Analysis
-
max time kernel
300s -
max time network
299s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
07-02-2024 07:42
Static task
static1
Behavioral task
behavioral1
Sample
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe
Resource
win7-20231215-en
General
-
Target
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe
-
Size
896KB
-
MD5
7bcffb4889d877a42cc6135b4372862f
-
SHA1
3387c35e128a221c186cdb5b2d534ed4070904c4
-
SHA256
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
-
SHA512
a88500d0b7419e0aaf3e1f753ed6de91060b9ffbae12c733b373ee46f909eed842f99a59bb7f006932de69f0d118565d5e6539fb3b119d443de7bb066d0e7854
-
SSDEEP
12288:EqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgagTI:EqDEvCTbMWu7rQYlBQcBiT6rprG8a4I
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Control Panel\International\Geo\Nation 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe -
Drops file in Windows directory 9 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 15 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 7 IoCs
Processes:
chrome.exechrome.exechrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Processes:
MicrosoftEdgeCP.exebrowser_broker.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133517655442479373" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f14331379959da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "1" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.linkedin.com\ = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 008eaf93cb59da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\MrtCache MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "413453832" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubdom = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3c7537499959da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-33539905-3698238643-2080195461-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 5652 chrome.exe 5652 chrome.exe 6556 chrome.exe 6556 chrome.exe -
Suspicious behavior: MapViewOfSection 14 IoCs
Processes:
MicrosoftEdgeCP.exepid process 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
chrome.exepid process 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
MicrosoftEdgeCP.exechrome.exeAUDIODG.EXEdescription pid process Token: SeDebugPrivilege 1768 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1768 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1768 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1768 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: 33 7300 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 7300 AUDIODG.EXE Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe Token: SeShutdownPrivilege 5652 chrome.exe Token: SeCreatePagefilePrivilege 5652 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exefirefox.exechrome.exepid process 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5944 firefox.exe 5944 firefox.exe 5944 firefox.exe 5944 firefox.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exefirefox.exechrome.exepid process 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5944 firefox.exe 5944 firefox.exe 5944 firefox.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 5652 chrome.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefirefox.exepid process 3616 MicrosoftEdge.exe 4692 MicrosoftEdgeCP.exe 1768 MicrosoftEdgeCP.exe 4692 MicrosoftEdgeCP.exe 5944 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
MicrosoftEdgeCP.exe199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exechrome.exechrome.exechrome.exefirefox.exefirefox.exedescription pid process target process PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 4352 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2016 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2016 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2016 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2016 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2016 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 2760 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 5460 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4692 wrote to memory of 5460 4692 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 220 wrote to memory of 4900 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 220 wrote to memory of 4900 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 220 wrote to memory of 5572 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 220 wrote to memory of 5572 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 4900 wrote to memory of 5584 4900 chrome.exe chrome.exe PID 4900 wrote to memory of 5584 4900 chrome.exe chrome.exe PID 220 wrote to memory of 5652 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 220 wrote to memory of 5652 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 5572 wrote to memory of 5648 5572 chrome.exe chrome.exe PID 5572 wrote to memory of 5648 5572 chrome.exe chrome.exe PID 220 wrote to memory of 5644 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 220 wrote to memory of 5644 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 5652 wrote to memory of 5684 5652 chrome.exe chrome.exe PID 5652 wrote to memory of 5684 5652 chrome.exe chrome.