Analysis

  • max time kernel
    1969s
  • max time network
    2583s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2024 18:08

General

  • Target

    http://Google.com

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Detected potential entity reuse from brand STEAM.
  • Drops file in Program Files directory 55 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 40 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Google.com
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4944
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc01e846f8,0x7ffc01e84708,0x7ffc01e84718
      2⤵
        PID:3756
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:2452
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5028
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
          2⤵
            PID:4092
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:3584
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:4032
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
                2⤵
                  PID:1736
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                  2⤵
                    PID:4920
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:720
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                    2⤵
                      PID:3884
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
                      2⤵
                        PID:1804
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                        2⤵
                          PID:1068
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                          2⤵
                            PID:5008
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                            2⤵
                              PID:3940
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                              2⤵
                                PID:1560
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                                2⤵
                                  PID:2196
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                  2⤵
                                    PID:4980
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                                    2⤵
                                      PID:5096
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
                                      2⤵
                                        PID:2324
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                                        2⤵
                                          PID:3916
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                                          2⤵
                                            PID:2348
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                                            2⤵
                                              PID:4176
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
                                              2⤵
                                                PID:3772
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                                                2⤵
                                                  PID:1804
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                                  2⤵
                                                    PID:3688
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                                                    2⤵
                                                      PID:3512
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6024 /prefetch:8
                                                      2⤵
                                                        PID:1472
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
                                                        2⤵
                                                          PID:1560
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6944 /prefetch:8
                                                          2⤵
                                                            PID:1372
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,1947309034975987750,15398746842576337910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:4396
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:1748
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:3168
                                                            • C:\Windows\System32\rundll32.exe
                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                              1⤵
                                                                PID:3088
                                                              • C:\Users\Admin\Downloads\SteamSetup.exe
                                                                "C:\Users\Admin\Downloads\SteamSetup.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Adds Run key to start application
                                                                • Drops file in Program Files directory
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:4396
                                                                • C:\Program Files (x86)\Steam\bin\steamservice.exe
                                                                  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Drops file in Program Files directory
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Modifies registry class
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:4856
                                                              • C:\Program Files (x86)\Steam\steam.exe
                                                                "C:\Program Files (x86)\Steam\steam.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Drops file in Program Files directory
                                                                • System Location Discovery: System Language Discovery
                                                                • Checks processor information in registry
                                                                PID:1808
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                1⤵
                                                                • Enumerates system info in registry
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of FindShellTrayWindow
                                                                • Suspicious use of SendNotifyMessage
                                                                PID:2096
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc024fcc40,0x7ffc024fcc4c,0x7ffc024fcc58
                                                                  2⤵
                                                                    PID:4892
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,9579960785371480803,1345054838393880194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2
                                                                    2⤵
                                                                      PID:1248
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,9579960785371480803,1345054838393880194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2232 /prefetch:3
                                                                      2⤵
                                                                        PID:3968
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,9579960785371480803,1345054838393880194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:8
                                                                        2⤵
                                                                          PID:2524
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,9579960785371480803,1345054838393880194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
                                                                          2⤵
                                                                            PID:1880
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3372,i,9579960785371480803,1345054838393880194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
                                                                            2⤵
                                                                              PID:3080
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4068,i,9579960785371480803,1345054838393880194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
                                                                              2⤵
                                                                                PID:348
                                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                              1⤵
                                                                                PID:1656

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Program Files (x86)\Steam\Steam.exe

                                                                                Filesize

                                                                                4.2MB

                                                                                MD5

                                                                                33bcb1c8975a4063a134a72803e0ca16

                                                                                SHA1

                                                                                ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

                                                                                SHA256

                                                                                12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

                                                                                SHA512

                                                                                13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

                                                                              • C:\Program Files (x86)\Steam\bin\SteamService.exe

                                                                                Filesize

                                                                                2.5MB

                                                                                MD5

                                                                                ba0ea9249da4ab8f62432617489ae5a6

                                                                                SHA1

                                                                                d8873c5dcb6e128c39cf0c423b502821343659a7

                                                                                SHA256

                                                                                ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

                                                                                SHA512

                                                                                52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                0340d1a0bbdb8f3017d2326f4e351e0a

