lumma | 2cc415a2842f99afca9b19c3a4d57d48cfa681cf389650c8a3b53d4fe0e0bca0

Analysis

max time kernel
97s
max time network
146s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
16/04/2025, 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Start_setup.exe
Size

37KB
MD5

f6f76de82f4a87fcabbe011876e53670
SHA1

b7aec7f9870935daf1faba58aeb2a4deaeba116c
SHA256

a97e2a8da8d70d6f4e5df730b4fe7996e2d6b1cab9971faa4a8ec2857f1eecc9
SHA512

d089c54324467e120fe0040f78f01b663287b7082e70e37bb387b9bd12d94102786259f3318a7483a3edea634c07aa8aecbb10e749fbb1869ae827333f9ccad2
SSDEEP

768:xn04RNfdSXe28HjPxWlk0CoCzXtBi4PY//I0D3fmoxbxAuauIRdzOcSQbNC:h04f1SMHjZ0k/tB1g//I0DuoxbxAHsci

Score

10^/10

lumma vidar 5e0c4261602b0cd231c9ba5491376d7b credential_access discovery spyware stealer

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
64.52.80.157
Port:
21
Username:
SSA
Password:
PASS

Extracted

Credentials

Protocol: ftp
Host:
188.120.227.9
Port:
21
Username:
PK1
Password:
PK1

Extracted

Family

lumma

https://asalaccgfa.top/gsooz

https://jawdedmirror.run/ewqd

https://changeaie.top/geps

https://lonfgshadow.live/xawi

https://liftally.top/xasj

https://nighetwhisper.top/lekd

https://salaccgfa.top/gsooz

https://zestmodp.top/zeda

https://owlflright.digital/qopy

Extracted

Family

vidar

Version

13.5

Botnet

5e0c4261602b0cd231c9ba5491376d7b

https://t.me/v00rd

https://steamcommunity.com/profiles/76561199846773220

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/3980-257-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Uses browser remote debugging 2 TTPs 8 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
1056	chrome.exe
4168	chrome.exe
3108	msedge.exe
5044	msedge.exe
4920	msedge.exe
2016	chrome.exe
3020	chrome.exe
3264	chrome.exe

Executes dropped EXE 1 IoCs

pid	Process
2640	python36.exe

Loads dropped DLL 1 IoCs

pid	Process
2640	python36.exe

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3400 set thread context of 2600	3400	pythonw.exe	85
PID 4064 set thread context of 3980	4064	pythonw.exe	96