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 5644 wrote to memory of 5784 5644 firefox.exe firefox.exe PID 220 wrote to memory of 5776 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 220 wrote to memory of 5776 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 220 wrote to memory of 5944 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 220 wrote to memory of 5944 220 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 5776 wrote to memory of 5912 5776 firefox.exe firefox.exe PID 5776 wrote to memory of 5912 5776 firefox.exe firefox.exe PID 5776 wrote to memory of 5912 5776 firefox.exe firefox.exe PID 5776 wrote to memory of 5912 5776 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4900 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe0259758,0x7ffbe0259768,0x7ffbe02597783⤵PID:5584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1772,i,5131391783067312469,12239671036486042357,131072 /prefetch:83⤵PID:6528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1772,i,5131391783067312469,12239671036486042357,131072 /prefetch:23⤵PID:6508
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video2⤵
- Suspicious use of WriteProcessMemory
PID:5776 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video3⤵
- Checks processor information in registry
PID:5912
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com2⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5944 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.0.858492660\1310056818" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecaec785-3694-4522-9253-746d0f708ee2} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 1784 205881d4158 gpu3⤵PID:5340
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.1.641517231\1766563721" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07599225-1c9c-4b64-8d0b-c33f4f20ecad} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 2164 20588105c58 socket3⤵PID:5724
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.2.966105571\861911500" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2924 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb5c4160-36fc-40ef-b9f4-037706cf1626} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 2932 2058815ae58 tab3⤵PID:5952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.3.784685649\896035228" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26044 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0f4c1fd-ea78-4a28-a0a6-403f5320ab74} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 3628 2058a7b5f58 tab3⤵PID:6356
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.5.1061245995\590148502" -childID 4 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cc70d1c-5b1b-4e2e-8225-d4802c6614f6} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 4908 2058e41a258 tab3⤵PID:7348
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.4.1621701193\31998953" -childID 3 -isForBrowser -prefsHandle 4576 -prefMapHandle 4592 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d03595-bf9d-419b-8c2f-fed7e3d0c554} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 4672 2058e260558 tab3⤵PID:7324
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.6.2144003625\717522049" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c565c4a-e372-430a-9905-28a80440617c} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 4808 2058e41b758 tab3⤵PID:7440
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.7.175016802\174942012" -childID 6 -isForBrowser -prefsHandle 5336 -prefMapHandle 5364 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd4d717-3e63-4b66-9979-0812551de859} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5420 2058ebecb58 tab3⤵PID:5400
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.8.507439062\359773167" -childID 7 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1ad63cd-959e-4961-8921-8ebc03147ec6} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5560 2058ebee958 tab3⤵PID:6108
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.9.1871330474\932939849" -parentBuildID 20221007134813 -prefsHandle 4872 -prefMapHandle 1464 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad60f027-5a5b-4e83-b2e8-31d4227741ba} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5728 205892dab58 rdd3⤵PID:3620
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.10.1212531939\762036233" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5888 -prefMapHandle 4872 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8ba7d73-6bda-44a1-98c6-904c3254a1c3} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 5992 2058c23ce58 utility3⤵PID:3232
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5944.11.1137907100\475909226" -childID 8 -isForBrowser -prefsHandle 6340 -prefMapHandle 6332 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a3f9350-4011-4ab1-9f03-597060f8b2ab} 5944 "\\.\pipe\gecko-crash-server-pipe.5944" 6352 2058ebdf758 tab3⤵PID:6492
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com2⤵
- Suspicious use of WriteProcessMemory
