Analysis
-
max time kernel
114s -
max time network
122s -
platform
windows11-21h2_x64 -
resource
win11-20250410-en -
resource tags
arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/05/2025, 05:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://github viruses
Resource
win11-20250410-en
Errors
General
-
Target
http://github viruses
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file 2 IoCs
flow pid Process 123 4508 msedge.exe 123 4508 msedge.exe -
Executes dropped EXE 1 IoCs
pid Process 1524 000.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\I: 000.exe File opened (read-only) \??\L: 000.exe File opened (read-only) \??\Q: 000.exe File opened (read-only) \??\T: 000.exe File opened (read-only) \??\X: 000.exe File opened (read-only) \??\Y: 000.exe File opened (read-only) \??\B: 000.exe File opened (read-only) \??\H: 000.exe File opened (read-only) \??\O: 000.exe File opened (read-only) \??\P: 000.exe File opened (read-only) \??\R: 000.exe File opened (read-only) \??\S: 000.exe File opened (read-only) \??\V: 000.exe File opened (read-only) \??\G: 000.exe File opened (read-only) \??\J: 000.exe File opened (read-only) \??\M: 000.exe File opened (read-only) \??\U: 000.exe File opened (read-only) \??\W: 000.exe File opened (read-only) \??\K: 000.exe File opened (read-only) \??\N: 000.exe File opened (read-only) \??\Z: 000.exe File opened (read-only) \??\A: 000.exe File opened (read-only) \??\E: 000.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 123 raw.githubusercontent.com 121 raw.githubusercontent.com 122 raw.githubusercontent.com -
Modifies WinLogon 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" 000.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3437575798-4173230203-4015467660-1000\Control Panel\Desktop\Wallpaper 000.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\te\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ka\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\pt_BR\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\bg\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\bn\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\en_US\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\no\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\offscreendocument.html msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\zh_HK\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ko\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\fa\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\lt\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ro\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_32379290\LICENSE msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\en_GB\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ne\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\en_CA\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\pl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\es_419\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\iw\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\th\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\is\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\lv\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\sr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\uk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\id\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\af\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ml\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\fil\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\en\messages.json msedge.exe File opened for modification C:\Windows\SystemTemp msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\pt_PT\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\mr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\vi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\sv\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ta\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\zu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\page_embed_script.