Analysis
-
max time kernel
121s -
max time network
118s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
06-12-2024 19:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/open?id=1kB_gFQbllm4pc39g1jZobs-saHT-cs7p
Resource
win11-20241007-en
General
-
Target
https://drive.google.com/open?id=1kB_gFQbllm4pc39g1jZobs-saHT-cs7p
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 120 drive.google.com 2 drive.google.com 10 drive.google.com 11 drive.google.com 119 drive.google.com -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 3 IoCs
description ioc Process File created C:\Users\Admin\Downloads\Juzgados de Ejecución De Penas y Medidas De Seguridad de Bogotá - REF CUI No. 0000CO53535573625zip.uue:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\Juzgados de Ejecución De Penas y Medidas De Seguridad de Bogotá - REF CUI No. 0000CO53535573625zip(1).uue:Zone.Identifier firefox.exe File opened for modification C:\Users\Admin\Downloads\Juzgados de Ejecución De Penas y Medidas De Seguridad de Bogotá - REF CUI No. 0000CO53535573625zip (1).uue:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1988 msedge.exe 1988 msedge.exe 3132 msedge.exe 3132 msedge.exe 4124 msedge.exe 4124 msedge.exe 1944 identity_helper.exe 1944 identity_helper.exe 1892 msedge.exe 1892 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4276 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 2972 firefox.exe Token: SeDebugPrivilege 2972 firefox.exe Token: SeDebugPrivilege 2972 firefox.exe Token: SeDebugPrivilege 2972 firefox.exe Token: SeDebugPrivilege 2972 firefox.exe Token: SeDebugPrivilege 2972 firefox.exe Token: SeDebugPrivilege 2972 firefox.exe -
Suspicious use of FindShellTrayWindow 54 IoCs
pid Process 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe 3132 msedge.exe -
Suspicious use of SetWindowsHookEx 25 IoCs
pid Process 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 4276 OpenWith.exe 2972 firefox.exe 2972 firefox.exe 2972 firefox.exe 1488 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 5728 wrote to memory of 2972 5728 firefox.exe 77 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 476 2972 firefox.exe 78 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 PID 2972 wrote to memory of 1088 2972 firefox.exe 79 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/open?id=1kB_gFQbllm4pc39g1jZobs-saHT-cs7p"1⤵
- Suspicious use of WriteProcessMemory
PID:5728 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/open?id=1kB_gFQbllm4pc39g1jZobs-saHT-cs7p2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2c77f12-317d-4de1-b031-57bc93877517} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" gpu3⤵PID:476
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2384 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {471004a6-cd55-40d4-af78-33e8a78d7d79} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" socket3⤵PID:1088
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3128 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b844a8d1-9fb1-400a-b818-8f251958d4f2} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab3⤵PID:2728
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3708 -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3592 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e54f8a2f-4dd2-4833-9dca-2ca521305853} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab3⤵PID:5256
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4632 -prefMapHandle 4624 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04e1892d-37f5-47c2-bb51-9562e29b535c} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" utility3⤵
- Checks processor information in registry
