c6004a404cddb4408610b0394b3c133ad1c1bfe5eee08aa5f2836969230612db

Resubmissions

07-01-2025 19:20

250107-x14m5swqdr 1

06-01-2025 20:49

250106-zmb23szjgp 8

06-01-2025 20:34

250106-zcfyaayqbp 10

06-01-2025 20:12

250106-yyyjsawpbs 10

Analysis

max time kernel
875s
max time network
884s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-01-2025 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Resolute 16x.zip
Size

7.6MB
MD5

b9e57b369a3b919d3d2513db78dd29fe
SHA1

a60a15aeae76b01d9b026650ebdb02bd05cb3412
SHA256

c6004a404cddb4408610b0394b3c133ad1c1bfe5eee08aa5f2836969230612db
SHA512

3e19eb776d11dc4d08c606a28733cd7118f464f01ff08ae1612d08aababb6e18087d0351004012cd34c2ec24c5a91b834d9623a880d32d3efc7999810479840b
SSDEEP

196608:zCPskbMDiJmVU0qsmIuAfdJ8ZHnp3/XFOfOgtk6O:zCbki/0qEFetnp3/XF4OZ

Score

8^/10

credential_access discovery phishing spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 2 IoCs

pid	Process
4552	Solara.exe
2008	Solara.exe

Loads dropped DLL 54 IoCs

pid	Process
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
245	discord.com
187	camo.githubusercontent.com
188	camo.githubusercontent.com
189	camo.githubusercontent.com
190	camo.githubusercontent.com
242	raw.githubusercontent.com
246	discord.com
250	discord.com
252	discord.com
184	camo.githubusercontent.com
186	camo.githubusercontent.com
191	camo.githubusercontent.com
241	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
248	ip-api.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001c00000004681f-1685.dat	upx
behavioral1/memory/2008-1689-0x00007FF894940000-0x00007FF895005000-memory.dmp	upx
behavioral1/files/0x002800000004643c-1697.dat	upx
behavioral1/files/0x0028000000046402-1701.dat	upx
behavioral1/memory/2008-1700-0x00007FF8AEC30000-0x00007FF8AEC3F000-memory.dmp	upx
behavioral1/memory/2008-1703-0x00007FF8A6770000-0x00007FF8A678A000-memory.dmp	upx
behavioral1/files/0x0028000000046408-1704.dat	upx
behavioral1/memory/2008-1715-0x00007FF8A6740000-0x00007FF8A676D000-memory.dmp	upx
behavioral1/files/0x0028000000046403-1714.dat	upx
behavioral1/files/0x0028000000046401-1713.dat	upx
behavioral1/files/0x001b00000004683a-1711.dat	upx
behavioral1/files/0x001b000000046839-1710.dat	upx
behavioral1/files/0x001c000000046822-1709.dat	upx
behavioral1/files/0x001c00000004681d-1708.dat	upx
behavioral1/files/0x002800000004643d-1706.dat	upx
behavioral1/files/0x002800000004643b-1705.dat	upx
behavioral1/memory/2008-1699-0x00007FF8AB970000-0x00007FF8AB995000-memory.dmp	upx
behavioral1/files/0x0028000000046404-1695.dat	upx
behavioral1/memory/2008-1716-0x00007FF8ACE10000-0x00007FF8ACE1D000-memory.dmp	upx
behavioral1/memory/2008-1717-0x00007FF8AB130000-0x00007FF8AB13F000-memory.dmp	upx
behavioral1/memory/2008-1718-0x00007FF8A6420000-0x00007FF8A6434000-memory.dmp	upx
behavioral1/memory/2008-1719-0x00007FF894410000-0x00007FF894939000-memory.dmp	upx
behavioral1/memory/2008-1720-0x00007FF8A6380000-0x00007FF8A6399000-memory.dmp	upx
behavioral1/memory/2008-1724-0x00007FF8A61D0000-0x00007FF8A6203000-memory.dmp	upx
behavioral1/memory/2008-1723-0x00007FF8A5C50000-0x00007FF8A5D1D000-memory.dmp	upx
behavioral1/memory/2008-1725-0x00007FF8A5EA0000-0x00007FF8A5ED6000-memory.dmp	upx
behavioral1/memory/2008-1722-0x00007FF8A6370000-0x00007FF8A637D000-memory.dmp	upx
behavioral1/memory/2008-1721-0x00007FF894940000-0x00007FF895005000-memory.dmp	upx
behavioral1/memory/2008-1726-0x00007FF8A5BC0000-0x00007FF8A5C47000-memory.dmp	upx
behavioral1/memory/2008-1728-0x00007FF8A1B10000-0x00007FF8A1B37000-memory.dmp	upx
behavioral1/memory/2008-1727-0x00007FF8A6360000-0x00007FF8A636B000-memory.dmp	upx
behavioral1/memory/2008-1730-0x00007FF897FB0000-0x00007FF8980CA000-memory.dmp	upx
behavioral1/memory/2008-1729-0x00007FF8AB130000-0x00007FF8AB13F000-memory.dmp	upx
behavioral1/memory/2008-1731-0x00007FF8A6420000-0x00007FF8A6434000-memory.dmp	upx
behavioral1/memory/2008-1732-0x00007FF894410000-0x00007FF894939000-memory.dmp	upx
behavioral1/memory/2008-1733-0x00007FF8A5BA0000-0x00007FF8A5BB8000-memory.dmp	upx
behavioral1/memory/2008-1734-0x00007FF89D810000-0x00007FF89D834000-memory.dmp	upx
behavioral1/memory/2008-1736-0x00007FF896410000-0x00007FF89658F000-memory.dmp	upx
behavioral1/memory/2008-1735-0x00007FF8A6380000-0x00007FF8A6399000-memory.dmp	upx
behavioral1/memory/2008-1740-0x00007FF8A5E40000-0x00007FF8A5E4B000-memory.dmp	upx
behavioral1/memory/2008-1739-0x00007FF8A5AC0000-0x00007FF8A5ACC000-memory.dmp	upx
behavioral1/memory/2008-1738-0x00007FF8A5E90000-0x00007FF8A5E9B000-memory.dmp	upx
behavioral1/memory/2008-1737-0x00007FF8A5C50000-0x00007FF8A5D1D000-memory.dmp	upx
behavioral1/memory/2008-1745-0x00007FF8A1B00000-0x00007FF8A1B0C000-memory.dmp	upx
behavioral1/memory/2008-1744-0x00007FF8A5BC0000-0x00007FF8A5C47000-memory.dmp	upx
behavioral1/memory/2008-1743-0x00007FF8A2C70000-0x00007FF8A2C7B000-memory.dmp	upx
behavioral1/memory/2008-1742-0x00007FF8A2FF0000-0x00007FF8A2FFC000-memory.dmp	upx
behavioral1/memory/2008-1741-0x00007FF8A4C30000-0x00007FF8A4C3B000-memory.dmp	upx
behavioral1/memory/2008-1753-0x00007FF89D810000-0x00007FF89D834000-memory.dmp	upx
behavioral1/memory/2008-1752-0x00007FF8981A0000-0x00007FF8981AB000-memory.dmp	upx
behavioral1/memory/2008-1763-0x00007FF897ED0000-0x00007FF897EEC000-memory.dmp	upx
behavioral1/memory/2008-1762-0x00007FF897F90000-0x00007FF897F9D000-memory.dmp	upx
behavioral1/memory/2008-1761-0x00007FF897FA0000-0x00007FF897FAB000-memory.dmp	upx
behavioral1/memory/2008-1760-0x00007FF897EF0000-0x00007FF897EFB000-memory.dmp	upx
behavioral1/memory/2008-1759-0x00007FF897F00000-0x00007FF897F2F000-memory.dmp	upx
behavioral1/memory/2008-1758-0x00007FF897F30000-0x00007FF897F5A000-memory.dmp	upx
behavioral1/memory/2008-1757-0x00007FF897F60000-0x00007FF897F6C000-memory.dmp	upx
behavioral1/memory/2008-1756-0x00007FF897F70000-0x00007FF897F82000-memory.dmp	upx
behavioral1/memory/2008-1755-0x00007FF898170000-0x00007FF89817C000-memory.dmp	upx
behavioral1/memory/2008-1754-0x00007FF896410000-0x00007FF89658F000-memory.dmp	upx
behavioral1/memory/2008-1751-0x00007FF89D7F0000-0x00007FF89D7FC000-memory.dmp	upx
behavioral1/memory/2008-1750-0x00007FF8981B0000-0x00007FF8981BB000-memory.dmp	upx
behavioral1/memory/2008-1749-0x00007FF897FB0000-0x00007FF8980CA000-memory.dmp	upx
behavioral1/memory/2008-1748-0x00007FF89D800000-0x00007FF89D80E000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6c32ac26-f968-4a12-9490-3da413945983.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250106201358.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3712	cmd.exe
5016	PING.EXE