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\el\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\my\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\eu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ms\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\sl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\gl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\am\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\hi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\fr_CA\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\hr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ur\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\offscreendocument_main.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\hu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ja\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\ar\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\et\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\fr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\be\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_150953482\deny_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\sk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\lo\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\_locales\kk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_501464683\dasherSettingSchema.json msedge.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\000.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WMIC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WMIC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 000.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Kills process with taskkill 2 IoCs
pid Process 2184 taskkill.exe 4376 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906373411123238" msedge.exe -
Modifies registry class 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile 000.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" 000.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3437575798-4173230203-4015467660-1000\{B71E4DD6-2AFA-4EB7-AB8E-557F8C91BE1F} 000.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3437575798-4173230203-4015467660-1000\{6C7D16CE-72E1-4DCB-B58F-78B09E6CFA73} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon 000.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\000.exe:Zone.Identifier msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2184 taskkill.exe Token: SeShutdownPrivilege 1524 000.exe Token: SeCreatePagefilePrivilege 1524 000.exe Token: SeDebugPrivilege 4376 taskkill.exe Token: SeIncreaseQuotaPrivilege 1948 WMIC.exe Token: SeSecurityPrivilege 1948 WMIC.exe Token: SeTakeOwnershipPrivilege 1948 WMIC.exe Token: SeLoadDriverPrivilege 1948 WMIC.exe Token: SeSystemProfilePrivilege 1948 WMIC.exe Token: SeSystemtimePrivilege 1948 WMIC.exe Token: SeProfSingleProcessPrivilege 1948 WMIC.exe Token: SeIncBasePriorityPrivilege 1948 WMIC.exe Token: SeCreatePagefilePrivilege 1948 WMIC.exe Token: SeBackupPrivilege 1948 WMIC.exe Token: SeRestorePrivilege 1948 WMIC.exe Token: SeShutdownPrivilege 1948 WMIC.exe Token: SeDebugPrivilege 1948 WMIC.exe Token: SeSystemEnvironmentPrivilege 1948 WMIC.exe Token: SeRemoteShutdownPrivilege 1948 WMIC.exe Token: SeUndockPrivilege 1948 WMIC.exe Token: SeManageVolumePrivilege 1948 WMIC.exe Token: 33 1948 WMIC.exe Token: 34 1948 WMIC.exe Token: 35 1948 WMIC.exe Token: 36 1948 WMIC.exe Token: SeIncreaseQuotaPrivilege 1948 WMIC.exe Token: SeSecurityPrivilege 1948 WMIC.exe Token: SeTakeOwnershipPrivilege 1948 WMIC.exe Token: SeLoadDriverPrivilege 1948 WMIC.exe Token: SeSystemProfilePrivilege 1948 WMIC.exe Token: SeSystemtimePrivilege 1948 WMIC.exe Token: SeProfSingleProcessPrivilege 1948 WMIC.exe Token: SeIncBasePriorityPrivilege 1948 WMIC.exe Token: SeCreatePagefilePrivilege 1948 WMIC.exe Token: SeBackupPrivilege 1948 WMIC.exe Token: SeRestorePrivilege 1948 WMIC.exe Token: SeShutdownPrivilege 1948 WMIC.exe Token: SeDebugPrivilege 1948 WMIC.exe Token: SeSystemEnvironmentPrivilege 1948 WMIC.exe Token: SeRemoteShutdownPrivilege 1948 WMIC.exe Token: SeUndockPrivilege 1948 WMIC.exe Token: SeManageVolumePrivilege 1948 WMIC.exe Token: 33 1948 WMIC.exe Token: 34 1948 WMIC.exe Token: 35 1948 WMIC.exe Token: 36 1948 WMIC.exe Token: SeIncreaseQuotaPrivilege 5272 WMIC.exe Token: SeSecurityPrivilege 5272 WMIC.exe Token: SeTakeOwnershipPrivilege 