                                                                                SHA1

                                                                                90d078e9f732794db5b0ffeb781a1f2ed2966139

                                                                                SHA256

                                                                                0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

                                                                                SHA512

                                                                                9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                4c81277a127e3d65fb5065f518ffe9c2

                                                                                SHA1

                                                                                253264b9b56e5bac0714d5be6cade09ae74c2a3a

                                                                                SHA256

                                                                                76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

                                                                                SHA512

                                                                                be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                2158881817b9163bf0fd4724d549aed4

                                                                                SHA1

                                                                                c500f2e8f47a11129114ee4f19524aee8fecc502

                                                                                SHA256

                                                                                650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

                                                                                SHA512

                                                                                f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                03b664bd98485425c21cdf83bc358703

                                                                                SHA1

                                                                                0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

                                                                                SHA256

                                                                                fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

                                                                                SHA512

                                                                                4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                31a29061e51e245f74bb26d103c666ad

                                                                                SHA1

                                                                                271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

                                                                                SHA256

                                                                                56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

                                                                                SHA512

                                                                                f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                da6cd2483ad8a21e8356e63d036df55b

                                                                                SHA1

                                                                                0e808a400facec559e6fbab960a7bdfaab4c6b04

                                                                                SHA256

                                                                                ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

                                                                                SHA512

                                                                                06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                9e62fc923c65bfc3f40aaf6ec4fd1010

                                                                                SHA1

                                                                                8f76faff18bd64696683c2a7a04d16aac1ef7e61

                                                                                SHA256

                                                                                8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

                                                                                SHA512

                                                                                c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                10c429eb58b4274af6b6ef08f376d46c

                                                                                SHA1

                                                                                af1e049ddb9f875c609b0f9a38651fc1867b50d3

                                                                                SHA256

                                                                                a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

                                                                                SHA512

                                                                                d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                5c026fd6072a7c5cf31c75818cddedec

                                                                                SHA1

                                                                                341aa1df1d034e6f0a7dff88d37c9f11a716cae6

                                                                                SHA256

                                                                                0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

                                                                                SHA512

                                                                                f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                189ba063d1481528cbd6e0c4afc3abaa

                                                                                SHA1

                                                                                40bdd169fcc59928c69eea74fd7e057096b33092

                                                                                SHA256

                                                                                c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

                                                                                SHA512

                                                                                ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                18aaaf5ffcdd21b1b34291e812d83063

                                                                                SHA1

                                                                                aa9c7ae8d51e947582db493f0fd1d9941880429f

                                                                                SHA256

                                                                                1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

                                                                                SHA512

                                                                                4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                1514d082b672b372cdfb8dd85c3437f1

                                                                                SHA1

                                                                                336a01192edb76ae6501d6974b3b6f0c05ea223a

                                                                                SHA256

                                                                                3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

                                                                                SHA512

                                                                                4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                8958371646901eac40807eeb2f346382

                                                                                SHA1

                                                                                55fb07b48a3e354f7556d7edb75144635a850903

                                                                                SHA256

                                                                                b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

                                                                                SHA512

                                                                                14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                7e1d15fc9ba66a868c5c6cb1c2822f83

                                                                                SHA1

                                                                                bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

                                                                                SHA256

                                                                                fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

                                                                                SHA512

                                                                                0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                202b825d0ef72096b82db255c4e747fa

                                                                                SHA1

                                                                                3a3265e5bbaa1d1b774195a3858f29cea75c9e75

                                                                                SHA256

                                                                                3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

                                                                                SHA512

                                                                                e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                7913f3f33839e3af9e10455df69866c2