PID:5644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5652 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:23⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:83⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1384 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:83⤵PID:6412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3776 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:13⤵PID:6808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1640 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:13⤵PID:6792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:13⤵PID:6496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2788 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:13⤵PID:6488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4572 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:13⤵PID:6516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4776 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:13⤵PID:6976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:83⤵PID:7172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:83⤵PID:7096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:83⤵PID:6968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4024 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:6556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:83⤵PID:4452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1824,i,3001960283551805252,3974651915248887435,131072 /prefetch:83⤵PID:8092
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:5572 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1836,i,1212625836051295505,17893299221643810506,131072 /prefetch:83⤵PID:6404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1836,i,1212625836051295505,17893299221643810506,131072 /prefetch:23⤵PID:6396
-
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3616
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:792
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4692
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1768
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4136
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2016
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2760
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4352
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5580
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5668
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5460
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com1⤵
- Checks processor information in registry
PID:5784
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffbe0259758,0x7ffbe0259768,0x7ffbe02597781⤵PID:5684
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x68,0xd4,0x7ffbe0259758,0x7ffbe0259768,0x7ffbe02597781⤵PID:5648
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:7012
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3e01⤵
- Suspicious use of AdjustPrivilegeToken
PID:7300
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD593e4fbe63a4869fbbee38926269d504d
SHA1ea8fcaf353b2a31a608dcbf0dcc43f5ac19a383b
SHA256e314bf24b0e2efe84515fbef64f19a59b9a8f08bb1d1b28c5d7c02f9702c38cd
SHA5122e8f8b376baf538b2c5f808fa6719f0a6d1e803664ba040fc86d4dbe21e5cba2d71983ea9e65f75bcb33ac0f68f32ef8ae171b64d4457b7a0e9f4ec70263523e
-
Filesize
92KB
MD53fa057a53f831ad6f787c01bdde50221
SHA1a1fcdbaedf935bca14b366514cf7fee3e3f175a2
SHA256efef42a7e15c6cdba8a3e03452281dbe161deb054dc90858abd0e54cc18c34b3
SHA5126b2620574a789ad95a4e63ecdf3f76d84fd153cb664b8ac844054531b408d2d96785738efd74c1d761d5c10ced1be9ea4e9c1d019f18e2d991dcd54095cba635
-
Filesize
78KB
MD5e1cef60dbd744768d0bb35b469ae17b7
SHA1f58108a5719f8dd7b6459290f4ec156f4841f4b1
SHA256b061a2596b234a39e34d8c82da304accadb9dc31c113a54b747fa85ad44ff004
SHA5128bad36275c1881eaff3842d10808bf909a9c702a2c234aee5e4b484945dc3523947584722ae2e45c28f6bd1e7f0dd5b114bebdb099d1f76bf28519215dbef12f
-
Filesize
34KB
MD5b63bcace3731e74f6c45002db72b2683
SHA199898168473775a18170adad4d313082da090976
SHA256ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140
-
Filesize
16KB
MD59978db669e49523b7adb3af80d561b1b
SHA17eb15d01e2afd057188741fad9ea1719bccc01ea
SHA2564e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA51204b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a
-
Filesize
1KB
MD513bfddb150ce5fbd11b393fe7d042329
SHA1dcf4fac4a3d0568e04931fd0e6ec692cce69e8df
SHA2562fe44b110eea25624938a038be119e19e21738636d8777a97bd95d15d5f1c378
SHA51292864f61029ac176a41282c5b8abc4a1d3807a5fb03d17642d03d0b35adb5003fd0e452c907227a272e6134f09e845af007e18279449ef92b2de457dd5266761
-
Filesize
4KB
MD520ace756053e44618e4889e47bff5cba
SHA1cb06b8732db9c62ea7723f88773f24be2d40aa29
SHA25686ddd779cddab2cccc17db0ae03f1b0caa7fe526f56cdd7767bf24cf0c7464d9
SHA5122b59cb10d25442e010cd9cadecddebddd7a1f3cb4b04a01922dc40bf537905e7a8d06d333adbace0d2fb61a27fec11c12ada1d700cb2c3a8df62b0a1a958b320
-
Filesize
3KB
MD5f202f40d1c31a64bf998adf32f484ee0
SHA16cc24c145b7576a6ae4745df19c74d223d59f1c3
SHA256200b3d01e8f94e70a1995fd8dc6f3d3f8c44bdbb89e5056ee989b232d9feee0b
SHA5127040493c54645a1d22e59838ec30c0a0267b05cacdf95e3410e89b353b6ec93cd10ad1b58f7bf4941e0605dd18f67cd40edf671d3b6412717be185b085ca66ac
-
Filesize
4KB
MD5ff8124589945646cc825a31755f8b145
SHA15bff00290b2c44307ec3138afe4cfd58fcbd720a
SHA256c7ea877577810481671623cbd0a41b96fa5992f8af4336747e65e0110ec67004