5272 WMIC.exe Token: SeLoadDriverPrivilege 5272 WMIC.exe Token: SeSystemProfilePrivilege 5272 WMIC.exe Token: SeSystemtimePrivilege 5272 WMIC.exe Token: SeProfSingleProcessPrivilege 5272 WMIC.exe Token: SeIncBasePriorityPrivilege 5272 WMIC.exe Token: SeCreatePagefilePrivilege 5272 WMIC.exe Token: SeBackupPrivilege 5272 WMIC.exe Token: SeRestorePrivilege 5272 WMIC.exe Token: SeShutdownPrivilege 5272 WMIC.exe Token: SeDebugPrivilege 5272 WMIC.exe Token: SeSystemEnvironmentPrivilege 5272 WMIC.exe Token: SeRemoteShutdownPrivilege 5272 WMIC.exe Token: SeUndockPrivilege 5272 WMIC.exe Token: SeManageVolumePrivilege 5272 WMIC.exe Token: 33 5272 WMIC.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious use of SendNotifyMessage 4 IoCs
pid Process 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4836 msedge.exe 1524 000.exe 1524 000.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4836 wrote to memory of 5040 4836 msedge.exe 78 PID 4836 wrote to memory of 5040 4836 msedge.exe 78 PID 4836 wrote to memory of 4508 4836 msedge.exe 79 PID 4836 wrote to memory of 4508 4836 msedge.exe 79 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 6008 4836 msedge.exe 80 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81 PID 4836 wrote to memory of 2652 4836 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github viruses1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x36c,0x7fffa1fef208,0x7fffa1fef214,0x7fffa1fef2202⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1784,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:112⤵
- Downloads MZ/PE file
PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:6008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2508,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=2452 /prefetch:132⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3468,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4832,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4752,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3584,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:142⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4800,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:142⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5568,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:142⤵PID:3136
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11403⤵PID:4768
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5628,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:142⤵PID:5732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5628,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:142⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5776,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:142⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6124,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:142⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6092,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:142⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=4716,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=4692,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:5792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=4812,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3648,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:142⤵PID:6080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6216,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:142⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3760,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:142⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=2916,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5108,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5428,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:142⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6836,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:142⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6848,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7124,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7236,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:142⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=7272,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:142⤵PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6936,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:12⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3568,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:5188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6148,i,18392579456271023751,1514088994446810957,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:142⤵PID:2932