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pythonw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Start_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pythonw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pythonw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python36.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	iexplore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	iexplore.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
4516	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893203885723940"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-73851796-4078923053-1419757224-1000\{5617FBFE-1C63-4070-9212-FF9F816F7799}	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2600	iexplore.exe
2600	iexplore.exe
2600	iexplore.exe
2600	iexplore.exe
2600	iexplore.exe
2600	iexplore.exe
2600	iexplore.exe
2600	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
2016	chrome.exe
2016	chrome.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe
3980	iexplore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
540	msedge.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: 35	3400	pythonw.exe
Token: 35	5236	pythonw.exe
Token: SeImpersonatePrivilege	2600	iexplore.exe
Token: SeImpersonatePrivilege	2600	iexplore.exe
Token: 35	4064	pythonw.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
540	msedge.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
3108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 3400	3960	Start_setup.exe	82
PID 3960 wrote to memory of 3400	3960	Start_setup.exe	82
PID 3960 wrote to memory of 3400	3960	Start_setup.exe	82
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3400 wrote to memory of 2600	3400	pythonw.exe	85
PID 3960 wrote to memory of 5236	3960	Start_setup.exe	86
PID 3960 wrote to memory of 5236	3960	Start_setup.exe	86
PID 3960 wrote to memory of 5236	3960	Start_setup.exe	86
PID 3960 wrote to memory of 2136	3960	Start_setup.exe	92
PID 3960 wrote to memory of 2136	3960	Start_setup.exe	92
PID 3960 wrote to memory of 2136	3960	Start_setup.exe	92
PID 2136 wrote to memory of 2640	2136	python36.exe	93
PID 2136 wrote to memory of 2640	2136	python36.exe	93
PID 2136 wrote to memory of 2640	2136	python36.exe	93
PID 3960 wrote to memory of 4064	3960	Start_setup.exe	95
PID 3960 wrote to memory of 4064	3960	Start_setup.exe	95
PID 3960 wrote to memory of 4064	3960	Start_setup.exe	95
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 3980	4064	pythonw.exe	96
PID 4064 wrote to memory of 540	4064	pythonw.exe	97
PID 4064 wrote to memory of 540	4064	pythonw.exe	97
PID 540 wrote to memory of 764	540	msedge.exe	98
PID 540 wrote to memory of 764	540	msedge.exe	98
PID 540 wrote to memory of 3248	540	msedge.exe	99
PID 540 wrote to memory of 3248	540	msedge.exe	99
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100
PID 540 wrote to memory of 1600	540	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\Start_setup.exe
"C:\Users\Admin\AppData\Local\Temp\Start_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Users\Admin\AppData\Local\Temp\pythonw.exe
  "pythonw.exe" "python.dll"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2600
- C:\Users\Admin\AppData\Local\Temp\pythonw.exe
  "pythonw.exe" "aynchat.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5236
- C:\Users\Admin\AppData\Local\Temp\python36.exe
  "python36.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\{53202C14-F303-4048-94DA-F7A2FB5BE730}\.cr\python36.exe
    "C:\Users\Admin\AppData\Local\Temp\{53202C14-F303-4048-94DA-F7A2FB5BE730}\.cr\python36.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python36.exe" -burn.filehandle.attached=548 -burn.filehandle.self=544
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2640
- C:\Users\Admin\AppData\Local\Temp\pythonw.exe
  "pythonw.exe" "server.dll"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:3980
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
      4⤵
      Uses browser remote debugging
      Drops file in Windows directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:2016
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff80b16dcf8,0x7ff80b16dd04,0x7ff80b16dd10
        5⤵
        
        PID:5128
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2012,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2008 /prefetch:2
        5⤵
        
        PID:5652
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1644,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2268 /prefetch:3
        5⤵
        
        PID:1160
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2548 /prefetch:8
        5⤵
        
        PID:2612
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3252,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3276 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:3264
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3324 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:3020
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4312,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4336 /prefetch:2
        5⤵
        Uses browser remote debugging
        
        PID:1056
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3256,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4732 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:4168
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5268,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5280 /prefetch:8
        5⤵
        
        PID:4908
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5460,i,6003660891636070248,5355703769481255635,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5516 /prefetch:8
        5⤵
        
        PID:5804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
      4⤵
      Uses browser remote debugging
      Drops file in Windows directory
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:3108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x288,0x7ff80d9ff208,0x7ff80d9ff214,0x7ff80d9ff220
        5⤵
        
        PID:412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,12378791935776591207,2145955980088239966,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
        5⤵
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2184,i,12378791935776591207,2145955980088239966,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:2
        5⤵
        
        PID:5592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2524,i,12378791935776591207,2145955980088239966,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:8
        5⤵
        
        PID:2964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3536,i,12378791935776591207,2145955980088239966,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:4920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3552,i,12378791935776591207,2145955980088239966,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5044
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\s0rqq" & exit
      4⤵
      System Location Discovery: System Language Discovery
      PID:1520
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 11
        5⤵
        System Location Discovery: System Language Discovery
        Delays execution with timeout.exe
        
        PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://maper.info/RNxea4
    3⤵
    - Drops file in Windows directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x318,0x7ff80d9ff208,0x7ff80d9ff214,0x7ff80d9ff220
      4⤵
      PID:764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1956,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:3
      4⤵
      PID:3248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2280,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
      4⤵
      PID:1600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2588,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8
      4⤵
      PID:3560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3540,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:1200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
      4⤵
      PID:648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4892,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
      4⤵
      PID:1032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4856,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=3876 /prefetch:8
      4⤵
      PID:2996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5040,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:8
      4⤵
      PID:5816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8
      4⤵
      PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4900,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
      4⤵
      PID:4908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4900,i,6078069852771988773,15670775742124045810,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
      4⤵
      PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2376

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5124

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
443f3ba4f86e801d628e3086bf903a9d

SHA1
88f6f5001f749ee7c784fe3d978d16afa521088f

SHA256
ff30f620df3e089b01bbb7a1c4a3365845cd0030c167d491320d0e359cc36ac6

SHA512
fc478a9db141a8b27e767b11acbdc9e3334feb1846f5dc545dc87f88f4b36a55f55bac11fb387bed2c4bb83f3420b383bc2ce7ab68a3abb85bec1d666b4437b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
aad9ef568b38aa2ab42b57a3cbd8d8eb

SHA1
efe601b188069ca6b54ba6bd63866687c5574780

SHA256
ef0ca3af55b0eb83ea83d3376038feecaef97236df7c556f821c93bd08e86a9a

SHA512
5a3e66a1f995ed2779c7260787a2688118406190312d31e7a77bbfef233d81bbc17dd1bbf77a08ba73e390e22dd973c173b5eb39851b359a9196f48bb6fea963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
5c1970977a99e8064847c18a6c6955bb

SHA1
0ed6929f1e427779438bfcfe20c89be0f652f24c

SHA256
c65fa44c38da8e8953c22419dc2ce8a1060f27b1761ae5cc505e9a860719a3f0

SHA512
7fd138a3701425733a5d1046ab83c03c3d4cd5d6070c0db3d7cbad71e540cf118cbeda7c7d7f5fb0f32027abc31941daf95d129fabb18ea1885c53e3fe2ad70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
355a54ad8b02b48a164ef3fa30c641d6

SHA1
dd33ca681b35bcff90fb8764a7b67c808ec76509

SHA256
90abdcbb5f7c3bb044f0ce810b750c9d52e6ff37e50d1005caf37f54e0e1e545

SHA512
8c30842f40106f7dd5fabb0d88f5850369ddc7b4648609ec69f39f70fcc074d145b5559152973b0d722ddf9583bfeba42046d1de45ba04318b20629bd5cf4165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f50ca91-4e73-440c-87fd-3eb4accc5746.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
67149bedcecea7f5011f9f31044c88d7

SHA1
64047ab3486e7c1052f333e71b875e23fea2aeb3

SHA256
3a7ad0bc72aa0e7b8b9172761cf3f4e945709a6778c308208bdc9aa7f862d49d

SHA512
fcd1d5507b67e19c395a8ed681366716c3cd9892beacf7a28474b6e9da01175330cb4defd37d15f066205c513af278a4b3d7b07285c932a8f8911762e00e8808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
efa5365689bbc32586101dcbebd97c16

SHA1
d607116ece4159a3500cc195ac110377072d6f38

SHA256
bd79a9b90fe79a8ce7ab1024991ae1463eceeceec13cf8fc9794a97f8587b0af

SHA512
b0758805f5b640fb10e95ed7ffc27bb5063f82d5f5c43fb90d52544d4e36155e65202ec2f18be5892a9f11a7ede00eda0275d6ac0584da1bbbcdbc7de7ef35ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
f0da27835f218a7e6e75c0f58f76d466

SHA1
2b69eb3dad33206f5ccad0e9958f824a0cbe7b57

SHA256
e7807242b491961c1b7f02df374010c6d1f349a6ae7f18d10a488c2b7981f052

SHA512
95b9a4fec2e7cac14046fb5e4653a65d397e687fbcea39d6baf66344fb21cfd0a2279383f740f7074ac01cccb9c6667dc6ca104ee2a0dfde640266da6dd907a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
369ec7ae8599b28c53f2bf04a449bbff