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5320	WMIC.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2062871678-1047416116-518495306-1000\{6B313CF5-52DC-4CE1-8701-631A50D5D217}	Solara.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 595590.crdownload:SmartScreen	msedge.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
5016	PING.EXE

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
576	msedge.exe
576	msedge.exe
4300	msedge.exe
4300	msedge.exe
5948	identity_helper.exe
5948	identity_helper.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
932	msedge.exe
932	msedge.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2008	Solara.exe
2944	WMIC.exe
2944	WMIC.exe
2944	WMIC.exe
2944	WMIC.exe
2704	wmic.exe
2704	wmic.exe
2704	wmic.exe
2704	wmic.exe
5320	WMIC.exe
5320	WMIC.exe
5320	WMIC.exe
5320	WMIC.exe
5204	WMIC.exe
5204	WMIC.exe
5204	WMIC.exe
5204	WMIC.exe
5348	WMIC.exe
5348	WMIC.exe
5348	WMIC.exe
5348	WMIC.exe
1060	WMIC.exe
1060	WMIC.exe
1060	WMIC.exe
1060	WMIC.exe
2612	WMIC.exe
2612	WMIC.exe
2612	WMIC.exe
2612	WMIC.exe
3352	msedge.exe
3352	msedge.exe
4524	msedge.exe
4524	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1156	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1156	7zFM.exe
Token: 35	1156	7zFM.exe
Token: SeDebugPrivilege	2008	Solara.exe
Token: SeIncreaseQuotaPrivilege	2944	WMIC.exe
Token: SeSecurityPrivilege	2944	WMIC.exe
Token: SeTakeOwnershipPrivilege	2944	WMIC.exe
Token: SeLoadDriverPrivilege	2944	WMIC.exe
Token: SeSystemProfilePrivilege	2944	WMIC.exe
Token: SeSystemtimePrivilege	2944	WMIC.exe
Token: SeProfSingleProcessPrivilege	2944	WMIC.exe
Token: SeIncBasePriorityPrivilege	2944	WMIC.exe
Token: SeCreatePagefilePrivilege	2944	WMIC.exe
Token: SeBackupPrivilege	2944	WMIC.exe
Token: SeRestorePrivilege	2944	WMIC.exe
Token: SeShutdownPrivilege	2944	WMIC.exe
Token: SeDebugPrivilege	2944	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2944	WMIC.exe
Token: SeRemoteShutdownPrivilege	2944	WMIC.exe
Token: SeUndockPrivilege	2944	WMIC.exe
Token: SeManageVolumePrivilege	2944	WMIC.exe
Token: 33	2944	WMIC.exe
Token: 34	2944	WMIC.exe
Token: 35	2944	WMIC.exe
Token: 36	2944	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2944	WMIC.exe
Token: SeSecurityPrivilege	2944	WMIC.exe
Token: SeTakeOwnershipPrivilege	2944	WMIC.exe
Token: SeLoadDriverPrivilege	2944	WMIC.exe
Token: SeSystemProfilePrivilege	2944	WMIC.exe
Token: SeSystemtimePrivilege	2944	WMIC.exe
Token: SeProfSingleProcessPrivilege	2944	WMIC.exe
Token: SeIncBasePriorityPrivilege	2944	WMIC.exe
Token: SeCreatePagefilePrivilege	2944	WMIC.exe
Token: SeBackupPrivilege	2944	WMIC.exe
Token: SeRestorePrivilege	2944	WMIC.exe
Token: SeShutdownPrivilege	2944	WMIC.exe
Token: SeDebugPrivilege	2944	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2944	WMIC.exe
Token: SeRemoteShutdownPrivilege	2944	WMIC.exe
Token: SeUndockPrivilege	2944	WMIC.exe
Token: SeManageVolumePrivilege	2944	WMIC.exe
Token: 33	2944	WMIC.exe
Token: 34	2944	WMIC.exe
Token: 35	2944	WMIC.exe
Token: 36	2944	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2704	wmic.exe
Token: SeSecurityPrivilege	2704	wmic.exe
Token: SeTakeOwnershipPrivilege	2704	wmic.exe
Token: SeLoadDriverPrivilege	2704	wmic.exe
Token: SeSystemProfilePrivilege	2704	wmic.exe
Token: SeSystemtimePrivilege	2704	wmic.exe
Token: SeProfSingleProcessPrivilege	2704	wmic.exe
Token: SeIncBasePriorityPrivilege	2704	wmic.exe
Token: SeCreatePagefilePrivilege	2704	wmic.exe
Token: SeBackupPrivilege	2704	wmic.exe
Token: SeRestorePrivilege	2704	wmic.exe
Token: SeShutdownPrivilege	2704	wmic.exe
Token: SeDebugPrivilege	2704	wmic.exe
Token: SeSystemEnvironmentPrivilege	2704	wmic.exe
Token: SeRemoteShutdownPrivilege	2704	wmic.exe
Token: SeUndockPrivilege	2704	wmic.exe
Token: SeManageVolumePrivilege	2704	wmic.exe
Token: 33	2704	wmic.exe
Token: 34	2704	wmic.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1156	7zFM.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4524	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5904	SecHealthUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 4352	4300	msedge.exe	106
PID 4300 wrote to memory of 4352	4300	msedge.exe	106
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 4516	4300	msedge.exe	107
PID 4300 wrote to memory of 576	4300	msedge.exe	108
PID 4300 wrote to memory of 576	4300	msedge.exe	108
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109
PID 4300 wrote to memory of 4264	4300	msedge.exe	109

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Resolute 16x.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RegisterExport.htm
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x140,0x150,0x7ff8951446f8,0x7ff895144708,0x7ff895144718
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff610315460,0x7ff610315470,0x7ff610315480
    3⤵
    PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1152 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7428 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,415276631594196307,17422549989512616892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x3c0
1⤵
PID:3456

C:\Users\Admin\Downloads\Solara.exe
"C:\Users\Admin\Downloads\Solara.exe"
1⤵
- Executes dropped EXE
PID:4552
- C:\Users\Admin\Downloads\Solara.exe
  "C:\Users\Admin\Downloads\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    PID:5944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2944
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get Name
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:1944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious behavior: EnumeratesProcesses
      PID:5320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    PID:6020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
    3⤵
    PID:3460
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
    3⤵
    PID:4064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path softwarelicensingservice get OA3xOriginalProductKey
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
    3⤵
    PID:844
  - - C:\Windows\System32\Wbem\WMIC.exe
      WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\Downloads\Solara.exe""
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3712
  - - C:\Windows\system32\PING.EXE
      ping localhost -n 3
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:5016

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5904

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:5936

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:4600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RegisterExport.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf4,0x134,0x7ff8965746f8,0x7ff896574708,0x7ff896574718
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11253072383015094035,8998077886579435135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5572 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ba19ad910e6550118ddc44fb5ddcda8

SHA1
9242e1a78437953867d56a03ec7f61affbd4a193

SHA256
b65829904bf25b0d7ddba4e313adf82e7ee536748106a430758bfcb71ff1a505

SHA512
f963d0e56496f0d0078e429cb52f23a7046d78e830a79a2e086cd7c8d397d92118c4082b055b78433e75631c12ba85e69a6d52c73b9dbc5a3a8b55e0ba3f73a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a197ec865eadac5d13d16a7e49931bf

SHA1
16ea839701a59e6bfab1428d7739522865686a1b

SHA256
ae9c3def1bc6f08a5b975c095cb99122dce65e6c1cfba99891e62380796b8b58

SHA512
19b6b8d21f3d810a4190aef692bf7887ad3855db7864f8d65b39aebdd865393e572482af27d93e2befe497bd58e5a2fb7b99a2a36b35d02a7367b2c7ec2d11e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
167321694f6a3465544b41a9cc018c7b

SHA1
c53f7ee49c9b11e89bf553042d8d6d18f97776e3

SHA256
54652d3545654c16e4df73cb9a7753ff46f495eee987b92e719f794dc31a028e

SHA512
a03d737fcd21b01b7a41ccb6a3a93aea28a668eee01abb410b8525a6d6b4b4647b15d81b47ecbdcf3ef5eea3a6fec2ad8bd533d66c0eb3b944eac32f68622d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3b681f1b553061b1d406dca73509e1

SHA1
1d0902a780b041766c456dca466ed6dd88db979a

SHA256
45099d50c298e321f628997d58aff82c1f91aa302cb6a46f5c8a2819a53685d2

SHA512
b6e59b2da8bce61cdb2f0bdbe6dd0486c68bb583a1066cafb979314c4c1baeab4136d9d958e9e9ef3a36b1d7988ae8518080b8aff9748c102d05646aea914283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
165b9ab5b6100e149d42942970795741

