Analysis
-
max time kernel
97s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
03-04-2023 12:43
General
-
Target
https://discord.com/channels/@me
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 7 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 5 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 35 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.com/channels/@me1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4444 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb926746f8,0x7ffb92674708,0x7ffb926747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff787555460,0x7ff787555470,0x7ff7875554803⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,10800591645948842446,16920076455957966647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b4 0x4ac1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.bat" "1⤵
- Drops file in System32 directory
-
C:\Windows\system32\cscript.execscript x.js2⤵
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39ad055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD58b82e64a7691fb70aec48c12c37eb312
SHA196084b73e24ced2adea93695f71a62092771ce79
SHA2565e1b36f0cccb94221d862d2fe35c892d699d397a87f74f18a668a57ba7ef8d5e
SHA51236802e6043f76d717a376d762f84e89be4bf5b6675bcc662f9f768dfe6487582654333ede1f871cadaa5b5120ad5147ca81bd79b5092623d38f1fbf4037237f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
434B
MD589fe8978f15a70c82092ccfa1dcada4a
SHA1eec89677688a5b09040882ae18ff84799dab031f
SHA2566441c3793d2c949a86c163af81fce675ed674af7e8c179801e81928a38878e42
SHA5124be2f678c3adda67ec79bbb56625dc565d66cb854dacab067eb64917e8b8c5cf60f501d8f03dfa8405ebd44a83860efcdfb4bb2c343cd78b5810732e7e2e89d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63055a87-f4cc-4fb2-bb0a-a36428706a87.tmpFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD53f7fc4199ac2a19d294a9e5431813f29
SHA15dc60d93b1c19d27e0114860c36cd77a6350b0f2
SHA256d5ddfdcdc573625d6f69c42dcbed39198d614cba3f86d81b126c046839c5bcd5
SHA51294e8adf8eec532442f928dc73e29bf2a79bff4c3e948e367cdd71d25ee5dc8d745db5608789cb2ce049a061771c11828cf843c41402fcd0c7bce5ce4d0fcfed5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD535d6dccb861821c36cd71690396ce5c4
SHA1e9d38fe7c9b7ce42b18b5d6d528eb45c28594769
SHA256de88664d3e453c045ce3659223039d2ccdf346e6ebe5c37008739a46bc2e43e2
SHA5126f3b8abd125eda5a5ed75409d4d53eab2bc3c98bd01c3b4cbb65fc2e84e48daf60077047905054383ba989ef6a032a6a393b7ebc0461d5548768b3ebddf715c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD51f9915450ba9eddacb1a5261632360e4
SHA14cbdab0638415ea95fd67267f3713c5be4e37ce5
SHA256a80635fd324223f03383066f218413bf50d4f8977febc8c19c60ecae6a57d495
SHA512576c84cefe7821a0442c805b6e27051cfc1dde51cc1a5a0dc0702b5ad9c861f1599511a0af714450bf289b1ed519925ad1bb1fc653fc7718026e508ec59750a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
999B
MD5d19da45f9625cdc86a1c4ce59824738c
SHA14de3598d6d5e22a5e71e2efe2d257cbe555a0135
SHA256704e2ab88e2fd019315f3254f5b1c5ba086c020a03e01ea290919cc6ad5cb9c5
SHA51286c76b452e34ebcde25486cbec9a5260f53ebd862dc72f74035655b8a12a30705113a76d1a5de66ebfc405620937148654d0f9cc74ccdfc8166cd70341ff3ac5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5101da6518af4f99f1f4888cee7023b32
SHA152610b5b654bde342d462c5781c1124c582c0c9d
SHA256bf8c46b134fca12716ad4b70cbb1ec9da266f4be1c99f85041996ba3e8eda383
SHA5124673a28bbf523ac4cb7bc597edc5c3ce67b2d639c125d134aa82ef7871376469dc5dbde7264a8168260d1279a770883452f3e40be11ad014866f9801d31d3728