SHA1
50f9b2149d7761b976ffaa9e5e724e4377508e28

SHA256
238026a950feeafac3473f7f3f5ae4bc1b475d4479765d26442c8ee845bdc0a4

SHA512
0b2e32c889957c3373745cd15ae7756f1fb735a5517c8e52067f9238e156c72a443f59993e96a79d654707ebf4d6bedd4d454fca32b0ba69b62550c57368f39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
aa068e55b9ea7811cba1458958fce00f

SHA1
047c2a09848b98c8c8f2db6256fed12dd3759a78

SHA256
5daee6fd820b1372b2ff9f08fede0375a39271ab6e91262c0c08c865aed0e81b

SHA512
5a22953bf811959397aa2dabc848743a9eda99be2afbc129217b540c7450512d43c2f974f06a3f01e99fbd12e152a34e2e4230e6b6e82befb62c77fc0b84e842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
c61efb48361c45e7597e4c946fafd6c7

SHA1
f178fefefcaa995351bae5d110022eed1d1f0c63

SHA256
d69211c3fe38790710ec2cc13c1498b504a27c0f72df06575d310a03d46619dc

SHA512
c8eb958ad84b964087a56251b2d7ed4c7f7ebb711022f9f698a29ee18c7f2ccf01836d686d84b1f82e0815dc471692ba2d6d28a015036ca44d10135d78196f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
963639ba335260184362a35de8c68c2f

SHA1
5002175b501194182a431e3b1b2881184e908c3a

SHA256
0af58e0e94e554cbd6b16c1b651c0d2bc0217f94fa8e3c0f7aa8c2b8a145da75

SHA512
8b15c59b3b9fd12c675394bf791e18233acde2af8bc876b93ff9de31001caef9f129726838f613153e08650d4a6afefa03c3807965530ce2652453fc00c0fcdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
cbacbdcac4a7b96fe34762b2e1a7c0aa

SHA1
16be1b28f8927b85c3a6f876586724bff41f0d1d

SHA256
68c380b7aba87250e1ca6ffdbb833e6c1fbcb5c0b8a5802814381bcf09d455ab

SHA512
c254894fd766847e81bd6afd779f9aea27020aa9c5f1cb28c1fd14f89ec03ceab2c8a76db2e86775ee0427798a58e27441705d7c6a108f6399d18adb86ac554e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
312afa210045fc5c2454bc2c6f86a926

SHA1
199d61a79dea4353210341876de8b7f84fe3f13b

SHA256
1605cae4992d02b23b55c879811572853c9c50fb5b1a78ec06f7ca5f2f645a78

SHA512
244556581e19b47c8eea596d3026ecef26a9ccb02b2b4babf137be786016a6cf2f988b42a84aa56fa2092cdb5ba4e5c48bc578b304b779c3ff70a37f4455e6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\_collections_abc.cpython-36.pyc

Filesize
28KB

MD5
b9071b55bdbce9c494aead7564bd8fb4

SHA1
e89c208552e58c3446ad47c05d9d2ffe506d3aeb

SHA256
35ede48dadb01fcbb666067e49744d4cfa4aac87c2217741f7578dba9130c32c

SHA512
eedf586cf270d4c6ac26534a51d74d21404dedac645601a43b6f558819d2773217fea848d557061c995a7f2d7aa9102a2aa2382d0e90e5374be94998f26476d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\_compression.cpython-36.pyc

Filesize
4KB

MD5
7db9971a065ef1b87e7a0f729e0af590

SHA1
06cf6d5db14e79ed28cbc79bca04c9acc61446d0

SHA256
4cd434b56c187830e4169fd4e49debc78406b3fb3965c985aa3a0952d09af2dd

SHA512
762192824b287d518f8a70cab784b6a9c5fcf06d8a37620c2c1488b5b7cd30eadde134a19316e09dfceb5d957945258b996cec604fc0de94413159e58a35359d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\_sitebuiltins.cpython-36.pyc