-
-
C:\Users\Admin\Downloads\000.exe"C:\Users\Admin\Downloads\000.exe"2⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies WinLogon
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1524 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""3⤵
- System Location Discovery: System Language Discovery
PID:6112 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2184
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im taskmgr.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4376
-
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' set FullName='UR NEXT'4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1948
-
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' rename 'UR NEXT'4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5272
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /f /r /t 04⤵PID:3852
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4448
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:5236
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39ca055 /state1:0x41c64e6d1⤵PID:5272
Network
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD53658d378fc8f3094018b051cb64786d9
SHA157aaabd93d3ba0bd253d2d5e24edf92becccc177
SHA256f01738dfec8ab0ced0e3cdc6dc607b26708f4aa2df7ab567a4d37d250a5b51ac
SHA512910365cbdfcb9c7cf6efd5ae9e04021c0b9cdd0f4676be47c0e00d418dc2574ac4b4fe3a04094ca8e8c5915c6986d957ed5f732131916d0558c03e66bcb897b5
-
Filesize
280B
MD527d02a9170feb143c10bced3f0c7ad50
SHA10e807524dd428900bf3c6b91190740adb8e7e660
SHA256f7b57a37dd1bf12371382fb12cd8f0ebb8cbc86323a10903d62014195e3142dc
SHA51280723887c4cd5aa3847d68d3bbbfbaa29e1858ee08bfa2c51369c31e44eee1b627a2ae8cb1f2a5ce75a5a91d7ddfe4ce8f3dcc5da818e4f2dcbc2f746bbe9589
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD5cc63ec5f8962041727f3a20d6a278329
SHA16cbeee84f8f648f6c2484e8934b189ba76eaeb81
SHA25689a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1
SHA512107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5383e2e9ea31d61c827d99c7cd29ec576
SHA14ebe6f3d3c3d8c29efa097d5534c03d86a32f501
SHA256594a59e898e32c8b118576b0f1cc3fdb0fb97a11fc36c3442184b0b13a42f3c7
SHA51299fcc2f60cc254374ca5cd1a455acfcbfbbfe9659cc5c31a4fc08925567f51bbe3cd708847c9a939edf966788b423c036cfdd3ff743b405996f28f65b64e194b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe587692.TMP
Filesize3KB
MD53dfe58561d9ecdeda0ab09bc27d14712
SHA100d9d6e88c18236df9c0e882907c676898535328
SHA256771047b57bf7a282d4555126d8da16dc02c52a97ca4ee984ed4e8b4624254c84
SHA5122ceab00e413aa6344be8dd310a7fbdaaa22a1976bc49299010e54ea7334c020573e6943aade2d6c04dc9e3cf49b36c5524af3f483c2136ca83dedfbe694de35c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
3KB
MD5af61b658b684bb206ba6435879ef4624
SHA118700976c5fe47744ec9bf2525221df66dc8a5c8
SHA2561a3a0ee6b676110dc95bd2ca9f951f48cd6af1d6d6eb62efa2a2a99f06946a9c
SHA512608d4ff78167e37d33c7ad8a4fe81989aec259fb1c743e2b9651bc416c6ea4e333d7cba343c303cf285bb6378d30dbdfd398c6ab32ef6b8e910fdf3c80acc076
-
Filesize
4KB
MD5a13f669b0131b932ac11b41c54f35fab
SHA15c517c2bbc9ef28bbe8c3fb9a8c876bae2bcb350
SHA25661d90264f5ab1687007f8cbdbc143352db832ddb7a4ebda6e983c80b97651488
SHA512bb7f7ae18602daa2813e615788c1fab745da5daa9d27cfb3e9a6453bd9f936fca666d4640f338f44fd1279b7a96f39b5a392fbc9ff4ef23c3cc24a69dab0600d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
211B
MD5d29c53ee1c23a630bf90f851b533246d
SHA100eabe43cba7afe3bf046e40feb18fbe693e6800
SHA256ee38f7ea7cb892192a28b4ea5a0a9c26cf288835d00aca3d5fc83a182600caa0
SHA5124e11c97fd04b3427998294ecc74aa56e635d23ebf579e62d68a075da9a06be5376111cc14b3358dee196639457bf8605357c840be86cb8507ba1d50e56286356
-
Filesize
211B
MD5c560bdc1b48d61afd0fd772c9370e1db
SHA1a07db6cac23776e9ebea9c185e298a501d01d353
SHA2562409c167f80cea66673168df7417101c0f1bc97a3dd4b28b5c9987820e84729c