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD55af5d789012d938ad4aba10b5976bbfb
SHA1d00a92a66914be47078a0ac08603031dd7f8cc3a
SHA256d143fab0a81131fa77e806daa32576e4cd1f2abc3e2f39a5c5c7b7a381a96ccf
SHA512900ec20e1e06f5a5e882a61a47be5fe2ba40d28ff3021f32361f95499a1f0583f496ddb6956c9da4b451911cb61ea508c8bf6a5a81d231abad0b2ff3f85b0208
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d44dcf5e331adfd8d8352487a03a690e
SHA16d3366a92075e158269a5f04041cd423843572b8
SHA2568c9bb96e2bb77fc6f865a005f93f9655467db38c8b58f93ac4e5886b63c6b9b0
SHA512ae00aad3ffb329518cb14a21f79552b56085de843fe70811dde679fd6e1cf728e0f0477d1ab4e2b87e8ed4a3919d34fd116ce6357ffb598e81924df7e65926df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5fe3503ec5558909cb9547d703141965a
SHA144e3e500cbff8849446015bdbe9e4eeaa5d035f8
SHA256e9a4c515e069fc213053dd215c34cc8f6d20cd7643b42c9ccce26742cc347a8c
SHA512aa9e72c21d7e0e26192a9b4a54295b4a138daed7cdcac5c994b8a30bf5bb798b17f8760d9d9ba3bfa8cb62ff71b93ead0e6dcad01a0018fdedde5d35b159d63e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5821031fd646943094092384fc39c11a9
SHA1cf3156609ab66a6942adb785a36dbf65692b5585
SHA256fdd95228dac806efa111ba0b6c24670d1800579710b8210856d2d8fd81a0b8f1
SHA51235e4757487f2039d2b3f65f9237b10f3ccba4e4899377305c993ca5a29cf40bdb9e006f16ea48111a2417ab7b4b7b129333c24325311cd6032f933ba45c142b4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD547e94a96372e6f095b8a3fd7edc48ec0
SHA1377b68f34e5964ca8be1b1b0c1507dd7f0e5f005
SHA25615c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e
SHA5125bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c46fe3d9d81e54a992bcbaa21e0950c0
SHA1184dc2b68a787739cb536c7f5207b8ec85dafc39
SHA2561d5885503c392a23c642fca55418359e3049dd888ec955c4ccdd932f079f9a75
SHA5120b1c9354d46e10349062b32ac394897f085af95fd83854215be79377b6a4ec8c050759babba143bc7ec261a4751f70305c57ef80d552df64d4c0dd7d5d9ff222
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a374.TMPFilesize
1KB
MD53fa8f76dd4fd078f5718660f37eb3782
SHA1df66a903386be5b7ef014b4cf2aec804ae0cce89
SHA256f2413d91441f31be45c2d089ff9b9b661e914c95719f7cc34272f3ca754a632b
SHA51287c216f9fe34eb9e5812bd7bf5a380557c0253e78683332b5e10c73072bac90453de4c2c1947f3f6fb7d8404b97bf55ab997d31f80328a1847717e89b54a8aec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD549d115ea74b291d1d04b5da5d408adfb
SHA142d06ad76794c809132da59fa6762841f0192b8b
SHA256622f3d756514522c69c75d0606ab09546f80f12266218d12d611e41b264ed78d
SHA5129ba0d394dc16f9f692a8a385b70a1b9efeabb463a8cc8d617a04aef55a8a5347f6b69b582819131b6132ee072729ee396ccdf1c113394baf644fc2fec399a2f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD5f5e9fb45cbf7a2df5f482f34b018473f
SHA13e5253c935be2df093590175e274468205e7c5d5
SHA2563b44b7caf5de650f12d11b994ca79ec0d21dc4fee19ed60dcd6721248b4af6c1
SHA5125b4a060a6ec643b23f5efb5ecf874120cfa0bb8bb4e7fcf2a2a07f5de0a8157084a1763f26a48a4eacc790537c5cd301e5163764f90051232f3be0f4dfd7c1e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5a77df124b25b5b2f055e50afd24009f1
SHA1fb3e4d4d7dd8756f069f073c1ab6f5da3dd623b0
SHA25648d10fd80e495768680fb8272036277cfc8e2fd72e053f33a53c98104d400c4c
SHA5120762b241b450953b9d2571e0f63877d3a3e8476609beba24285f2b6449cace543c38e7814c9e7a1afaa7adab611da753f059fb7497041e194e7d7767ba2343cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD51fa7c2a4223493e1598a1a1610305a45
SHA1704e350b4f9cc3af4610af5a751f13a3892c5842
SHA25666d16f2232061d07a0f9c2963e89a3ad7e94df36666352e0d8a6245512054deb