Filesize
3KB

MD5
8fecfde593f7df5427fd5a530470fc58

SHA1
96bbd7c214655f5e0ce257427600760618b6b1f6

SHA256
72fc36d98abee414896df93b525c3458d9d6a9f70f3ab91d3c5e8d29c21f57a8

SHA512
42459b3fea6a51ca327e7456dba3cbcf9e8f35a70db6a02eb971232709b4a56dab7f244d8a1b8b3c4af2c2479a2f35d5c538fcfbea66cca18116a0da656431e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\_weakrefset.cpython-36.pyc

Filesize
7KB

MD5
c5f53133e5143b5d136bbe16e1d80729

SHA1
a6dbb32e0d9ef28fad9ad6fe8e987fa28e6ac209

SHA256
ec410bf5c42a4189bc82970bc489e71a9c878d235c9b0cb433fe576bff7825e3

SHA512
962e6a59b4d5f1d216ac2a29957dd8b63863e9801b39db1092c88f905f6d817bcb5d4f943381494a87290e015e93f3480d6184b45f4e5ef3aa7790240bdf63c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\abc.cpython-36.pyc

Filesize
7KB

MD5
9ffb6ef87cfb75da08f67a589830c352

SHA1
83bf36ee7435d9fd554305076bfac56c78daf012

SHA256
43a38fb725959e7259dd6e1237348f32e75353a3b5ceacf51a88219770e4d240

SHA512
2bee5a564b66965f9bded6dd2965815fd3946e6210c902aa81087831e51071e49cb90cd69a19bc6d2ef0eeedea561c67775cba791b176ef38588467161c50373

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\base64.cpython-36.pyc

Filesize
16KB

MD5
421cd517926c19d9788df55b1a18db0e

SHA1
28e9e438b46795af795eee8bac2bae35bc90f91b

SHA256
4b1e81914497627e960efddbbad55b45316f4d18685b25b4769c8d877d675bf0

SHA512
a8cc985c695c478127f820c7d02d7391e5dcee985f642d31a330ed9df6d189ea4556fca8706ff00a5d815b0c77a8d42801ff5fbf5c03bda155f8cd033a34da40

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\bz2.cpython-36.pyc

Filesize
11KB

MD5
47ed3861545961107da6098d58782c86

SHA1
db52ecac00e5d24993530e1fb9f2c0f42cf98e70

SHA256
d0b1e8115a463a45023b299465c7ee08f4ee48ec4f0d6a55e03a944c8091d966

SHA512
5161c0455665d077984a14658219368f0d2390c2e86cad7ac255ee1e75609a55e2ba4621b60a9cdf2d9f37386d3b4191a443a18ada5a5747a8f13d7b22b5dac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\codecs.cpython-36.pyc

Filesize
33KB

MD5
27687ba45288ea066edba019e99ae16b

SHA1
be82becb12a1d4cc30592fffc9c64a2aca3cc8d6

SHA256
41d7c1b61b77e122a21708c5bdf6196764ce1a30a057d24a8be9dbb45de0ffd0

SHA512
c5e78ffbd8817684bd67133b5731ee94ca3b2a5c2890f00de25ed2397106c1a35b8c2a2e89ae8d3a30de4e7f7d5776226586f88701b5e73939aac667d7aca4dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\copyreg.cpython-36.pyc

Filesize
4KB

MD5
7c9f17e5252d6201a87b23f5d43fb852

SHA1
34c8b51eede952934482cffe04f41571d200eefb

SHA256
e3300225d2d29debaf3fbb5dd73f1acf6ae7e2db818fa6c76ebe48839eb09ee7

SHA512
ef62033cedacf0748dcd3d521ee75f43033e98d702644e33f47fd0667036e03b0ad8ac7b02267c49e32b87a32d2037fb1b540fad77f6a4d13c32a993babb8817