SHA512614c14474f3aa56d1964bcc8427b29ae4059817462427425cac8f958d9d2238aa51ad5149f29b8c9b1b0e27663a301db688eb240892daf94368fedbcf01bab17
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5f03d852dcf49ab4de2fe9cbb4c83d389
SHA170dd2e30002f2a4caedd7c023886bc3de04578b3
SHA256bcff60940f6f6bc6ba04a2dfdacb61cb34dcf15900730c543a28cd1be29b788e
SHA512c40b2cc93946f02eb7cc348520a7f587c6d8add4dd88ec33a112345e4dac15a188c6361fc4eddb7bf041c7c9d113abe2d768e8c60e3473c70187876791678d10
-
Filesize
16KB
MD5ef77213a4eb9d92488a6f5331481f59d
SHA1f7a7de7b4fa7e3d8b0027dd719235041c4a4bf1b
SHA256f9feb4fc70140ef3c76e9c725ee0e00114575657a04d3da870b68802c7aff45e
SHA5124c94747b348703bb0e1f6d81563460fe3d4abb6490107586ad47d5953802637ea06d1d0300b607068fe88fa16cdb51e65c9c5540a0b7a16a9f61eadff54d7df2
-
Filesize
15KB
MD5c9bf7fbec9502608d1c5dc651b841fa3
SHA15ef02f0611b5a589159fa7603787605566c73a4c
SHA2567c35c4f3d3a0f561c83b5d3f0fd373718f8b2fa630b7a853ba06d369b72f6ef8
SHA512b93a05296a81ce0d1663f36aee69db60cd824f099ebade10c4d6d39965cced02b882b37339ec5d78860cc6440bbc6f6a4cebdd1aab8dbaa50b118437755d45f9
-
Filesize
17KB
MD5c6435ce0f34c98a2d069a689c170e6ca
SHA1063288d843b45166bc77e4d6dc22035c93baef0d
SHA25679905dae035cb9414e241ad85ba5e290bb5b2558a63fe0225aa5729db53a01f7
SHA512b531ea2e17c0184045ef8fd53a62177411a0bb4d5d543986d49f1dd524ad4dd5b15712a37267e69b77b28369678ec3d712455e1bcf31020937f7eea7c30bf376
-
Filesize
17KB
MD525e646bbb3548a53fa860f90bc8c3cbe
SHA183f576c5ced5ae3cf579213d5fcf7b792bcf892e
SHA25614bdff6488dbbc147b2fc96df8f3047a0d3df57faf6ccf5f87079ea82aed6578
SHA5120e0ebb5438efa14e96d3b5e39c7bbda674075abd27d7475bd165a673b0347659fd54518fd389cbc300bc7321848d3dd935820339d494beac32760b7c3e2369c5
-
Filesize
37KB
MD53ead2ba3e3918682c64d13ad56e7ec21
SHA1860c4613e57352f580d1e7d1c9f3f47ecdc72b83
SHA256a35ce4d0155e21b9f116df4e50311a40ff0ac064ffdd7a129533959cd92fe6a7
SHA512782aa5b5530bbd002a0d295b565a24aa21334c13e282a9b8aa6ac543d0e47761714954ba041fbb31366dbaf30f48f85beaf35468999a0279172792b22a6fb273
-
Filesize
22KB
MD5faf283a5afc8db752f9c31deb7595801
SHA17c6d4fa0997cfaa575471c36b49cdb3a565bcdb9
SHA25631459570c28845f2bebb5c767fc00d205a2beee9a7f7ea9e86b370216b40b8d4
SHA5128895d6d576550c93ba9a47c44b60154eb688ef401a24152023d96d13c34d8bdf51004a104771fdaa86f5c9dbadf3ea39cde0ebe4cf5d667430a3548ec0fc90a4
-
Filesize
23KB
MD5735294676954f3fa8b28633cde9e563e
SHA1e47273e7e4a92749bfb3d2c4825b9ad71cafb7f4
SHA25675649ced15e5a2413f974964c7f010207d64449c1fd135256e8dd5b163af423f
SHA512ad49ca1f8151b6e1cc7c2db8def6475268f8cedf1aaedc6c35bd21be3f6fa3466731f312c59b6c858e2a759c01776e5030ef742173853763a595f9b70abb1725
-
Filesize
896B
MD519e8228b61664cf8d3079607abff6265
SHA1ba36f8c132b45ffa625df57218a15f24b6fc8110
SHA256a2d024af29534ae0aee8013372357610d20090b3279837ab825a39c5ff163ae8
SHA512cfe07f031dc710de84d81a2d40576018db5c9a6c59b7d52329a16dc4bb1934082cbc35da8bf47001f59c5f4a4da2b604baa6c2b91834a404722748fe2f236d3d
-
Filesize
465B
MD50cbacf207a22cb3d6eca3eda521a222a
SHA1154668f0b23adc40a3438d87481af3fb81ab74dc
SHA2568a0077b9e9486decc328772411f28249d8b4707794b30646268de5919caab044
SHA512d8608d42e93c952b786598b3ef35f3651d6b2b9a360a93132d260bb5af8b73846945f34ca64fabfce828f387178bb50769b25ee9f18c7d22f375f525efc73e07
-
Filesize
22KB
MD53f8927c365639daa9b2c270898e3cf9d
SHA1c8da31c97c56671c910d28010f754319f1d90fa6
SHA256fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2
SHA512d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72
-
Filesize
54KB
MD5f0676a4364e0dc41cae0464bbc8716fe
SHA1943446cd076de517ccfdf2157bca8a5adac1d7ab
SHA256de659389de4a093c3ab41ebad78732a1d6e0b502656dc010babb7703e2fa890e
SHA51209d6714bb582a53b04a3f899f61f898535169e49b0758dc078094bbb4954b0bbe1fda1ab5e8951605324f9b0d414e07f97d8008bc881650ba6fda05e385f021b
-
Filesize
40KB
MD5faa18cb994d1878c8408f0453fcbb339
SHA14bbe5c1d59c0e7cb101dd94668c38398acd78b7c
SHA2562b06b9ac53384e65b910adb9ec31d4da952b1e94f45a81e3093a9a2549426009
SHA512c77d2f7b62284d08189f97102b19201e81867b1977987d0d1308041a62a6abac856e123853869bb8683cb59c521df5eab8c6f7567d4ef02af522ecc475b6202e
-
Filesize
49KB
MD5e98a0736f36b23e1eb6749a598f5fc5d
SHA185fa4c5dd691759bfdf0a676f7fd1a44f3e6d1c0
SHA256f946c7b3eb56164fa032b1d41ad8fae27d92decfef83186cf2e6956664f4a26d
