8707f13ab4e8fc8288dd75b75004eefec7bb5e7a9e5dacb4fdd378c1c52db5e2de55ea533e7b4eb7fa94e8a421be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD5b1ff914ef2a61dbf2b2f00f5d960fd16
SHA17eb43850698c7a1c8597a2b802b4bf9117cd820b
SHA25675089665d099e74156ca2e11670c44307c7ba49b27fef77b16e3e44a1adbda15
SHA512041c29497551b520d157595a03df9382b9945591ac89dca6b12023dcd835bb3a9f6cdaf66d5fbfead98c8c1367c07a37c0e72cb4923551047506f18d72054937
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD54991b0d4d373434f4c94fcdd6ba56736
SHA1e0a4f5c85c7faeeac367f3da9e363d1a32696174
SHA2563159faa071c3479252511713b98fd3908308896af4b16115abd23d1135e29129
SHA51218bff473e1ddc9802ec1f5d5084ab27e242fb0834d53c38a02c375f9299c2b150501ed1b61e8bd9e9a797736732ec8b11975f7cec4f99318ab812880b2187107
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\default\https+++www.virustotal.com\cache\morgue\121\{abb246a2-5fe9-4bcf-9783-a9e957d37979}.final
Filesize50KB
MD5f8edf937376634918fab2acb4df475aa
SHA10153d70000a7cac15c0310ee47b6f9fe7af09e6b
SHA25654b7b12ac027867ea41727eed2feea83f2bc84becd403531dcc8bd31d7efaeba
SHA51290816a18730eab0234b928aad5dd03f09f2495e55bc9e430cfe7be9405aae0884e7ac76efe971d07bfc46c5d7cfac8abb4349149ad9629d251c7134993c1f868
-
Filesize
1KB
MD593f7194830529f0b3271c8ce788f0dbb
SHA17d3e447173a1e50d3512053ed2fa9bb4cd5a3652
SHA256016dfccd14701bd4c14b6e02c8ce9fecff2482404e24c5344757fa51aff96bd7
SHA512b088edfbd376e719aab0a22df615121342e1347f04c53b1e4f454c88bedc2782d6a6fab9530a96ae043c7d3516fe62af9ea2521487ee27e2945cda73cf57d212
-
Filesize
1KB
MD56f8c37cba1310f206e5194b6c883a39d
SHA187f2b51e90ee059dfd254b0cde4400a81911e007
SHA2568ed245a7d518060dedae8034d54d46cb46b406b7e9175f97017ab35fa43a1d8c
SHA5123e9f8608be8246eb358ff007a375ada600a3efeace28285b7b817ce0e87eee1a92bc0f2ccc10d1d861301018621d753dd962ad0addbe37b4c7096f5491cb6676
-
Filesize
1KB
MD5bc6b5fc5000021c31d40538f2178b37f
SHA15285ef3b72b94dece6013049aa34d3edad25fb8a
SHA256b19171938e38cc96663d224f7adc6bc942929e0dd623b18eb5cd7a7858972761
SHA5128853b2936a849622880fe24b27db065cb16d23a4c4a3a656d45da5ce2863e69ef4db6f64e272d16d5f195f40b585ced006f7cc10a46b02a0dd6f5acc31bf9624
-
Filesize
1KB
MD501f890ca046206ce0614fe0c80720836
SHA17f2ec795f1705df2471e3d343b883101527ccad1
SHA256fcbd3547c483fc640d5cbcde8d551430fce6e407e697816bd83c42c86e7396fe
SHA512db69ca1dadf31185b85543eb541c61dd2ba9608095519a4d5a4f32b9a89e9379331541d06c2bc3744442e977ca667d5b1caa62328ddbe5297ac248bf36cc884e
-
Filesize
1KB
MD541bdbbfea3e24ff40d41c24c96534d00
SHA12e61ab6abd7cd49802a9ae307183807533fdec38
SHA256b7ec040553869a547306104dd87f6e2d3640aab45c8d6ade45044b1e0a961562
SHA5122cd1fc021f0791b36ffdd01d918eeb631ff690983ab54ff5bbbdf4ad69ba8363b7512c89bd2986c28a7eb581ec20d6ddef20ea4b6cae7e9cec22f3086616bdfa
-
Filesize
1KB
MD5777d9d50d42a348c892444c0b7fce81e
SHA1d45023520da36fb7ece8521e7acffcd80cab64a9
SHA256bbaf9c681e05bdbc37a46199371d0cf29b8303912400845087ad636f99ffbbf0
SHA512abcd17b09ea2baba19e79944fde01312da7c25b31bd528f59341a7f31d8c3eb8812371feb1896f99757ecb982961c61ef70d6c049b852f8e8636e6721adbf1f6
-
Filesize
1KB
MD5a1e45f0cf25ecb13dc4ce9438e645e57
SHA1b1dc43ef767b3ea013f1396752df4ee1971c7a06
SHA256125698826bfb020e6f68bce9cb8c1f70e3a9d7fa3bc6c6e77f09f3523816b6a4
SHA51228e903d98b1a643af2b0cdc35782c6b73153c3cfb98a131fea3d96c93eaa4c700ba2cb4ac02d3c4ab78681499c790a081eebc97167b9b4efea4110874d71390e
-
Filesize
1KB
MD53d9da746055b48d033b9d1c24ad72e5c
SHA16588373b27df7cb04871667920f5bc78aa65584d
SHA2569b9e3fc4abbc0ad7659e929b7f9087dcf2f79a02387b10eeea8f1367601565a2