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\enum.cpython-36.pyc

Filesize
22KB

MD5
09468d0d4d0a108b84d8592c86710816

SHA1
5093efe30cfd5a4ba299265fcf788e747c83996f

SHA256
a479ee209a20cb08c9e092fb9ae3240a22871bbcf286f06291749610a91aec41

SHA512
1d60691c6239b6a6b32ad9fb6b15113687cbc07c55a19115c0787fdc4b726bd5b6c93462ea7b4a5485dc32e6a996cd63ddefde0a00d461a59086dc71814361e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\fnmatch.cpython-36.pyc

Filesize
2KB

MD5
efbd6884f815a21c5eb4657cda8239bc

SHA1
b1504b12c914aa5fbc86f161e9ea87fdf06029fc

SHA256
3b26e007809d9c191847d267c5a78b9a50e8d85eacd87d32860aabab60a4b3a1

SHA512
32944510b9ba71e088289f43208eb8a88af24c63d3caea452d46d2912328d238e72b166c64e2d62ab19f6853af649edc2cf097dd03486ca2d23d7f8c9f0cc1b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\ftplib.cpython-36.pyc

Filesize
27KB

MD5
f1ff65b93529bef663203161929f1d1b

SHA1
d49fe35e7056944e628b9dd0c7397c124308d7b1

SHA256
587fcf1b2daf8d4994f599a4b71d2836c7914778f2a12ae8af839e1db1a5a0f3

SHA512
f161c0bcddbab6bc9e1adc61539e449bd15e2f13e9f83519c7806a3bed979add22d5cfbc2426cbab83470f21141f29c8f645048d2e8798326ef23c81803aeef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\functools.cpython-36.pyc

Filesize
23KB

MD5
d7dbfb34588109025fde0e10090f4f45

SHA1
585a19e4f615424faa3fcfa53f0cdf23855726e7

SHA256
1bd57d24026e9c1dd7bfc7d1cbaca5e29786d9711da92555a59a830b878b8915

SHA512
03500efa4a7a5ba7deea4b779be5de06501a4830995c87bc265e728187b317abb73a831d916c857b6744859c2a0b3ca7b4952c125aadfd7e32d3a937c3dbc0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\genericpath.cpython-36.pyc

Filesize
3KB

MD5
5ca025b5d98e203c3d3935982c583b6b

SHA1
4068660a125d5ec89bd75826a26afed9664e2da6

SHA256
51258eb495293467539cd7b286c7703513a9ced1d08a49d48592f2075874e942

SHA512
eba21934137e0310ff11f7df0bf69160bbf4001a356676638fd6c2715a075405015150c40d321fe0ec2f45236d7e0eff148aaebad707c3c81f40c5edb4a696df

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\heapq.cpython-36.pyc

Filesize
13KB

MD5
8a1e17985c2e050d5a4e434636a659c9

SHA1
2f09c7fbf9e75fd23371fdef994db3ed70282256

SHA256
08c9027b8ed2f12b4fcaeacf06b7d116f7aed6c0782a7648e9b5338e2c681690

SHA512
85966c952c7f577dc150b843ecd37156c347c1c1bf7746516460dc28b14d57a842532c767173df469be9d2c447d5ad6ca4d9abe6379ba1c7df0a92b268cd1fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\io.cpython-36.pyc

Filesize
3KB

MD5
5a53197206d4885cddb0542b4bfd27f1

SHA1
c490e8bcf3dfa3394b6912ac6d14937f852d03d6

SHA256
8ab7e6bd47f120adb3b322d1603ca338459bde4667d10dcfd0b13f11748ec238

SHA512
35befa87cfe3e978bd76c07c7d75a6d475713c44908fd59fdf02024525316f2aaa407b6d047b737b3751c65e74619be9d48c382fd9a98abfbdc81352c14530be

