Analysis Overview
Threat Level: Known bad
The file http://wearedevs.net was found to be: Known bad.
Malicious Activity Summary
CrimsonRAT main payload
CrimsonRat
Crimsonrat family
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-14 05:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-14 05:12
Reported
2024-12-14 05:15
Platform
win10v2004-20241007-en
Max time kernel
170s
Max time network
170s
Command Line
Signatures
CrimsonRAT main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
CrimsonRat
Crimsonrat family
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| N/A | N/A | C:\ProgramData\Hdlharas\dlrarhsiva.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| N/A | N/A | C:\ProgramData\Hdlharas\dlrarhsiva.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 523980.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 295771.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 809927.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Memz Clean.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://wearedevs.net
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Windows\system32\cscript.exe
cscript x.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Windows\system32\cscript.exe
cscript x.js
C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4ec
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6284 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 104.26.7.147:80 | wearedevs.net | tcp |
| US | 104.26.7.147:80 | wearedevs.net | tcp |
| US | 104.26.7.147:443 | wearedevs.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| FR | 216.58.214.67:443 | www.google.co.uk | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| GB | 95.101.143.201:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| GB | 95.101.143.201:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 95.101.143.201:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.219:443 | th.bing.com | udp |
| GB | 95.101.143.201:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_1480_POJQORKEFLNKFPNX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e4f7a072500a8e6a29bb986b80c3d2fa |
| SHA1 | 777ba798081a3f20cef0f6ae7e64e0239dd28aa7 |
| SHA256 | 9282cd6b3776ca550fb784df54289db229ed0edd02fa360aa257fb06f64b74db |
| SHA512 | 74315374db4b2f00db1176510e34e567afb0cd9aa5023fd5dfaf3cf25a741062887909c131edd54b143bca3ffc6fbf2a0c15c4bde901f787c9e7f2e312d598be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 094f3a37d6cde4cddfa3d2ec7f56b22f |
| SHA1 | 3b3a7cb41466c858e039b5170e0a62b6da0bac65 |
| SHA256 | c37f44c8d8127e4653d43cad15ee8dace2591b44d83aa4867de14ed7259463a3 |
| SHA512 | 4ba02672236accc8a7297a8f7fe252a1bb434593c357d5f6c4e8ea11c1308eae69e4650b80fed66ddf97acedab8f38806109c9ef29b1b3b75707ef04e424ba2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3b75ce3d958a76844f8fccba4ab30835 |
| SHA1 | 576f7608819bd309c92070e5120df12a977e6acb |
| SHA256 | 528c6236b44aa2d293deb67e2fdc6ee44c388cdc42d45d1aad43cc1814cbbdd9 |
| SHA512 | fb0c37ba963a069aed2074b5284fabac222db0d67614abf1d5c3c21f3bb1a1df3c6ebcd78ff485fdeea20f960db4bfc6dc94f4beed6baa59b5bf35e243abd223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d027cbe24be31435d0169f35a3787367 |
| SHA1 | 2b4e041e703c61cdea6baf10283bd440e9a929e3 |
| SHA256 | c9b8cf8a67d301c3860f71ee897e5186ff3fe878c338d11fea3a6cff0e62110f |
| SHA512 | d61764bea872b74cb7324ce50478d736cfb34adaf21b1e88cedfdd777454d06d93a7675eec1ec9d9df2bc77d97e92b2afe94cb4ff57b5e316553289b801e9c6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | adf3dd730f8ceb88a616e908244c4f99 |
| SHA1 | d1b6c354fdadf1e8d14a57332eddb2d6f5617cfa |
