crimsonrat | hxxp://wearedevs[.]net

Analysis

max time kernel
170s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wearedevs.net

Score

10^/10

crimsonrat discovery execution rat

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000700000000073d-1696.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	CrimsonRAT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	CrimsonRAT.exe

Executes dropped EXE 9 IoCs

pid	Process
4324	Memz Clean.exe
5032	Memz Clean.exe
4576	Memz Clean.exe
3908	Memz Clean.exe
5336	CrimsonRAT.exe
5448	CrimsonRAT.exe
4896	dlrarhsiva.exe
5288	CrimsonRAT.exe
5568	dlrarhsiva.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
144	raw.githubusercontent.com
145	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 523980.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 295771.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 809927.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
1480	msedge.exe
1480	msedge.exe
4656	identity_helper.exe
4656	identity_helper.exe
4472	msedge.exe
4472	msedge.exe
1796	msedge.exe
1796	msedge.exe
3504	identity_helper.exe
3504	identity_helper.exe
1680	msedge.exe
1680	msedge.exe
1956	msedge.exe
1956	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2232	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3908	Memz Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 3644	1480	msedge.exe	82
PID 1480 wrote to memory of 3644	1480	msedge.exe	82
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 2536	1480	msedge.exe	83
PID 1480 wrote to memory of 3212	1480	msedge.exe	84
PID 1480 wrote to memory of 3212	1480	msedge.exe	84
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85
PID 1480 wrote to memory of 3752	1480	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://wearedevs.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Users\Admin\Downloads\Memz Clean.exe
  "C:\Users\Admin\Downloads\Memz Clean.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4324
- C:\Users\Admin\Downloads\Memz Clean.exe
  "C:\Users\Admin\Downloads\Memz Clean.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
  2⤵
  PID:2236
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:4024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
  2⤵
  PID:2020
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
  2⤵
  PID:5760
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:5180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
  2⤵
  PID:5856
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:2656
- C:\Users\Admin\Downloads\Memz Clean.exe
  "C:\Users\Admin\Downloads\Memz Clean.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4576
- C:\Users\Admin\Downloads\Memz Clean.exe
  "C:\Users\Admin\Downloads\Memz Clean.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5336
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:4896
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5288
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2232

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bac895ef8f739f9bdc7086ca3436069a

SHA1
1d98efb51f620797ed51867a5d24689f16786f8c

SHA256
df7a25f79d99fdd9058741acd3a1c1f520e9cde9e5bb0a26aaa5f845e4f9a710

SHA512
22ee86acb8fd212e59c66ed5ece63245feddfd696ecc1355581cb3594e33a2edee08649f209d888db17f94439c658da851904d49409fd90496aa7e901135902d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
ca5d22dab28181a9311f35f0cd6c34c5

SHA1
1dc9aecd81b5f220866c79751d671ecb183ede60

SHA256
8273e348759023f3e9df581caa9e7734c84c37a5ac2e95b0f5d9b9d65ccaca65

SHA512
409ce830cb576f3871bd0b7fade666923f33484bcbaf70942816212c81490ca5994db992d8c87fbf7d0a84e45a8b0111c5d08a89e168c8f415f34cda5f58ec42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f8dccdf3e674734ae1348090a6600a49

SHA1
8c132338991f85ddc174d6cab3b646380adc20d5

SHA256
ccaf90b817174f7276b932dd6bca56622ba491417881ff23fc2ef611a6eb2486

SHA512
c1be9c85a840f2779834cd6a503666ed7927182ab3bf6bcddd791805c0299bb74833417dc8fa5735c248542d9740733b8d81ab4f8f2e4195ecb38793f26aab71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
79ec46bcb4513ace172d064497bcbc9e

SHA1
ce23d0541e768c5e832edfb5780a6f270afe3ddc

SHA256
c9a52c5d339fd8916345812028a2e8afb2fe1306ed691d025ca4b18efe1425a8

SHA512
4d570a84305c1a8d2c0021ca91a6decc9c6d38953dd17d657326a898467a0605b0b94ac3fe51aeb56dc497e5f1daa583beb4819c14e9efd7392a645292d44d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
9ea6317695a411987c87416e61d4626e

SHA1
b6d32bd4dcfbb3f35864087e93e47d2b5b7dd2b5

SHA256
0f90f345d9a21a882a7ffd2ccebea8d19ebf659e06e260ec89a57b591b8b205f

SHA512
475a75a734988612b39139e944a557ca3324191e8de9ed60dafcc9556caaf99ae00052c8283e9f74d8b7c076986ebd28aa0382d3757fa434530690197918c324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
17KB