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\ipaddress.cpython-36.pyc

Filesize
61KB

MD5
e9e525a23799825e6e9689c13e04a90a

SHA1
899ea7c134bd82cd48191eb456368dee897d1355

SHA256
396310737e9d8c6bd2b2ab36c2ea94394d1208c705b8f3a539a4bbbb93898737

SHA512
45a20751e2fb9c6837b65827b5572619ad0587cfc41f84cceb17c53d4d1593ddf6a07abbbea10906256ec348cb3b415d2b8c21fea5015ab258111c93ba34d0d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\keyword.cpython-36.pyc

Filesize
1KB

MD5
438c786430008b8002c2c12b75156544

SHA1
042985f0b212f9c6d24bdf0765171b67640efbfc

SHA256
563c81b79a056f1f8e6eaf73140259c26f7d96080a79a60b2a469c327248a655

SHA512
37a340582e4934cd7be0b60f5934a3aed6eb4e1b44e2cb62f3a1ff1396d1cac58f71399afae3f74ca06b3446e10d47f52b7083838de2e3ce3e3d96c572b48201

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\linecache.cpython-36.pyc

Filesize
3KB

MD5
0969a28cd4fb9853b13f30ac01b9f33c

SHA1
74db4556e0428761e143cd0bd00d4fef71219e06

SHA256
e4c8e085a909cda20f92047c1c0533393a74bcd54b2d9b13bae85855a7e16272

SHA512
7404280745db2d603321b6d7339f142c2e1623749796405683c42914fabe2b33f7b3f92cc455c1c78d69a3f371484bc4b262124d46f66543b09fb92881edf01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\lzma.cpython-36.pyc

Filesize
11KB

MD5
edb255f5c0a6a327486561c74557d83b

SHA1
54c48c1c139732938398a789dff3dfd9f4ba1ffc

SHA256
cc373db85c5b584b8d24104177a4c8a0d76b8af80f2e6d1a3c94c1a5b324a18c

SHA512
fdb4379478a4474e6d7e55f60a5e943ed9b100931b069f38a47825cd182cb40c2505b19408e5baf94b95eeffe1276fb24bbe29bfea97b0286bce62982e200323

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\ntpath.cpython-36.pyc

Filesize
13KB

MD5
293900d0b98ec59143d10262b884c72b

SHA1
76ef193f55b8074caa0ee730723da9e4cb6f0cd0

SHA256
dc6c234b6028df63ef8018fa3c4730da857a2ef0d6515fbe055094054e2f4601

SHA512
774a3a14b6aef0b4a49cbd89bcd6bfd16fe10647425aaea4d84fc9eb388406274a9127aec6c864684b1e21eff528a0c87cce34bb7ae211527571f1a0d0c9e1de

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\operator.cpython-36.pyc

Filesize
13KB

MD5
cf91934f453d3e7e3e2073656bb379b3

SHA1
baaf1ba8a98f262095f841d2a1f15bedf43c2ee4

SHA256
9893c8f24dfd7f612f47c7dfb04052da29e368c9bce81d9650dc5def83e8bcab

SHA512
593d671282c8dd4ae60c541925d9e3d6a9f4688b30c313fcd1e9c03413e15f0b46d2aa2d8779ab4faf6d2c6d57cfe429f477458b0a172a06ad052cac648b367b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\os.cpython-36.pyc

Filesize
28KB

MD5
b50264f41c689b8901c4ffbb574fa388

SHA1
04c20014b0e56e7f734f9b7f74f38082647181e5

SHA256
08a0533f3f8176586de1d05a3b98c977fc4e96b84d1237c8c5c618817fa263d3

SHA512
a6f8667e62d38313ca048fdd65df6bc2b4f56b4f12e10e3896cf7b934a4eadfee566d899392a3faee6576f62ca82ffdc968bd6a5db4f24bb499e16be7242bf0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\posixpath.cpython-36.pyc

Filesize
10KB

MD5
9643eb7ff137dcd2c27d75646fbb04a0

SHA1
84c8abd79b83abe6294ff95c7fcc9d651681eecb

SHA256
3ca00504f5633f7a67f1602b1d5c736e9d82a3811395912942082d885667b329

SHA512
4acf8196369bf1dd1a5b026ea4e5c897100d3bf49df015fbb8fe381d543ba36a5ab6a5957ec663a6ede5fe56a270ac3bdd096c369fdd916a3f93d4c6889f8956

