Resubmissions

11-06-2024 15:17

240611-spg8js1fng 8

11-06-2024 15:14

240611-smrzza1fjf 6

11-06-2024 15:12

240611-slkt9s1eqb 1

Analysis

  • max time kernel
    197s
  • max time network
    197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 15:17

Errors

Reason
Machine shutdown

General

  • Target

    https://browser.lol/

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://browser.lol/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4a9aab58,0x7ffa4a9aab68,0x7ffa4a9aab78
      2⤵
        PID:3948
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:2
        2⤵
          PID:3608
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
          2⤵
            PID:2740
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
            2⤵
              PID:2624
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:1
              2⤵
                PID:2052
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:1
                2⤵
                  PID:2776
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:1
                  2⤵
                    PID:1504
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4644 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:1
                    2⤵
                      PID:2520
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                      2⤵
                        PID:4328
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                        2⤵
                          PID:2264
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2488 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:1
                          2⤵
                            PID:4356
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4364 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:1
                            2⤵
                              PID:3720
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                              2⤵
                                PID:2072
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5128 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                                2⤵
                                  PID:2264
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                                  2⤵
                                    PID:3160
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                                    2⤵
                                      PID:4392
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4988 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                                      2⤵
                                        PID:816
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                                        2⤵
                                          PID:3652
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:8
                                          2⤵
                                            PID:3384
                                          • C:\Users\Admin\Downloads\MEMZ.exe
                                            "C:\Users\Admin\Downloads\MEMZ.exe"
                                            2⤵
                                            • Checks computer location settings
                                            • Executes dropped EXE
                                            PID:752
                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:920
                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:640
                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:2020
                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3428
                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:4616
                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                              "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                              3⤵
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • Writes to the Master Boot Record (MBR)
                                              PID:2636
                                              • C:\Windows\SysWOW64\notepad.exe
                                                "C:\Windows\System32\notepad.exe" \note.txt
                                                4⤵
                                                  PID:2744
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
                                                  4⤵
                                                  • Enumerates system info in registry
                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:652
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa37d946f8,0x7ffa37d94708,0x7ffa37d94718
                                                    5⤵
                                                      PID:3084
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
                                                      5⤵
                                                        PID:1448
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
                                                        5⤵
                                                          PID:2836
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
                                                          5⤵
                                                            PID:2460
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                                                            5⤵
                                                              PID:4348
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                                              5⤵
                                                                PID:2136
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                                                5⤵
                                                                  PID:5372
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
                                                                  5⤵
                                                                    PID:5608
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12179739401132972363,16043571378502765042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
                                                                    5⤵
                                                                      PID:5764
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
                                                                    4⤵
                                                                    • Enumerates system info in registry
                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                    • Suspicious use of FindShellTrayWindow
                                                                    • Suspicious use of SendNotifyMessage
                                                                    PID:5556
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa37d946f8,0x7ffa37d94708,0x7ffa37d94718
                                                                      5⤵
                                                                        PID:5520
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
                                                                        5⤵
                                                                          PID:5832
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
                                                                          5⤵
                                                                            PID:5796
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
                                                                            5⤵
                                                                              PID:752
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                                                                              5⤵
                                                                                PID:220
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
                                                                                5⤵
                                                                                  PID:2140
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                                                                                  5⤵
                                                                                    PID:5980
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 /prefetch:8
                                                                                    5⤵
                                                                                      PID:6472
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 /prefetch:8
                                                                                      5⤵
                                                                                        PID:6480
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                                                                                        5⤵
                                                                                          PID:6996
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                                                                                          5⤵
                                                                                            PID:7004
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                                                                                            5⤵
                                                                                              PID:7156
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8510346424585182081,1315731730523428757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                                                                                              5⤵
                                                                                                PID:7164
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
                                                                                              4⤵
                                                                                              • Enumerates system info in registry
                                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                              PID:6980
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa37d946f8,0x7ffa37d94708,0x7ffa37d94718
                                                                                                5⤵
                                                                                                  PID:5208
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,4988404376017931161,13735070990890523098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
                                                                                                  5⤵
                                                                                                    PID:4308
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,4988404376017931161,13735070990890523098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
                                                                                                    5⤵
                                                                                                      PID:6220
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,4988404376017931161,13735070990890523098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
                                                                                                      5⤵
                                                                                                        PID:6244
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4988404376017931161,13735070990890523098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
                                                                                                        5⤵
                                                                                                          PID:5260
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4988404376017931161,13735070990890523098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                                                                                                          5⤵
                                                                                                            PID:5392
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4988404376017931161,13735070990890523098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
                                                                                                            5⤵
                                                                                                              PID:6460
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 --field-trial-handle=2068,i,11691769757887665398,16277548000847999632,131072 /prefetch:2
                                                                                                        2⤵
                                                                                                          PID:5116
                                                                                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                        1⤵
                                                                                                          PID:376
                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                          1⤵
                                                                                                            PID:212
                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                            1⤵
                                                                                                              PID:3456
                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                              1⤵
                                                                                                                PID:6076
                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                1⤵
                                                                                                                  PID:1852
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc2b31a07h2d97h4731h9a4fh581ba0855ddc
                                                                                                                  1⤵
                                                                                                                    PID:5784
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa37d946f8,0x7ffa37d94708,0x7ffa37d94718
                                                                                                                      2⤵
                                                                                                                        PID:4084
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13863873616370344479,6378653058219401453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
                                                                                                                        2⤵
                                                                                                                          PID:5284
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13863873616370344479,6378653058219401453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
                                                                                                                          2⤵
                                                                                                                            PID:6168
                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                          1⤵
                                                                                                                            PID:5404
                                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                            1⤵
                                                                                                                              PID:3544
                                                                                                                            • C:\Windows\system32\LogonUI.exe
                                                                                                                              "LogonUI.exe" /flags:0x4 /state0:0xa397c055 /state1:0x41c64e6d
                                                                                                                              1⤵
                                                                                                                              • Modifies data under HKEY_USERS
                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                              PID:6152