MD5
18a9531f05f4a3662558d102349767b1

SHA1
328114b78180b5931d651669bf0b21d3a5cf8adc

SHA256
2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716

SHA512
b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
3b75ce3d958a76844f8fccba4ab30835

SHA1
576f7608819bd309c92070e5120df12a977e6acb

SHA256
528c6236b44aa2d293deb67e2fdc6ee44c388cdc42d45d1aad43cc1814cbbdd9

SHA512
fb0c37ba963a069aed2074b5284fabac222db0d67614abf1d5c3c21f3bb1a1df3c6ebcd78ff485fdeea20f960db4bfc6dc94f4beed6baa59b5bf35e243abd223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
eb2ed7306280a26e525cc3c2711dc1f2

SHA1
43fdc224df8c5f080e1b617d51f088b1c82b991f

SHA256
cba45b78529d83789ecbb39f664ba88623a92a00c19190f945df2c3ef982decb

SHA512
0902eb058069293c60d907692cbc4b3cf07a9da3d11a3a212868a6a178471b7e6e2555c159ea06d70d55cb604c83b8d7228fe5056bd6d669b8f12fd364053e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
801abcc55188b4333a9b4648f4de0ee8

SHA1
26ef769b152ca3fc436766e1efe60f0cc84c17cf

SHA256
e449f24c51c1565edaa25f510d78c19804a1bd0fcbc1e33749a931fb5cfd5d0f

SHA512
2f955f62c31ed82d38ddcc9ef3c1a7b3ecd7ea91ca5581700d4594ceff15703a6c5e5a3e883d03ecd09ceb50e2cf0ac17d3ace464a0d915d7c2742de6ec72a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
30f70abd3771b22372a08ab2658837f6

SHA1
24dcdef7633e97b8f1ae0b87b345e72f446d5733

SHA256
92e1ab7525f595cb04bec75c2e1ebf887fe0bcb26c2b5ff5f33d012c2cbbca32

SHA512
b5abb3be770aebf0555d884d0aa1c20677c1032a302a01c3add428fc4bdfdac9ff23a42d7873d20f9351727395e50b017c64a26e25fb002caa35720351844c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7ed847533e9a6dbb89e860b4e25a4cc8

SHA1
29f85e5c7c579392d8e8b583f6642f02f7492636

SHA256
1e1748b44f9dac64429b9ba25e6221df34fb6f0c8ce8274d3338b1c94619d763

SHA512
9c404b5edc7c6fdecb08c17733e8304f5231736ab165366c3a57eb9d8043583a3578e0a3e483121772db1fec55c4067a135d0527aa38d37ab6679becfec9ef22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
5c0ce2597029d8f34b7f344af1f20646

SHA1
c8521aff61bc786937e4b34f7cd5b3c5131ffc46

SHA256
12a2583e66319612c513a35b8375782e11bb955e497745d244195eab450c288c

SHA512
5802e77bcf31f0e68fb1bdd9728c4f3c338a25991ec932fcaa0acd2847a6d0c61b9288589505c06acc1f013905604167aa091bde5f6e676a8df29174e5051f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2c3bf1274d54dd4aab16f8bee7b3fa54

SHA1
325a74cd623fa3b3cf40027ae0c6c0051ce0e046

SHA256
2bc60f7de5fc71fee707904c9cdc98c749f2cbc6460a10a41da0402beed45adf

SHA512
b08fdb07a5132764731ede0a0344b6a633206eaf40c40e3b3f44a4ce3560ce1c904bead16da4a81041352d4bcc7077c7db6520dd1f79b9022e9be5f1345f34d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
854B

MD5
c4f8806cd1753235ad444e7f540f00e0

SHA1
e7d611b292c34f829265de214d788164c123ba0f

SHA256
9d2060c4fd47954117f3024020ad152dbd0a2c911ad0eb3faf272680ad7da0b5

SHA512
4635a388f391b872b558ae3d973074bf95ad9bd1293edc3d13ded7cb7d920eda4245b7237d69b7dd60eb7a365298ea1f01f1ec048d2f5ee916df8c2a2f193562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
ab8ce102e0f590728bc26d9ddb499ca1