PID:1648
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5336 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65d74465-aa9b-42a8-9dcf-19d88ee33a6e} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab3⤵PID:4800
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {992fbf3b-0a32-4304-b007-1d24dc91c076} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab3⤵PID:5384
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 5 -isForBrowser -prefsHandle 5776 -prefMapHandle 5772 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcdc295f-221e-4cfe-b733-02bb454a8bc6} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab3⤵PID:4220
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6300 -childID 6 -isForBrowser -prefsHandle 6312 -prefMapHandle 6320 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {233735da-662c-440a-b842-f6c96e736073} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab3⤵PID:5368
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4276
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa9ce3cb8,0x7ffaa9ce3cc8,0x7ffaa9ce3cd82⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:2008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:5824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17972371800606703603,8751854655183797775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵PID:5900
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2684
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c03d23a8155753f5a936bd7195e475bc
SHA1cdf47f410a3ec000e84be83a3216b54331679d63
SHA2566f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca
SHA5126ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41
-
Filesize
152B
MD53d68c7edc2a288ee58e6629398bb9f7c
SHA16c1909dea9321c55cae38b8f16bd9d67822e2e51
SHA256dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b
SHA5120eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f
-
Filesize
25KB
MD5ab77c85aab42e61d0557bfe285bcafc0
SHA1ac4241859bef658513fee5ae997b08543b8029e8
SHA25632a74d447d992c99982a6c6979935c3eeffc358bcbcf7b1843ccb8021523f398
SHA51241aaeb6c514f1ec1e97e213739ee2f4cd731cfa17fc1bd2c0c2d6197eaa487ed4b57c8d359ddaabc8764db4e12d3000eb2e23f884aa5dad0962ee9e0ae1d02b2
-
Filesize
5KB
MD5220afeb0d94c56ae279761f18acfa407
SHA1dcf7f36b7e55d3a52b2ea9d720819ef98fe3173c
SHA2568ec0c0f55dbb080e92a2dc82446f95c6dbe18b58ec6e71f152d65506df0defe5
SHA512bb7787369c9a648bdf1d5c777bbaca7bb168a2e283ac05e91f2faadcfa298f01c43683225938bb1b57091d5d57fc504730aaa09ec18f8aa10cfbaec32531fc95
-
Filesize
6KB
MD52f5492f8b8cea4ec0e820f782485a39b
SHA1f965f8fe3e8c10c1555cbacfb832ae2dc9e88b83
SHA25625a419b23158731a22c6c7cf65d6cb59e991fbe5ae1a3cd81d21d0125f5edae1
SHA5122813315dffcfd702074213295041bc7498754392efe076cd43c5b5c2654d2570f802887c57f6fd58c133568e1f05194a72c9e9977f3aa50dbc414e991bfe0b3f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5fbb999ea9ef9bae27ea66d84c2429c92
SHA15b492846dd7f59257aa96dd2b0077fef6132d9e1
SHA2567da923718354a010fea7eb4de6a566a86e8181ac347457e77306adf60724e9fc
SHA5124b10b7f0db4a792860d4e0f057e5829bcc58dc5d5bc3fc8f62ef571df6e0ee96353a9c8460f1526dbc60a1098389dde6de22e070d2059e03ca4485bc23a545ad
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984
Filesize13KB
MD5b655fe40524ebbec74cda094ba7e288b
SHA18cd5d8cb98e9191ff8f999292309811c034c20f0
SHA25622638a22bc9336f05225503541c53a00fb4d154c7035eff959496f43c8edd2f0
SHA5120a8fdd0e2a69dc5225e1fc9bf05e991615448cad20abc91bd16b1bb9f39ce4ea0ff0a2f7f8ebecdb7b2bb3fcef6c4bdb1f3ab7f5de5cbdc8dc0582c2ab9af70f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
Filesize9KB
MD588041ba3accc365729915679c17053a1
SHA16524b4462d94d10ef59b59ecdeeeccc0a6f144c3