                                                                                                                            Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

                                                                                                                              Filesize

                                                                                                                              202KB

                                                                                                                              MD5

                                                                                                                              6a16cbefd2e29c459297b7ccc8d366ad

                                                                                                                              SHA1

                                                                                                                              40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

                                                                                                                              SHA256

                                                                                                                              9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

                                                                                                                              SHA512

                                                                                                                              6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              1db4dd3e5db5c4f79f5ab142ab1e95a3

                                                                                                                              SHA1

                                                                                                                              b4fec58535788ef523884fbe9f71461070973a98

                                                                                                                              SHA256

                                                                                                                              38dcd65c74ed25d997b475d62b3bd890e7653f97a1c28ccacab90f1ea38f7a29

                                                                                                                              SHA512

                                                                                                                              769812e58a7ef2dd9c1da17a3e572b10134427f2711db301d7ad941769ee421579d5d99c2cc8117f9c0d830357affe23f1cd9735515eb0b249f20f562fdb75f4

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              864B

                                                                                                                              MD5

                                                                                                                              cc2eb37aa0fb294a3c720f12cb6f7cc6

                                                                                                                              SHA1

                                                                                                                              f6632307552dafaae71e77cd0cbb082d25039d04

                                                                                                                              SHA256

                                                                                                                              327c6a03b522a1df1c274d5cabcc91af306dbe77d76cc10a44f8f6360927abab

                                                                                                                              SHA512

                                                                                                                              10d131ce398ccf2435d39c72f684ca51d0dd6f08dc3fe277b19f0839d27c5373f45919ea5e519e5ab30bf4a0ac34a7a036dbbd7f0c91f8bf2d0e41e106abff54

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              864B

                                                                                                                              MD5

                                                                                                                              4c2ff9348f5516cd78092e07a8b6006a

                                                                                                                              SHA1

                                                                                                                              b4223c6bb911ccff8a825fc0db3ef94c97e6ad8b

                                                                                                                              SHA256

                                                                                                                              5ed090480d1856ed78edc31443805e289f36a51351d6ca6111a86eef5e6a6dd9

                                                                                                                              SHA512

                                                                                                                              138261906b158c75cecec19123d8d42c3430db8730e24013166d3f6f5f43af7df0ea0b84dbd02b5ccdc156d3ce85b56a6ac2c6a998ab0edf0f4a5eabb0e7469c

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              265521b77440fb197d2edb27fa24e493

                                                                                                                              SHA1

                                                                                                                              22b68e39274275abf4f579a21f275ebc7387aa97

                                                                                                                              SHA256

                                                                                                                              47bf40030b4f81dae52c0b1493303c227250377ead3189093396f12b5e74466b

                                                                                                                              SHA512

                                                                                                                              a49e4ac1b9078eac80c82955b25f416ee070db456f2e09a14bb9a8a46dae10fdc42ae6f97f518a65a929d7b1a4b095566695b8557736a6e2056daf474dd7adda

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              5KB

                                                                                                                              MD5

                                                                                                                              9172ab7ebb2caf389db256946d3797cd

                                                                                                                              SHA1

                                                                                                                              2a7a81eea40b3ae43cdc3a57868b57ae211c336d

                                                                                                                              SHA256

                                                                                                                              32817c3bdc372c919a6f9aa4849d8295c4d5f0f3f29807c99f949e2b08b2c433

                                                                                                                              SHA512

                                                                                                                              6a245f6c1d6909c682cf0ca3db174481a3df3c2b1ca03ace4ecd03652e95104f91154aa042dbacfe9b6587d058e14e5a865d447727509b42ddd619793d62a26a

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                              Filesize

                                                                                                                              2B

                                                                                                                              MD5

                                                                                                                              d751713988987e9331980363e24189ce

                                                                                                                              SHA1

                                                                                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                              SHA256

                                                                                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                              SHA512

                                                                                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              0ed79e4fff215ce1d315e4e92f87a159

                                                                                                                              SHA1

                                                                                                                              af1da2647ef8aa51bc7056b50a9c923f2a7a0b31

                                                                                                                              SHA256

                                                                                                                              29138f58562673154e9ae34dbd7a1de5ad430a8bc5f4d868bbaf2f5170dbb3bd

                                                                                                                              SHA512

                                                                                                                              fe08e4c0fc6bb43b569d157b18bc12114bace5fcb8f11b9a974ad8057a01e9f4ed65105e5aa78178a228effdf43185f7d180b2c3d388302980d035ff5d1c6e6e

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              6c1dbe5a20c36023fef74d43223308ca

                                                                                                                              SHA1

                                                                                                                              503fcecdc3f84ddbbfc223ad75fd90877e4ccbf1

                                                                                                                              SHA256

                                                                                                                              f56c61ce0c0d30b3059e27d51967c0698029ad7a363c594ae4d7819e70140c7b

                                                                                                                              SHA512

                                                                                                                              5bb08f96f0c9f41a192e036494ca93d5195fec63737da670356fef313a05429f771df217019b5ba616da60898d6b59a4e7e94f22a5c274d174aaa7e7080a88e1

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              4c0e468aef48ae229703cc5089a79ba6

                                                                                                                              SHA1

                                                                                                                              cb33e6ea9124b947813411f5d3d4377a445e24a1

                                                                                                                              SHA256

                                                                                                                              ed2e53314f3bf47330f64565a7f15aa51a5f0c6010d154382890a00b379c0404

                                                                                                                              SHA512

                                                                                                                              4efce89518be9d2e1023cf4710da85bb9fee92e7fbe4bcaa55f14a4819670da63f3e2895e3aaa4ec93c41ce3c8fdbfc6365dc9d2cb8b134bc28e46c6d43eb9c1

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              b3f556e6ff1bc01d11ec5af88ed86f93