| SHA256 | 88244456b4ddd6d402ba1e34111efad57075fd8761bc13cb1deb81110140baea |
| SHA512 | 3a1e8ea2daa74cc46e9fc6ffab84bf1708f8b89111ebb0f32141eff72603feef6f4de5c39be348b1cf29af06cc42bc8614c8ed6c492b1bf5a1a1b6d4f5e5decc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378626743342068
| MD5 | 53c2de043be62799b4428a27f7e82cbe |
| SHA1 | d70bc7b545feafae4e9171e1339b830844163c61 |
| SHA256 | 1b97b5d0d35635748d8b23623b367425ef47d4cde145d54568683cec8148d91b |
| SHA512 | 187b9dcb9861d4e1aa8b33d255095fd2d200565375bae26f789377b67a3d229c53e3b647e71851bc863d42131bcbe6099bf30244bad3c14e2ded95278567c64f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | c4f8806cd1753235ad444e7f540f00e0 |
| SHA1 | e7d611b292c34f829265de214d788164c123ba0f |
| SHA256 | 9d2060c4fd47954117f3024020ad152dbd0a2c911ad0eb3faf272680ad7da0b5 |
| SHA512 | 4635a388f391b872b558ae3d973074bf95ad9bd1293edc3d13ded7cb7d920eda4245b7237d69b7dd60eb7a365298ea1f01f1ec048d2f5ee916df8c2a2f193562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 447d2aedc87c77a2cb9bf093d0780296 |
| SHA1 | dd245d053d8c2e116c13b6c12148e4bc166d51ff |
| SHA256 | 714ed4fba3904dd3fcc7e180d916454aaf34b9030c381a0378466ce4a30c1dae |
| SHA512 | 30286d95c43d8b55ca515270a50b01c1c0dff4d13e484006ea08d03f24e808baeb49dc010483d9a83a06e595605cebef45020ee77747ad1b976c1f02d66a8105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 22c6ec633f83f8dac613b5f8db989add |
| SHA1 | fea6af1ffd62c4bd5ae86409fb17ea09ae5a0648 |
| SHA256 | 05072742117aa745054baae9a887d8a20d25a787eab0349877687c1b0bcc5350 |
| SHA512 | cc85aee7889afa6868d64bde15753d3fd80eb007a377fb96e3306e5be5860accfc591b749304158175a40fd3ba4012ed6573cfddb3a0004df0d614d504d015b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 6003e6559c9adb8e2afced344f6a4627 |
| SHA1 | 22e3ff1cfddd51693c1efdff91ec415258710cdc |
| SHA256 | 129402cb163ac3a39d0db15d7529ebe918defbf0df5b14ce39bf9d713860f0ce |
| SHA512 | bbd63a441b27621c2b11644200f5b2fe495a0d8ad9d4b920e1bc3958877de4c848945ee67bda634c1bcd9e5761a5f1c1bb466e3fe3c3bb185edeff9e4414c6fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 5c0ce2597029d8f34b7f344af1f20646 |
| SHA1 | c8521aff61bc786937e4b34f7cd5b3c5131ffc46 |
| SHA256 | 12a2583e66319612c513a35b8375782e11bb955e497745d244195eab450c288c |
| SHA512 | 5802e77bcf31f0e68fb1bdd9728c4f3c338a25991ec932fcaa0acd2847a6d0c61b9288589505c06acc1f013905604167aa091bde5f6e676a8df29174e5051f89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 2c3bf1274d54dd4aab16f8bee7b3fa54 |
| SHA1 | 325a74cd623fa3b3cf40027ae0c6c0051ce0e046 |
| SHA256 | 2bc60f7de5fc71fee707904c9cdc98c749f2cbc6460a10a41da0402beed45adf |
| SHA512 | b08fdb07a5132764731ede0a0344b6a633206eaf40c40e3b3f44a4ce3560ce1c904bead16da4a81041352d4bcc7077c7db6520dd1f79b9022e9be5f1345f34d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | f0fc948c76e493e169d259aeaa544b0b |
| SHA1 | 4317fba382de6d8db193e122f1ccb5a479d9ad27 |
| SHA256 | 7e7aba78fc3087d9f43b4a39090258487aba2d0689702ec0ef90af157adc056e |
| SHA512 | e5263a54c33dccc4eaa9afcaf4827d0a1388125d35cdeb1ad5381117c96ca02084bd29d89601f2302852ae8af267eede2df22eb12ea7381285887d7cc043eb05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | ce259c9c9fa193a664bc44d2dc1975c0 |
| SHA1 | 4bccb42f523678cf36b7b94854c919d48ef1f817 |
| SHA256 | 9eb8f99edba24d558db0f6fcacc61aab3154efdc689d961fd30844c6c42e3523 |
| SHA512 | 835fc58fb7efa6d6c82176010b59be58526f238d4df3009188d8ea6d8f957b2ec1efaf11f1fd7c83e71939a5dfc40355b2f2f2a407de8b32f88a10a4e4a0a676 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 3291b678335bb3384d10f8af283efb42 |
| SHA1 | 581a537a63c4e0bde8ea3602668cca494c186cba |