                                                                                SHA1

                                                                                15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

                                                                                SHA256

                                                                                05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

                                                                                SHA512

                                                                                534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                58e0fcbee3cca4ef61b97928cfe89535

                                                                                SHA1

                                                                                1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

                                                                                SHA256

                                                                                c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

                                                                                SHA512

                                                                                99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                9b0b0e82f753cc115d87c7199885ad1b

                                                                                SHA1

                                                                                5743a4ab58684c1f154f84895d87f000b4e98021

                                                                                SHA256

                                                                                0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

                                                                                SHA512

                                                                                b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                eb8926608c5933f05a3f0090e551b15d

                                                                                SHA1

                                                                                a1012904d440c0e74dad336eac8793ac110f78f8

                                                                                SHA256

                                                                                2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

                                                                                SHA512

                                                                                9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                6367f43ea3780c4ee166454f5936b1a8

                                                                                SHA1

                                                                                027a2c24c8320458c49cd78053f586cb4d94ee6f

                                                                                SHA256

                                                                                f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

                                                                                SHA512

                                                                                31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                e04ad6c236b6c61fc53e2cb57ced87e8

                                                                                SHA1

                                                                                e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

                                                                                SHA256

                                                                                08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

                                                                                SHA512

                                                                                0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                56dcf7b68f70826262a6ffaffe6b1c49

                                                                                SHA1

                                                                                12e4272ba0e4eabc610670cdc6941f942da1eb6a

                                                                                SHA256

                                                                                948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

                                                                                SHA512

                                                                                c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

                                                                              • C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                66456d2b1085446a9f2dbd9e4632754b

                                                                                SHA1

                                                                                8da6248b57e5c2970d853b8d21373772a34b1c28

                                                                                SHA256

                                                                                c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

                                                                                SHA512

                                                                                196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                f50f89a0a91564d0b8a211f8921aa7de

                                                                                SHA1

                                                                                112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                SHA256

                                                                                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                SHA512

                                                                                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                8877055f7a1803e2376ac9ba6ce2a076

                                                                                SHA1

                                                                                524ef359a428dc2da79a4ea51f6669875d3b3936

                                                                                SHA256

                                                                                915635a9ece734bb8f0fbdac30e0f2513ea4d6fbc20f2781427f94a81d4576ab

                                                                                SHA512

                                                                                a42f2ffc3629b3801d7b504d34ff046e59e4cec026c86bd6253edd0764515f702052abed89cb1e98f6a08be95edf8c766ade601e1d87d25b9c73714a1028246c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                d751713988987e9331980363e24189ce

                                                                                SHA1

                                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                                SHA256

                                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                SHA512

                                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                356B

                                                                                MD5

                                                                                9dc56d45fddad41ba297f436b7551aaa

                                                                                SHA1

                                                                                fe352fbb4f243c3e1ed07fdb02817fa296a91fa6

                                                                                SHA256

                                                                                00e0bfe4407173014349b512f3ed9b87812e806e445f0e972a0fc8913c92ad99

                                                                                SHA512

                                                                                2803a226623e62d36401ba2c637c1a59417185c956080681a13f8a654dd893c48f261e788fcebf47a5eff95f99d88e4e3480c9e2a91e86aa556154fe5c5327fb

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                945c5df95e75f057b8f8b165609ffe2c

                                                                                SHA1

                                                                                d68c8ac5da23a76d1c83ea8ace3b0aa78ea0d173

                                                                                SHA256

                                                                                514738d9d44cac9fd5941efc47b8a3d0f49519813802b10bc26f48220fda548b

                                                                                SHA512

                                                                                34bec734bb82203915e28690a7f1e52e4a952c49378fb2da57d5f580dfd14fc21c89a12f3b44452ae92c4d56767b8f06aa87aa568b3afe0ab438a8e9481cbaf0