SHA1
873ef2b7bb080cee1f9eb80920edb54a235fc326

SHA256
fd01e423cf1b8c61bbc4e1c63f3cd70a81586a9d03a88eebd6ec3a16a1910364

SHA512
5ba31ba647b158325e7282ff6dc83e683b62895a1e3ebd5445a1f121d6d5fdee4b39164514f7c442bf67dbefcc7965c3ee946333e77047ced40df144aebef9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
240KB

MD5
3b9c21e2248c68c89833d2f0e450e340

SHA1
e2e37635e3c4c574783c1cd582f10a437088c3ef

SHA256
5696ffb94b2b6795087573d31c4ea2a72856f29ea786af00988c08cf7d742bff

SHA512
b95cfa01308a533a461f0119b72dc292fc802aea5eb584060c8e1fde17c4355cf85b8858bc3e19595c8dc02114d314649e739fbc8a9f49744d7fc9417d4ca530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
5dcbcfbc2e39759078b18abb6fd2d4ee

SHA1
c63cbd8b42e12758a76749f2b6a3a063491e7771

SHA256
037db8172a0b5524b59c056a7233ce2b1df8180a1776e97032d6b2039a11650f

SHA512
5a9a0c549b4ee254ecb9a77b61d975f92491486c235cb07d3ff334aa0f435430d2bbf219916edcee3f784b92572c858823500afa090ec711f6017167f42f9900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ee7b1bce5fd0cecb8dd481895487ce96

SHA1
684fa423568e1f033ece8171b09e114a5352c00d

SHA256
15e8655980d371c94ef100e5e0c9cbcf25d26cf25b4b960393bde95f0dfc0a2e

SHA512
4be1ba165e8a4c99f8808bb81ffbcbf9a3ed0162896faade7c5f62bd66f410932f501a634cae49750c98e9551c32a95504d8482c0e5c62c2117175926aea8114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d04e3285ff8b6be12b3d63aa67603e48

SHA1
b045b225656ac770bba8d66bb0fa15d7be024d5d

SHA256
aeb5ec9da541665c3951ec103c194d99cd1221b7a5afc7f0ac18985d2b79eb42

SHA512
e96a20d949bb9d1bbf94c0f2a64647f0184127db2bb20d2add7946c53be41c3c12ba92ba246fadf2fe7567c1e27f4d9f30b35610f4b06c74ff9225fbf3651d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a777823e37c1b68891cd36ffdc406bda

SHA1
8323f848c7eed70ce1804a140954536900b8ae6f

SHA256
10459b9b22f4a13b53bdc87c985498b5e9c8ab9e8fb2a75a45b6eef9999975b3

SHA512
79eb6a58f1955d7a2c76a52aac9040a43f6e73bfdcf198cde17b93393f4ab8083b64201354809b94300f037c4e8384c1f3e0d48facddae5a7802a6a280e27c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a39b22d9c655c396703042e8d1c1cbf2

SHA1
89846fae3023ba7bea9f66bf0b0ed067647215ca

SHA256
4cfb5d1c622dffaa890d400d90dcd5efa616059fc8f6bac0c8d36333c26f3cd8

SHA512
3e8e36241521d21c1dc8a62cf19671a164e3484e763f4e043a5d52632122a8c5a867ecf28ca683d6fdad8aa1bb088a6d4b657a7c8ee55ad6a287a623f99c7ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d72fd58beaf898a06f639215149e24c8

SHA1
e67ffe308b35b4b062e443c77c3835a7de5823a4

SHA256
fadd4336cd4c87ffe4b9ec2e2e63f2b3142bf929d615b567a47804b2b37ec593

SHA512
f0badee713eaade0e43406f577304a1f0e1c26455a0f1d8d240fce839d8fa159e93c8dd87c72ffef34cdfc17774bec2e2eec4a283cfe27d29208434ab190c0ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
67f8b0c26afc166e8a075316340823d9

SHA1
ec499d067eb4e3ab82371644c76ce790fcb583d0

SHA256
57b53f3e2163f40bf090ba2cbb337c019cd0e689b5a0ca2fe940f1d406dfbdae

SHA512
e961f6cc7bbd4e0b9644a3d98d0ca5d72795807f4e07cc447d26372e30f9ad71129c4e4abdd6e6be43a0481fb5e30893f034a55da18fa122573502c42ee72718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cebd97cdfa2bc5ba07aa87503b008b91

SHA1
76fb3e8fa7eb724e201b8d7bb82898992713964c

SHA256
3d74599feab8db6565148847c02641de77b8ca67156e96056dd59570d56b5b8e

SHA512
b1310cb3145512a2ca23fbd6d44260ce0eb7841476967d6de46b2226edb7d8d026048694fd83cc6d22078c90bd802087e4f7a8a1cf3c619212582c2570abc82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
21b8c946c5aa59a3b907a0573c64e42f

SHA1
e91cd0c388f394a343049f8d91f653d32cab6d0d

SHA256
50cc9bb95bc5c249336d8d3d366dafc230f6df7e333dedd9877c9ac4e3523599

SHA512
136a146b6669cc7dd7de8edec36e00076dab366e6545445db862151200962855aa72cffc5a76498071ba1ae8104bd584e010bd28195d7a194b4843da2addd0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a7e69d6a779492ea9a69672f5509aa11

SHA1
23d145528c82fbfb4dedc4f18d83e739ccf78a9c

SHA256
6760594eded026bbe16f36516094d4a03d1608041cbe6b10ba3b6968c4a9a37d

SHA512
b4c21c75ddfe76906375d4d5909c9cd4410d63bce4efed6b5a695c0e1326489cc5608ee5e31f779c0c8c43140bed1f876e53ca8ffc8d9b20791c23d213805d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc979cde1bc1d522454355435e81e12d

SHA1
5c63a44c2cd65620da902479033a0e858ad0eef6

SHA256
474c56d6f0457efb535dfee26108a8007ead10016496f8edeea4da1a4590978a

SHA512
f33852730d4c7d47e4da36f5a299fbb2136f75a3733b593a1ffcdcf66c0a4e457dee2eb702980e0cb18ae122b9dbcc4176f35ea4593060c746d5c46c4afcf8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce99f83bc5684cefb82b2288ea42a46e

SHA1
7e91f4d878e2e1cdbb2874ce37bb6036b3858609

SHA256
abe11e951a1a8948d61fa30969f4b5b2ef9c561038ee8e440aa130436f1a9b80

SHA512
ce59337544f38479dfa29c0d5ae8ab237027a17847b8d88b7ca5000d685c0c6ead775727d077ebc2bbba2c68a9022495fe11c08a719546dcc3bd9b276cc8d76e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
87f861a78e640e42826f799fcb79f32a

SHA1
9f11f6047aa9815c0cbef7d03d2e2842dad12311

SHA256
d10e970ff3ef2c2c93732f780ba381b128648e5f58332631f0c90ae26bad8ede

SHA512
fcddb119c0bb60d1d393b249dd1048c135b69c71e024ff804b1c37e70c77d96650fe73cc011cc2060752ebccc4f85540fe88371cc41dce9dd7b017349c359aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
34934afb5fbe81071261a6bd022c9d79

SHA1
0a53b33b95ed320dc454e1a5b20a1e4b884894f1

SHA256
0c1cb3978e19f54cbb5bd3efb009927ce65d4fb3d031cb033c46604ccb7b8dbf

SHA512
98eb5a57991187f71370dfce16c4455a0efa4073aac5c9bc023f6a93a3f34b4ab34841ee2832fde7e1121ee1175dcc2a6b0f3f512193e998df703e7b4a3dad23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
55c60627fd9473c4305d48f436c9f70b

SHA1
87c5c76d6770d10018e4f227aaae9b9b29f08ab3

SHA256
3e0118a01bbf816cf698208c57421b111e53983e0c86b96f9534ef1398b298ca

SHA512
4a04bcea727aed6ad72e98afaacbd0cd6acbce1430909627e9149a7b17a21c6898a879aa826439c489cc4bfefa93cddf4a48ffcf2d9b9e4f155bac83751f46df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4e9123b430154378e0f7e9d62c663650

SHA1
53b30a8d025e8a588129ae0822042719657c4bdb

SHA256
16833ff257b92a27afeab6b111d332754044b4e39a5ef1a95cd5f051dc9a1500

SHA512
3aa4aa58d3dfe2bcf50f82000060a3d5036763946ce5810ec87eedc99d7e3e480585025d9eaac8951b4552ecceff1066182367b2805ca545c495394ffaea9ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d4062144ae9301507e6e35e0a275cb7

SHA1
cfa1f09199d8087ef6b33cf1ac15145c9ba25a9e

SHA256
8cb27213f3e10080274321e8358afae38ceea55979d9b90601099f3ded82d17f

SHA512
3aad8841ee7ee58f6039e518351328dba1ff59ce791cb235182495dfff01fb32093e35fb0942578ad28d3261dbbb9b892e1fb23a888d2605dff71707885e114f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f827fef45991d26860c16eac8a3f7f0