| SHA256 | 012c70a60541918713caea10c75f68674e9cacde6f993c94c6d379d4a994d36e |
| SHA512 | 65a8490f9b524ec5d274ede4af2725ec0946788a8189ff44b16ed5c11815231b83f1a62e3c3bc73d06771a0e9fbdc6441972861d4b124623507b822b7dc75658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bac895ef8f739f9bdc7086ca3436069a |
| SHA1 | 1d98efb51f620797ed51867a5d24689f16786f8c |
| SHA256 | df7a25f79d99fdd9058741acd3a1c1f520e9cde9e5bb0a26aaa5f845e4f9a710 |
| SHA512 | 22ee86acb8fd212e59c66ed5ece63245feddfd696ecc1355581cb3594e33a2edee08649f209d888db17f94439c658da851904d49409fd90496aa7e901135902d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | eb16949bdb70a34d31bae41f73b63b00 |
| SHA1 | d718a67c66b36882f6135e58eedf45f06753b44e |
| SHA256 | d871c0910fd1ab395b432739b65ebffaa5513e08c3f5301cfa5e177a7ab7b453 |
| SHA512 | 88b690dd2190f2feb4c7adc77dbdfdc6fd3a2d24121bf050402af64af938b0288001b57a7442a8f9a49a5f5ab7f86dcd8182dd34321f941379b7e5e553a6b41e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a62d3a19ae8455b16223d3ead5300936 |
| SHA1 | c0c3083c7f5f7a6b41f440244a8226f96b300343 |
| SHA256 | c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e |
| SHA512 | f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 30f70abd3771b22372a08ab2658837f6 |
| SHA1 | 24dcdef7633e97b8f1ae0b87b345e72f446d5733 |
| SHA256 | 92e1ab7525f595cb04bec75c2e1ebf887fe0bcb26c2b5ff5f33d012c2cbbca32 |
| SHA512 | b5abb3be770aebf0555d884d0aa1c20677c1032a302a01c3add428fc4bdfdac9ff23a42d7873d20f9351727395e50b017c64a26e25fb002caa35720351844c2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d9255c6edfefd0a442cb13f82fe3f74 |
| SHA1 | f95f3dee0dd15e03bbecc58dacd1b37d4a1b938e |
| SHA256 | c67899236115f2766a12c6bfd438d63909b4819376b340f0bce9af1f1bf5adc4 |
| SHA512 | 00e6c4431b7545f4cee8c13bdfe13fef730035f5747b0eb7397eb723597fce0bb87ce222128066c538078627017d82ac607e57596a2eb37562f1b509357f0048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 7ed847533e9a6dbb89e860b4e25a4cc8 |
| SHA1 | 29f85e5c7c579392d8e8b583f6642f02f7492636 |
| SHA256 | 1e1748b44f9dac64429b9ba25e6221df34fb6f0c8ce8274d3338b1c94619d763 |
| SHA512 | 9c404b5edc7c6fdecb08c17733e8304f5231736ab165366c3a57eb9d8043583a3578e0a3e483121772db1fec55c4067a135d0527aa38d37ab6679becfec9ef22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 0df32312f8d923ec844256d1f66c4736 |
| SHA1 | c2293a422aba6c1d7ef1e45d047cb96bf4317e84 |
| SHA256 | 4ba90682d72b15f2aab3eb0fc097d4f527766418dd3133372eb6a0f61b253eb6 |
| SHA512 | 82a226ade43db8d9b0d3a74490aad314a54703647709f0b728424c430fc496ac092091acf9cf821f7a5853a56ab155392c6388aca62c48d4204b2c2461b7d430 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 2787f0930f3d36a47eb4cc2df53a2202 |
| SHA1 | 0ba955a6814dd53dcfe6e5b9f83d2dba834e5b4f |
| SHA256 | 8f83b13135f9b1553a03fc17b4367098431dfd0967ad776ddd2bcfce6de8bbd8 |
| SHA512 | f52ff12563d8b5029b3dfabedfc89880588ff3f291fcaf878cc466f971011603dcd3b5a2682d4d7b9e0c9fe3ece904e45137856f960965ccc126bc1b0219ecee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 4c00fcbbc5d368f8d8228cabec29c7ab |
| SHA1 | 1cdd03603466ee93e18f10d55f46ce69049cd3a1 |
| SHA256 | 666b739ac8303d4c889b6d521bced72e685cbeb2b2f2cad432609e3a70914f6c |
| SHA512 | a111948271bdbef94c351bbdfb547013f4c26a48ae3509ca588cd565b3060e8aba3da3fc3dfbd37314e8d8f2342a1c690f9e255e57f8f485aa6b9da58e498f1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | a33b3a3fdf5161be5bd861804961f557 |
| SHA1 | 68a57897f1686a3e62ce9808165e18f31661d077 |
| SHA256 | ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560 |
| SHA512 | c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | e43ec4be6aa3341ce00ad65db356f628 |