SHA51202aaf099a5f04c115af0daea8ae32cc2760331b69f536e5b4ed465e3015e5824e72269e0a679f88da148ce5e5d8a3f9ae5c00168df5dbcb86b72fb5882b2bf59
-
Filesize
1KB
MD5547890aac56011686c1991044a8c8683
SHA1f1b5de6e884f5b232005afdfdcc2a54512997bdd
SHA2568331095e370446b6b5b29a678490897b381b8db901387cc5f228541d01c30e4a
SHA512184516e8b88dcb2f40cb50029dc76d6e2f96878dbdda595506ce2a01cdd19b75dab45a21254eae7a19287b12fe0206121950479bbe5763e756075ac7f2799bfa
-
Filesize
1KB
MD57c58530433c9ec56fa049867c710f098
SHA13e09eb800614c8b59451e54385e15c43cefd7bae
SHA256bebb18e3149a0c5a5d1621b33f042e349cec846c12dce3d4cbe743875c19303c
SHA512a3398c5730f493d715bfc351de325c169a2e411f7fe2f2e082df59509ce9f679cde8eebd064bebe57102f6b75d909879eee2388a3c39e9a8ddefd4915783f03a
-
Filesize
875B
MD591cd1b9178e69bf5e158465928c38b64
SHA115ae2e4d7a18a2b5ef69443325ed5cc7915c7a28
SHA256bef59fcc7cc092364ba64da14ac62d8d493c0983be2285ae278e758308617a36
SHA512ee88d2514424615eae556ba551339b7778bd50e0e12ef4a8ffdc479a360b72007aad4e900b6794e5435f8d5548f3fbc19f8b9a66c133f3246f70e7804b29b9c8
-
Filesize
1KB
MD5f5b25e087da9eb1bcc1e4646d074dffe
SHA1bd70ae17af0b846ffd916835bd47a7d1778728ee
SHA256acb733b578034493bc0fb19329c111dc6a9cfc32cff80bf623cbd5454d901a60
SHA5125e155f38450d452fb16ff5575ba7fdf1baf8d303f32a8698273950667c91d98a1ad9d009ed100412ad6fad36640e25ae3d650b6c75772e359f18252673fbb957
-
Filesize
1KB
MD507469066b356340f4104de5d9d1a3775
SHA1c0b395217117e011d0461bc4871bc7a72d7be243
SHA25604e20db5dd4537efdd988e8db419b7e552178e127395fa8efef2efe78cd47f39
SHA512a0c35577132c92027d9d5a45eadd07b0bf44fa69ff0a492b24b783cc789352b3e53170b912db4d0278bc2f4197cfb26e8d11d7779bf0f2cbfca5bf438c353f98
-
Filesize
1KB
MD53d86c55e0797ca8a7985aecfa183d0f3
SHA19c84198fa287dc60c5a9aa8b6676d4bf0a5ddcd3
SHA2568b0e9b7b0dce10526916f4d0a07e05558d80da7643195f81c14a4ac127559323
SHA51246563bc4568f260ba07bfd5fee75ab730738b54e45bcb11363e2a7dcc0ad9faaa74e54e88a7e5d684a630ff982cfc72e090a0644469cdc0090ab819b62b3f9e0
-
Filesize
1KB
MD52b6d34d9ac4cf1a9d06bd17ff254c3db
SHA139248f4bd8f36f6cb305e0287a9da9bbe5b6cfdb
SHA25692451adadcc01c0719d6d560a218de0ca48277e0532c271d43c7b38f613bbbd3
SHA5127feda40212b5f6742baf1b9d7a1b38a2ed951868671125812c36a680ec5bd89052cc6e04aba2c8f3512463ae3eb906a95faacc459b59d4fc8a3213f339091c4e
-
Filesize
7KB
MD5383c6de87b1a49aad7a195d02ba555cc
SHA151e2beb10930a2f211229ac07f57b32011758b65
SHA2560ea99016ca2a820f9d338213d33bde4376b1f3b88d49a9d33bd27ae6b63a2a8e
SHA51209f4f0f25fa1508fb865824c367e8e4f2ba54572160f1ad8b2370c294918fab1bcfb34f08467564d939722681578f13d020dffc1d86c367f5e50ab5725b6625c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a9ce86f-dc00-403f-811a-9a44bff587dd\index-dir\the-real-index
Filesize144B
MD581df5e367a46f1fa175cd0dbc281f520
SHA179117a7eea6dba23dd4c813716ffd14b5412a5f7
SHA256878357c9049475e9f7400b8bfbe8a1a6329a749aa13c5d3b7e81002afe806f22
SHA512325ebd6fc9e4aa9893eb29746c2842c1a033faef8737dee3d05f85c6ce64a327e41bafff701aa1645b7b6b9e609016a52ddc26117ea36ec69865df35da6567e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a9ce86f-dc00-403f-811a-9a44bff587dd\index-dir\the-real-index
Filesize2KB
MD5422966d7c9f0a07e74f4d1b80555c8b5
SHA17458d75360a8dbe49761ea9b3b2aa76770ee5410
SHA256e8628fd4c136e3bea291a710009008989ae203d50ace094b71eff7ee992e1a05
SHA512a28465bef9c11e33727c0104fc11741678d1cf4a0780a7bf6594f80dc0ec93834a2df2ecd1fc2b7d33c14d865a7c74cee848fb4bbc32888a20f7c0987dbcb400
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a9ce86f-dc00-403f-811a-9a44bff587dd\index-dir\the-real-index~RFe587cad.TMP
Filesize48B
MD544230a7fdf37f52dbff2ca87035e448f
SHA125f4b9d3b73f5d4c9f44e52c5be8f38c7140e27d
SHA256d2f7b9dbb2a9cee23e574a8dfb90fc5dd600b9eee529a9f4f74c7b0c3cb479d5
SHA5122ee20a520fa5ee790724693339d99fda72863a366eee439bb7c25eb280fc36471c062798eaf2440d90de5bb5b6e5c8f179c6eefc72277637e0f0b1d48339499d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize176B
MD5b916db9c15a9fa0670e57dbc56473028
SHA1c49e2ad31882ddd3e6f8fd456191e0a96b240aa6
SHA256c3ef98ec4661d7e87d49d9f0032f540c29f3cdad1ba9578266b1f0ab8d01d80f
SHA512bd5c57be1312afa3388b5eaaab758e640baaf83ad044a96cf0a89a8778ab2a1e771d0edae05b4e529b236e1f92a23a6b4e8b98b78bae1fccfd485749d442282d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize112B
MD597fe34cb1b0c937af9566c0d95c86983
SHA1d0c3c73413feb3da4ede72d263071ee2d94f692c
SHA256f81b1f244dc4f63bb1252c40935b32712a5971df4ca3d8f353a8eadb71053165
SHA512554b02fc30d805a4f40776074059d13c05e7b7ad737d64becd798d4262dab437daa5812ffc221c762ce4a07c1372c4538933bf029a29113311bc8b317dfff693
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize113B
MD59255e5051bae55927276af3aba21cabd
SHA1502d46ba53e067c6f584f09cbe27460189aa5efe
SHA25654da3680067e8fe12baa41f250d479fae5f5c75963ad0e0ed20ab048da185776
SHA5120097b61b073682b806ffeae67c57ba743bae3c1f55736df068a33488f87dfa77fbff979281081c0e0bc9d0341f9684202b85c65dcb28f9910ab93c915f187b04
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize114B
MD5ce4568709ee26b19f804c37d7f136871
SHA1dda3c202b14fec425262c26f0dd9de9681a9d7ab
SHA256fd1768b4ce1769ae8dbe2694576a6dd533f8540fc5a7f9b3f927622d1e36be34