SHA1
0ea97181c390a3173bd962204ea7da96653ee28b

SHA256
17ab85d9e0ea1264ba233e8eaf063c05ff2b5b1889ea5b8248c9a2dcc91150db

SHA512
46ef3a4cdf0305f83e4058c08410705a3f311a6f8542501099096e787235ddc524932d0dd2b5c9fe0041a33ef3ce195351ce78ecca4669815437d8a3bc686dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef3e98713151d222dfc3a9b8b29881b6

SHA1
0ff2712c70e2b9dfc276e023a8410e84a4dd437d

SHA256
d6dc1ed4d83d1a5ed84253e9a3ca9239725ffa7b9b3d331b16f1c5a9d6686b91

SHA512
cb84bbcffe100a022ae9af4dc35b25a1fccdf46420d5cc96c6825cb442497ca4fce3f60d0090709174632179770a209fe772e6673f71d3d40967bc92d53c2b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f48b8b4fd2b068c9f698a378ccdadb7

SHA1
679d9ae05f94e0537501843bffae5f70b7841a72

SHA256
baa0a3e8383328ed2c3eca80c8001ee3d3b52ade8f8fdc8eaac6224616f53dfa

SHA512
6ca57339bf6297051a586b7de6f8295692d41d17cc4c2c9834c35ccb7fcd037fd3613c5f8d5302d583713746dd3c84e2fcda9de5c93d465278b3333e221ba078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f0d12d2a93fd610d24c93a5d0aaa1b7

SHA1
bfb10e36fa4d70ba0d0dd1cf5d64ffb57b7ef9b6

SHA256
44d5832ac9bedcba7da6b1cc5e29dc2a093fa60b684684951b9536fb91436456

SHA512
c9c3fc717e78b2ef0c8faefb3090235a4e57284dc0ba32b8f3915b798dbd1fb618589e3df85370c01d68a65115224a0790d74bc26cf49e8eb82f29a9874301cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d47fa9262ed2c5825638d8b158297b5

SHA1
67998b8aa0b710dcbae4979e6364365fd07f64ab

SHA256
4e181a2dbdd6236d1f8174d88dd376cdc611d3b762d722d92ebd0531b60b43bc

SHA512
8f4a1b0685297b26a19d08e0c0aa1acd3e4e51985a8efac1ad356dece0c4e8a94c2e6874aeb16898e8103caa7adebc5add0a6cbcbd4c1688244f2c537aaeab92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
359e4c5145d0aec5b97c9d432ae63e34

SHA1
2376420ab987a8a09dfbf099e677fadc6aebb6fb

SHA256
8b85abc825a9535ad92bddc47cf2bc8882fb6c937ff29f1d1b2c2f0e9e22f482

SHA512
93b3b373a0d402ea233f1783156e72cf36077cb85209856ba23d0f3143db7ac48daacec364f2c59dd2a9ad40a2199eda640f6f1227a83507e493358e18e5bf51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
332a10d527bf3557cb64c35a4a9bde03

SHA1
3b220783734de98e6542231f7854dbcb845ef95b

SHA256
cb400d33977c2a34d2d2e34f7beec2f84eeae85a7dd0c68ccf24cd8e5b0f5ba4

SHA512
aa91c62990f639aad3992c599ad3685d6ac309e0d48fa391ca582270ed27305a3938c5df8e6681535cb1de063517b7fc46d221f6c0d45aa457683728c034339a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
524c0eba78201e8faad29c29d0a611ff

SHA1
b8d23f3f70313f9f0f8c1e293e70a3f8173adea9

SHA256
693ac11a04057152b30e8d26dc646186c3e54bbe397122b457374d92620fde52

SHA512
5481d83540551f9999d6dbbe94c7ac200b53bb81e5d9a5a94761274332a0b4e4aad05a9689fed5b9ad6fb2c1d06f91e2730eaa4f53950f8e14cef5cf2af452ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eeec2e8fdb3d10926be7f7f005a6add4

SHA1
ef91d915a57451a526ffde4634f1152c6a751104

SHA256
3a35c99ef359936c246b01412cf6c3bd0a7b190fbfefa584d62cc27e6f6522b1

SHA512
c2044601211d75abf5bea962e73760289ec660326f7e8fce5a588a6a7672923682fa45a0876f197ec75c943d780bd06649d1810edb8331a293365dcc415cb4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6aa360d5-d363-4ad1-8edc-3c4f36a4776e\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ab064a7-e0fe-4423-a67b-1b5b6c396000\index-dir\the-real-index

Filesize
600B

MD5
8ac7cfcc46f22c2dccfcde515939f2e1

SHA1
8d7cfcfc390e8c7f1dc111728520145d18b18956

SHA256
c1e4ab784e46b8ae3dec2aa73376b58546e6d44266cd1d74a55fdd53d42b2353

SHA512
bfb2f2cfcda23d52d18ba77328050997f6ddb19a76dd572dcc0f0db0764e6e8d87034cb147714750272d446b56ea7fdb12eda17c6427fb20985691ab55e21f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ab064a7-e0fe-4423-a67b-1b5b6c396000\index-dir\the-real-index~RFe5c9320.TMP

Filesize
48B

MD5
d1688c188f33d0640610e27a1c4265c7

SHA1
4f34411f03ccfea62fe1b6bde7221b9ccd2ef942

SHA256
df6ba8712c78c3b171a2a52c0edfff1e27ef65f6766eb1d83a64adb2e25743cc

SHA512
0be55ef12057d2e4e3db2764dab2e208151381d674d6d61fdcc66f6ce054e5396715e8c4a6b186313ffc972e9148a4bcd15480b96c1573ee2fc9bb87f322bff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c534df60-ec2a-4d49-9110-1dfd9fff8bcb\index-dir\the-real-index

Filesize
2KB

MD5
7e4757e8e7125323272487268b356431

SHA1
071f3e3c026f2939fbe6a0790aa67678c302f6b9

SHA256
0f3c6f3f738dc7efe8f622ee3509ad66d089d8898e09a8933c46a8b87558dd24

SHA512
aec49691b82840c7b8e7fff0479e86c84938621e4fe072a98f3bd94ea8da9cd8590b7760d420a953c71d05265ec0b6cce19759f9ad7e1dcb82c236b83a6d67a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c534df60-ec2a-4d49-9110-1dfd9fff8bcb\index-dir\the-real-index

Filesize
2KB

MD5
490792d65c7b2d7f5ce9805478e6714c

SHA1
e2d983cbe2beb9a61b7578e00d81d110b44bfa01

SHA256
8de3d8f7a5a6a5f3c9d162066ae45ed9cf4718c899734807d12741374a63813a

SHA512
d1ca1b2b9e3045dd6dc247079be970d5a206217d1113b5696293598f348364bc2b7d22d816dbc2d657c95dca16625dbcea5640d6eb32a4ab38beebee4288b41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c534df60-ec2a-4d49-9110-1dfd9fff8bcb\index-dir\the-real-index

Filesize
2KB

MD5
22c2d93f2decfc2333084613335b8f2f

SHA1
78bb27bb35eddd17fffb3c223c2e89d5149e9dc2

SHA256
aa4d4cb3cea77b528f13878324470d62e7e9dbd467d34c6fa6a05b1bc1ab7891

SHA512
b56ce39a8b46ae72014deb8998df63b6b1d92385edb6558f56b084d6956ab758eb9b5ceedd0cab0f72113edb50a6fe3fe5989a9da76379286f67bd3ee37c8839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c534df60-ec2a-4d49-9110-1dfd9fff8bcb\index-dir\the-real-index~RFe5c3a90.TMP

Filesize
48B

MD5
61f7d262ed1b07f6e3a2bccbd3f76ad0

SHA1
e72399d2a9d119bb09676bf6476e068c48f31149

SHA256
1a83a0d62ccb91469ee7789a11b45ea1dffda9ebbf315afab927d312beab298a

SHA512
304d04daa945d6b64f7c5be396cdbdb1ea4871de9e80c422f015378d2ee0b64cbc3bc3480f21b3fefc6e7784d03f30842922bd58bfe0fd0e368dc1a2975fa817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
87d6550631d017056097edbc7869f837

SHA1
e0936f3588c094630c6c0fbe1d141c84d6d61f21

SHA256
d17f2d87d19e54847227cf720b9e889df0d5fefc3ab4205f815700fd54583a96

SHA512
b4ba5cc618ddcbfa053f9016c76bbd527427e1572152ed5c20fc87c192dd37fcdf92c955be4e0db1cd0ef37403824f7c0175aab454b043c06e2115f21e46f7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
e7bbaf5a13ab27e4f994e9e053355b61

SHA1
5084016ac46cb9454e4e6135ecf9ad58d504fdf6

SHA256
5d07ec12c9670fd41f47b00c76814a72b43edae429bcb88831f54b9b9246c52c

SHA512
7d1a110934fa1b05b76407cae5c1e458bbbb6161eabfadeb31b4488858b1032d3fe22d2c9cccd9377e9f30787c9ff42f24ebefac969cf7e9472ada2ba2ced960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
50e610b36fbb78547c039277e13884b8