                                                                                                                              SHA1

                                                                                                                              0f0ce65131d15022b0ec9c27f291e940d4b02930

                                                                                                                              SHA256

                                                                                                                              0ee5a10c20ed651bab0ab0a98b3d32272625a4ec739ecc63ecea3f51084d5b64

                                                                                                                              SHA512

                                                                                                                              9dc643ce69b709dfd8ca8ca7e5f08d66a6f85df155b04cee56a52e41cc53121e35c2f804e9e81b649cf100ed62fbcd84db4d95d921641b8e6ca54c09adffd079

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              3e1b3a35d51f2903cf3079ce6421a47a

                                                                                                                              SHA1

                                                                                                                              1584df0d96b5b9f4a4634ceb5b253b919af118a0

                                                                                                                              SHA256

                                                                                                                              49ed2884f8796d835e5fb261168f5740872d5d32ddf7ed1d69e233479f074b88

                                                                                                                              SHA512

                                                                                                                              d2178c5ca759d13fac1167c040ab285be6c36058c3f02354ebe82c22aa660b5a5bfd5c7d585b4d779ac31fdcab00a1ed51852f88b3a20b5dc147a0b4771d8280

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              436e35d5318b766004c992ec0f73ee94

                                                                                                                              SHA1

                                                                                                                              177041949a82611efd966e4d732c1131a1c352b1

                                                                                                                              SHA256

                                                                                                                              23cbfcfabb91b8edfa96b364e3c4389655e4c3b993a4e286e92a3c2c2ffd0b5e

                                                                                                                              SHA512

                                                                                                                              8bc126d79c235868ef6cea7c899d6961dd4b8cccfc8b6f1a8fb30ce5b11f5e8e097d29e8ed7fe1ec64c606430ced56749bc8cb8fa8d60254de4a781a1efd7b1d

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              8KB

                                                                                                                              MD5

                                                                                                                              aea1eaf877cf223852994ae079c6e368

                                                                                                                              SHA1

                                                                                                                              f4398e21d555ae18245957b93ae965e76c00c330

                                                                                                                              SHA256

                                                                                                                              7dc5f1450b8bf89740cd9cc3ab972fbf72d1adf1048bb8aeb96635adecb6ad9a

                                                                                                                              SHA512

                                                                                                                              2e6790f9574c412696cbddcacdebffe287d6098f5c556957db507f61b3b5ec741b6418e6afa52a260a57c6dd1adf56be69cb547d4afe1fee5e13500022c790ab

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              8KB

                                                                                                                              MD5

                                                                                                                              cf3a19de1900f5c53496392c9e0b3282

                                                                                                                              SHA1

                                                                                                                              cdf40563cfdec023139aa564b5e52809faafca33

                                                                                                                              SHA256

                                                                                                                              29e5c53d88c9f1e7f127e0d70ca14bc3680a530be4417215ae739e18e5276c98

                                                                                                                              SHA512

                                                                                                                              08a954dbb9b9d6916a8d3cc39424727cc780244c96a7c573986fd180bb4d07c6facb1b5537554d846ccca10c3a85bff0268652c788209420bbf69141a75ecfa8

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              8KB

                                                                                                                              MD5

                                                                                                                              1f4d4ef70161277f9ab9c65a56f0971e

                                                                                                                              SHA1

                                                                                                                              a753e9cf369efe74c94b30642eb53812e7a14c1f

                                                                                                                              SHA256

                                                                                                                              854a658ff0e92f4b6befe30025041fc977ab6b1a8f03087cd4cb0e314f6a962d

                                                                                                                              SHA512

                                                                                                                              f51eaad52e3ccd1c8291f7912c4402fbb685fd8617e209785a4440fe1dfb457e5a943044643e7ed739d86a483f49e0f2cc1ba0a3c535634d151fd8e69faab6b3

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              613bc0cddd4049689e91675e9962de1f

                                                                                                                              SHA1

                                                                                                                              d79e10dbe25dbbb20bd0f435e1c9ee1f1fd16e2e

                                                                                                                              SHA256

                                                                                                                              e59ba6d05ebb861d6a40a1b4ffb43a3b4b32cc37329e422d3db4ec2bcb04510f

                                                                                                                              SHA512

                                                                                                                              cb276f19c35d56316625fb4cf7b1951663ed07a27bd351f01bd6637dff9e6142c41a21b20dcbb00345743e05d6f9bcd2921160a29ed9ef10b733a0a6217b92e4

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              130KB

                                                                                                                              MD5

                                                                                                                              725f43662642e9f7f2faffe11f32076b

                                                                                                                              SHA1

                                                                                                                              9d419d37ec93add25ab13a913c636bce0d60eb6e

                                                                                                                              SHA256

                                                                                                                              9db5eea2cec8e41c4dc745d4954e4af2051c900690e2d3aa4c21f4503d893c25

                                                                                                                              SHA512

                                                                                                                              6ca9ad3cb3c14de89ce61d810d0102d21d0d7cf7c0f52a2985f0cadefb59820ba4ef2239d9cc5734bf76182ef09fa56e554328ff1de821387f56054cc083d8d1

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              130KB

                                                                                                                              MD5

                                                                                                                              7b2fc414239970d9c279abff1382e641

                                                                                                                              SHA1

                                                                                                                              dbb130b36ce409be034b9b783934ba449747db4f

                                                                                                                              SHA256

                                                                                                                              3811d59fb1bfd75e633212d24796ac580f2ef863b6310485ca59857eb01c85d5

                                                                                                                              SHA512

                                                                                                                              01b4a5273cf517f27d5c1f348d18e3c682ca647e049cf479f37649c4b80772b32863a7615f1fbd716706f8188fb2eda8626d767c6d2b8e177c945ef9e2b423ed

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                              Filesize

                                                                                                                              104KB

                                                                                                                              MD5

                                                                                                                              bc92600a9d99b72c145b26d9fe5c1274

                                                                                                                              SHA1

                                                                                                                              6d7ad3c3aa7e4cdaa063ae7ae72524d955865dce

                                                                                                                              SHA256

                                                                                                                              477eb9dcb407b4d810e8cf2f18a1401a4f58c36c8fa001c957e294148a9398f8

                                                                                                                              SHA512

                                                                                                                              37d38aedbf796343274ebe83d31168a257ccf53d7f3656fe42209071edcf51be979057a2109922f71e516dc02554018913eb8f94cb0ae5b941ced2fbbdd30320