| SHA1 | 694fab30371d0b471551a2b9b9ec8b8075ec0d2f |
| SHA256 | 7c51f42f0420b2cc536a31c4ae3093d53db6fc0ad310802fb838f8da4368804d |
| SHA512 | 317c05839ff6fa7417cdc998abc201ec9d4a5369b94b44f4775bdfc1069e6581527d9b4dbe415f7a77ccca887634d76bcb6f1bc558622e7c7fb131da7c2ddc59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | fc97b88a7ce0b008366cd0260b0321dc |
| SHA1 | 4eae02aecb04fa15f0bb62036151fa016e64f7a9 |
| SHA256 | 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e |
| SHA512 | 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 483898f23e7d0c775d0351b3d178d2b3 |
| SHA1 | f1e5e77c5789fbd3e6883e2c278daa21c816774f |
| SHA256 | ec605fff44ae9131a89c6d0f8672ec18468de69df169a1ed039cbfc180706551 |
| SHA512 | 815b575e1e94b2145cc5bc422a9e04c91527f270af9ef7e789777bfa3e65c0c71d4e506a20c287e8d4be3130b6723c314eacb6c156e8f9718ad5a9af8b44f45d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 1bcda9c37fab25241badff7aaae1d665 |
| SHA1 | c68426f9554dbfdc6a77112bd80f9f81b2f3ed7f |
| SHA256 | 02b262f3860149623faf0942bb1a0bca438f8134deba14fa7ed4663f12f0135c |
| SHA512 | b0536a07cf276d65e042a9d9741205ac39d7724fcab9a8b2b8e8644b037d0c863d8311e1c82bbdeb81e8718359624f7df90c42f81b2efa81f01050531e62c18c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 9ea6317695a411987c87416e61d4626e |
| SHA1 | b6d32bd4dcfbb3f35864087e93e47d2b5b7dd2b5 |
| SHA256 | 0f90f345d9a21a882a7ffd2ccebea8d19ebf659e06e260ec89a57b591b8b205f |
| SHA512 | 475a75a734988612b39139e944a557ca3324191e8de9ed60dafcc9556caaf99ae00052c8283e9f74d8b7c076986ebd28aa0382d3757fa434530690197918c324 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 79ec46bcb4513ace172d064497bcbc9e |
| SHA1 | ce23d0541e768c5e832edfb5780a6f270afe3ddc |
| SHA256 | c9a52c5d339fd8916345812028a2e8afb2fe1306ed691d025ca4b18efe1425a8 |
| SHA512 | 4d570a84305c1a8d2c0021ca91a6decc9c6d38953dd17d657326a898467a0605b0b94ac3fe51aeb56dc497e5f1daa583beb4819c14e9efd7392a645292d44d57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | f8dccdf3e674734ae1348090a6600a49 |
| SHA1 | 8c132338991f85ddc174d6cab3b646380adc20d5 |
| SHA256 | ccaf90b817174f7276b932dd6bca56622ba491417881ff23fc2ef611a6eb2486 |
| SHA512 | c1be9c85a840f2779834cd6a503666ed7927182ab3bf6bcddd791805c0299bb74833417dc8fa5735c248542d9740733b8d81ab4f8f2e4195ecb38793f26aab71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | ca5d22dab28181a9311f35f0cd6c34c5 |
| SHA1 | 1dc9aecd81b5f220866c79751d671ecb183ede60 |
| SHA256 | 8273e348759023f3e9df581caa9e7734c84c37a5ac2e95b0f5d9b9d65ccaca65 |
| SHA512 | 409ce830cb576f3871bd0b7fade666923f33484bcbaf70942816212c81490ca5994db992d8c87fbf7d0a84e45a8b0111c5d08a89e168c8f415f34cda5f58ec42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | bee8e2cd1e0ed183be29fe09e9fc6c95 |
| SHA1 | 090f3ab550aed7c04b05e15ce74c4a7fb18ed248 |
| SHA256 | 94e69f76e65916fe7d7cc217a08de382888d351b911e545a7d9679db34074c72 |
| SHA512 | 2e79ac01fdf68b36f20fa7dbf88fb11e723ba812d01c10d09df2dbbdb3dad10253f3cbd41d8f84d12ffa55f97d645df3033b4417cba2b6db847779571c42b806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 34266bd001f55b78925e5fa2f38dd763 |
| SHA1 | e02d44e8e9b05bc9842c3fb319be8bff10bd0081 |
| SHA256 | 99a6aaf06933d592aabce042783893ef22a343b872610b14bf9e573912fd22cd |
| SHA512 | 69a0e720db1650fa2b54e57f8eac3fc5318ba9b3bb6f1c511de0c485fee606c327703a216a843fe7f44d83f39d62de74292e6fb1910d8af271e5c75b72aa66b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 8fab2bf7c02221133352d7b5959e70df |
| SHA1 | 4fb737a0bb7d369998a7914409a28d5cff1baada |
| SHA256 | 35f4c043c49f3514a95fb7aacb92ec74af585adc28e9dfe010716e1d61e247cb |