SHA1
a2bc83e04702b01d9b3dfa70285697c00d942826

SHA256
b689103ea37b708b7ffcbfe4702ef5d9ff6ce29d5a40a797f10641d153ac7f3c

SHA512
ef4087117abd8bb1e9a860376563473f89dcc648151922566b4e2393579c22c5feecd25509253c06ad9805b0ea8485629ad8ddbccab1d7305ca786c52e797936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
20e98e9db511458fcd47c8aff10ee158

SHA1
2aea3293058e1bb781a5381c0dc9b8e8ad0694d4

SHA256
726af1dc55868781f918523586e7d02f3920ce37c918e6a84c30d8d65b73d33f

SHA512
ebbe0e5ea36e7871e01d9228ac5bd74d253d27be8d7d7e03485f213552d59ab1ab23aa2a978e03c8468ce1b6bebfcc97857016080593cbe6b0d3f356f9357d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ae112cb985a2fe21c6f34b6901a73f4b

SHA1
880edc1a04f92a8500aba090cc8652369a9f81e8

SHA256
e339486b08bd0e95eccafe85421a1b623664fa737ed6a774ca4c37dbc6220568

SHA512
c7d0742e98e6059be7912cfb300cf4967a8be35da61d562d6616ad2d75aebf0d9ed0f67297334e3c74a84fcbee9810fec1157a0128f9af989abcfa466a86616e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
7a657fc4541228070245ac896d4423db

SHA1
5082072085f3d5b0297c9bfe8f2f7e826f4ddc68

SHA256
199303a13f4ea5c1f2d46eefce5499ac47f330aad46fad192db8fd533124dcf7

SHA512
afb12fae46e6dfa56fe38ebcfbb0012ad4accd1ff7048ac8f9e2baab597c1c247a6261a82aa993f653096a1572bc8bffd451a43dfa3e0387797d43be9106af98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
355dd0c098956aeda5bdd8835bf5ddcc

SHA1
c503c5acfd2c45a9f94942b545194d8d94ca20d3

SHA256
ce5bc7e7f7abe3e6d37abcda047156ac68246eb5fdec5c005c9ee734d65d3536

SHA512
9c34a8f10a1a7808f0f142c6f18a69c322127acd434e0e33b0430f9e965c965be27daa75a5d54e9647f4df0ef12404ef236a2b4cef82628383affc7a4dba80ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
62af02fe75ad9c3cd4a2138db5ab49bb

SHA1
e1937acb2f09ee2b1428b988f7da3dfa3d2344a5

SHA256
b5c3de9e2a40e7f3ae7f4563ded0bff121eccbd902b23d097570fb9da5f9ad3b

SHA512
88997301fd19390c348ac35694a19af100fcb011f38ebfeb0f02fb058725d7143719aff983e374f36e48ea444fff6443b0b73b24835be63d16bd72c2f7290c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
99391bdbd44f4aa70fc04cd03ec58a5d

SHA1
a20bc8950f967ed550ab28776e6b0c1395be00af

SHA256
aaddf6bbdd4f5579e1a4ff32f9cbb1e6a7a6770ae49ae0ea5859cd099f53f185

SHA512
1d49f1dcfa4fb561c3f342cb0f957a9d42432b5933fd6d262c4a4de5fa29e276215504ab987897194bd44227a0a6b234bcb80ff77d6c9367075926ba253a63b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c8d92.TMP

Filesize
48B

MD5
2a009ea223750253ab9bf27dd630e847

SHA1
603cc35b5cdf7a8ca66d8d4a1e717153fc438abe

SHA256
68fb135498c1683239c0b9c52845f9c04c938e4a64312c880336d195db25d274

SHA512
8d496ce828bd133a5c81d054574dc1c9646c0560f9294ab69ef3576e024881557acd5777591e2f5a67695804ca6eb45be28b4ec87ee2a18de3523e1db1c5c717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5cfb4433945e4be0c109a85935b9b204

SHA1
72109f5d3bc4d5820e0db8b4d73435e2fd820fa7

SHA256
ee59352af2c7ff0bc835e4bb825e7ceadb028822b9c5c49eabecfe8aa29871a4

SHA512
104abace15d80188a2e48c24dcbe743dcb34349f6dc3ccf8fc3e17cd6e4c8e0cd1049954fb60020a8b459963200d80b96821d2190413b76434319b36b4a209a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0821abb871cc60cee0abd578058e9ad

SHA1
6d476eb00fc4e779470d5be0b3a7b7d2a56e986b

SHA256
ab07d3b8362ecb7bd7bec2c905318ebc073c258b5699d4495c234a833ec48706

SHA512
7fd9454d9de180e218f3f1caf2e846743f27572d0f9adf91c4b0b5c2afa6003396cbf656cb6eaa5aeccc0fd7e0af062f1df90b88a0dc81918c453c8483dc6c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e8a6a7a55eda11fd4e14b8acf1f62644

SHA1
ee3d9970d0c779c5d35e7abcf7b1ca6bfb7c55b6

SHA256
e789b2ffa452d3ed66ab54ebfe90a9f4ddfa04ff9646052b8c33bd4c1048134b

SHA512
7dff071d9042970aa88c4d68205b506e19d38420fd817c7286e70f0b4d9ab5c269683549b119460d133cb90ea70c5e5ecff61aaf7264ac1e88b61dec9a7c4c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d94c6091f2bcdcfe0b868c70d1f16d16

SHA1
3eb436713e2bae79e0e7da631c4274af29e72ac5

SHA256
8d5ff635e659afea8830c2a98e250b9e96bfc7d745b5542bf29896714cd7a53a

SHA512
960fe85a10e96316d5c71d517caa596937c59e555fa13ccca9dfabeae8648314fa3c64d5aaa0ec52563b0dba993c80c4eb1c16dae018fc701f426916ff81ca92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
fd54de641b7d8a782bca730b78ab9cd9

SHA1
5961c4c3a1c400ee72e96c50dde8887d3118c51c

SHA256
03e630048fa508322080b3eaa0dc43865366d7ffa127d6cb701fa0b0eec0135b

SHA512
914c2a0730630c94c26b77a7c6fe31f11447ecc8a9344d43f7b54ac2fff0840a8b08ba4e4313f636fce74a3461d1c78f9e6011ccc2949f246f67406cff087a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
22ca7de0ded8df3bdffbf3b1e66a68f3

SHA1
90877bb88544d9ff1d8e2520555ed6bf99ba1cc6

SHA256
c662952be0eba8b66b2c687f1858b3980f47cf599d14422f62d4eb6025a779b1

SHA512
9b19d3cdf0d09e831a7898ba8c0d9b052f9897f957355979352b9af7fb200507801368c5423e848814a2f4eb4d500a86a0c44c15a396b5ab921a8ee89254e8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e63b2201ea3e5f9495478e13576bb377

SHA1
a91202568c7e43f4e66c7103d213684ea5e53364

SHA256
3df6030cb9625f5289f7d32dcaee8bbcaa25332f0278453a33d0976c0b4e60c2

SHA512
09fca711c647fb571c8be6ee8418e11a51201f7210705a0dd23b6eec670286b1afe4114a4c820734e098c5c25fe53f5c99cf110dcc541f04180ced034fae1b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
40813bac738b59028bb6c0d7a2299504

SHA1
18ce6a72e7394a7b0a153480682f6c220c4e328b

SHA256
e8bd8d6760cf8ec7f43bce7f61825d9361cb3313952ac51c6355b4fb88500506

SHA512
baf4601e246678fe96eb1036857f3c68a6ab8329bc10b00258643a3fbd068d9e7e3d8e6dbfe4ec793084a4deb771405e64fc8d631c9f9057011f823408ba0481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eb818b7233fab7ce66f4864f099bd80b

SHA1
20290040fc00646dab74683d3e09a95e8383faef

SHA256
28e8a7ac0612dbb18cb2a5564ed54bbdf95d194cd24c7d3d1d9db06afbc24c18

SHA512
192abc0187aa14ef6c3171596339c8ff2fffc963210ae36320c2948dee2e98bd408cd5438d841cb0644f253c269a3eb4a095269e550985611a60ac0045d3435e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1b942db0adec0dc37427b64bce63c3c0

SHA1
d8bf6404206132a3e4717761a228481f6093fa85

SHA256
1fd5535d59d5dac2c9f61e4725a9c7a256da855947a93eb0d69120283d141b16

SHA512
faa7405320206b9941bdadc524ee386a3444a2053813bbbabc0a78109c3bdbe9a3cb1749c10c34b17b89fecad1155d8d5d5f5961e71a4a6ff2ec1323facfcce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a07fec6bb6b1f8af46bfe2a24a2f2698