SHA512cd48460704eb1384350b9b353e3331cb0a0636af2a71e660b5d299d25642525442f31eee1960778ef7f41e9a08af4b22e79a33d32c086fed3ea77d968366f627
-
Filesize
54KB
MD55265f2e888247d2ad0681a7f3ab9c83c
SHA16ccf5f1064d860694429fd0f8762209e8b06d04e
SHA256c1b1237ec485308411bd7976b685137318a75500e7235e17377a03e789cb746a
SHA51270741cc437de8de62e56d0f7874ccdb13a8c3124d6a13b6545ec7329e44ba3b50806e184a1ee1b6b8c7c760d5250fc5b0c90e07971490029ad8d1cbb9e61a956
-
Filesize
40KB
MD53a51dede339100354458a4ce67ea10fa
SHA1b20403abaea6e31fcadbaa822dfad312bca00c08
SHA256c563620c872ab8ff6af815b73400449ee44e69583c10f509e504e8d80836e910
SHA5129d91ea6930c7e6c232038c12d524556e1e9138a60dd2d6471346b4a94e97f946adf056f41e8a1777140c2dfdf548356ae0b7c53b21df696ae074a588f5fa64bb
-
Filesize
392B
MD5f19f1ba97ed4ce5f85bb5a2303d1d450
SHA1a60b47b9af9fef274901fb41db7c0193e199a775
SHA256baafdfbde6436ca8e48d70cf25ec246fefece460db2efa001c095bdc5ed4a9ac
SHA512fb876fd014ec27ed72b9824beb7567ce69455596ed9d03367c786d4dae54a22d16f926c7da5ed79082b7a15528f333b4c98d635a7eeae774e2c455793da51602
-
Filesize
392B
MD56394a8a789ad47a66df7b0a43f2a0780
SHA1b84e494586b609e8f90ce5f0a08622de67e8a45c
SHA256ee16bb41d6157d507b079e6a1e2277b961f17d6a0fda1cea26a954006f514416
SHA51206c4ba0cf3754f14b232dc04edc3be759eae7e6f4bc0c55a0e5f66db81a3005abfa88cfb5c4f5d7da094f57a5d5327cf9cfd4ef9f53495545f966c1578b5266f
-
Filesize
392B
MD59ec997793a6abcb5305cacea3f705904
SHA194cdad51f62b5842dd7be747a3aaccfa965a7e87
SHA256c4ac03d6f6497691584fa5122a6069763bb195da093c3d22dacfcefd0eb308ee
SHA5123809ca5fe9669c671e3635c20b667463901806b3ef1cadf90cf44b4e3c38413064c8bad0c3a3c9ae9a37d9fa7f1bec587d70c498940b96786c96a42840a73875
-
Filesize
392B
MD5e2bb12c3923eb0e012193be342f2b4dd
SHA16538af31e89b929d93f574456c4dc27f75439d3e
SHA256ee2b149f26f8092d8ae597bd9dbde9e4d48a94459a8ee4bd7c46c2ff7dca7a91
SHA512ce0f3c3713b7fb236a9810462b4f045cd15b0f5e10c2aa1be8d3ef3946167f466bb2cbd7ce1a19f7a7de4b027bcde976971f92f7e7691c110555bfd08cb57ba5
-
Filesize
392B
MD5b6edc895d77bd630aa2f9809760fa36b
SHA17a06b1577cecd62f9b1124b3dcbf57b1ffb885bc
SHA256279f32d73cd6074734cafa967ce2fed653c1cdb9132e31b922cc41b7c14025d6
SHA512c6fd083db30c842c0ba67026d49cf4431d21c0e18e9915898cf852816270a6104e3fb4891ff1124bc4bb7ca36b0eb1dc60f528e4724a3aaccba8c787af199e65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
Filesize153KB
MD5b0917d8e6c5b6be358bff67f84eb8336
SHA1a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451
-
Filesize
896KB
MD58dad64761b5b06be258ea5e8ca749b02
SHA10d7b1a4d93ad28670ee0b09b6e4ec1178a16cff2
SHA256d052bc7dd848c8853cf79bc1f8d61dc81f27cdb7d60554b25f73f12f2a5dc0c9
SHA51214a92a8a8200027ec580c31e74a1600fb360d52ab606fbff23b0ae2909a448fec3e26c18bc3a227ff9647a5d5f2c7049f821ec22492135c197790e16f2bc2be5
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
403B
MD56fbd6ce25307749d6e0a66ebbc0264e7
SHA1faee71e2eac4c03b96aabecde91336a6510fff60
SHA256e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA51235a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064
-
Filesize
76KB
MD59232120b6ff11d48a90069b25aa30abc
SHA197bb45f4076083fca037eee15d001fd284e53e47
SHA25670faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877
-
Filesize
396B
MD59037ebf0a18a1c17537832bc73739109
SHA11d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA25638c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA5124fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f
-
Filesize
771B
MD5a9401e260d9856d1134692759d636e92
SHA14141d3c60173741e14f36dfe41588bb2716d2867
SHA256b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA5125cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6
-
Filesize
6.7MB
MD5f2b7074e1543720a9a98fda660e02688
SHA11029492c1a12789d8af78d54adcb921e24b9e5ca
SHA2564ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
SHA51273f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff
-
Filesize
2KB
MD5a56d479405b23976f162f3a4a74e48aa
SHA1f4f433b3f56315e1d469148bdfd835469526262f
SHA25617d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
176B
MD5778202dc964e7fb0ab5bed004f33fb14
SHA1932ed013275e2c1172575885246c937c7cca87af
SHA2564474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9
SHA5129105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1