SHA1
4de1f9d5deedbbd1bc1bf9a7af23d287f409d858

SHA256
65718eb82728a5dadc22c60581cab64cd9d409c447abb276fc9f9d0478e799dc

SHA512
37c4a21a16fd02d2263a628b3d438163fa495adf03816d8e865574893e0555ed4b775d68fa100fafee966d8702185409d34800f24640b3940a40940f25a38aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
3291b678335bb3384d10f8af283efb42

SHA1
581a537a63c4e0bde8ea3602668cca494c186cba

SHA256
012c70a60541918713caea10c75f68674e9cacde6f993c94c6d379d4a994d36e

SHA512
65a8490f9b524ec5d274ede4af2725ec0946788a8189ff44b16ed5c11815231b83f1a62e3c3bc73d06771a0e9fbdc6441972861d4b124623507b822b7dc75658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d0a5760a93f1dd0f0f59d779d0f5d4d5

SHA1
49b736ad05681e498110eb3cd618402afc48b2c0

SHA256
fb983ebf1b3f3a82581e107da466d21320f272fb08f78e1003362e95d7322833

SHA512
24621b228c87e6511022e6d4a7c943572fad88d13b6e545e73a7bc3d3287347b208b4a9f176b61de09960513628a6b42e3c7e0e2a7f26c2fcdbaf961862affa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
adf3dd730f8ceb88a616e908244c4f99

SHA1
d1b6c354fdadf1e8d14a57332eddb2d6f5617cfa

SHA256
88244456b4ddd6d402ba1e34111efad57075fd8761bc13cb1deb81110140baea

SHA512
3a1e8ea2daa74cc46e9fc6ffab84bf1708f8b89111ebb0f32141eff72603feef6f4de5c39be348b1cf29af06cc42bc8614c8ed6c492b1bf5a1a1b6d4f5e5decc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a52ab73037227fc6bd75385a1cd432be

SHA1
7acfa02863285ad3a9925774fddae934dda9a2e2

SHA256
3f551e69b4ba73136abf628bd44a29dace9add624e05b9867e97f0343ffbe97a

SHA512
b19c251bc9129cf91657c785706b736964c96dce403deba942c464e1a5ca56e4d7ade554ae0dc37439fa336c4662e1ed63dea2f086804cd4150b6585aa81bf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8696c686510de5f015577c47e1edefce

SHA1
a7ec865abb2ba0b3a2b45c6c39cc392dd63108da

SHA256
6987a4ae1cde8fa1df3bc2f0229bf1dc6bb8beac7e05f48d9792e72de1b39868

SHA512
c333807648e3bd1f2ec9fbb59972723331c8d3e394338ef82b3f7f516b3ea9dab27f8f34dd9dca84b91915f9af7ca9e40e113cdd615ed372490e25b417300f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d027cbe24be31435d0169f35a3787367

SHA1
2b4e041e703c61cdea6baf10283bd440e9a929e3

SHA256
c9b8cf8a67d301c3860f71ee897e5186ff3fe878c338d11fea3a6cff0e62110f

SHA512
d61764bea872b74cb7324ce50478d736cfb34adaf21b1e88cedfdd777454d06d93a7675eec1ec9d9df2bc77d97e92b2afe94cb4ff57b5e316553289b801e9c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2138cd20e5adf08e2bc65e2e94528311

SHA1
5d1205c74868021a1618d1175c4d6b6a4bb10c1a

SHA256
70feaf9458cbf78a08ae9829d29d50cceec841298a26ebfccb189617bf3a0ef9

SHA512
e9d912e1db761d74f4ede3457d2862e83eb346ff68509e6c65e0055b81a42269015cc6fcb3c66d582db612d9c69e8fd0c22d54f8d6509f036346163a3f5b41ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d9255c6edfefd0a442cb13f82fe3f74

SHA1
f95f3dee0dd15e03bbecc58dacd1b37d4a1b938e

SHA256
c67899236115f2766a12c6bfd438d63909b4819376b340f0bce9af1f1bf5adc4

SHA512
00e6c4431b7545f4cee8c13bdfe13fef730035f5747b0eb7397eb723597fce0bb87ce222128066c538078627017d82ac607e57596a2eb37562f1b509357f0048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e4f7a072500a8e6a29bb986b80c3d2fa

SHA1
777ba798081a3f20cef0f6ae7e64e0239dd28aa7

SHA256
9282cd6b3776ca550fb784df54289db229ed0edd02fa360aa257fb06f64b74db

SHA512
74315374db4b2f00db1176510e34e567afb0cd9aa5023fd5dfaf3cf25a741062887909c131edd54b143bca3ffc6fbf2a0c15c4bde901f787c9e7f2e312d598be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a89919d344d4ec5d641db652ddc18804