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fd37.TMP

                                                                                                                              Filesize

                                                                                                                              91KB

                                                                                                                              MD5

                                                                                                                              2239b1ec9d0ae133ca483ac54d28b5ec

                                                                                                                              SHA1

                                                                                                                              90bfd6101ec4b0d654c42c00a211e275d669e410

                                                                                                                              SHA256

                                                                                                                              887abc024cb6b7d55921ee11e7e4e9a245b6dd1755453ce77caf8c99f5b050a9

                                                                                                                              SHA512

                                                                                                                              4afdfe3fc6e2d84d3117e5bffe26ad95e0053792de2e56741cdf9b96a4f1a42d630d176dda7797275a46fefa498339ba24e5bfd7322c3e2f5c3e98141c58ff1c

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                              Filesize

                                                                                                                              152B

                                                                                                                              MD5

                                                                                                                              71d968645d912628330bee6f977370eb

                                                                                                                              SHA1

                                                                                                                              8ddd5e781a1e6a8c95fa3559e8aaa282270ca85a

                                                                                                                              SHA256

                                                                                                                              ad07129b4b39b2f664c84853dba16ef95dce8f46102eaa6cdcecd1efd1119757

                                                                                                                              SHA512

                                                                                                                              cbd6bd7f4498b8b109e5fbf0201d20aeb726f97e3f747414e0a2d1946909da73754404896eecaeb886871a65fbd95b49e6b6e0553e5bb2145783977c7ef8fa74

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                              Filesize

                                                                                                                              152B

                                                                                                                              MD5

                                                                                                                              ea98e583ad99df195d29aa066204ab56

                                                                                                                              SHA1

                                                                                                                              f89398664af0179641aa0138b337097b617cb2db

                                                                                                                              SHA256

                                                                                                                              a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

                                                                                                                              SHA512

                                                                                                                              e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                              Filesize

                                                                                                                              152B

                                                                                                                              MD5

                                                                                                                              4f7152bc5a1a715ef481e37d1c791959

                                                                                                                              SHA1

                                                                                                                              c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

                                                                                                                              SHA256

                                                                                                                              704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

                                                                                                                              SHA512

                                                                                                                              2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                              Filesize

                                                                                                                              152B

                                                                                                                              MD5

                                                                                                                              8287f3138f3b12243cd985468d5e9c9e

                                                                                                                              SHA1

                                                                                                                              cdc96bb898078531a724673a4ecc3e46f7ad82ca

                                                                                                                              SHA256

                                                                                                                              0678ace14c39e8b2562ebafae1710644308a961c757c7862114fbb2bfb39383e

                                                                                                                              SHA512

                                                                                                                              5c570d5ea9473e0f2ca2909473b60df0a6433d56c7aa143cff6879fe86143fddf03ff74c3ab997c32ae6872563f11440dec8f7cf55d5122e031dce64188fd0db

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                              Filesize

                                                                                                                              152B

                                                                                                                              MD5

                                                                                                                              a110c551b09a6093d0700e4faad46fcf

                                                                                                                              SHA1

                                                                                                                              c6c8bb93945dee02b8cbb57cd69b430cfb41289b

                                                                                                                              SHA256

                                                                                                                              9e6713ce7eb9fd0dd8abf440e7b8a3c1ace63fc74630faa32554520391a89aa9

                                                                                                                              SHA512

                                                                                                                              0b7a75399edaaf9d34a313a82d5c1bbbdc66b6849a9a3ea276803e9beaa0c4a375096d9336db516eaa77af370c61c95753ba04ed3ed8e280cce5eeae9ecd7559

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\08ed47b6-8cee-4b41-b735-b5bc1f95c68f.tmp

                                                                                                                              Filesize

                                                                                                                              1B

                                                                                                                              MD5

                                                                                                                              5058f1af8388633f609cadb75a75dc9d

                                                                                                                              SHA1

                                                                                                                              3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                              SHA256

                                                                                                                              cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                              SHA512

                                                                                                                              0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                                                              Filesize

                                                                                                                              68KB

                                                                                                                              MD5

                                                                                                                              f0c27286e196d0cb18681b58dfda5b37

                                                                                                                              SHA1

                                                                                                                              9539ba7e5e8f9cc453327ca251fe59be35edc20b

                                                                                                                              SHA256

                                                                                                                              7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127

                                                                                                                              SHA512

                                                                                                                              336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              288B

                                                                                                                              MD5

                                                                                                                              477fa3ec042a57a524ad8478e0dc3142

                                                                                                                              SHA1

                                                                                                                              82a58a47e7ec458d8e94a81a7e03ef76e0b09eee

                                                                                                                              SHA256

                                                                                                                              c4299fe1be14c33553ab1d71cfaacbd2da9f2db375e16555163f36e516db65e1

                                                                                                                              SHA512

                                                                                                                              8720d60c5557036d46cc06000e42f3c2ccb0a42c5658833593bc8b72998b18300a88299084ba78a289ce4a15116c6a6dad0f77e1a147deb63cc1a688209ce4be

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              72B

                                                                                                                              MD5

                                                                                                                              91ff4c30cd81451025eb3c80fe055173

                                                                                                                              SHA1

                                                                                                                              03bb0e61b0886f7c7a0206a638b1c05976c6808f

                                                                                                                              SHA256

                                                                                                                              fab683bd7ea87b74706053ac68b873cf599f605e9f6f9b022329cc53fefc712c

                                                                                                                              SHA512

                                                                                                                              7422dc39cc1dbd1fe8f014e10e2b126dd7e68c3f9849690b4c6c229b96c3a1c3b224e0c5b0c63b8e0ece9f7bf930b08f48041dc91350dee4408ed2fe968c32df