SHA51262d003a9e8b6c9eaea58b9f4462076e3a488f0f65262f0026cc74dec6acd496f3812462deb40b9cb69c9f24c1f76135e76fc3f3878fdc479105702f2eddfcd5e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580143.TMP
Filesize119B
MD5a3c977181cb056ccd42d7e5d7c707ce0
SHA1d425aba9c52b4ab96ed48b24b099af808188840d
SHA2568b1e748f006171afe504a3687023806969f466b7555214ce79687eea810acef1
SHA51211031f175210b4a5467d259ae8a00a2760232e1fb0552fe0da53d638130ab093288e13dbc304b19c7d1ce86dca9f71db4e20941ecfafd5c292f6848c1a814f26
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5624187d4b13b38b25ee52a2d7acb1f0b
SHA1861e1ea9adf9e4c85b9a7d3c35d035573daf0dfd
SHA256609329aa5ea4d3f4e8561e933d9fecbbf3a94c687a1b31bbc9394d307d8303a3
SHA5129e25360bf7c0da5aff1e2b56d3debc41e10bcd86f25ad0d7b9aa4f434e8b048829b5cc2e259ee51d97f2a17e1e9ea1e414522cfd9b3659ed5e43a7b6a58a17ba
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585290.TMP
Filesize48B
MD50812a0cd9b1d327b35c9f7df64508d6d
SHA1346bc5a4da930335c481b2bc83d93901e8119d66
SHA2562c6b026ecd452b1af9d6bf70b23f7bcc06a3d9c5803be737d19a312abdad6b92
SHA5124938a026dabd1becf8b6ba3aacaac9bee4e7fe4ce5f5b6971cce20352a4ab4fde4a402cd933e4c3cd2497daac75cbd4cd1be9849c64d764ad9b5b9a67d004641
-
Filesize
234KB
MD564dc6bf837315a45892972d5647a7311
SHA18a534c1b01aaeb5d61b62bb2e4004d3d1fd82806
SHA25638acf0a95dc22d1ada52e6526f5e7989747930bdc321076e88c681b30746660c
SHA5122a24bbb9d03578bc37a4eed64a2a6e035d0e0bb28c691511d039e242cb40eb2cb8293e9746f14141a6f21c011e4f1ec2bf70a72f8d01cdf234b577064bb98642
-
Filesize
114KB
MD55207dfb348b48ab6767992d5c283d583
SHA157e1531aeafb5a61c42efedb3a4f75277ec3d206
SHA256ebd771ca08e48a125502137d497ecdb62702318cc9de68c06c0c097a9f08bf8b
SHA512966db44246f1d559c1f5164c006e67e0a347eaa427101cef68d750a3671f738cb52ded5134e2b1a2a15e45c3ec92d6e89c6bb21a2a8fc48bab85c65f7dc7c054
-
Filesize
86B
MD516b7586b9eba5296ea04b791fc3d675e
SHA18890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA51258668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771
-
Filesize
85B
MD58549c255650427d618ef18b14dfd2b56
SHA18272585186777b344db3960df62b00f570d247f6
SHA25640395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c
-
Filesize
114KB
MD52dc474630cf0f53f40bf00f3124aa37a
SHA1ea70ad6ab93fffdf481d4499e2860c597090affa
SHA25619d79b5a4fcf2271ab68e07baea550777378b07d73b02b8f2844e999d868c994
SHA51275d50fe68871782178c981846b97c26a89cee9bef38b4356b98e058160c4b9f37c2196231b0fbca33a8b3643ce38dcf1590ce94c132bcf851f3973e7f27e7c94
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gjijjd1j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E
Filesize30KB
MD533c75310ef142a3b29072652b1a97a9a
SHA1b1c89f62454d85a452928dfabd5be4be0cc90d7f
SHA256094dc4ef3040a32ddeaf1a2ee10bc09dca43f13fc383b21b2882f4698fecce95
SHA5127d70c9e96635db47f7ffce90de82d5ef63fa0ccf916659a24ac3e2b58d66ed7c0bf9107237bf1cfb63ae0e444317b94ebb57eac487081aa6e36bb3f1da049b84
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gjijjd1j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
Filesize30KB
MD57d2b53d16a81c4086b9a44eb0818546d
SHA1322ba04b7e6a90a6465ba3898773acb69cc649b6
SHA2569f9957ebfd559915b70ce63b7ce0b5b850e6bbe62b248e7ae6b098afcce98488
SHA5124cfdb3e4369608df6ea920abfc9bf6f42c8d01bb08ecb55455262a418dce64bd28575e4f4363f3d3114b5f6185d36978767ef75eb51859f8dccd051560f9ee5b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\61P8Z86D\gB76kJXPYJV[1].png
Filesize6KB
MD5389dfa18be34d8cf767e06fd5cde4ec6
SHA147b751cffab47d076816c63ce08d3e84600376ee
SHA2563c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\62Y1JICA\9lb1g1kp916tat669q9r5g2kz[1].ico
Filesize32KB
MD53d0e5c05903cec0bc8e3fe0cda552745
SHA11b513503c65572f0787a14cc71018bd34f11b661
SHA25642a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA5123d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\O2BGM5OG\favicon[1].ico
Filesize5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VCHQP890\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\myvf7we\imagestore.dat
Filesize38KB
MD5fa9aa894eb3e884d3b881d3f6f001300
SHA15ca46f8f12d9bdb93b00366c9e27738d94293b7a
SHA2569ac784a14b5a2cbf7e31a06a3be3af83edbadc6d8b3e5d3b889fbfd96bc4469c
SHA5121d00f434c053462fccb8c38cddc25124208124ae79fa47ad52d8453513e4d325689799b49db5670475d51ad55169043def25a3b3771919fa2b640570229f0bc4
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A45AGM4R\desktop_polymer[1].js
Filesize2.3MB
MD5a2d372e7cb360decaed29b014273537c
SHA10cb75642b63a53e5479c46e5ad9bd5992c851b9e
SHA2563002109998019510d652e79932ffc45fd66a847352a08467cb28eafcd483bcda
SHA512257423af2adbe9af33bef18ce9fb997646366297ab4b9ea31f953b5db42539b6bb1eec854f3a7a5d9f2f22edac6443c126803a0a8de200d304e4cca92b09d30e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A45AGM4R\www-main-desktop-watch-page-skeleton[1].css
Filesize5KB
MD581b422570a4d648c0517811dfeb3273d
SHA1c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA2563c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA5121d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A45AGM4R\www-onepick[1].css
Filesize1011B
MD55306f13dfcf04955ed3e79ff5a92581e
SHA14a8927d91617923f9c9f6bcc1976bf43665cb553
SHA2566305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\network[1].js
Filesize16KB
MD5ad6aa3451e397522b056e0b8efb6cc27
SHA12b491439bddfd73418cde3ef59b309259c58928e