| SHA512 | 5d0f492c36d5bb3a537c55c29d24ed671f22b16cb4d18465bd4452217bed1075fd008dbc557024eb54f8a818590e553c0cbb82c7c2e322ea2ef8606faccc3c3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 947c8e0e4db7b24e23364ce35287539e |
| SHA1 | 7e101c06d1daa0f5454495adfcb094c287728733 |
| SHA256 | 10958e3f1428f63b9309eb25a6a924081333297e7cb645b801dd45859ff1681f |
| SHA512 | db3fc77159f8dca9bd8740f0089871509c21f224dd22906eceea60e6d6dc36169eb3f2e1fc5d6258aa40003be81ae5f3482d331025702afa718c6ed7a0a652e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378626743096068
| MD5 | 108363ad8236aaf9b0170fb5c7ddf56c |
| SHA1 | 7dfb7ec1ca09d7ace3df4751642cd86091f23cbd |
| SHA256 | 7583982fe1a26b03fa25c4d6d2eadbc708914dca9103482d3605afad865e3588 |
| SHA512 | 22d05efd14140ecffc33228445201dc3ade459b6f03376ba116f3c932ac9a4d15f999acc61a85736eb313694f2e65c74cbf63759738fcdb702b9619b0dcd59d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 187b771a62c778fc3034025fe30fdc13 |
| SHA1 | aa2ca1b73bc2275eb32fb38798b91e9bde61b904 |
| SHA256 | 9993d27b3ca5c64fbe018151ae198d49b3e0d12bcc6cfd1dd0202d2d30a11629 |
| SHA512 | 526f9bea3262dbecd404d7d589e0e56be79e70d80ec832eff29d0d1a88e59bfa9f25da9a973dccf04176b315a642eed60f800b4c45d1ac225fc31e64e3599c9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | aef2484b662c9af766d8aecbef5f483c |
| SHA1 | 190f0a82fdea6da1dcb45b9ff44559b755d64c43 |
| SHA256 | 2246b3ab57f55f307bc2ebc6ccd25dc49559ebb2cbeffc1bf23b37b14fa925ba |
| SHA512 | ece5ab79399a3349c6a2b38ae6a38962f4b0871cacd66ff8c74349bac0b557610a9f48fac95849c048036574812fc700b0b5ab9548cfe341aa4bc0505854d9ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
| MD5 | 4966cd97f0f818cf8d4051dbef9cead7 |
| SHA1 | 686150fb346d5e77af73f4952e5b6556854d1898 |
| SHA256 | 6d10a01202ecd3a74b623d7dc71a427f9d458803d031db5b0c52d9bbdba6a0e6 |
| SHA512 | c0bffff920db6668edb8474c48ff74eeee5b9afcae6466587973691b00dce4455d38d630c46e1424e815d90bea7da70503c0cc3a009bb391554ee9d12fd30f0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
| MD5 | cf4b0a74bdc68a111bd7ccbd8569daa5 |
| SHA1 | e567e83b8db5476018dfed63802d0f60690c8139 |
| SHA256 | f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d |
| SHA512 | 4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | ab8ce102e0f590728bc26d9ddb499ca1 |
| SHA1 | 4de1f9d5deedbbd1bc1bf9a7af23d287f409d858 |
| SHA256 | 65718eb82728a5dadc22c60581cab64cd9d409c447abb276fc9f9d0478e799dc |
| SHA512 | 37c4a21a16fd02d2263a628b3d438163fa495adf03816d8e865574893e0555ed4b775d68fa100fafee966d8702185409d34800f24640b3940a40940f25a38aa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 494f1b7b9fbbd853c0c8664bd2124b52 |
| SHA1 | 439d99b4e460c260a82dc87bd51746bbee8d7f84 |
| SHA256 | 9e7b73c91b8f5ac770c99f5274cf55f482bca75a589726a87831ca5d0a240c3b |
| SHA512 | 659225f11400f732960b8fba4005239315ee23f70e1c1ef719312075d5eba359d702e2947d66423b818087d175a588f77b72c45da6ea23b643ed0c159394a8ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a89919d344d4ec5d641db652ddc18804 |
| SHA1 | a3306a8036e2c18c7c240fc8e3ed3956f74d7f9b |
| SHA256 | cc9964201d1319e47a5d53b18088de3c19cf2916a35b287fabbe818707e8c7db |
| SHA512 | f888a14d1f63a3aa860ab23308df7136af0db4503df04c5229f7ab2741e38c61e05d04d47e21a877bafd59cb0995481934f18088c8790971782f1bf448376694 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8985196cfcec22a7b00cd2e4e894359 |
| SHA1 | 71893d581d9a6d305b674e0aedf14db9e95ab9fa |
| SHA256 | 12bce74234581a2ae85e3a04b02a5f7e185884e66842358a536e1cfc7122dae4 |
| SHA512 | 41e0e465e34efbe33c9606276c09ab46fc232adda8ce61b9d7549d8b8c609b1c9a219a49c803ae15755bebe1e759eb3cef34775cdec76df2f602ac665345e84c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8696c686510de5f015577c47e1edefce |