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                                                              Filesize

                                                                                                                              20KB

                                                                                                                              MD5

                                                                                                                              8d60353b15751a280f0179d2560065a0

                                                                                                                              SHA1

                                                                                                                              7efa85d06ff70c896c86a38c720777b4d1fbef92

                                                                                                                              SHA256

                                                                                                                              cf82a688241799441cadd06595d6f58c724c77fbfcc7d4189cd4cef9e324b31c

                                                                                                                              SHA512

                                                                                                                              65efe8a15931d4ca548c68c53ee729b2b655fdaa0d6273a5ec585c3e89c00ef9000f372f8256b580b332cc246fa43bd5041313e7b62948ec13ba4eef2394e45d

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                              Filesize

                                                                                                                              319B

                                                                                                                              MD5

                                                                                                                              d96cfaaaf17a6bcf00d22c1646dd0faa

                                                                                                                              SHA1

                                                                                                                              b234df7fa67134ac8a1757b635d8c21586c67e20

                                                                                                                              SHA256

                                                                                                                              f4958d10d6db6e3bea07f4f3937e4adf038fb8b75b3783de1eb5b7dcd0146d4f

                                                                                                                              SHA512

                                                                                                                              47fdc0e393e267b35dcb68633f055a9c7f2e7a50f5e8b345a2f863aff2cb24f7db3d4be508b2ac4c30fc688a91e5584665afb9a9d30ed820ddf145ffb3233f3c

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                                              Filesize

                                                                                                                              20KB

                                                                                                                              MD5

                                                                                                                              d4f2803ec830cef019b1551860f427c6

                                                                                                                              SHA1

                                                                                                                              0bcf5ff57c92d4a669756d85325beb23187845bd

                                                                                                                              SHA256

                                                                                                                              46831ea8ff81421a7376c69eee0746331d0d86d6b103a8bc9e550218b85ba669

                                                                                                                              SHA512

                                                                                                                              8f20d75679fafb21a4ba8ad25cffeac2242d5194aa35c809745f3d3965d268ade3f359513d32e30ab9249fef6dad919d5166982d5d44d90f988f6e53e7e1325f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                              Filesize

                                                                                                                              124KB

                                                                                                                              MD5

                                                                                                                              9cbaf6db25d3319f4d64cf84d7c0dfec

                                                                                                                              SHA1

                                                                                                                              b4e9e05acb08d04594ef4f2bc9163e39f6c193b2

                                                                                                                              SHA256

                                                                                                                              453be421e16fbfe5c1753f595bf535f7828d0beac6c645aa352007ce044e31b1

                                                                                                                              SHA512

                                                                                                                              5b4cddd723725bfbd94637343123e6f23c02f696b435f7fe0a63010b6c5b1e11c2073a00a7ddcacb1311233bdeb4d231690d328df8b5c79196a6fc282ff94b1e

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              d9a42f7a246f213bcaa4933dd05e03ae

                                                                                                                              SHA1

                                                                                                                              837e5b62dc259464c29711cf684ed3a9c277eeed

                                                                                                                              SHA256

                                                                                                                              9acc2b5a7f64437f75d2277bb6eed09c7701196129c7c1c2b855024ca8f285fb

                                                                                                                              SHA512

                                                                                                                              b4d360d3c570fe3be70513c385d46a97c113220fd9baa44df00c518f82646c674f4c7963eff63b86c409001b0d16e1d9b1c4a3ffcdc4ee57c25f5adcd750f3bd

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                              Filesize

                                                                                                                              334B

                                                                                                                              MD5

                                                                                                                              1ac52375827e6c3c4be7779b25857284

                                                                                                                              SHA1

                                                                                                                              9ec8db6e2484e2c53d3e6c251624f9ed9657757e

                                                                                                                              SHA256

                                                                                                                              40a048aba6b1a7ea5339f7f50f15814a14187ac34edc6421e39731ae2b0c904e

                                                                                                                              SHA512

                                                                                                                              266ef93eab0ef252ce066da751104b3a030c3b183a369f0ab899a9f24da9af63d42576b625e8577923e356a29df17ce331ded07ec21519da3c01a834315ec298

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              978B

                                                                                                                              MD5

                                                                                                                              8b38a40e2790f7fd22948d82b40ecd3d

                                                                                                                              SHA1

                                                                                                                              099e488bf9f85fc07603d46bfe1b0923ff9c2166

                                                                                                                              SHA256

                                                                                                                              e6b50263d6a8d6c7214f8b8435f347ce7ad0379ba2c73a835673d07e485b6fa2

                                                                                                                              SHA512

                                                                                                                              211d94ee2f63c5f26a7bfaacf620599bc1551efd048ebe22b1f0c457649d166bd50a9326a2bf161704eba057debd2a5b01e216f58a4ba770833532228013699d

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              13dc5c3bfd46c36f79f08d9adc6c9f12

                                                                                                                              SHA1

                                                                                                                              6385bc9180434a21ca2b2e0780bac418e74c7ee7

                                                                                                                              SHA256

                                                                                                                              5396dac7738eb5e48ba5082c20d683c4c3ba1fc50ca4aa1501b06ac2f9f9fbde

                                                                                                                              SHA512

                                                                                                                              be368ed193dc865e95131c7f73d46be646a51571fad4f48811ec1b1a470a99040dfd856568804fd036311fea1acaebce864d728d015ecbdac88b66efe22688e8

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              5KB

                                                                                                                              MD5

                                                                                                                              e2fb108430ef4ea63696d3d97bd8cad0

                                                                                                                              SHA1

                                                                                                                              754c1eb04af4117922805218d6c4f1452c7f54fe

                                                                                                                              SHA256

                                                                                                                              758cfd14be88c94b397951ad49d3909204b81b4019bed00084066ead87fc1295

                                                                                                                              SHA512

                                                                                                                              38341a0c551c1e98967e3f4f8595a0451245f309aad18ca0275c514ee1fddf67b866580429024b4df61ab31ff3752469ef537a843c5ca0e11a1b048c9b57fc83