SHA256302861a49768130ac00995e091b203ed1524620d934a751a027e287aab5e5e8f
SHA512f05c209ec0c506a7b95b5efd715f93e54405c0db8607e4ac8fa1b97b8cdff7c4787be718a2fe38879613034edd7081e60eb59d531a0541e4e601e4d1520a15f8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin
Filesize28KB
MD508452056ae7f430a308eda5712809888
SHA10611ae83f9f4032430218860b4cb381ec8aab75d
SHA256e14b9e420092652a313cb92c6753240a9da1bfd57496f8ddaa37215874eccc8a
SHA512095daf222b9f4495342902b41a4aa067e6b970858a70ad3d5810ab6f97d404d754e33975714dfadfedfd8d3c24cdfc8000bddd86c414691e4ce5624278545972
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin
Filesize7KB
MD5cb3cd91ef58252cef75fbb7fbda078bb
SHA1656ede4c5f986e08886e35d3b34dffd035757130
SHA256d8591eb66839f83c8b54e4e0673eca0a2b68c366006c8bd6a7b7f8010d32b65e
SHA512a0936e9bbb5a8bf44012a42707fba3863bd4cdb95fccdf329fddf2c23c203e1f25cebc7bc7e562b375bf86bd1ba9c2550650b6e1f53c38e4be34347b9f08341d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin
Filesize13KB
MD56b71008a0f44b5645b0dc340425580b9
SHA1857b1bcb2224c654cf12b6a1a642d1b57a586f6a
SHA256b3479c5b746d4023d8653faa5f6cb48377db10ca901617d8bbf4a6eb370e5957
SHA5127b2e78da8512e144a6b49b970e0275cf72120866253b763a3583f08c2e447e6eb4f9aeb71e4b316b4cfd060dc672f8c0d36b38b2199cf4c1fcc4db508730b109
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin
Filesize6KB
MD52e682f7a7190332fe357d35ca1aeb100
SHA1a2c59c889be1a76fc433beae178247c30d8bb624
SHA256395f3075d1c85126e707bae20fffb9e1d8103a024aeab97461f97f786e331542
SHA512ebdcc434b7d486d482da4a238424ec2947eed8e117e225b32ee786f1e2ee31bfd0bf14c08fb62e8dd61d42737a7a0f65e26706d8450e09ec88870e0e40a892fd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin
Filesize17KB
MD5703bc96ad993e7f78ae595749579904b
SHA10c40352f112adeefce508c39ad0ac93a6dd0f0a0
SHA256d9ad6add0df870e2cd3cade0e9cf3b02226229d538adbb69806c74616e4fbba2
SHA5129ffe248eba30fb1345d4a7e13841ea8b2ea1139cdea68800bc7a214cd1cb474a26112793707f76d17f00f33c1f5801e1a0ea6cef1bbe8865715b0770b9738736
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin
Filesize23KB
MD52ce2168ac28b35ad156de6d5b9460b76
SHA1948a1389e10de724410c59ee28da63d1901bde7d
SHA25640344ecb87eb788a51e9e3b9e2b36b92d9468a1ef5929d4f88a0e62c069ffe3e
SHA51242aa7247794579a6a7d7d7679d2194556ee43a87f3a2a5e9cf0976882fd804866b130d466f47162ecb433596d9b8df0d0d1d102cfb5f976f54f875b8b19da642
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5a9cbe54b9b8cca6a4ce4866fc64df0d9
SHA1c56526382ebae2d04068140049abe65e05386247
SHA256429cab5ecdf847e31bbcf264b077c831ec763208bcb7ebc7c0cbd96417ec36b7
SHA512bea92030b9f9224f2b0c6aae69e4925524d1045d4e6520c5ec4f8ec633466f44b8427878f3d3f314d5ae41b27f49b781d30c4cac4330adbd36fe3e66fcfdb1f9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp
Filesize15KB
MD54a967f7b220d3d10d0d99d80aa9e7120
SHA14b872484cc8ff06afd426c22a329281deb258fd9
SHA256f9308997a796316a0ecbc20a80ae179dea180acbd235cdaff454a104dc2f94a7
SHA512510a8df4f3c57196bf3c368a8d4ac76c4ebb953dc656292c8e931cc316dc95188e58ec348ca2efe1aa62eb0c65a4a100924428e3942e2162804463225745d508
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5bca63eb3ad7e6cd52ae599747a6daa18
SHA13e45796e26438c619ab2eefd3e7916fb03076d99
SHA2565373433b6ae695938477c08ccedf62ac3d631e7c0c2e92f214379272538c9cf2
SHA5122c06f82134099bf6524544cedeef69764f96a1c6efb02216b4bfd9d80b077960944c1ed2720e02a79bfd27d3c4eb4363cc85e7eeabb4fc7a35fcda6b33bd75cc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\35aadb10-e138-4827-b8cd-43a4fcd54c9b
Filesize982B
MD5411bec4cc421344d3335dcceec1e360f
SHA1db175704cf7c716a9885f72881e2754e4b38c19c
SHA2567b6303275057a311a9c4e65597f808d023a0bf7ee1c77c03096ee985e2705d06