SHA512fd2d142de61bc56b2d57deb71c8378f610d9926d75ac4fc9055e2fbbaee8b49029ae95280a3e0e4e08b42d744ec421635267633f64058e93ae7ed8af1102b6b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5a44aa87397b6f4549bde343ccb7fe196
SHA1dfb5d4efe5051e46af939364ac4f85b19da6ebf9
SHA25663c53a877663c72d6c57df3c7c903de7c9855c9a357d417aa726ee4867feaf33
SHA51223d6f4f1dac33c4dde77b062caeee051ad409ea277c81ffc834139f97d82bd64e055df982272b362e94eeab1827c48e332d1e1805c9a8558b65473ab805c081d
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.datFilesize
24KB
MD5753da15db91bd7c5333356546bd293ff
SHA1009640a26ceb4d44917540d2a4fade216a85a052
SHA256cca06621008e548c7c30b49c2c52bf6b5babc65c7bb4c61b0b754262f6bb3560
SHA512878cea2d7d850aa6963e64d93660d9cb1d836af442e0f170dbc5d4a547f538ce38c9bf873b4b9b1054557411f91600197a776998ae58e494d5840c20445822b1
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\86c157237af2732f6d83[1].jsFilesize
651KB
MD524f4d27ed9549aaf4d47784d6b3a46ee
SHA103ce9eac6db8c63c39ed0140fe1954134341dde8
SHA256e276a12c7f43a48c783fc43cfece89324cc0f45c0c95673f8bc3efda671fbe32
SHA5126c233bc1d7ccd06619984e646d46878f26ffe8815b240a74fefb23f4793ed7957f7d1c4af05b1646da630580e74b0b1e3f0971d200ffa662d0292f44dc3e3e01
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\ec2c34cadd4b5f4594415127380a85e6[1].icoFilesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD5690f335e316dce77624aa85b34801167
SHA165760a4504d3793630ed038e1ab8c69f7e816078
SHA256340da0feb5d76ee63138b5cea9e61ba1a63468e24dcdbf7c2736a08c853fbe18
SHA512754657a00878f7f0ebe29d66bc8d3567c639b0621d2c01940c27d4a805980f59e041f20160cbfb8952a7adef74d278f190dc231ed58b453c6173f6a68ba4cd01
-
C:\Users\Admin\Downloads\MEMZ 3.0 (1).zipFilesize
15KB
MD5230d7dcb83b67deff379a563abbbd536
SHA1dc032d6a626f57b542613fde876715765e0b1a42
SHA256a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254
SHA5127dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77
-
C:\Windows\System32\xFilesize
1KB
MD5d02c9448e8c913cbfab0313dc44c0af0
SHA17af2e750fc069c3793a84b3258fca72fcd57192e
SHA256416c2f4c07cd056c9cb3d8c5f97e35013eb98bed8d02a48ed27cdefc7af5f0f6
SHA5125ecb494c0aeebca8c5b48c9c6ee8608de777bde14e861f9d70f1ee4fcf635e87cd08e8dc142e74b2498eee5bf86e33e504d273c097cfba373835a5bdf4f3f9df
-
C:\Windows\System32\xFilesize
4KB
MD5b6873c6cbfc8482c7f0e2dcb77fb7f12
SHA1844b14037e1f90973a04593785dc88dfca517673
SHA2560a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1
SHA512f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf
-
C:\Windows\System32\z.zipFilesize
7KB
MD5cf0c19ef6909e5c1f10c8460ba9299d8
SHA1875b575c124acfc1a4a21c1e05acb9690e50b880
SHA256abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776
SHA512d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f
-
C:\Windows\system32\xFilesize
10KB
MD5fc59b7d2eb1edbb9c8cb9eb08115a98e
SHA190a6479ce14f8548df54c434c0a524e25efd9d17
SHA256a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279
SHA5123392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1
-
C:\Windows\system32\x.jsFilesize
448B
MD58eec8704d2a7bc80b95b7460c06f4854
SHA11b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210
-
C:\Windows\system32\z.zipFilesize
7KB
MD5cf0c19ef6909e5c1f10c8460ba9299d8
SHA1875b575c124acfc1a4a21c1e05acb9690e50b880
SHA256abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776
SHA512d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\LOCAL\crashpad_1340_OPAXSGLWYTRKIOZLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e