SHA1
a3306a8036e2c18c7c240fc8e3ed3956f74d7f9b

SHA256
cc9964201d1319e47a5d53b18088de3c19cf2916a35b287fabbe818707e8c7db

SHA512
f888a14d1f63a3aa860ab23308df7136af0db4503df04c5229f7ab2741e38c61e05d04d47e21a877bafd59cb0995481934f18088c8790971782f1bf448376694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
947c8e0e4db7b24e23364ce35287539e

SHA1
7e101c06d1daa0f5454495adfcb094c287728733

SHA256
10958e3f1428f63b9309eb25a6a924081333297e7cb645b801dd45859ff1681f

SHA512
db3fc77159f8dca9bd8740f0089871509c21f224dd22906eceea60e6d6dc36169eb3f2e1fc5d6258aa40003be81ae5f3482d331025702afa718c6ed7a0a652e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
0df32312f8d923ec844256d1f66c4736

SHA1
c2293a422aba6c1d7ef1e45d047cb96bf4317e84

SHA256
4ba90682d72b15f2aab3eb0fc097d4f527766418dd3133372eb6a0f61b253eb6

SHA512
82a226ade43db8d9b0d3a74490aad314a54703647709f0b728424c430fc496ac092091acf9cf821f7a5853a56ab155392c6388aca62c48d4204b2c2461b7d430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378626743096068

Filesize
3KB

MD5
108363ad8236aaf9b0170fb5c7ddf56c

SHA1
7dfb7ec1ca09d7ace3df4751642cd86091f23cbd

SHA256
7583982fe1a26b03fa25c4d6d2eadbc708914dca9103482d3605afad865e3588

SHA512
22d05efd14140ecffc33228445201dc3ade459b6f03376ba116f3c932ac9a4d15f999acc61a85736eb313694f2e65c74cbf63759738fcdb702b9619b0dcd59d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378626743342068

Filesize
4KB

MD5
53c2de043be62799b4428a27f7e82cbe

SHA1
d70bc7b545feafae4e9171e1339b830844163c61

SHA256
1b97b5d0d35635748d8b23623b367425ef47d4cde145d54568683cec8148d91b

SHA512
187b9dcb9861d4e1aa8b33d255095fd2d200565375bae26f789377b67a3d229c53e3b647e71851bc863d42131bcbe6099bf30244bad3c14e2ded95278567c64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
447d2aedc87c77a2cb9bf093d0780296

SHA1
dd245d053d8c2e116c13b6c12148e4bc166d51ff

SHA256
714ed4fba3904dd3fcc7e180d916454aaf34b9030c381a0378466ce4a30c1dae

SHA512
30286d95c43d8b55ca515270a50b01c1c0dff4d13e484006ea08d03f24e808baeb49dc010483d9a83a06e595605cebef45020ee77747ad1b976c1f02d66a8105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
22c6ec633f83f8dac613b5f8db989add

SHA1
fea6af1ffd62c4bd5ae86409fb17ea09ae5a0648

SHA256
05072742117aa745054baae9a887d8a20d25a787eab0349877687c1b0bcc5350

SHA512
cc85aee7889afa6868d64bde15753d3fd80eb007a377fb96e3306e5be5860accfc591b749304158175a40fd3ba4012ed6573cfddb3a0004df0d614d504d015b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
f0fc948c76e493e169d259aeaa544b0b

SHA1
4317fba382de6d8db193e122f1ccb5a479d9ad27

SHA256
7e7aba78fc3087d9f43b4a39090258487aba2d0689702ec0ef90af157adc056e

SHA512
e5263a54c33dccc4eaa9afcaf4827d0a1388125d35cdeb1ad5381117c96ca02084bd29d89601f2302852ae8af267eede2df22eb12ea7381285887d7cc043eb05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8985196cfcec22a7b00cd2e4e894359

SHA1
71893d581d9a6d305b674e0aedf14db9e95ab9fa

SHA256
12bce74234581a2ae85e3a04b02a5f7e185884e66842358a536e1cfc7122dae4

SHA512
41e0e465e34efbe33c9606276c09ab46fc232adda8ce61b9d7549d8b8c609b1c9a219a49c803ae15755bebe1e759eb3cef34775cdec76df2f602ac665345e84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f7bbb9b8ae5ad948a872d6453a52893d