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              9930108bcbc0a7eea07aa442507a9a76

                                                                                                                              SHA1

                                                                                                                              ffce8ab64ad09d0e075ceb5d5bf366e3aa4928fb

                                                                                                                              SHA256

                                                                                                                              1b783c30557697b2949fdc6b6462a19ea6580da191a6e8620500852430bb5978

                                                                                                                              SHA512

                                                                                                                              b05f2c4d4178d8799b97d245fdc5a86346ead737a40deb2fb85dcc6a4c8b79adf3c4d3fc5bef1d711c55926548ffe145dd4d739d2ecf495d9c47c49fa3fc8b09

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              394632a93ff552b7a30d806419dff14c

                                                                                                                              SHA1

                                                                                                                              6ff6c40c1d4452bb2bb11594daad57c0ab795ce1

                                                                                                                              SHA256

                                                                                                                              cbe8faeb845a24532009f72a011643e9878fa043ecb53d3fc8744762f80087ef

                                                                                                                              SHA512

                                                                                                                              4f8a521f9b8045d4789c4a415a83292350cc0b82d8f21ee6975c90a90969a9590b9a1decd032e31538a7785c6a4367b77231fcea40857152fd35527f54f6f570

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              0df10157cbc2df791276b16093a71673

                                                                                                                              SHA1

                                                                                                                              ef1d7fe67e849eab353aecb964c7c4bbfbb6ba4a

                                                                                                                              SHA256

                                                                                                                              e3c4bd7461c10fd0c6db47b9776171bc753889f0e6fb092318613e9e7385b44a

                                                                                                                              SHA512

                                                                                                                              9b2a3d60cfda24fb7d41a6020053d6f66b234ee98edbd7bdce5b4944fc143b32da4c484393c580742401807dcae8c8839c59f3c4de256fa10883884298027b15

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              0c2f08929ebe9fb8d2ed720567946009

                                                                                                                              SHA1

                                                                                                                              18723b7dd3958ff6f16d56ab2284e61fa5b670ca

                                                                                                                              SHA256

                                                                                                                              a0a9152718c3d8eed1d2aad4f5c471fcbd713aa591abc5c47cc1913749de6354

                                                                                                                              SHA512

                                                                                                                              42c42428c31783c49f63586c16fc5e69eb19194730ba90442dca650e03587cff63f51b77bd19a35278d2a3911007794a88c9702d5e988c0065a39419a46c45ed

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              4e5f07e8113c4b56efac5fbfaedbab9d

                                                                                                                              SHA1

                                                                                                                              0b9f8a671f34f9fc69a81a55c64c6d3693e4ae95

                                                                                                                              SHA256

                                                                                                                              1b5658fe3b68523dd2655624fc94929a285db80256258d6200477b7de3af9a5a

                                                                                                                              SHA512

                                                                                                                              0ad675157b3f866fe40ca00b2c36c5633b917fca5f3e60061a6a0ef6f7ca817d940ed8bf9b1a20b35a70a3a3473c7382a973ea3445e8ac37c1368dc3541e2a93

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              3442a6d546a09cc6e6131b943bcbe9cc

                                                                                                                              SHA1

                                                                                                                              020cab711b8b58acf06fa3b088b035a73024fbee

                                                                                                                              SHA256

                                                                                                                              ade58352025166f559ab07ab5a911f0cb64168150f6732b0c10a066647c661bf

                                                                                                                              SHA512

                                                                                                                              2fb764d4d09373ee2b73fbb519fffedf958f411e9f01d20cbbd3f2a2dd5dda7c991307ee75b25f5956d71d14e136c509e7010539e022e5772df1ae90d5172d4e

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              f4b0a62cab4f9ee2ac52d4b52495c2e8

                                                                                                                              SHA1

                                                                                                                              56ba6a84ceeadcc01f7e2132ef993f9a47229ae7

                                                                                                                              SHA256

                                                                                                                              f5896d710d27a8d9192714a818403d035ac2fe7b9712e439dd3ad34fdc82110e

                                                                                                                              SHA512

                                                                                                                              411a8222715b4170944d1803b42d7866050a709240f977c5614d60db3f260c1356eb5fc0b84c96a9559fa11900d3c391497d8fd0342742359431e4f8503e8e04

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                              Filesize

                                                                                                                              137B

                                                                                                                              MD5

                                                                                                                              a62d3a19ae8455b16223d3ead5300936

                                                                                                                              SHA1

                                                                                                                              c0c3083c7f5f7a6b41f440244a8226f96b300343

                                                                                                                              SHA256

                                                                                                                              c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

                                                                                                                              SHA512

                                                                                                                              f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                              Filesize

                                                                                                                              322B

                                                                                                                              MD5

                                                                                                                              644fafb35db62611265a8a98e34a59b1

                                                                                                                              SHA1

                                                                                                                              c80daab54cbf7a724bd8f1accf69c6a6d9faa430

                                                                                                                              SHA256

                                                                                                                              58559aede8282b306fd502a49982764b4a978fba5edb53e89db4e7b45cac3790

                                                                                                                              SHA512

                                                                                                                              3210d4668a5e09305d987a842eb9856b51826de61ba41983deb213561a71090d04ef92553a8742a45bb45fd4da8e7da26886a8deac3e0f595d0d963d8334d3a4

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362592830209251

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              e39d88feffa8476bca479e9ae6669320

                                                                                                                              SHA1

                                                                                                                              9a30997bf9503517968f37f1a744b10a21d19bfd

                                                                                                                              SHA256

                                                                                                                              c02557b4a3ff2318a26b109818e799d50833ed2689d2da9ca4062fe5fc4687be

                                                                                                                              SHA512

                                                                                                                              763c9a15afc54223e64f7709f99ee8fe6ab3c2da18eb0a4d3dcc9bd202c0484b1093f086c419a66e9a854a498aeade58fffebcfecba2d308a307b80ecd927b5b

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                              Filesize