SHA256b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA5126c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\scheduler[1].js
Filesize9KB
MD5dac3d45d4ce59d457459a8dbfcd30232
SHA1946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA25658ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA5124f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\spf[1].js
Filesize39KB
MD5f46c2d926d8f3366a9f85e6995d53a92
SHA14b019b5f749359e6253d742f388a63144b4a7a5f
SHA25685dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA5124eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\www-i18n-constants[1].js
Filesize5KB
MD5f3356b556175318cf67ab48f11f2421b
SHA1ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PBS03GOJ\www-tampering[1].js
Filesize10KB
MD5e2b71f92d13ffb96c2387e583ecf4f53
SHA108d6a00e00fea89db40f7ba6120913ffbe29ad4d
SHA25641f09dd845bd7d700be0517f8fa0ab45f67da98fd20c8986578419d6125a5fad
SHA5122720062fd56a7605d49c9fa3d18151dd4d38b9d007e7464511017fe9be90c54b11af5506b876ff5ede0ca263b357312196c360a11fbaf9da6c3ca3364d11eabf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U8W0M2TM\css2[1].css
Filesize2KB
MD531aac18e149a751facc1eab7954dfb7b
SHA136d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA25642706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U8W0M2TM\rs=AGKMywH2YAHM2iqmI0S6UdPnCB9iMNecGA[1].css
Filesize1.6MB
MD5756fe1fa95222b26371c4d69a3362f3d
SHA105c3b69150f7e17a8e4108a469094622f1f247cb
SHA256766d6c4283600c0041e860dc8a6111f8aca17243d0004dcbdfa93da8b2a225fb
SHA512fdfeba8a28eff12d7c68b70d4a9bc9956356aa03582a340eedd4840343a1faafbe20d4afefb742ec781cce0843fa89760347c831a9b17b979795ca538ddaa03d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U8W0M2TM\www-main-desktop-home-page-skeleton[1].css
Filesize4KB
MD59deae13c40798dfca19bd14ed7039d60
SHA14ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA51295b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZC9O1PCL\intersection-observer.min[1].js
Filesize5KB
MD5936a7c8159737df8dce532f9ea4d38b4
SHA18834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA2563ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA51254471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZC9O1PCL\web-animations-next-lite.min[1].js
Filesize49KB
MD544ca3d8fd5ff91ed90d1a2ab099ef91e
SHA179b76340ca0781fd98aa5b8fdca9496665810195
SHA256c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZC9O1PCL\webcomponents-ce-sd[1].js
Filesize95KB
MD5c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1e3957af856710e15404788a87c98fdbb85d3e52e
SHA2562fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA5120d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5GMM1TGX.cookie
Filesize130B
MD52cdfcc2396743a20d8aec8847b4ca40d
SHA185697b2ed61373f6e2a5736554f3c5f6118d442c
SHA2563164b7e385874769bdd059c87d3ecbf6d2a18095b20cea1fbeadf1f763c6f2af
SHA5121d9a54891e87d50995e92f1e1a1b09f026181e2634945cefb5971eaa980b81e7bd49a605bfc7283c05450f8b29b0c5d141f4e6963e01652b48914c37a5d3e50b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5V1DYD2L.cookie
Filesize310B
MD5f69dbbeb22661349e337c8d45ad59878
SHA1360ddfe17366589856c14de9b3f8737e38a4a7ec
SHA2568be1413e4a2624b91b4a1971320f3b61fb48b574e01ba3a51ad0b95a3692ce77
SHA512186a0b14e47ca5c9d91f483463f142a8a2f785881a4e0ad5257dbb0e3a4d6556b54ab4e5d8e35c79bac1028d69ee9bbba00f704747f1004f4466cf185fa45f48
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A7LBWGDD.cookie
Filesize310B
MD5191fc7056c728662e9f3b931ce622762
SHA19a4fc2263b4665cd4eef9adf3f4842000238dede
SHA256cc37cc48539c5c788bf35e30b6aee3dc938f4c429c210eed946753a258517fdf
SHA512bbc2251a4c61ac4efaec188e679419481ec2b8265f15895a6de5ca373d1ea89ea460af3b1b72d1f4c529c657e6d70c625122e63f9e05469d70f200671a70a011
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FKO99HIE.cookie
Filesize428B
MD5c277dd93cc53cd5c695728414c4d2bd8
SHA16ab30631c3c66298aef8741f689cf08aa0a24820
SHA2565102ed99e3857c2804af7fd5c769265ea7e962a94e7b05b2d7841567d059c020
SHA5124ac30dc870e9f88d859dda00140e55cfbe344576b7811a911c4a1fc4498bdfd8495154f04fe7b64ba5a8940a15e2380907b8992a50a593baefb17ec15f37ed17
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HKH786RB.cookie
Filesize438B
MD576f4f111b6fb6272a74b9d562c21e211
SHA1a7bfd8cac174ebecfbac1e34527ceaabac2efd06
SHA256a15a26c3e6df8bb09412ac738c8ee57cfb5dd2920cb5229a60f51de68f7e192c
SHA512aa1a53aa03b811473c641be6d922ad6d8f03d5b0aabebf377881005c91532af187a3adc4b8efda9d1c5cf3866381899a02f6792da901e376117e8402adf22d9f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QA584VGM.cookie
Filesize357B
MD524c35d84308321ebc6297ac98644521e
SHA1da7a22f87b8ba8624ed4ff9b4bfdba91213a2262
SHA256444512eafdb55b14098ff3b560ca82f0708f24f96ad1293729ca469c041862d3
SHA512594937a63a137790e25f55a67b43596f70f906cc1feb29d87b660b31a13588789cfc612c4e2fda2460ca80cb7d129ea88634f250e07017503e450a5c6cc44f82
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD57f4af2405aff3d0a84677da6112fd6e1
SHA17bd089299f58130df6a005086beae1b3c9226504
SHA256ffbfebf9fa8d2dd3623557f872d0879054e1cfc733c562b15805aeee1cbc45b2
SHA5126dec95444331c43ad02ba64bc3e3aae12c3e72929b65a41955bbce973597e13c01cb6f063a45f29e598740d901190e7bc5f8d832ac0c3f1bf00185e1428c7b1f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