| SHA1 | a7ec865abb2ba0b3a2b45c6c39cc392dd63108da |
| SHA256 | 6987a4ae1cde8fa1df3bc2f0229bf1dc6bb8beac7e05f48d9792e72de1b39868 |
| SHA512 | c333807648e3bd1f2ec9fbb59972723331c8d3e394338ef82b3f7f516b3ea9dab27f8f34dd9dca84b91915f9af7ca9e40e113cdd615ed372490e25b417300f00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 442f75993b5cbd270c2d7fa18c108f62 |
| SHA1 | a8079fd675216c394873b8b8ec8e21faec3b32fb |
| SHA256 | af4e5e002a98a48131a443be2617fe6c6812cc3a73bab6523dcfd4ebd0baa9de |
| SHA512 | c3fc395b4bea22d0ce1b4f02d0ed723ad683cffeedbb773dee6fcd319da733eeca936546c2e9a02a233ca3ff336f78e191e9f497d9a9fb10d27aa271bb5cc4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2138cd20e5adf08e2bc65e2e94528311 |
| SHA1 | 5d1205c74868021a1618d1175c4d6b6a4bb10c1a |
| SHA256 | 70feaf9458cbf78a08ae9829d29d50cceec841298a26ebfccb189617bf3a0ef9 |
| SHA512 | e9d912e1db761d74f4ede3457d2862e83eb346ff68509e6c65e0055b81a42269015cc6fcb3c66d582db612d9c69e8fd0c22d54f8d6509f036346163a3f5b41ca |
C:\Users\Admin\Downloads\Memz Clean.exe
| MD5 | 9c642c5b111ee85a6bccffc7af896a51 |
| SHA1 | eca8571b994fd40e2018f48c214fab6472a98bab |
| SHA256 | 4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5 |
| SHA512 | 23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a28ff2616910166bff24cabd064a819 |
| SHA1 | f20340ab4ee40725c0d15fe023a81466ef5a70ac |
| SHA256 | c04aaca3aaff27796af9ecf727130a25cfd9b4f063bc7d577fba1c3807ede5ab |
| SHA512 | 2453b421c8288af0b62972a1408518c5d36f003522d8b7916baa85aaca92ddf8096f108e7edde918d4fa482310e034a99bab7c7e4dba97786d813a0a3b22b1e3 |
C:\Users\Admin\Downloads\Unconfirmed 295771.crdownload
| MD5 | bbae81b88416d8fba76dd3145a831d19 |
| SHA1 | 42fa0e1b90ad49f66d4ab96c8cca02f81248da8b |
| SHA256 | 5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c |
| SHA512 | f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb2ed7306280a26e525cc3c2711dc1f2 |
| SHA1 | 43fdc224df8c5f080e1b617d51f088b1c82b991f |
| SHA256 | cba45b78529d83789ecbb39f664ba88623a92a00c19190f945df2c3ef982decb |
| SHA512 | 0902eb058069293c60d907692cbc4b3cf07a9da3d11a3a212868a6a178471b7e6e2555c159ea06d70d55cb604c83b8d7228fe5056bd6d669b8f12fd364053e07 |
C:\Users\Admin\Downloads\x
| MD5 | 4b3df13992e0396b7c177e92f1681d51 |
| SHA1 | c83ab930eddb5ba3ce11e6639f78c7ce2ae90644 |
| SHA256 | 9b724672ccbf94154d18a0a1101ae6665166c420d9f373bd22c2f3fea41f043d |
| SHA512 | 58024fc8bfaa93b9b58c6ef86e8056658d62dcfe74e914e177a3c25901ba8b2a094457b05a860cb52f741d2df77858998d0e06f6c83e1666b9d158b2dce1921a |
C:\Users\Admin\Downloads\x
| MD5 | c8b5f2f4142f90cfc7911d5ee3b345e3 |
| SHA1 | 4123baaecdd2c5feba84b84b136bd872a0556cda |
| SHA256 | b1583f16ee73fd3b1312715dd9992faa585af067ec70f0533e8ddd2d42628039 |
| SHA512 | e2a801c0ad2756933dc001851ba81ca8ab330bacace029a5e4347a6d500f30fe05c3153f659ed60cc360c7525c6ac2ad9f7cbeb1f179f5c1eb29d191e5b06e95 |
C:\Users\Admin\Downloads\z.zip
| MD5 | 30d1acb1841cca5aeff2c8ce3b7bdc97 |
| SHA1 | 30e21e89234bc4bd6f3f70acb5ec355dddb7df23 |
| SHA256 | 857d85ec4b7da0c1e482d7efe75a302fe3ccbc00ea332fdfa206b40a6e2050cd |
| SHA512 | 2601feb6c87209d74c8a3583c8f60b98f1afa028726d13c37c9194ce06f32d9de1101a2cd0aede7ba3549427db498a969b2f59c23c25d88737ee205dc1287573 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f7bbb9b8ae5ad948a872d6453a52893d |
| SHA1 | cb4499537c5a22c46231fd8f25dcccd62b9fc9e5 |
| SHA256 | dbc5bde286d55faf3c1e55c298216e46ea1cc7a3917b9bbf5dfc6679f5b58690 |
| SHA512 | 6f7717a6424aa55dcd108c7f7e69432ea69617ee1708c5191eda44824c6763abace15334e741a4e18d759775aeeb9ea0138c5d2ea2eb8dab8e848062b62013d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4d1f0167d579eed1b7c4d320a6ad64b |