                                                                                                                              112B

                                                                                                                              MD5

                                                                                                                              463b3d3a5f9fd62e51a54f9550e2803a

                                                                                                                              SHA1

                                                                                                                              b6d83034236dd387bc8304423c235cae07e51a5e

                                                                                                                              SHA256

                                                                                                                              5b31ee327ff362a7566d87cee0c367b8e6518e35a365f365f91af49080b359fb

                                                                                                                              SHA512

                                                                                                                              560da898be1ccc8c78c243b846fc82b1f3e10e6b301f056c5a80effd29ae2d5c52309195fbd544f74adf00ec6e4c9bb7b92894a1c812a8a152e2bf0a6845787b

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                              Filesize

                                                                                                                              350B

                                                                                                                              MD5

                                                                                                                              846c497fa91af12d9b6d5605f74400b4

                                                                                                                              SHA1

                                                                                                                              10b2cb640118199304a7a44d44560ee4e5676cd2

                                                                                                                              SHA256

                                                                                                                              50b71731e1307e9e9d08fb61ea0b67a760ec949e9156341f364e3ff68094fed5

                                                                                                                              SHA512

                                                                                                                              0770acc1149d2aaad8444ea8cf2333190e2faf8725cd816259911130542c2e3b6f5c78571e0ca5897d2435f655f782a47d22bb06fe02ab4989024db3249e582f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                              Filesize

                                                                                                                              323B

                                                                                                                              MD5

                                                                                                                              ed9e622a2fd31dc272d7049e85a14f4f

                                                                                                                              SHA1

                                                                                                                              6671205001e0a9a48586820677b6001cebea8eac

                                                                                                                              SHA256

                                                                                                                              cee7a61c40c9ccf10e271e596e5754399f5acdb7c71af4a1897d42a27e74852a

                                                                                                                              SHA512

                                                                                                                              89b8d884bb5d9c58a491bf36459524a96c5927a2e0b4dc30b12302cd0e598c9e4bda9db0e13a11889d63ba6b060e6906e1f9ce7fc6b6af61c022dba7652479e0

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              204B

                                                                                                                              MD5

                                                                                                                              568b2171387dfb48927a5a58fb4646a1

                                                                                                                              SHA1

                                                                                                                              918e2454889c3920f65e8aa45e7bb6a4aae04b6c

                                                                                                                              SHA256

                                                                                                                              3a8fc02a2fa902a98ccbaa30265bd02ba8b411edc65b23809eb1258908e5cd72

                                                                                                                              SHA512

                                                                                                                              34b1653d5c795815dbf2dc4bfe359cbf844a2ace5b9c266665e07397a55851b8f7937c8d3ee6186168ff4a200d4626b393ca1118c2782f6c2d3ab519a3f3adaf

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              MD5

                                                                                                                              85f0ff12311b91273dc6ac92e78999e8

                                                                                                                              SHA1

                                                                                                                              c4f4fb7a4ecadba41696d759d5b6bfa36f600ccb

                                                                                                                              SHA256

                                                                                                                              d4b7fc3e56cd095eecf84788415dfd588755a27992dc1d9d90842a158ae358f4

                                                                                                                              SHA512

                                                                                                                              b6704933fbe71b030b57830f07b2a224231d301f727f6553ef7e475fc11f74d1ef92cc433ea38d5281467dfd9bbf70c831991128f197ea5e51be52823fd61540

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c8e6d531-cb70-4c08-9a49-f17fb24f9dce.tmp

                                                                                                                              Filesize

                                                                                                                              204B

                                                                                                                              MD5

                                                                                                                              f86f5e57a28d2243fbeef7db39f26fa2

                                                                                                                              SHA1

                                                                                                                              94dd5e382c57a19547beec6b9e6cc9d46b1d72fc

                                                                                                                              SHA256

                                                                                                                              6162ebc234eade60a2e0b9ee9a049cb8ae5c7118fd15e5ad80f9f0a9cbaca2be

                                                                                                                              SHA512

                                                                                                                              eb5abdb464a33617601f1308fc8491cb41a617621a1c3343f69f3201a43ab13b258aa60cd4c6be113878ae532b22c2377f28375be6280968d4bdc0ce33f708e7

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                              Filesize

                                                                                                                              16B

                                                                                                                              MD5

                                                                                                                              46295cac801e5d4857d09837238a6394

                                                                                                                              SHA1

                                                                                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                              SHA256

                                                                                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                              SHA512

                                                                                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                              Filesize

                                                                                                                              16B

                                                                                                                              MD5

                                                                                                                              6752a1d65b201c13b62ea44016eb221f

                                                                                                                              SHA1

                                                                                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                              SHA256

                                                                                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                              SHA512

                                                                                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                              Filesize

                                                                                                                              16B

                                                                                                                              MD5

                                                                                                                              206702161f94c5cd39fadd03f4014d98

                                                                                                                              SHA1

                                                                                                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                              SHA256

                                                                                                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                              SHA512

                                                                                                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                              Filesize

                                                                                                                              44KB

                                                                                                                              MD5

                                                                                                                              dfc39cc17c2de474c028e4a5675fa749

                                                                                                                              SHA1

                                                                                                                              f433750cfc6d33bb239d126677e895e25e18b2cd

                                                                                                                              SHA256

                                                                                                                              753555b484c2ed9c5280a1d451a4fb8926acbaa544b329ac92acf51413899af4

                                                                                                                              SHA512

                                                                                                                              f13bee7ab17e35b297dc1380599b9833c62d52ea0e45704ff6688707a27d53a0cb34facfe4677c37cff91812b54151ef546bee5955c181febc9048c82f5ad52f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                              Filesize