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                116KB

                                                                                MD5

                                                                                6232ea843742ec097f9a8d47e1148e29

                                                                                SHA1

                                                                                1aeaff9038065071349b3b6273a5b7b9411801d3

                                                                                SHA256

                                                                                406b250e3e9932deb01be486918d772af10fc24b14d3a8bb1eba6581a7632a4a

                                                                                SHA512

                                                                                d97a8872df70bb2cc0a8fa780c358facfc4afa40e228367876d3b2edff5dafb681fa6d83d815e11ae3e3a351152eae68c094af9f19f0da28da08fa664a83a7ff

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                d7cb450b1315c63b1d5d89d98ba22da5

                                                                                SHA1

                                                                                694005cd9e1a4c54e0b83d0598a8a0c089df1556

                                                                                SHA256

                                                                                38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

                                                                                SHA512

                                                                                df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                37f660dd4b6ddf23bc37f5c823d1c33a

                                                                                SHA1

                                                                                1c35538aa307a3e09d15519df6ace99674ae428b

                                                                                SHA256

                                                                                4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                                                                                SHA512

                                                                                807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3f8ccc79-cf01-4d8e-bc81-347ae07a3574.tmp

                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                20788210d7e429fc431901bda650b7a6

                                                                                SHA1

                                                                                ca69280fadd3e631a5fd9a52333ec886c539b6f9

                                                                                SHA256

                                                                                2442ee908f72366d8276534cd7988893a4bfe4e055f79c40a6303abcf0dc455d

                                                                                SHA512

                                                                                647e2ef8d8c408d6052694446e701cdc5d18de67e05e75c08c90c06c23bb718c707e50a40c08733f25f2d00edf73840d857192a11512ecd59c8e5c972918ca23

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                Filesize

                                                                                215KB

                                                                                MD5

                                                                                e579aca9a74ae76669750d8879e16bf3

                                                                                SHA1

                                                                                0b8f462b46ec2b2dbaa728bea79d611411bae752

                                                                                SHA256

                                                                                6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

                                                                                SHA512

                                                                                df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                                Filesize

                                                                                62KB

                                                                                MD5

                                                                                c3c0eb5e044497577bec91b5970f6d30

                                                                                SHA1

                                                                                d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                SHA256

                                                                                eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                SHA512

                                                                                83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                                Filesize

                                                                                67KB

                                                                                MD5

                                                                                fb2f02c107cee2b4f2286d528d23b94e

                                                                                SHA1

                                                                                d76d6b684b7cfbe340e61734a7c197cc672b1af3

                                                                                SHA256

                                                                                925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

                                                                                SHA512

                                                                                be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                                Filesize

                                                                                19KB

                                                                                MD5

                                                                                76a3f1e9a452564e0f8dce6c0ee111e8

                                                                                SHA1

                                                                                11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                                                SHA256

                                                                                381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                                                SHA512

                                                                                a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                                Filesize

                                                                                65KB

                                                                                MD5

                                                                                56d57bc655526551f217536f19195495

                                                                                SHA1

                                                                                28b430886d1220855a805d78dc5d6414aeee6995

                                                                                SHA256

                                                                                f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                SHA512

                                                                                7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                1051f0a217b893c1133cf36a8327be6e

                                                                                SHA1

                                                                                727906ebbf224a9b8e0d99635f76aff44e360ce0

                                                                                SHA256

                                                                                73d90f4b27091f36bf8cd045b910deaeff63283fe1141e49204ca04bea9d3f40

                                                                                SHA512

                                                                                f6f21fb155ecaacfcf89ad037c59fd46f3948e5362cf8d54eabe069cf13068e5132314a1480f7a0b9c528229d6f2e79aa9bab22ac050118a3f6e07239c957b1f

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                6d2cb741c8a218fba41fd4035320c211