| SHA1 | e21fcc8966e2224aa483e2845616d1d749139fc8 |
| SHA256 | 4d838ac2c206c151debfa5e021c060ba1168c19eaf95f1a3c62b32e247113e5c |
| SHA512 | 8c3a0fdd8ddb65c0059f333567f4e089a79178ed978c6e6f7adf13fe6ab1e33cb3375c6ea4a9b438134b734df76c4e3fe1ca03e471e732597aee266459da5f5b |
C:\Users\Admin\Downloads\x
| MD5 | ab28f43718a2775c4284f081203014ab |
| SHA1 | d885a4fe26da9ec53a9ae492ea807d21701f21f0 |
| SHA256 | 5b592b279c15ab6a51625c8647a3856fdfe33ba3522e8405417f966e2078c382 |
| SHA512 | 0dd53ea60ef73c1f4333846ae10b8f54265480dee5446da83240be8308056738056dc194e932cb4c40a1ab5720e07e2a275dfb1f8c6a7088be0933e8a797f9ce |
C:\Users\Admin\Downloads\x
| MD5 | 4a9f8144ac3f5684adb6f6651cfbdead |
| SHA1 | 1010fd7a7db21693cb3f80dccc1eee2bbc0538a8 |
| SHA256 | 37be649c17026f0ce651c6a059462e2c6b01ecc867ae1872f5189f4989718b55 |
| SHA512 | f80b955918c36db123954e67b9faeb3dc22db46b09922d2ac053b0ce878870072278c5162cafa3f34032a1eb8edf82153b5b971cf63cd382963c86dee6015f5d |
C:\Users\Admin\Downloads\x
| MD5 | 5ce1a2162bf5e16485f5e263b3cc5cf5 |
| SHA1 | e9ec3e06bef08fcf29be35c6a4b2217a8328133c |
| SHA256 | 0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43 |
| SHA512 | ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1 |
C:\Users\Admin\Downloads\x.js
| MD5 | 8eec8704d2a7bc80b95b7460c06f4854 |
| SHA1 | 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326 |
| SHA256 | aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596 |
| SHA512 | e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210 |
C:\Users\Admin\Downloads\x
| MD5 | 3d7ecb61f95c33e66d3e42fc400b6ce9 |
| SHA1 | 2e816a2d78b25940f3a2c5cc5c80fd50c5b369b2 |
| SHA256 | e8864fe563103df116e28aced21f113b5c36fb7f3048056673436fdd28ccc6b1 |
| SHA512 | bba9f827f20162eb357fbbc86db4fbfa1bb73e3e9d902a8f0017af4ae5f4e8df58d0108a4efbc71d00f61a595cc3aaaa8823c1c517c92a5d27076d5bc5422769 |
C:\Users\Admin\Downloads\x
| MD5 | 9ada52a951330f55a7eeed735464f140 |
| SHA1 | 57977e905089aa9b524c19f06da15e20c884c824 |
| SHA256 | 9d9bf800a69f503fa92dd006a51bc00669be6d5f324d0329f9845038eb8c59b7 |
| SHA512 | 9db7f81bf20483859d7776b533657c055934d6187ef9b100064369210b2d037ccbfdeffe29213414d979b82556d106a1e4c782ec04ad7b6274b14fc54d73c3f0 |
C:\Users\Admin\Downloads\x
| MD5 | 636675d7b05ec7ccb7183303edaec334 |
| SHA1 | 9ee6fb2f2fe96e90e164ddd9f1e891caccf97fed |
| SHA256 | c02614dc17409f3d99bb4db8bbfb050a0d5ba3ea91413e5eed61f361973ebe5f |
| SHA512 | 042bd23d0c2fdd0f6497d7cea53b185177a6a049c72e805357bedb09db9d3d9063ced760fa9222c922ca9d394af1dabf74075d3c46dda6b6cccf598970cd02d3 |
C:\Users\Admin\Downloads\z.zip
| MD5 | 93626f75690204826c23aecaf329a69e |
| SHA1 | ee50c26c9609413b213d1e4b326b0b2e2f873b3f |
| SHA256 | 38699aa94f88df52f5ea924174a2ba0ac2e36fd0beb0184afeadf4b400c1d73b |
| SHA512 | 01d0ae02688245d60b408a260f955c1fc1e5eb74aa905c3c8c069e05d397d3e1dace37ce54fa7c33ab3f6c33969fa308bfdf89717060dee4b9636b281f2452da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4f46248350d6ccfdafce9e408dbe9741 |
| SHA1 | 74e1f3ed0eb90d9438579ef285270331b71990f8 |
| SHA256 | 9c50f8a988246651c29e6d25410642c1c8a6dd6b58461bf08c8322d0f2a2e683 |
| SHA512 | 77e13b9cc421814ba35a9f5d069a1ffd84fd6bcf9c9b33be369b53b4bd99ce313970e4c11a802caccddfef5f2b254d646f978f281a3e6e4525865a90b33d8a0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d0a5760a93f1dd0f0f59d779d0f5d4d5 |
| SHA1 | 49b736ad05681e498110eb3cd618402afc48b2c0 |
| SHA256 | fb983ebf1b3f3a82581e107da466d21320f272fb08f78e1003362e95d7322833 |