SHA1
cb4499537c5a22c46231fd8f25dcccd62b9fc9e5

SHA256
dbc5bde286d55faf3c1e55c298216e46ea1cc7a3917b9bbf5dfc6679f5b58690

SHA512
6f7717a6424aa55dcd108c7f7e69432ea69617ee1708c5191eda44824c6763abace15334e741a4e18d759775aeeb9ea0138c5d2ea2eb8dab8e848062b62013d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb8f2982a2ff9d2cb88fd58f6b8a8f6e

SHA1
5f346841314fbeb321cdf2c9e8e83e8e055deeed

SHA256
f6580046397a42178e35e9c4eff8e9868234b643b0b1513dd170cc8d4c298ea0

SHA512
f2d65fbf012ec26cf5ff4250cd8db0f9cd4c1369d8f3b811856e90c59380d29719551e5026a26b2b51d5cf69be88987bf15516e7e6fe53cfe05b322f5401005a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f07a4aebc88306aba07b2125cda4cf52

SHA1
a8d1c563e9d8f7b4353621cb189b2634c800a736

SHA256
d91b3212cee39d963e8a2b24182c041e0cc070a5fce90f1e122820c54fb4eac6

SHA512
2fd5e74ee8fa0f0b61754c87542363515ddba224730ced918d69838402ee75b9d254108151a9b056a9122cffa4bb759da39fd48d327fdedc86b5e8629520dc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d0299a2d061508dee0aed2087014a583

SHA1
60830c139b1d36103ec8b4048c128c4d0bb3c73c

SHA256
23d834ae30b79e40c9cb1ded9040ac45509e40ddf04768f0faed7f6d0ddd4d46

SHA512
af53863a9150d114be521117afd6442fb5cdaa8398e7462614164ac2817ebac3bedd03b39fd8fcf13bfc07f15254eb1f26b8e93c675834b22c1ef35fcf6f8e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
442f75993b5cbd270c2d7fa18c108f62

SHA1
a8079fd675216c394873b8b8ec8e21faec3b32fb

SHA256
af4e5e002a98a48131a443be2617fe6c6812cc3a73bab6523dcfd4ebd0baa9de

SHA512
c3fc395b4bea22d0ce1b4f02d0ed723ad683cffeedbb773dee6fcd319da733eeca936546c2e9a02a233ca3ff336f78e191e9f497d9a9fb10d27aa271bb5cc4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
483898f23e7d0c775d0351b3d178d2b3

SHA1
f1e5e77c5789fbd3e6883e2c278daa21c816774f

SHA256
ec605fff44ae9131a89c6d0f8672ec18468de69df169a1ed039cbfc180706551

SHA512
815b575e1e94b2145cc5bc422a9e04c91527f270af9ef7e789777bfa3e65c0c71d4e506a20c287e8d4be3130b6723c314eacb6c156e8f9718ad5a9af8b44f45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7a28ff2616910166bff24cabd064a819

SHA1
f20340ab4ee40725c0d15fe023a81466ef5a70ac

SHA256
c04aaca3aaff27796af9ecf727130a25cfd9b4f063bc7d577fba1c3807ede5ab

SHA512
2453b421c8288af0b62972a1408518c5d36f003522d8b7916baa85aaca92ddf8096f108e7edde918d4fa482310e034a99bab7c7e4dba97786d813a0a3b22b1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6003e6559c9adb8e2afced344f6a4627

SHA1
22e3ff1cfddd51693c1efdff91ec415258710cdc

SHA256
129402cb163ac3a39d0db15d7529ebe918defbf0df5b14ce39bf9d713860f0ce

SHA512
bbd63a441b27621c2b11644200f5b2fe495a0d8ad9d4b920e1bc3958877de4c848945ee67bda634c1bcd9e5761a5f1c1bb466e3fe3c3bb185edeff9e4414c6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
4966cd97f0f818cf8d4051dbef9cead7

SHA1
686150fb346d5e77af73f4952e5b6556854d1898

SHA256
6d10a01202ecd3a74b623d7dc71a427f9d458803d031db5b0c52d9bbdba6a0e6

SHA512
c0bffff920db6668edb8474c48ff74eeee5b9afcae6466587973691b00dce4455d38d630c46e1424e815d90bea7da70503c0cc3a009bb391554ee9d12fd30f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
aef2484b662c9af766d8aecbef5f483c