                                                                                SHA1

                                                                                76c232f807e5ac014647bb9920c1f14fe5aa24e3

                                                                                SHA256

                                                                                d96308baaacf186f96af0735bae5ee6f48fa9b5b48888e948f88b86c7412b491

                                                                                SHA512

                                                                                ca69f19fa7a314ada5699b149e8d1dbc90a8a7b0d876d5e8a4fa79432b907d2e87bf02cb89f6397a467267148f9171b5fefe060867d44aaf92631602eb21805d

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                f169cfe29aa530530c9bd7d059805c9b

                                                                                SHA1

                                                                                9e3f37c3a58206e3be5a98bef365728d8eef0770

                                                                                SHA256

                                                                                16ba6dc2f99dedaaedb49cf3eb832d4107548e717c11c6a7aab2d72e5f37134f

                                                                                SHA512

                                                                                453cf1f568427d2624253a7a07737e9a3ceafe923282d703a6656f540df6a45832b23ae2240c764e4fe4a43de3a90783d50f3f85a0e31ef13639d3bc5d55c5e4

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                cc8cc99cb63257b318b2d39357da3207

                                                                                SHA1

                                                                                742502329604c323fb6b1dbaa042a5ec15193c6f

                                                                                SHA256

                                                                                4b2a48a991570e6a816f43a74d402159f243eaefc0e01161811839c03372b919

                                                                                SHA512

                                                                                f9ee5046a5b75d7ff74a23caeb15d4f01243a9476eee596f8ac94dcb44616f496b7f5216760ca7f6104e6de6793d0439a84821abca4e0e22ee40957a46ccbeb4

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                d2f6cac6c1c74aa0f5e829adf43dbdd5

                                                                                SHA1

                                                                                a4314b4e990419917d68a163e708d9b5994ae0eb

                                                                                SHA256

                                                                                36c20a52a766684db7dc96a6d46ca105e15fb6c90578cd0b49b406e5fea2c5ed

                                                                                SHA512

                                                                                d20ae49c129fa2820e8550003d8a1ac1718f3dfb4f1512e9bec6c9d9dc6b2faa4a20dd4b94943c3b6f317a0ea64759fd7096632828cbaf15bc1c65597b60faee

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                25f74b72830eeacfccebc28a7af0b382

                                                                                SHA1

                                                                                6b325f6c1cf89015b6b8ef9a0fd060bfe7017a6e

                                                                                SHA256

                                                                                1ddb2245b8decdf9c762aade87d085f8253bdee8acd89fbd1f3e5ce19361a0e0

                                                                                SHA512

                                                                                2a3e857ef70b07ab3586be1040f0b6eb7b957451c327eb453fcd27b203df863aacdb0eaf9636143b55e0dfb9a0346d7a74a983e5843dc190ac47a80a77b711cb

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                14e0bf6faaedb661f398490a2f314538

                                                                                SHA1

                                                                                1c79595b05f7766559323c1a04bd241acf85d346

                                                                                SHA256

                                                                                4aea0933e5236559e40328a0f14acc149ae55794c2dc05897c1198de965758e2

                                                                                SHA512

                                                                                dfc102f753bfe9876873f82577cee8fd7a119033eaef4e5a6aad3c77c9e321d622a4a18490b2e155e9f576bf5ddfcf4714d07086a118f4e9ba0b031af1d2f6ca

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                c565728db58fb72099be9c337ac4db83

                                                                                SHA1

                                                                                76bdce53df4c31e9d8abec8141cc3bc9d3e837cd

                                                                                SHA256

                                                                                36400aa94d57ba30adf43e13da1f4e1ca67dcdd21ab0a6c0ee6c929462df311b

                                                                                SHA512

                                                                                b4b197a0f35dea7d50f2aab6b3ef416841ff91223fc5c214396d472cdeb3450998014f550d0c228a20837787545063f49233a8229a16d487e3579143f976ccc9

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                b419598722cd86ccb4dc668debd59d81