SHA1
16966898c940c997ddfc393b6f76773e8c0f2301

SHA256
f75ad35d08e0e86034d9be87d21f03ab6482abacda8c21d6a5877372cd72b1fa

SHA512
aedd2d862f29152feb99bed563423f6a469b31e58b022a551e89bec185721882d088d1bf1d213d96c13a537617e20e70fd5ccce4d5050f674741b9a718b5c69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ee8b287b19020565f974b458d49f348

SHA1
56b5486df105f9d47967de1f76e19dc5f5e2a59b

SHA256
3f6fabd82abb415569c1e0e93f249f4086ea4d2d8b288a600351ffdde8af5dd6

SHA512
0f4ae48ac8b3aa207622a62b2970bac12598ce74e6fe78e77db819760a165766da8d0f71529455ad9db4a3d94b27949e7b3362f92fb51706ac5548dfdaee0197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67c4bcbedae37fddf6e14af38f25af39

SHA1
678881bc60cf66abf0019f30afdbdee30263d94f

SHA256
34497216fe0fd4934e7dbca70ba61705451d5b192d660af852d61be44c3c823c

SHA512
e107a40301411802ae05fe404434fbc770dd0ef86d31bb8cf943593a710b2214e68a1f07c77a3c19a12fdd7d0b16e37aca83eca48b7e7238e477857f9c73db58

Download Submit
C:\Users\Admin\AppData\Local\Temp\AedR9g4elQ\Browser\cc's.txt

Filesize
91B

MD5
5aa796b6950a92a226cc5c98ed1c47e8

SHA1
6706a4082fc2c141272122f1ca424a446506c44d

SHA256
c4c83da3a904a4e7114f9bd46790db502cdd04800e684accb991cd1a08ee151c

SHA512
976f403257671e8f652bf988f4047202e1a0fd368fdb2bab2e79ece1c20c7eb775c4b3a8853c223d4f750f4192cd09455ff024918276dc1dd1442fa3b36623ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\AedR9g4elQ\Browser\history.txt

Filesize
1KB

MD5
dfd562fb383f633e4894727170e9157c

SHA1
9752b33e50da799e330f44bfeddfa634e420a932

SHA256
962ff348ff2edf6c25c532063bdee9ed7c9c05d48176264da6feb7f3baa14fdb

SHA512
3cd2823209501bbbd8592c4dffce860ccd257f96608ceb314d5401a58e8be6110d72751826f5c2f7bafd16a8b3f80d73bb4b6507de3b1eab4ea41c126682bc7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_asyncio.pyd

Filesize
37KB

MD5
d9f56d51d32bcbade2d954a9427337dc

SHA1
d0e5cee77d5038193580335e3271bb5f1fb6bfc4

SHA256
1b6c23b6f235ad58e4062b1dc4ce2c36f031f1469bf9e60c11e07603ca4656e3

SHA512
fc18968a319c11b2d9f20a376b93cc74503139506b1c9f9ee3dd226edc1ba753cad85c20368e162c14d26cf2f75f70ae7e82b2b9881088235f5eaca66e8dad66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_bz2.pyd

Filesize
48KB

MD5
9da23eb807a43a954d40048b53a98e6f

SHA1
e639bd9a27409fc72f36b4ec3383eeecdacb9dc5

SHA256
02d0d3c0163f69a7e6713742ab98e73321c5298976089fe9a03b6d91d3293ebb

SHA512
c8d164c8d4722dcd04f13aa11307fddd655e73fd03b15c8056b34252bce925ca679b48032313b8587369500d03574213da20e513c3b4c155099a84de9ac0bba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_cffi_backend.cp312-win_amd64.pyd

Filesize
71KB

MD5
27004b1f01511fd6743ee5535de8f570

SHA1
b97baa60d6c335670b8a923fa7e6411c8e602e55

SHA256
d2d3e9d9e5855a003e3d8c7502a9814191cf2b77b99ba67777ac170440dfdccf

SHA512
bdcd7a9b9bea5a16186d1a4e097253008d5ecd37a8d8652ec21b034abafbc7e5ff9ca838c5c4cb5618d87b1aceda09e920878c403abafafa867e2d679d4d98d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_ctypes.pyd

Filesize
59KB

MD5
78f5225e986641eaebfe2bef27865603

SHA1
118ac80fdf764f5bfbaad2d803420087b854817d

SHA256
ae55ad9ad1f4cbc398cd0c87556f1f263505cde025c7c7f2c43ce4ae818eb183

SHA512
70e18ea660120d60d6bfa17883c2aced276aa858c5da4dca1e1d56203891d996da4f349596c911cb16497db81b42af4ad85e473c3e80f8932557d967c9dad0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_lzma.pyd

Filesize
86KB

MD5
24a598b2caa17caee2e24d2bb97b445d

SHA1
262f07406e170284fea0c1e41093bfe1c4a25eab

SHA256
af4ae25b17c7cf23d06e1f37fdefe903a840073266d4314e410a4acec2af6270

SHA512
7bdf0a599c488436c118523a67ab154a37ffc5aab0ecec95c463bd068d1121b197c0ebb91dc7db3cf2a3db913abaffd0a60aedb373c0e670c63cd8d85f716f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\base_library.zip

Filesize
1.3MB

MD5
242a4d3404414a9e8ed1ca1a72e8039c

SHA1
b1fd68d13cc6d5b97dc3ea8e2be1144ea2c3ed50

SHA256
cb98f93ede1f6825699ef6e5f11a65b00cdbc9fdfb34f7209b529a6e43e0402d

SHA512
cca8e18cc41300e204aee9e44d68ffe9808679b7dbf3bec9b3885257cadccff1df22a3519cc8db3b3c557653c98bac693bf89a1e6314ef0e0663c76be2bf8626

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\libcrypto-3.dll

Filesize
1.6MB

MD5
63eb76eccfe70cff3a3935c0f7e8ba0f

SHA1
a8dd05dce28b79047e18633aee5f7e68b2f89a36

SHA256
785c8dde9803f8e1b279895c4e598a57dc7b01e0b1a914764fcedef0d7928b4e

SHA512
8da31fa77ead8711c0c6ffedcef6314f29d02a95411c6aacec626e150f329a5b96e9fdeae8d1a5e24d1ca5384ae2f0939a5cc0d58eb8bdbc5f00e62736dcc322

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\libffi-8.dll

Filesize
29KB

MD5
be8ceb4f7cb0782322f0eb52bc217797

SHA1
280a7cc8d297697f7f818e4274a7edd3b53f1e4d

SHA256
7d08df2c496c32281bf9a010b62e8898b9743db8b95a7ebee12d746c2e95d676

SHA512
07318c71c3137114e0cfec7d8b4815fd6efa51ce70b377121f26dc469cefe041d5098e1c92af8ed0c53b21e9c845fddee4d6646d5bd8395a3f1370ba56a59571

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\libssl-3.dll

Filesize
222KB

MD5
7e87c34b39f3a8c332df6e15fd83160b

SHA1
db712b55f23d8e946c2d91cbbeb7c9a78a92b484

SHA256
41448b8365b3a75cf33894844496eb03f84e5422b72b90bdcb9866051939c601

SHA512
eceda8b66736edf7f8e7e6d5a17e280342e989c5195525c697cc02dda80fd82d62c7fd4dc6c4825425bae69a820e1262b8d8cc00dbcd73868a26e16c14ac5559

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\luna.aes

Filesize
62KB

MD5
2b3a68fd4c65bd2a4c1905b03cc8cdf4

SHA1
94c93f9bfec034427307f5f03f5c8961a6c9fdf8

SHA256
6f11f910784da161efa8db75f2dc0039cfc21ba5c60eecd4f97b79156e8c7b92

SHA512
611125447903f673624035a100f522ba0684ec3aeb639b70e3fd0ac9c8afe2307cc6594321ae502f086a4839ab444e9c981185e4a1c5884533f17e6bbde04412

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\pyexpat.pyd

Filesize
88KB

MD5
cfcb1a1159cc2aadba3c62ac44dc2363

SHA1
e19df1a6c3dfa545c6b2c20355b24584933d7f9f

SHA256
279aac95d765000d7b3b09b75e66a311a03833a0e28361683cf41161f37e3331

SHA512
f7f42bc3eb6a2db706f784e2b772c3ce5d0f87b4b3ff6bda6d2f934aecce0174d52623aad0a082dd1efc0f70c990a07fa9768ac96d42ddb52ea5be594198b447

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\python3.dll

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\python312.dll

Filesize
1.7MB

MD5
ca67f0baf3cc3b7dbb545cda57ba3d81

SHA1
5b4e36aef877307af8a8f78f3054d068d1a9ce89

SHA256
f804ed205e82003da6021ee6d2270733ca00992816e7e89ba13617c96dd0fba3

SHA512
a9f07dd02714c3efba436326425d443969018ace7ebd7cc33c39d43e3d45480a4fcd4c46c09ad132b4f273888f13e9f598de257130429fcb2519c000e4fab6f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\select.pyd