                                                                                                                              156B

                                                                                                                              MD5

                                                                                                                              90f5281a5670d2f965e7257b32b8fd2f

                                                                                                                              SHA1

                                                                                                                              37d6dd20cadbf37259391179972db88f41cecf8d

                                                                                                                              SHA256

                                                                                                                              2ba3ac3ccebff08aa8bc96f2ed9084f11da8810b6f97f9333c2d81b77e8468a9

                                                                                                                              SHA512

                                                                                                                              3254915ec75a5479a42f013a7842fd0859893d0d93b2941272eecd85375836343c1e3c640c1c1cd5e56f653e01e624280f12965d55e845fb9627f451dea83b4f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                              Filesize

                                                                                                                              319B

                                                                                                                              MD5

                                                                                                                              9e6d10ef744b3ef386ac86ede17060f8

                                                                                                                              SHA1

                                                                                                                              7327c8e542da78d67f156151cb73eb541cd61499

                                                                                                                              SHA256

                                                                                                                              558888c2575d9bd5d5b4e054bc889aed0dc2edae178622df37ad1a1b5b75c3b4

                                                                                                                              SHA512

                                                                                                                              3550c5d7a797090fcd832b83e1575f9cd1665a2847d3df0b42b78c88b509ae2c90bef10a626dec319a6aca777d4cc41a1041e8b8dbc4bdeb4910a0f709c95678

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                              Filesize

                                                                                                                              594B

                                                                                                                              MD5

                                                                                                                              3c918f818260a3d33d5dda95f6c154aa

                                                                                                                              SHA1

                                                                                                                              e4807ed5b6f2d94a956c4ca67c4038aee1a19a94

                                                                                                                              SHA256

                                                                                                                              a4a1a453c4b0adb69203c324e7a23349f3df6d4eecdcfd7ac24e871521c90e37

                                                                                                                              SHA512

                                                                                                                              f9862c1ca2952b992e5fa161b78c0a1c7327128d37e26647087ed4ea51cf3a4c90eea7da31d12d5cb39cc9e1c473fe1bf29a0e77b8b1276d6c0b2e16d84bdbb0

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                              Filesize

                                                                                                                              337B

                                                                                                                              MD5

                                                                                                                              dd1867b2dcc692712acce922fc6d5b70

                                                                                                                              SHA1

                                                                                                                              118a6db4b06b0a60b07aaf19f8efc7b76dcf9991

                                                                                                                              SHA256

                                                                                                                              df69f06f6c3e4e631535f21a0e11e97750f78dc4bbfbf878121cfe1ca2380685

                                                                                                                              SHA512

                                                                                                                              a2b5aa9c0d1df8dae55730644631694ae89fe35e69b757e34f3e0a8a19aa0f53936a6329c31917c415a5955a7793e8c72488bc1e706e3c1f192b5961acff7255

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                              Filesize

                                                                                                                              11B

                                                                                                                              MD5

                                                                                                                              838a7b32aefb618130392bc7d006aa2e

                                                                                                                              SHA1

                                                                                                                              5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                                                              SHA256

                                                                                                                              ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                                                              SHA512

                                                                                                                              9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              10KB

                                                                                                                              MD5

                                                                                                                              4b6a5160abc45b47023a5fa8dd4feda9

                                                                                                                              SHA1

                                                                                                                              d874eeb82cface81ab31ed0e50cf9c9521055b2f

                                                                                                                              SHA256

                                                                                                                              d68bc746591973f28a100a112d5fc65feb7268e926f6d17a2be6eea88725ffac

                                                                                                                              SHA512

                                                                                                                              f4dcb15f7fa6df5397a1dcf244465a108aa396172cfa95b3cff57c1a910bb87eebf1276ba47e72243ff6883ea83da2ac450efda0867279b602d8928ed783613d

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              10KB

                                                                                                                              MD5

                                                                                                                              e50f49d3d68c6a7b96fa56166051bc9c

                                                                                                                              SHA1

                                                                                                                              7826ea1bdb4a46a7b9464b8c3af6a0e2169faaa1

                                                                                                                              SHA256

                                                                                                                              c9001539b57babddb6d55c84cbbcf538557336eefe3ef90c5d9e823a35c08e56

                                                                                                                              SHA512

                                                                                                                              91dd039b4a893658deed7985e53638b35b30828d7c2eb8e544abee48c2a8c443d038547092720da93286a3c8718d92ec66d1570d9659e93503e12693cee7f78f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              11KB

                                                                                                                              MD5

                                                                                                                              2ae91db0f08130a7a5c3eee8ed55ca21

                                                                                                                              SHA1

                                                                                                                              33675bf0031203a02ea7712064596281967ebe12

                                                                                                                              SHA256

                                                                                                                              4dc57b7dea2695e9c4bb207ff055cfe76e7d9b587f389e44305980b9b43b144d

                                                                                                                              SHA512

                                                                                                                              80b4b18823f17d8b6e5d12e50e6f24d6ca1687d91dbc23458a64c0b7e12b09e7353e3748078179436ad306c934a64ceb029ae376dec055b1e261f575047ef18a

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                                                                                              Filesize

                                                                                                                              264KB

                                                                                                                              MD5

                                                                                                                              f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                              SHA1

                                                                                                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                              SHA256

                                                                                                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                              SHA512

                                                                                                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe

                                                                                                                              Filesize

                                                                                                                              16KB

                                                                                                                              MD5

                                                                                                                              1d5ad9c8d3fee874d0feb8bfac220a11

                                                                                                                              SHA1

                                                                                                                              ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                                                                                              SHA256

                                                                                                                              3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                                                                                              SHA512

                                                                                                                              c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                                                                                            • C:\note.txt

                                                                                                                              Filesize

                                                                                                                              218B

                                                                                                                              MD5

                                                                                                                              afa6955439b8d516721231029fb9ca1b

                                                                                                                              SHA1

                                                                                                                              087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                                                                                              SHA256

                                                                                                                              8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                                                                                              SHA512

                                                                                                                              5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                                                                                            • \??\pipe\crashpad_1972_GDEKJVGWQNJFLMQB

                                                                                                                              MD5

                                                                                                                              d41d8cd98f00b204e9800998ecf8427e

                                                                                                                              SHA1

                                                                                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                              SHA256

                                                                                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                              SHA512

                                                                                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e