                                                                                SHA1

                                                                                60ee0a1ff5a495bae6c76a83d97071d12b930171

                                                                                SHA256

                                                                                bff7ec0247581bd28f1f4ce500408e58303242b0a93bfd238c8ba66aacdb5336

                                                                                SHA512

                                                                                ea91f76c16aad777998bc5a5582be994d30db2c4d7f912560d33b5b63dd9d48003e86428358782728c9e5728f6d50dae987e5ffef7a1f8b2a24ff75bd200b44d

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                874B

                                                                                MD5

                                                                                c76380da25373a699e45210643d37453

                                                                                SHA1

                                                                                f92d342816d5bd52892ecea9284702912d44db44

                                                                                SHA256

                                                                                fdcf11cb3fdf9286dca701a4cd42fa17bd76957bd2ae33f84b9e87cb60c5ec6f

                                                                                SHA512

                                                                                91a99c0f362c0c5eabb09ce15684cdcd5586f0a4c9154de0fb28bab0978dc69a27abb56f4e971ea648aefaca2abccc5a7acd49abbf79c6b2718c5d49d5626b8f

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                874B

                                                                                MD5

                                                                                0446ddb7d2e9253a2ca8311418325683

                                                                                SHA1

                                                                                7a2094be2e669c7d09b3a81af2dfa2bb94948cb0

                                                                                SHA256

                                                                                74e93b58eefe6cd4492ec02952c1ed0a976790f7fcc34a4d8d50f903baf99721

                                                                                SHA512

                                                                                ec70c976524da1ef6529943a4125d8db28d0c8a5d40d3199b41991944f681244e8240bced5e40de465993a062c2111d7aa102a9696c5247be7735bea0c04a24c

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586349.TMP

                                                                                Filesize

                                                                                538B

                                                                                MD5

                                                                                ef32e3d5351a488b535df0edc142ed42

                                                                                SHA1

                                                                                e26697e96dc4d6f44bf774a22bba27d2d4dfdd61

                                                                                SHA256

                                                                                a7f0bf6fa7defbab65aedf2b111f1a89e4be568ae409d3424a4bc37d342f46a5

                                                                                SHA512

                                                                                5633939adc0371eae0c1024955eb3a357ea9ce1189eb81a201a92f9d5cc61671c3b6827408e3aa72bbd686e63bdd3bfe68df4d72d4058fe5efc0690b4596aff5

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                SHA1

                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                SHA256

                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                SHA512

                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                5988c6037576c8fc960e47f0caf7092a

                                                                                SHA1

                                                                                4f1d93cbb92b1c835ff5270a719ca340a11701ce

                                                                                SHA256

                                                                                dc43f6557b23a88abed96918c78c1382cc732aeb7ad3331c2a74a4463a03d3c6

                                                                                SHA512

                                                                                5442951fc822be4944a362cd14b2e226b4f214150c136ad29bdb89306217fddd6f5d6a4bbba709cbe161f8f9fdb4d76f63288c40d0fee4fc362c3ed66200fbf5

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                46d4523268d94cf8a9fe2ba5d3429059

                                                                                SHA1

                                                                                7b53ea4680c422f79ec271281f5db5ef15424fff

                                                                                SHA256

                                                                                83822dc809e9dfccbc35372bbd254b4c9fc35d981fdc61633c179c0961822971

                                                                                SHA512

                                                                                42521441c55d5990bb49dee3ea5078363f8abd6fef03716a0807ee203c742cdf1dc9c428768d8c8fd58bdc2d0becbd69449b4b95f1adbb425184d38c95a3ab74

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                b58b70fd8abf8c5b06376721ada358cf

                                                                                SHA1

                                                                                2638154bab670d772d410fb5b03598c4de371039

                                                                                SHA256

                                                                                c8e4a46616050d7f5a72c29372a8d46f6c9e3939a54b67bd9f38060a443b8c69

                                                                                SHA512

                                                                                07b8ad48051a4fce02039e4991cffdb5a2722c20a8dc0d2ba143a143e082e06ee10b3a5f8c645469b9cdc403bf2cd7ae715c001000bca542f512371ddf3dd05e