Filesize
25KB

MD5
6c123b56f3a37c129eff6fc816868b25

SHA1
ac6b6e3bdc53870ba044a38b9ae9a067b70e7641

SHA256
99687f9b1648ac684dfb7937c75e3e50dc16704abd4c4c19601c40ec6971c5ee

SHA512
b840871278a6cc32d5ab0cc6d9c129da0ba2d08b93c3c6c000e3989fe1ab8b09ed82ca547a1057690f52f22e44b203f424e2ccd9655be82a1094547a94ddc3c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\sqlite3.dll

Filesize
644KB

MD5
132614956f138f3594d1053e3fac4779

SHA1
95115f866a87db308ff00af0273e04e31a3fdaae

SHA256
2a4ae8ca681fa6f8de3b6dbcc3d32652ea3ab3ee7e2be80b7aff822a382ca8ff

SHA512
5b12b51c78bd72f410e2f53c086322557591d9d66b6d473264fa731763ec2317470009c13cbb9d0985c9006c7f62c4eed14c263295bd7ef11db0bc492c2ca5a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\unicodedata.pyd

Filesize
296KB

MD5
3d5cb46d212da9843d199f6989b37cd5

SHA1
ce5e427d49ea1adba9c941140f3502c969b6819e

SHA256
50a55bc145b1f43e5125ef0b09e508946221d02d5fea1b7550a43d8c8c41c970

SHA512
c52014c96578db4c7f97878a13ca8c2a4574cc6671689bb554382ad0e593eb87fac55961c7c11ef82b04627fb851ac44848bac9ec91fca0afaa965e4f1f24aa5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
859becfcf73759cbf97e2e936ede7dcb

SHA1
cd2a760d2ffc14bec1fbcb2b8a8e60487642b4f4

SHA256
47667949542ea879f589974250ce8799ed4102c4dacde1349d8bdb5ed9861481

SHA512
4666015a43f2b7e80862c465e16f42122673b0c15c333dc5a45a6396f80399383ca55379f03a9f7535fc9afacdc739d013610f9c08c1fb14171d2918e693471c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
9fc8d9881041c9e4c86d85d85457d47e

SHA1
125fcaf787e269ca7f5dfc78000ffb3cf1a03619

SHA256
144190ff643947145a41a321831b3eb1cf88d5000edcf508df52dc6c4af7e17e

SHA512
b4cfe3cc1ac81613acf3ad4a90d227b7467b75e382c95d43d5b74e757249ef303787b29ba540ac1c07c345866b6cfd6e5bd41606a2ef116123c58aafe3b74de0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
9bb1da72eef9be2564febd3c386b2990

SHA1
f554d6f905813914b4773644084f9bed79d224ec

SHA256
cbb3f8cfb16349b237ccce0cbc284cea0d31a6aef5b3c4d86585a32c8d495044

SHA512
28a68e33bffaa8fad0cc703f62069fbc16c630a1d4c2465098359baa75670ee8dd51df481a3450caf4764db29575b279d890bcb6299807c11d7972a6231d7d54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ba17796cde7af53488453e468c783e50

SHA1
9aedfa35ef26ec350f7f8a7a711b7b58d16185ef

SHA256
1c56279c509a7224da200864e2779b92009163f7312d2ba9b8c772956cc3e9e7

SHA512
df655e24439a7d4391fdd662454bc9e452f1de759d64b073274ff7556d4250fc289f80ff29512c5f97b17d48827abceef0e64a6fad7fdd0f49cf7d3b29ef3388

Download Submit
memory/2008-1759-0x00007FF897F00000-0x00007FF897F2F000-memory.dmp