Filesize472B
MD5a2a4d4115f197a39fa1f8fb7b45ca3a9
SHA16c2ae448e5b0db9e97240186b9521959c01f8ebf
SHA256af2ed48dcf4d5792a88cd6c0db0a5b98c12fe5d987e7a5a76c241dd02ca57ee0
SHA51299e70c3e0e9580e811b36d469498f2f99a04ecab3cbb88ea7a7c53f77133e8ee4a3197f071cf4493e25d03c51cc54b4919870ee56c07d3c61f182adfc97164a4
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize4KB
MD51bfe591a4fe3d91b03cdf26eaacd8f89
SHA1719c37c320f518ac168c86723724891950911cea
SHA2569cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA51202f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
Filesize472B
MD5a89819593d326e7891db3102487f18ba
SHA1e8972c883c57976a6a6e676a08b488abae9c82a7
SHA25607f033948e887c74df5ee50ae72c287706f58e17a5b9e62635c2d3bac3f02558
SHA512642c680c0813b4760442e504a8ffcc4bbec65c9ec22608f608992c6393fae3525c00709e83de135511f14709ee51ac82c662cd1b26a5f45f9f2b14ba2590fcd3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
Filesize472B
MD5e7632ffc136c2c9a3e20819ab325d8a7
SHA13deeaca414d6ac0a9e3825d391dfb6e3d4525393
SHA2561225eac2e767f642b0b23909bfca6073f08cc3e7ddbaaab2797382153d7da852
SHA512d63b606a7ea02670cdede526768929b80fe2eb580ff1d43acd09a3c7bb1b5ff9d06ccdc31a6a61ea218aeccb8bb8d78fc8d0211b1e1e182c2055acd245496cee
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D
Filesize471B
MD539001fef747f060729a064073820fa85
SHA169b527f3f75e02823d8d26c656b948aee5e24878
SHA2560293c9178ff646e2bc0923f6e3fd7f91001ebccf7dbb593d05ce6f1315f92fb9
SHA512c6ec2967f065db03870a2a06759896bcaaa5b3961861be0e91cf672b1d26d5c9cc184f3cfa4a9d75ba30f27f4d0ca5ac603fb78bffecf6d3f1edee29dce4badf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD58266c5eaf0ffcef0bf05302c7e99f727
SHA1567eccfc87b43a4e495f2afb908e96f1856daef3
SHA25662d07870a1c9320221afd406bd9acee64533ea1d5cd996c1a186dd57d70835a9
SHA512ad78a75d0da051c78ced6e9cfc74a979cef7683925139d4ca41bdd48fdf5408cea1a5ad5ca291bd44fc7ad0eb07e61ad6ff1b2a7b573699e4dd0861e05591fa1
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
Filesize410B
MD567b37708cff6a59a21fae36f1220aa3f
SHA1e50a26dc9e7823e71cabdcab6626912c6dfb334b
SHA256e3292c3506942be5ae2b53e6d125b55cab1895dbd5d389e65043cea48ce2cbfd
SHA512fe74fff66281d5d170ddfb9cbcb4a84a3865370862f7fbd47240c3b8b01dd8f55cd030358404371c3ad1021789d3845e6a11fc775ed6db745ac57dd3ac74775f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize338B
MD5f7437a210debdb5bbac17b0dd4c32f8f
SHA1cd6e7b9ffa60b5f1f569856129c3fe9c17e55a5f
SHA2561a93176edabc94daf8093d13a466659a88f82c9e491255218fc29110f29da4c9
SHA512133c68b9acda8ce0c478609e52e99c2a11eb7aed774fb97e741d8f5e92b8ba6a599491619d9344b137468719cdec8d9be0924ee4c3f307cb7f038ef51b4ebd9e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
Filesize406B
MD5b3bcb4ed194fba8a86fe60ccf54ebd21
SHA12fd66c0b7a373082b8250eb95c9ecc9b178137de
SHA25632340f4bb3aefdbf65086a2375a4b8072900a2ee1e1e75c166d0549904ac7926
SHA51222e4929a4cd171ea5c8a52d5460a34ec919f90706892a0d3c849a9a5f66848b6ff9b3fd47ce7a03404e9b8728f93ac66081e73f229281dd560cead4471ae406e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD54b3fd048839d31c5ab63ff0f3b234ce7
SHA1bc0f28fd682d50e692bd162dd11564d6c0874b75
SHA25623cbf9b2172dbd1fc4ad26093ea988f1f363ffb9977c8d0ddf375341dae10607
SHA512d9b03f5a87b7333b21778dc6471a2defd3283817d99693b8a79dfee927d5c4a14e64baa08831f12ce5f958432930e07745c309d89265b445deac9a9b96eeb0ac
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
Filesize406B
MD515534e6c26531125fbbde99f9d5342b1
SHA12db92cffcce72149a61453ff815c92b98cbc0102
SHA2562f0f536dcef7f2507e43cf26828ab9652d45fb9e36109cf0cef4e364e40e2386
SHA5125bf014dd701a3bdd5c963ec24ba97147dad14ebfec7b2b917ff5f8cf5e151a659c0acb83ebe85df207db4fc3e6b915b9c0d1bdc438d4b8192cf8b85180a0f32d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D
Filesize406B
MD58538b416501aa5179aca045c4603af11
SHA1ba4f41ac842cbe8df729a5f29d95b75281cfd2dd
SHA25677a3df03dd86fea2e58773c405255f8b9958e14341f2c61036bcc90873c37b5a
SHA5120180ed8ffcadce11e6947b71a18a5ce5aa5cdc24951f53e15875466802351467d1abc72ae5cebbc4a7349a310e07c99030b20dbe47950d2cb32bb74bc078ee68
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
697KB
MD5afdf8c1034f89276fe9202523f565ef2
SHA1d736a53e22cd9dbf26c07b68aca76d473c3cc74e
SHA2567c40ecf4b688b1649a16d24055c71cb1f8611da5ad272aeaa396ee2c91867d90
SHA512056ca3579b2c4d5261136285bd1a9a4a3a13db5b94fa10617bce03f0bfa21124408ba7d5108b32b2baeba861707596d0bba2ab8694dcb2dace2e63696ea89a02
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize11KB
MD5338dba62677d4ec5916271c2bdc4b671
SHA114c4b1436d5ad12281f21a6a40cce40634b5eaf2
SHA25675a1385be00c38f0430675096ab556584757bc062dda53bca653271b1022b595
SHA512be062228bb1e2beff947cc5d5ae8e2829cb0dbcc9d67e481295b03f7760da9f501f12b0d9a4e0e761395ba96134fd31c99068851d4cc39309921192b9cd2f265
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD524775acfbfdeabfe3016c76dc66e91bc
SHA12beb190126de3223530d31359c413361b989a7dd
SHA256968406b9884921f23e8ead144931290b73f9a50bb520a89d2d8fe12937be439c
SHA512d0b22be9f49d066051db8200b44a426e7953b32e6beb87ebd446d1b940f110e22c2928bd45f68d839a5a30eac17e885dfdf032fc26fa95a8d3fd676bab7db662
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\758c0f00-1e42-40ef-b04c-ddb236296af7
Filesize746B
MD5d76a169d6d96b662548debba398d7770