                                                                              • C:\Users\Admin\AppData\Local\Temp\nso7298.tmp\StdUtils.dll

                                                                                Filesize

                                                                                110KB

                                                                                MD5

                                                                                db11ab4828b429a987e7682e495c1810

                                                                                SHA1

                                                                                29c2c2069c4975c90789dc6d3677b4b650196561

                                                                                SHA256

                                                                                c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

                                                                                SHA512

                                                                                460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

                                                                              • C:\Users\Admin\AppData\Local\Temp\nso7298.tmp\System.dll

                                                                                Filesize

                                                                                22KB

                                                                                MD5

                                                                                a36fbe922ffac9cd85a845d7a813f391

                                                                                SHA1

                                                                                f656a613a723cc1b449034d73551b4fcdf0dcf1a

                                                                                SHA256

                                                                                fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

                                                                                SHA512

                                                                                1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

                                                                              • C:\Users\Admin\AppData\Local\Temp\nso7298.tmp\modern-wizard.bmp

                                                                                Filesize

                                                                                150KB

                                                                                MD5

                                                                                3614a4be6b610f1daf6c801574f161fe

                                                                                SHA1

                                                                                6edee98c0084a94caa1fe0124b4c19f42b4e7de6

                                                                                SHA256

                                                                                16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

                                                                                SHA512

                                                                                06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

                                                                              • C:\Users\Admin\AppData\Local\Temp\nso7298.tmp\nsDialogs.dll

                                                                                Filesize

                                                                                20KB

                                                                                MD5

                                                                                4e5bc4458afa770636f2806ee0a1e999

                                                                                SHA1

                                                                                76dcc64af867526f776ab9225e7f4fe076487765

                                                                                SHA256

                                                                                91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

                                                                                SHA512

                                                                                b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

                                                                              • C:\Users\Admin\AppData\Local\Temp\nso7298.tmp\nsExec.dll

                                                                                Filesize

                                                                                17KB

                                                                                MD5

                                                                                2095af18c696968208315d4328a2b7fe

                                                                                SHA1

                                                                                b1b0e70c03724b2941e92c5098cc1fc0f2b51568

                                                                                SHA256

                                                                                3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

                                                                                SHA512

                                                                                60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

                                                                              • C:\Users\Admin\AppData\Local\Temp\nso7298.tmp\nsProcess.dll

                                                                                Filesize

                                                                                15KB

                                                                                MD5

                                                                                08072dc900ca0626e8c079b2c5bcfcf3

                                                                                SHA1

                                                                                35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

                                                                                SHA256

                                                                                bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

                                                                                SHA512

                                                                                8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                f3b25701fe362ec84616a93a45ce9998

                                                                                SHA1

                                                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                SHA256

                                                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                SHA512

                                                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                fff10f368824947ae1a31d2640e0195e

                                                                                SHA1

                                                                                8549749292cbf0fc88d6e8615b4884d00ac262d5

                                                                                SHA256

                                                                                98ba4599804f96483be2522ea1c7c0a31a7a7bfd367f6f0f2b3ee1e1417841b1

                                                                                SHA512

                                                                                890a3f8143d60a4cc286ddc645de2404e4831449f6684d71d7d40036e61a59556bec88f96bd04e19cdc13c52949f33a376148ec3dad683bef528a7c44991c312

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 862368.crdownload

                                                                                Filesize

                                                                                2.3MB

                                                                                MD5

                                                                                1b54b70beef8eb240db31718e8f7eb5d

                                                                                SHA1

                                                                                da5995070737ec655824c92622333c489eb6bce4

                                                                                SHA256

                                                                                7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

                                                                                SHA512

                                                                                fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

                                                                              • \??\pipe\LOCAL\crashpad_4944_FHHBCEUQFJNMSLYE

                                                                                MD5

                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                SHA1

                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                SHA256

                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                SHA512

                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e