Filesize
188KB

Download
memory/2008-1849-0x00007FF896410000-0x00007FF89658F000-memory.dmp

Filesize
1.5MB

Download
memory/2008-1763-0x00007FF897ED0000-0x00007FF897EEC000-memory.dmp

Filesize
112KB

Download
memory/2008-1762-0x00007FF897F90000-0x00007FF897F9D000-memory.dmp

Filesize
52KB

Download
memory/2008-1761-0x00007FF897FA0000-0x00007FF897FAB000-memory.dmp

Filesize
44KB

Download
memory/2008-1760-0x00007FF897EF0000-0x00007FF897EFB000-memory.dmp

Filesize
44KB

Download
memory/2008-1753-0x00007FF89D810000-0x00007FF89D834000-memory.dmp

Filesize
144KB

Download
memory/2008-1758-0x00007FF897F30000-0x00007FF897F5A000-memory.dmp

Filesize
168KB

Download
memory/2008-1757-0x00007FF897F60000-0x00007FF897F6C000-memory.dmp

Filesize
48KB

Download
memory/2008-1756-0x00007FF897F70000-0x00007FF897F82000-memory.dmp

Filesize
72KB

Download
memory/2008-1755-0x00007FF898170000-0x00007FF89817C000-memory.dmp

Filesize
48KB

Download
memory/2008-1754-0x00007FF896410000-0x00007FF89658F000-memory.dmp

Filesize
1.5MB

Download
memory/2008-1751-0x00007FF89D7F0000-0x00007FF89D7FC000-memory.dmp

Filesize
48KB

Download
memory/2008-1750-0x00007FF8981B0000-0x00007FF8981BB000-memory.dmp

Filesize
44KB

Download
memory/2008-1749-0x00007FF897FB0000-0x00007FF8980CA000-memory.dmp

Filesize
1.1MB

Download
memory/2008-1748-0x00007FF89D800000-0x00007FF89D80E000-memory.dmp

Filesize
56KB

Download
memory/2008-1747-0x00007FF89FE30000-0x00007FF89FE3D000-memory.dmp

Filesize
52KB

Download
memory/2008-1746-0x00007FF8A1B10000-0x00007FF8A1B37000-memory.dmp

Filesize
156KB

Download
memory/2008-1764-0x00007FF893FE0000-0x00007FF894405000-memory.dmp

Filesize
4.1MB

Download
memory/2008-1765-0x00007FF892C30000-0x00007FF893FD7000-memory.dmp

Filesize
19.7MB

Download
memory/2008-1766-0x00007FF897C30000-0x00007FF897C52000-memory.dmp

Filesize
136KB

Download
memory/2008-1741-0x00007FF8A4C30000-0x00007FF8A4C3B000-memory.dmp

Filesize
44KB

Download
memory/2008-1742-0x00007FF8A2FF0000-0x00007FF8A2FFC000-memory.dmp

Filesize
48KB

Download
memory/2008-1785-0x00007FF897ED0000-0x00007FF897EEC000-memory.dmp

Filesize
112KB

Download
memory/2008-1786-0x00007FF893FE0000-0x00007FF894405000-memory.dmp

Filesize
4.1MB

Download
memory/2008-1788-0x00007FF8AB970000-0x00007FF8AB995000-memory.dmp

Filesize
148KB

Download
memory/2008-1798-0x00007FF8A61D0000-0x00007FF8A6203000-memory.dmp

Filesize
204KB

Download
memory/2008-1807-0x00007FF896410000-0x00007FF89658F000-memory.dmp

Filesize
1.5MB

Download
memory/2008-1787-0x00007FF894940000-0x00007FF895005000-memory.dmp

Filesize
6.8MB

Download
memory/2008-1795-0x00007FF894410000-0x00007FF894939000-memory.dmp

Filesize
5.2MB

Download
memory/2008-1825-0x00007FF892C30000-0x00007FF893FD7000-memory.dmp

Filesize
19.7MB

Download
memory/2008-1841-0x00007FF8A5C50000-0x00007FF8A5D1D000-memory.dmp

Filesize
820KB

Download
memory/2008-1864-0x00007FF8AB970000-0x00007FF8AB995000-memory.dmp

Filesize
148KB

Download
memory/2008-1878-0x00007FF8A6360000-0x00007FF8A636B000-memory.dmp

Filesize
44KB

Download
memory/2008-1877-0x00007FF8A1B00000-0x00007FF8A1B0C000-memory.dmp

Filesize
48KB

Download
memory/2008-1876-0x00007FF8A5EA0000-0x00007FF8A5ED6000-memory.dmp

Filesize
216KB

Download
memory/2008-1875-0x00007FF894940000-0x00007FF895005000-memory.dmp

Filesize
6.8MB

Download
memory/2008-1874-0x00007FF8A5E40000-0x00007FF8A5E4B000-memory.dmp

Filesize
44KB

Download
memory/2008-1873-0x00007FF8A6370000-0x00007FF8A637D000-memory.dmp

Filesize
52KB

Download
memory/2008-1872-0x00007FF8A6380000-0x00007FF8A6399000-memory.dmp

Filesize
100KB

Download
memory/2008-1871-0x00007FF89D800000-0x00007FF89D80E000-memory.dmp

Filesize
56KB

Download
memory/2008-1870-0x00007FF8A6420000-0x00007FF8A6434000-memory.dmp

Filesize
80KB

Download
memory/2008-1869-0x00007FF8AB130000-0x00007FF8AB13F000-memory.dmp

Filesize
60KB

Download
memory/2008-1868-0x00007FF8ACE10000-0x00007FF8ACE1D000-memory.dmp

Filesize
52KB

Download
memory/2008-1867-0x00007FF8A6740000-0x00007FF8A676D000-memory.dmp

Filesize
180KB

Download
memory/2008-1866-0x00007FF8A6770000-0x00007FF8A678A000-memory.dmp

Filesize
104KB

Download
memory/2008-1865-0x00007FF8AEC30000-0x00007FF8AEC3F000-memory.dmp

Filesize
60KB

Download
memory/2008-1863-0x00007FF8A61D0000-0x00007FF8A6203000-memory.dmp

Filesize
204KB

Download
memory/2008-1859-0x00007FF89D7F0000-0x00007FF89D7FC000-memory.dmp

Filesize
48KB

Download
memory/2008-1857-0x00007FF89FE30000-0x00007FF89FE3D000-memory.dmp

Filesize
52KB

Download
memory/2008-1855-0x00007FF8A2C70000-0x00007FF8A2C7B000-memory.dmp

Filesize
44KB

Download
memory/2008-1854-0x00007FF8A2FF0000-0x00007FF8A2FFC000-memory.dmp

Filesize
48KB

Download
memory/2008-1853-0x00007FF8A4C30000-0x00007FF8A4C3B000-memory.dmp

Filesize
44KB

Download
memory/2008-1852-0x00007FF8A5AC0000-0x00007FF8A5ACC000-memory.dmp

Filesize
48KB

Download
memory/2008-1850-0x00007FF8A5E90000-0x00007FF8A5E9B000-memory.dmp

Filesize
44KB

Download
memory/2008-1752-0x00007FF8981A0000-0x00007FF8981AB000-memory.dmp

Filesize
44KB

Download
memory/2008-1848-0x00007FF89D810000-0x00007FF89D834000-memory.dmp

Filesize
144KB

Download
memory/2008-1847-0x00007FF8A5BA0000-0x00007FF8A5BB8000-memory.dmp

Filesize
96KB

Download
memory/2008-1846-0x00007FF897FB0000-0x00007FF8980CA000-memory.dmp

Filesize
1.1MB

Download
memory/2008-1845-0x00007FF8A1B10000-0x00007FF8A1B37000-memory.dmp

Filesize
156KB

Download
memory/2008-1843-0x00007FF8A5BC0000-0x00007FF8A5C47000-memory.dmp

Filesize
540KB

Download
memory/2008-1837-0x00007FF894410000-0x00007FF894939000-memory.dmp

Filesize
5.2MB

Download
memory/2008-1881-0x00007FF897C30000-0x00007FF897C52000-memory.dmp

Filesize
136KB

Download
memory/2008-1880-0x00007FF897F90000-0x00007FF897F9D000-memory.dmp

Filesize
52KB

Download
memory/2008-1879-0x00007FF897FA0000-0x00007FF897FAB000-memory.dmp

Filesize
44KB

Download
memory/2008-1882-0x00007FF8981B0000-0x00007FF8981BB000-memory.dmp

Filesize
44KB

Download
memory/2008-1890-0x00007FF897F00000-0x00007FF897F2F000-memory.dmp

Filesize
188KB

Download
memory/2008-1889-0x00007FF897EF0000-0x00007FF897EFB000-memory.dmp

Filesize
44KB

Download
memory/2008-1888-0x00007FF897ED0000-0x00007FF897EEC000-memory.dmp

Filesize
112KB

Download
memory/2008-1892-0x00007FF893FE0000-0x00007FF894405000-memory.dmp

Filesize
4.1MB

Download
memory/2008-1891-0x00007FF892C30000-0x00007FF893FD7000-memory.dmp

Filesize
19.7MB

Download
memory/2008-1887-0x00007FF897F30000-0x00007FF897F5A000-memory.dmp

Filesize
168KB

Download
memory/2008-1886-0x00007FF897F60000-0x00007FF897F6C000-memory.dmp

Filesize
48KB

Download
memory/2008-1885-0x00007FF897F70000-0x00007FF897F82000-memory.dmp

Filesize
72KB

Download
memory/2008-1884-0x00007FF8981A0000-0x00007FF8981AB000-memory.dmp

Filesize
44KB

Download
memory/2008-1883-0x00007FF898170000-0x00007FF89817C000-memory.dmp

Filesize
48KB

Download
memory/2008-1743-0x00007FF8A2C70000-0x00007FF8A2C7B000-memory.dmp

Filesize
44KB

Download
memory/2008-1744-0x00007FF8A5BC0000-0x00007FF8A5C47000-memory.dmp

Filesize
540KB

Download
memory/2008-1745-0x00007FF8A1B00000-0x00007FF8A1B0C000-memory.dmp

Filesize
48KB

Download
memory/2008-1737-0x00007FF8A5C50000-0x00007FF8A5D1D000-memory.dmp

Filesize
820KB

Download
memory/2008-1738-0x00007FF8A5E90000-0x00007FF8A5E9B000-memory.dmp

Filesize
44KB

Download
memory/2008-1739-0x00007FF8A5AC0000-0x00007FF8A5ACC000-memory.dmp

Filesize
48KB

Download
memory/2008-1740-0x00007FF8A5E40000-0x00007FF8A5E4B000-memory.dmp

Filesize
44KB

Download
memory/2008-1735-0x00007FF8A6380000-0x00007FF8A6399000-memory.dmp

Filesize
100KB

Download
memory/2008-1736-0x00007FF896410000-0x00007FF89658F000-memory.dmp

Filesize
1.5MB

Download
memory/2008-1734-0x00007FF89D810000-0x00007FF89D834000-memory.dmp

Filesize
144KB

Download
memory/2008-1733-0x00007FF8A5BA0000-0x00007FF8A5BB8000-memory.dmp

Filesize
96KB

Download
memory/2008-1732-0x00007FF894410000-0x00007FF894939000-memory.dmp

Filesize
5.2MB

Download
memory/2008-1731-0x00007FF8A6420000-0x00007FF8A6434000-memory.dmp

Filesize
80KB

Download
memory/2008-1729-0x00007FF8AB130000-0x00007FF8AB13F000-memory.dmp

Filesize
60KB

Download
memory/2008-1730-0x00007FF897FB0000-0x00007FF8980CA000-memory.dmp

Filesize
1.1MB

Download
memory/2008-1727-0x00007FF8A6360000-0x00007FF8A636B000-memory.dmp

Filesize
44KB

Download
memory/2008-1728-0x00007FF8A1B10000-0x00007FF8A1B37000-memory.dmp

Filesize
156KB

Download
memory/2008-1726-0x00007FF8A5BC0000-0x00007FF8A5C47000-memory.dmp

Filesize
540KB

Download
memory/2008-1721-0x00007FF894940000-0x00007FF895005000-memory.dmp

Filesize
6.8MB

Download
memory/2008-1722-0x00007FF8A6370000-0x00007FF8A637D000-memory.dmp

Filesize
52KB

Download
memory/2008-1725-0x00007FF8A5EA0000-0x00007FF8A5ED6000-memory.dmp

Filesize
216KB

Download
memory/2008-1723-0x00007FF8A5C50000-0x00007FF8A5D1D000-memory.dmp

Filesize
820KB

Download
memory/2008-1724-0x00007FF8A61D0000-0x00007FF8A6203000-memory.dmp

Filesize
204KB

Download
memory/2008-1720-0x00007FF8A6380000-0x00007FF8A6399000-memory.dmp

Filesize
100KB

Download
memory/2008-1719-0x00007FF894410000-0x00007FF894939000-memory.dmp

Filesize
5.2MB

Download
memory/2008-1718-0x00007FF8A6420000-0x00007FF8A6434000-memory.dmp

Filesize
80KB

Download
memory/2008-1717-0x00007FF8AB130000-0x00007FF8AB13F000-memory.dmp

Filesize
60KB

Download
memory/2008-1716-0x00007FF8ACE10000-0x00007FF8ACE1D000-memory.dmp

Filesize
52KB

Download
memory/2008-1699-0x00007FF8AB970000-0x00007FF8AB995000-memory.dmp

Filesize
148KB

Download
memory/2008-1715-0x00007FF8A6740000-0x00007FF8A676D000-memory.dmp

Filesize
180KB

Download
memory/2008-1703-0x00007FF8A6770000-0x00007FF8A678A000-memory.dmp

Filesize
104KB

Download
memory/2008-1700-0x00007FF8AEC30000-0x00007FF8AEC3F000-memory.dmp

Filesize
60KB

Download
memory/2008-1689-0x00007FF894940000-0x00007FF895005000-memory.dmp

Filesize
6.8MB

Download