SHA512acdcb338b0b3400a3d6c846bc15fea1b49eda98b0f93b04326049bac28dc122fe4f37f86929b35b36f8bfe10430445a4028d7c6e0da5b831adfcfc75fbeff210
-
Filesize
1KB
MD5a98389180a01785726106bf5b077d4a7
SHA19987e1934c78b730594bf9b757b077c806dfe1f9
SHA256a4431c6605036cfe9728882ac1bcf0c3815b79c6d57fd9e884021a2b97eb535b
SHA51221097f1fcd7ce2650990160780db9b2557c114dde17b626771a0f31e8fbb540b1acbd08afca3eaf89df92b024f9f3113acc2456b613dbe92ccd214e0d95c3394
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
201B
MD5f26efd124c5ed514df000cad177420e9
SHA1cc9cd80567cd67646f2a8ef5f492e41d0b57f3f1
SHA256c042c6ce60c93dd1ce4240cc4c904ccc6c74f2ec2f1fbab7e97132051d155770
SHA512bdedf342897ffb1b3c67c58a65706cbcf61c939ed1ef5387880e4f22ca7822f684fc22a39e1d9f47b76e776e5d5c6a7d865b47765631d4ba4a93412942029090
-
Filesize
203B
MD511c6d70b6144b9fcdab73fdca38b74eb
SHA18d583f9bbc3433b01881dc17d02016979f7ff9a1
SHA256bd06e257a568e3b0bd8f7ae49910f47cfe17fe6fafe2f70843d80c14a08b7792
SHA512dc86ef51ef2fdcca2c6536ad2fae61ee2ce49d50b40a45d5b76a059e50dd385adb8a95c75c02473c12cfffe94d1de4fa2522c7a551c86d4a12bfd32f76f9c9a2
-
Filesize
203B
MD5cba132e355bd0ef1b27afabbfaf14401
SHA19824f3fd9dd32e4fcea938d6fba959ca155f5146
SHA25603db57f95f5c1f827df9503e1ec16257278ed14fe615d781307b73defc1f5104
SHA512f5860aaf5db5676197e57a9323b251f8d5dd7022dafecd3b3c2f7b6dcc69c0e35ff8b1d96c85fcf95cb5f8b70f27acf9d902c967331dc531029ed760d7ff5500
-
Filesize
203B
MD5818988a518c0cadf4c7b309c3e169be9
SHA10308aaa9d4c272b7d8c40ee80b53190829256b74
SHA256bafeff5175d431938fa251e94b5369507403dc8fdef7a723aa4e9e72b447a88a
SHA512466c67f4eb980730f2526806d06aecec319d940881825f04f494b16a780ff560b3810274796083e0c7aae9d43a9d7a1904fbb249caeb5a8977704b559e203a93
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
577B
MD5e5bc700ff1294374dfe25bec1d8d4389
SHA13ea728b21f41ac2ede9702458c9af316f73db98e
SHA2562bc449af28259573d9f967e86a4c20cc9417bc0734294a56ef0f85c20e305c6e
SHA512a9558a06936d85e9d3fc18da3d326c22bae335a28f256197fbbf6a838e46f5f60f55c4af9bb8ba3574bc125b18c735834bce5fd38d7ca7065c20344f2227befa
-
Filesize
32B
MD5e430ae63e7ca93ed33c6867817777bda
SHA1ba3d39ece2bd889e5aff4477d56719a997b5b44c
SHA256b1f9256248d71654b01be3884922e7c4c0f230a63f89c39fb3df600798fd669d
SHA512afaf57ff8ed9afcf4dc8a62d3a166fe9868883d292371595498bbcc813bc9ac1f9b1f83af7574708a0686eae0a1546eb12fecb99e51993ab119b0a6258466d5f
-
Filesize
552B
MD5e3e29c5db579a9470315e5be80381964
SHA12ca4dff7ef4f7f2f0bae0a186a8ca6a72cad2366
SHA25696891d846b76826f46efeb0d23b391338c78f5aefc6195f8f53ec057aae255b4
SHA5127eb78e82ec3dfe9e421dc1c7f0e3a40d8321a0ae5204fe2d2c44bd171ff808c87663d18caec66620a5e1cf29716b9887d3ab0f3975221c0de7ef392890a02269
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
9B
MD549501f1d1fe44d5af0f45897fe9d5a34
SHA1c14b22bc13a4f6cdff78e6302b51e00fbc68a29f
SHA2564510ed12f5743f1de6745f51fd2d6597f28bb3dd8f6c4f749fe118681cb2e290
SHA512b05c93fa428be40839959bd6362a78ce72e6b66b784e375035e2b87317db182401a0035badbcb206f0202e36ad90d6143343527469edad913120d6f9d80549e6
-
Filesize
112B
MD5f02b98880dda4f956801ae5e5f630547
SHA1d451b6c35e674f3622d3c3f772969f3b5bf79fe7
SHA25604dce0dc45b9fca33eabbb9c31c7efed30b0b445aef685aa7c6e3089482244b0
SHA5129820178bbfb35db46c2075d98c300e8c6445096a3ef33ba4da5c8066fde9c6ee43373b935e93287121377b776e5f9a74dedca0588f0e2f283803fabab07a25e9
-
Filesize
5KB
MD5000be168955b4739a7f5dbc053e8c96e
SHA1a98fe381f3e71655264bb898f3fcf42f3270093c
SHA256eca313389e986d98834a67df83331ef378233ab1370f79ecad57589786547f06
SHA512024b0a94f9c5454e923799d92575388a0c956a8d2187c5b12156343924c23a4d88a712f7ec04235bcd502c2c51c9cc9b0315a96a6b34551d6214ecde2def698a