SHA512065397b8615b4ef8cac6b3778103a1f0b5b6e36e24240a9b4ab4778f29e652078143c7fcccc8b505e52d03ef29800b8f56730d8aba7de247ee34bcc9fb34f6cf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\6ebab90a-e107-44e0-9666-4bd5ab26c036
Filesize671B
MD5ab67c9f329a7f136d34b6b7188fe5c74
SHA147e0301ac36a16e08a4751ea46068d857586c3b2
SHA25697a5d6f1607288b9781b77a18c36ca57c604d7663b8432aea436d9d572674ff9
SHA512244614b2a21d5b7d8ad995a524437b813db99a0ff4f304fe02cbfe9f8cc04ecec813238136efcfcd418f1a6c55307e94fbae05538972d725124de4357d93b7ca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\d957c1c3-ce32-4edb-9935-969e7250e6bf
Filesize24KB
MD58bf07a5b45874034baa8fec9d4d48f34
SHA1336bf882e8b6fb9a67092524047d9af483fc9686
SHA2562bfdfc8ee311002ed73a7238dc48c996feffd9e69900b5d0a03fc99ad9302773
SHA5126e23670e4ba464e57b7e55cf51a1dc82080cc63d0163ddd359adc3ade78fdb818690020c57cbd9f3f29a3174bb58c1ccae183829ed253bfccd59f309e8d3b5b9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
15KB
MD5d9771dda51a42ddf85f529ac4ca95d21
SHA11bfd96265cf3b9b10f670e49b02afe425b2a58cb
SHA25620c83c523eb02c3d2263eb0616232c38e978cb67ca1ba3d1e3d1bb4f13d68b4e
SHA5124c81804c1548ff9b29b3293e5046f47553286941f063e6f56a2fee1b5c4a9ca01a406e9630890f09765a05dd60e9880a6d235dd37b8240279bce8008535a647b
-
Filesize
11KB
MD50955ed2170372751801e8ae72d934e4d
SHA1dfbb39c2d75c531d90adc3fe2e920ded15298216
SHA25632e89a6cf541bcca82248c7d17b55fc860c311e73a020d11117fe2d2ea8c1de7
SHA512e2c35c24664f5e17125fb37021d62316dd4e262351e20b9fe60859294b045a6de3d7a6e367c8e751a43bceaed4c2a7329d815da548fb0720b964a7c5cdaf96a4
-
Filesize
15KB
MD59e6d0f7077f1edcc55665086e8538ee1
SHA190f7ceed5063c9d462726ac8d3d10306bf04396c
SHA25649e1700b47d333083d0ff65a2e1bbdd762fd369425667ac3e243480b04c66d07
SHA5120feedf4a6dc2f76e9e2cdab6e8c9653a71c223036fc0bf5247da82e571d37fe0b4ce34675e55b9ec75a1666a24964e66488a28634ac3838452128ed746d4c710
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4
Filesize2KB
MD52accd5877c451a7b3b5d4907873471ea
SHA1bec823257e4d8917e3bbdc292bf1ba6585386eec
SHA256f6cf07f56e20c596e0665fb781a48a98206660b50e31888d08aa5d390ffea7ba
SHA512bc6235b1fdf307a567d722d7c8c6dfdb2dce42df4e9bfdd58fc804c1163c121a40a773bcf5c90a9ba2231d6d8bc2950b5fd85d22490f3daa56a3a3fa3d371835
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4
Filesize2KB
MD5abbe0073d98a4ab14f90da4f97ab2f5a
SHA1754fa407a98b92f179b58935826aa75c585fac90
SHA256401730a71408714c94c0110724cd3b723358e58f6237dd2e05a92b1e019967c9
SHA512908151b0a98678b05cff59b5e713480033222f4799fcd87a34b2a2ea002f5cecf3817ae59ec9e9638f790fd8b277572d9832e05da1ced684c2a775b74210d08c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4
Filesize2KB
MD5191dba450008212242f0cd9dc9ad4fdb
SHA12799c54e6f6c6c3004c87200c24a8c2cbda057da
SHA256fc1fe53cbeb1e1ac9184b54340f157e4865a66fea68f274e1cab6a50937fe394
SHA512bd7aebb026c4bc7d65a99c8932622e72735f4e47dfb11d73b12cbe90d24cedf3b58d38e1cab3f8a36ed4089a45ad8a9f82794ad7c49a87b13814fd3098905315
-
C:\Users\Admin\Downloads\Juzgados de Ejecución De Penas y Medidas De Seguridad de Bogotá - REF CUI No. 0000CO53535573625zip (1).uue:Zone.Identifier
Filesize173B
MD5b97a856deb7a731d0037eb14d2589a62
SHA1a086fcea7fdd639b999b2f15a4e1887500743b38
SHA2565651e9fd596fa08d4cb43a5c8616c58611bf06b3c6c3d9051cd61ced90a11b6f
SHA512b9f55191cd5878abfa063dd2fd2804bfc8090e66966b87ceb5a92b205814466148aa419aa5cc2c70dd0c21fa44599c8d613d9096cb23b40d623b525ac22abc23
-
Filesize
930B
MD5a1f55cc4f37941d17a7de22ea96b1f1a
SHA1295f40ba27766f1e36b8f7ee249f118ddd6c6131
SHA256cb523de92856884965f57e632f76d34f911ae61e4d44808cc7c1ee77e4613d76
SHA512d49fa583d11ab9220577ceec866131e5f611a6df678f910dade6cf7583dca8c62dfefc59da7d04e8195705d2a9ed51ada11812d5aa692e9412c93b5566d3c924