SHA1121d6f523e2f96d88c6fb9c494f268dfa8372fa1
SHA2564d7583f4562e79ba62ff77add8118c826c8f039723ea12194e7f0431dfc4e78b
SHA51232a82488c64eacb74de404ec63c5032962de3406e983e62df8e3c57866468b77c62335f568987a902b693b69183e7c97a62389b759e56032099651ac5cd7662c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\datareporting\glean\pending_pings\93b98d7a-f18e-4acf-8520-2e09a0f2d4db
Filesize10KB
MD5a79ab3aabe2f15f74aa14069f9096bca
SHA110a041afa33cbcf9d503814edd3ed11e0b93e638
SHA25673ab482209be9946be916e03f76cdf45cc7e0971797404c187325f9ceb40c35f
SHA5127867e1283d187c94d8314553c2370dc6a860f7b2ac05f3c0e7aeeb9ba7c6e995f96eba8f8db44e0561b8a4a9345b2898dcd0222ff2492e95ef458e2dc0acd850
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize599KB
MD5dfd39d9844289af83fcc322bf25a8ba9
SHA1ec9b494a88e5af853e7ff209191774ca33e1b477
SHA256be3289ed5183aec3822480b01c11a4281b24c623189f86654839c8233dea6d35
SHA5121a15d2af3bfbe71424ffb449aad9d80097f3bf78ede6746bd48e185ba9e50a2b7ebea36a67c39a80d198f2ba39f0d142379ba5ba8e4af8b537e8cfd696ed0dba
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5a93eb2d96ebfed15aba50970819eb9e9
SHA1b2829f980e013001bd07fdaae2fc0aac653b1aed
SHA25608fdaa9f009b9919804dc0170ca4ea2e366ec8258938e4c22f1dba777adbb6f3
SHA512d96c76655685cd01aebd7340fa15616282b5ac4db68c4a5e6881599b953504c8c7e8da250af70de55ee04c0488e6fe88f5739e75b0f745b487f4f429d5692172
-
Filesize
6KB
MD529787a8434a73db0d1f176645c63ae2c
SHA138e85445f86b553a629ee357e940df467b322932
SHA256de3b81425847ec9911765a792e62306d8eb80644dc8fa60982460a9bb4d91d84
SHA5124ffb4be8ac03eea7f19c6a91785aab06954c1fbade08f4397a1e1ec89f0a0732209d3da73fd74bfafac7dd5972bb17c6c84706d6d9452db3d6463cd6304ab462
-
Filesize
7KB
MD53b296769c1fe72dd8a320b550f847acf
SHA19c74aa72b988f8b5af5ba07fa185f61b4baf1b4a
SHA256fbcfd2749b9fafb9c1fab2926e7d6cf0dcae0ef1ff411e404177fa1bd8ad8795
SHA512dcba9b8602e40d664cc5d6b09eb0d8bb99eb3461ea14baa67e57a8c57c88b04aa0855cd3aa793f31b0a57aea2a4bcaccb6d22e6902b40653d8b9991dc5813e84
-
Filesize
6KB
MD5846521436f8e50f77a42e334a093ece4
SHA11ff4e5f6191f0f19645f13c2a97712a2e8704587
SHA256790c93d53815c64fb09b9dc6a3782ed9c22c433c109bda07eab443c01df01173
SHA5124f5615fbafbec28da0c6b10beb7637df0d1b288a2c7380ddf0831a26118d7fe4d5a817effcf42309ffe96dfede8c314727f8782f1a5f3ef403a1b6ad67a0de12
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD53cfd3acd0049da4973a5e4181c0df397
SHA1d8befc13d450ff0cc57c3d74e301eecc953251b3
SHA25642e8e4a9fc5a68125d1a3d6c842bb5ea6a441649f81210ecdad93588bf3f8b9d
SHA5127f2de007f0d67b9de70d54c4b863fdc324960e3c0da33bd1b24647fcaa8acb0d5f5518a33946bae917ec2d4c05089041cdfbde8ec399ad7dbc70fc956c9783f5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD500af9586e0d13048da88abcfcc3091a3
SHA12f1b98e532a7fdea1aae9f015409fa4a62cca4c4
SHA256babbb0340a5978b0c9688f083c8761a887a111183789d1104baf5792d42b655c
SHA512a746f301782237b0632e816088ffcca9ee4525c42d57aeeca5124f43ced64d35766c5cd160a78b0070298ca7056622c7b6e7fd2a6f0456cacf8c866218bc0bb6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5e21921d2de6e6b999cb7903b865ed702
SHA18955b7beae225f3bac33e21e59b82636aa7cd1a4
SHA25636dfcb78b05a25fcc17c723e1213f1eec624fb525618949a2f039fa370c4c1f9
SHA5126ffbe9ecad7b089c8b8de2f1d3ea3261579c1a553bcbf3d8113d65a4d43b79cbed360e2d4751d8a6db9a205261dff9e86b4c061c331e430d72d768be85881f0e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{f70749f2-aea1-4aad-a2b7-46243aceb29f}.final
Filesize3KB
MD55b0f165bbdb71faa1bb5b26c4f022e96
SHA1704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA5126c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\236\{0c7bf986-0b88-47e2-a5fa-4dabd50818ec}.final
Filesize192B
MD52a252393b98be6348c4ba18003cc3471
SHA140f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA25604cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA51207af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\47\{ff96b5c9-f100-4e63-873c-52bcf931442f}.final
Filesize231B
MD545e25bb134343fe4a559478cd56f0971
SHA179f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA5129b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\cache\morgue\48\{fb44c63f-ad59-458d-bbca-142b5d726b30}.final
Filesize168B
MD551bb0fe00991a2ae6707b3aefc583918
SHA121ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA25697dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA51241863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\default\https+++www.youtube.com\idb\786246857yCt7-%iCt7-%rbe1sep9o.sqlite
Filesize48KB
MD5cf0dd162d071e5eaef2345d1ad99e1a1
SHA11babb8424a511f9d6d0713467c60d4276888da1a
SHA256b9e6296d6f4cfe67f75568ca058a3ae7e40d3e4674004863b4409c26294c1e88
SHA5123c5964da08782dfa2a19edce9a63f5de62a74602e94990d9bcc29c3fd0fedd75e07597012fdb12b4cdb20263b7c635537fe33724112684b08dc3ce8c4f0163b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gjijjd1j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5c9a994ef58c295f0a0212db61068f308
SHA1b98d4a1e9d33c4983ef93dab598e924f95ed7468
SHA25645f886cf68ff0c9883ec72bb42991db874d48fffdaf100e26d821fa9e92bbba3
SHA512e1f07b532a4cef206a27cfebd712d85ccb2ed47c49b6174466f129857e29f5d54796091e94dca417aacdf9fb9758e1d36cfb7d357ac00bdd1619e0e0fe8112ff
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e