SHA1
190f0a82fdea6da1dcb45b9ff44559b755d64c43

SHA256
2246b3ab57f55f307bc2ebc6ccd25dc49559ebb2cbeffc1bf23b37b14fa925ba

SHA512
ece5ab79399a3349c6a2b38ae6a38962f4b0871cacd66ff8c74349bac0b557610a9f48fac95849c048036574812fc700b0b5ab9548cfe341aa4bc0505854d9ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
482KB

MD5
ce259c9c9fa193a664bc44d2dc1975c0

SHA1
4bccb42f523678cf36b7b94854c919d48ef1f817

SHA256
9eb8f99edba24d558db0f6fcacc61aab3154efdc689d961fd30844c6c42e3523

SHA512
835fc58fb7efa6d6c82176010b59be58526f238d4df3009188d8ea6d8f957b2ec1efaf11f1fd7c83e71939a5dfc40355b2f2f2a407de8b32f88a10a4e4a0a676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
eb16949bdb70a34d31bae41f73b63b00

SHA1
d718a67c66b36882f6135e58eedf45f06753b44e

SHA256
d871c0910fd1ab395b432739b65ebffaa5513e08c3f5301cfa5e177a7ab7b453

SHA512
88b690dd2190f2feb4c7adc77dbdfdc6fd3a2d24121bf050402af64af938b0288001b57a7442a8f9a49a5f5ab7f86dcd8182dd34321f941379b7e5e553a6b41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
bee8e2cd1e0ed183be29fe09e9fc6c95

SHA1
090f3ab550aed7c04b05e15ce74c4a7fb18ed248

SHA256
94e69f76e65916fe7d7cc217a08de382888d351b911e545a7d9679db34074c72

SHA512
2e79ac01fdf68b36f20fa7dbf88fb11e723ba812d01c10d09df2dbbdb3dad10253f3cbd41d8f84d12ffa55f97d645df3033b4417cba2b6db847779571c42b806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
34266bd001f55b78925e5fa2f38dd763

SHA1
e02d44e8e9b05bc9842c3fb319be8bff10bd0081

SHA256
99a6aaf06933d592aabce042783893ef22a343b872610b14bf9e573912fd22cd

SHA512
69a0e720db1650fa2b54e57f8eac3fc5318ba9b3bb6f1c511de0c485fee606c327703a216a843fe7f44d83f39d62de74292e6fb1910d8af271e5c75b72aa66b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8fab2bf7c02221133352d7b5959e70df

SHA1
4fb737a0bb7d369998a7914409a28d5cff1baada

SHA256
35f4c043c49f3514a95fb7aacb92ec74af585adc28e9dfe010716e1d61e247cb

SHA512
5d0f492c36d5bb3a537c55c29d24ed671f22b16cb4d18465bd4452217bed1075fd008dbc557024eb54f8a818590e553c0cbb82c7c2e322ea2ef8606faccc3c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2787f0930f3d36a47eb4cc2df53a2202

SHA1
0ba955a6814dd53dcfe6e5b9f83d2dba834e5b4f

SHA256
8f83b13135f9b1553a03fc17b4367098431dfd0967ad776ddd2bcfce6de8bbd8

SHA512
f52ff12563d8b5029b3dfabedfc89880588ff3f291fcaf878cc466f971011603dcd3b5a2682d4d7b9e0c9fe3ece904e45137856f960965ccc126bc1b0219ecee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1bcda9c37fab25241badff7aaae1d665

SHA1
c68426f9554dbfdc6a77112bd80f9f81b2f3ed7f

SHA256
02b262f3860149623faf0942bb1a0bca438f8134deba14fa7ed4663f12f0135c

SHA512
b0536a07cf276d65e042a9d9741205ac39d7724fcab9a8b2b8e8644b037d0c863d8311e1c82bbdeb81e8718359624f7df90c42f81b2efa81f01050531e62c18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
4c00fcbbc5d368f8d8228cabec29c7ab

SHA1
1cdd03603466ee93e18f10d55f46ce69049cd3a1

SHA256
666b739ac8303d4c889b6d521bced72e685cbeb2b2f2cad432609e3a70914f6c

SHA512
a111948271bdbef94c351bbdfb547013f4c26a48ae3509ca588cd565b3060e8aba3da3fc3dfbd37314e8d8f2342a1c690f9e255e57f8f485aa6b9da58e498f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c4d1f0167d579eed1b7c4d320a6ad64b

SHA1
e21fcc8966e2224aa483e2845616d1d749139fc8

SHA256
4d838ac2c206c151debfa5e021c060ba1168c19eaf95f1a3c62b32e247113e5c

SHA512
8c3a0fdd8ddb65c0059f333567f4e089a79178ed978c6e6f7adf13fe6ab1e33cb3375c6ea4a9b438134b734df76c4e3fe1ca03e471e732597aee266459da5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4f46248350d6ccfdafce9e408dbe9741