| SHA512 | 24621b228c87e6511022e6d4a7c943572fad88d13b6e545e73a7bc3d3287347b208b4a9f176b61de09960513628a6b42e3c7e0e2a7f26c2fcdbaf961862affa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 5dea626a3a08cc0f2676427e427eb467 |
| SHA1 | ad21ac31d0bbdee76eb909484277421630ea2dbd |
| SHA256 | b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6 |
| SHA512 | 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cb8f2982a2ff9d2cb88fd58f6b8a8f6e |
| SHA1 | 5f346841314fbeb321cdf2c9e8e83e8e055deeed |
| SHA256 | f6580046397a42178e35e9c4eff8e9868234b643b0b1513dd170cc8d4c298ea0 |
| SHA512 | f2d65fbf012ec26cf5ff4250cd8db0f9cd4c1369d8f3b811856e90c59380d29719551e5026a26b2b51d5cf69be88987bf15516e7e6fe53cfe05b322f5401005a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 18a9531f05f4a3662558d102349767b1 |
| SHA1 | 328114b78180b5931d651669bf0b21d3a5cf8adc |
| SHA256 | 2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716 |
| SHA512 | b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a52ab73037227fc6bd75385a1cd432be |
| SHA1 | 7acfa02863285ad3a9925774fddae934dda9a2e2 |
| SHA256 | 3f551e69b4ba73136abf628bd44a29dace9add624e05b9867e97f0343ffbe97a |
| SHA512 | b19c251bc9129cf91657c785706b736964c96dce403deba942c464e1a5ca56e4d7ade554ae0dc37439fa336c4662e1ed63dea2f086804cd4150b6585aa81bf14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0299a2d061508dee0aed2087014a583 |
| SHA1 | 60830c139b1d36103ec8b4048c128c4d0bb3c73c |
| SHA256 | 23d834ae30b79e40c9cb1ded9040ac45509e40ddf04768f0faed7f6d0ddd4d46 |
| SHA512 | af53863a9150d114be521117afd6442fb5cdaa8398e7462614164ac2817ebac3bedd03b39fd8fcf13bfc07f15254eb1f26b8e93c675834b22c1ef35fcf6f8e98 |
C:\Users\Admin\Downloads\Unconfirmed 809927.crdownload
| MD5 | b6e148ee1a2a3b460dd2a0adbf1dd39c |
| SHA1 | ec0efbe8fd2fa5300164e9e4eded0d40da549c60 |
| SHA256 | dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba |
| SHA512 | 4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741 |
memory/5336-1654-0x00000180B2AB0000-0x00000180B2ACE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f07a4aebc88306aba07b2125cda4cf52 |
| SHA1 | a8d1c563e9d8f7b4353621cb189b2634c800a736 |
| SHA256 | d91b3212cee39d963e8a2b24182c041e0cc070a5fce90f1e122820c54fb4eac6 |
| SHA512 | 2fd5e74ee8fa0f0b61754c87542363515ddba224730ced918d69838402ee75b9d254108151a9b056a9122cffa4bb759da39fd48d327fdedc86b5e8629520dc54 |
C:\ProgramData\Hdlharas\mdkhm.zip
| MD5 | b635f6f767e485c7e17833411d567712 |
| SHA1 | 5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8 |
| SHA256 | 6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e |
| SHA512 | 551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af |
C:\ProgramData\Hdlharas\dlrarhsiva.exe
| MD5 | 64261d5f3b07671f15b7f10f2f78da3f |
| SHA1 | d4f978177394024bb4d0e5b6b972a5f72f830181 |
| SHA256 | 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad |
| SHA512 | 3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a |
memory/4896-1703-0x000002AFA7B90000-0x000002AFA84A4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 801abcc55188b4333a9b4648f4de0ee8 |
| SHA1 | 26ef769b152ca3fc436766e1efe60f0cc84c17cf |
| SHA256 | e449f24c51c1565edaa25f510d78c19804a1bd0fcbc1e33749a931fb5cfd5d0f |
| SHA512 | 2f955f62c31ed82d38ddcc9ef3c1a7b3ecd7ea91ca5581700d4594ceff15703a6c5e5a3e883d03ecd09ceb50e2cf0ac17d3ace464a0d915d7c2742de6ec72a7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8ac5fcd33fd50beb8a9528485d4b8f3b |
| SHA1 | 890a7ecfd42d61d224e4ccb6ee42b5c6ba78979f |
| SHA256 | f867e9f475efd9e4cedfd68dd3e4e0ea6c3f4aa5de617ea163f3addfd949aaa3 |
| SHA512 | bfe546125125a1242d7a1e780e7f4c843583ffb09e3436a55c7d148b2ddac508d8fbdc0c06256d0a0b3b8ef3cfb4eac41b3c5aaa37ccc44696c3cfa0a462c6b6 |