SHA1
74e1f3ed0eb90d9438579ef285270331b71990f8

SHA256
9c50f8a988246651c29e6d25410642c1c8a6dd6b58461bf08c8322d0f2a2e683

SHA512
77e13b9cc421814ba35a9f5d069a1ffd84fd6bcf9c9b33be369b53b4bd99ce313970e4c11a802caccddfef5f2b254d646f978f281a3e6e4525865a90b33d8a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8ac5fcd33fd50beb8a9528485d4b8f3b

SHA1
890a7ecfd42d61d224e4ccb6ee42b5c6ba78979f

SHA256
f867e9f475efd9e4cedfd68dd3e4e0ea6c3f4aa5de617ea163f3addfd949aaa3

SHA512
bfe546125125a1242d7a1e780e7f4c843583ffb09e3436a55c7d148b2ddac508d8fbdc0c06256d0a0b3b8ef3cfb4eac41b3c5aaa37ccc44696c3cfa0a462c6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
094f3a37d6cde4cddfa3d2ec7f56b22f

SHA1
3b3a7cb41466c858e039b5170e0a62b6da0bac65

SHA256
c37f44c8d8127e4653d43cad15ee8dace2591b44d83aa4867de14ed7259463a3

SHA512
4ba02672236accc8a7297a8f7fe252a1bb434593c357d5f6c4e8ea11c1308eae69e4650b80fed66ddf97acedab8f38806109c9ef29b1b3b75707ef04e424ba2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
494f1b7b9fbbd853c0c8664bd2124b52

SHA1
439d99b4e460c260a82dc87bd51746bbee8d7f84

SHA256
9e7b73c91b8f5ac770c99f5274cf55f482bca75a589726a87831ca5d0a240c3b

SHA512
659225f11400f732960b8fba4005239315ee23f70e1c1ef719312075d5eba359d702e2947d66423b818087d175a588f77b72c45da6ea23b643ed0c159394a8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
187b771a62c778fc3034025fe30fdc13

SHA1
aa2ca1b73bc2275eb32fb38798b91e9bde61b904

SHA256
9993d27b3ca5c64fbe018151ae198d49b3e0d12bcc6cfd1dd0202d2d30a11629

SHA512
526f9bea3262dbecd404d7d589e0e56be79e70d80ec832eff29d0d1a88e59bfa9f25da9a973dccf04176b315a642eed60f800b4c45d1ac225fc31e64e3599c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
e43ec4be6aa3341ce00ad65db356f628

SHA1
694fab30371d0b471551a2b9b9ec8b8075ec0d2f

SHA256
7c51f42f0420b2cc536a31c4ae3093d53db6fc0ad310802fb838f8da4368804d

SHA512
317c05839ff6fa7417cdc998abc201ec9d4a5369b94b44f4775bdfc1069e6581527d9b4dbe415f7a77ccca887634d76bcb6f1bc558622e7c7fb131da7c2ddc59

Download Submit
C:\Users\Admin\Downloads\Memz Clean.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 295771.crdownload

Filesize
9KB

MD5
bbae81b88416d8fba76dd3145a831d19

SHA1
42fa0e1b90ad49f66d4ab96c8cca02f81248da8b

SHA256
5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

SHA512
f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 809927.crdownload

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
C:\Users\Admin\Downloads\x

Filesize
2KB

MD5
ab28f43718a2775c4284f081203014ab

SHA1
d885a4fe26da9ec53a9ae492ea807d21701f21f0

SHA256
5b592b279c15ab6a51625c8647a3856fdfe33ba3522e8405417f966e2078c382

SHA512
0dd53ea60ef73c1f4333846ae10b8f54265480dee5446da83240be8308056738056dc194e932cb4c40a1ab5720e07e2a275dfb1f8c6a7088be0933e8a797f9ce

Download Submit
C:\Users\Admin\Downloads\x

Filesize
6KB

MD5
4a9f8144ac3f5684adb6f6651cfbdead

SHA1
1010fd7a7db21693cb3f80dccc1eee2bbc0538a8

SHA256
37be649c17026f0ce651c6a059462e2c6b01ecc867ae1872f5189f4989718b55

SHA512
f80b955918c36db123954e67b9faeb3dc22db46b09922d2ac053b0ce878870072278c5162cafa3f34032a1eb8edf82153b5b971cf63cd382963c86dee6015f5d

Download Submit
C:\Users\Admin\Downloads\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\Downloads\x

Filesize
468B

MD5
3d7ecb61f95c33e66d3e42fc400b6ce9

SHA1
2e816a2d78b25940f3a2c5cc5c80fd50c5b369b2

SHA256
e8864fe563103df116e28aced21f113b5c36fb7f3048056673436fdd28ccc6b1

SHA512
bba9f827f20162eb357fbbc86db4fbfa1bb73e3e9d902a8f0017af4ae5f4e8df58d0108a4efbc71d00f61a595cc3aaaa8823c1c517c92a5d27076d5bc5422769

Download Submit
C:\Users\Admin\Downloads\x

Filesize
858B

MD5
9ada52a951330f55a7eeed735464f140

SHA1
57977e905089aa9b524c19f06da15e20c884c824

SHA256
9d9bf800a69f503fa92dd006a51bc00669be6d5f324d0329f9845038eb8c59b7

SHA512
9db7f81bf20483859d7776b533657c055934d6187ef9b100064369210b2d037ccbfdeffe29213414d979b82556d106a1e4c782ec04ad7b6274b14fc54d73c3f0

Download Submit
C:\Users\Admin\Downloads\x

Filesize
2KB

MD5
4b3df13992e0396b7c177e92f1681d51

SHA1
c83ab930eddb5ba3ce11e6639f78c7ce2ae90644

SHA256
9b724672ccbf94154d18a0a1101ae6665166c420d9f373bd22c2f3fea41f043d

SHA512
58024fc8bfaa93b9b58c6ef86e8056658d62dcfe74e914e177a3c25901ba8b2a094457b05a860cb52f741d2df77858998d0e06f6c83e1666b9d158b2dce1921a

Download Submit
C:\Users\Admin\Downloads\x

Filesize
4KB

MD5
c8b5f2f4142f90cfc7911d5ee3b345e3

SHA1
4123baaecdd2c5feba84b84b136bd872a0556cda

SHA256
b1583f16ee73fd3b1312715dd9992faa585af067ec70f0533e8ddd2d42628039

SHA512
e2a801c0ad2756933dc001851ba81ca8ab330bacace029a5e4347a6d500f30fe05c3153f659ed60cc360c7525c6ac2ad9f7cbeb1f179f5c1eb29d191e5b06e95

Download Submit
C:\Users\Admin\Downloads\x

Filesize
4KB

MD5
636675d7b05ec7ccb7183303edaec334

SHA1
9ee6fb2f2fe96e90e164ddd9f1e891caccf97fed

SHA256
c02614dc17409f3d99bb4db8bbfb050a0d5ba3ea91413e5eed61f361973ebe5f

SHA512
042bd23d0c2fdd0f6497d7cea53b185177a6a049c72e805357bedb09db9d3d9063ced760fa9222c922ca9d394af1dabf74075d3c46dda6b6cccf598970cd02d3

Download Submit
C:\Users\Admin\Downloads\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Downloads\z.zip

Filesize
237B

MD5
30d1acb1841cca5aeff2c8ce3b7bdc97

SHA1
30e21e89234bc4bd6f3f70acb5ec355dddb7df23

SHA256
857d85ec4b7da0c1e482d7efe75a302fe3ccbc00ea332fdfa206b40a6e2050cd

SHA512
2601feb6c87209d74c8a3583c8f60b98f1afa028726d13c37c9194ce06f32d9de1101a2cd0aede7ba3549427db498a969b2f59c23c25d88737ee205dc1287573

Download Submit
C:\Users\Admin\Downloads\z.zip

Filesize
5KB

MD5
93626f75690204826c23aecaf329a69e

SHA1
ee50c26c9609413b213d1e4b326b0b2e2f873b3f

SHA256
38699aa94f88df52f5ea924174a2ba0ac2e36fd0beb0184afeadf4b400c1d73b

SHA512
01d0ae02688245d60b408a260f955c1fc1e5eb74aa905c3c8c069e05d397d3e1dace37ce54fa7c33ab3f6c33969fa308bfdf89717060dee4b9636b281f2452da

Download Submit
memory/4896-1703-0x000002AFA7B90000-0x000002AFA84A4000-memory.dmp

Filesize
9.1MB

Download
memory/5336-1654-0x00000180B2AB0000-0x00000180B2ACE000-memory.dmp

Filesize
120KB

Download