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\re.cpython-36.pyc

Filesize
13KB

MD5
68f2aa8fc17ee4cdface1e3e9f718f5c

SHA1
2c26b574a5555991cfc5f8bc4fa309344c60629a

SHA256
638d52ab2291cbcb4f8e103a8501812637bc613a558d46cc0a5a78e57b2540e7

SHA512
fef304fa748e2ddbc85e481109ddee67e3b2b430faac97636a019cb0f69f40875a59cd5c3b6ceac8d5632305489d19d32c4793731c606574bac29c456da91f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\reprlib.cpython-36.pyc

Filesize
5KB

MD5
5b3443ec845b096f44f1b14c95c9c323

SHA1
1e1306f79a2c8d43c193c90aeb07d658e4040097

SHA256
8e895bd36894cea11a48f024a54aeb81a5b3bdc4f453a553ca2370358946c146

SHA512
fb8be2ecc1e9bfffa6927476ed013e6e8e584ecb28c01171aec9eb1d79ac1cb93cea9ad98ae9d9883154ceace60d42c755d6f1129627eec1191c1dc82e1a7cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\selectors.cpython-36.pyc

Filesize
17KB

MD5
9c517f78ceb4b43acba03a1938f31fd5

SHA1
0bab2caefc4eb1d7a93a1ced02acd6428a6eed77

SHA256
c9ca6033f4c7f07e1e807029391eb7a38beca641273dd2593c725ad8cbc12449

SHA512
158d9eaacae5b854332626444beda2ad57d8d97edc44d11c3cef4cc69a72747d943b72926c6f77c21163edb641f6990597d76104e42d1c8f52e2584dc0363a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\shlex.cpython-36.pyc

Filesize
6KB

MD5
193a36dbc0e659c66688fa82d08bb4e1

SHA1
731589b50faf611c23688c71328961fe43d1ef0f

SHA256
4538c06cb64af6b913add14b4a638b111fe3fa9501b18c685119aa017d8de800

SHA512
630aea9234101ef3dec9fbaa66130ff983f40a4f17a76e4ff0aaeca04531e63fe929655d85a0fa664a798da77bef0beae00d8248e5e4b532b35f3d089054323c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\shutil.cpython-36.pyc

Filesize
29KB

MD5
1785fe89ea2402836365cc06d8ec05a3

SHA1
ecee621ac6ae8504f143ee9211d3bda70377d4e3

SHA256
6bbe90a972d8a7d34156d6d9eef213dc72d4d11e0f9d8ffc745f8399105dfe9e

SHA512
b0e7c304e2c0b7c0a34bcde19a7187a60056ca7adfe1c89bf8dbfef1c1e5f2431e75eb5acb699fba806841f167ed478ac61473cf69b31d8936938b3dd797da3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\signal.cpython-36.pyc

Filesize
2KB

MD5
34af3ddfdcad178e9a633f08b09ec1bf

SHA1
e9a1a54a902ad6e9f34b4e84ec3f85ce09bdf337

SHA256
65df1023c16fec1bd4d07c6fc42501440404372fe2d019dc3828525a8ae848fa

SHA512
0d61b236c09d9caab237038b44a3fb4e7184b6aa6c78bcda92813d57f0c1d8852258d6efe9e0671dc8218432679e38905932af40c4d878576dbdabc9b1a4018e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\site.cpython-36.pyc

Filesize
15KB

MD5
2b59a5cb6c7db9f0eaccf5a9add55a6c

SHA1
bd6320af4a194ff1194441d12943444a0bbc45e1

SHA256
3dbe8ecf3cfbc95d39b653087c86ef88b38712c6e6556adc3348de5349dabc5b

SHA512
90b25899bb914933c64014e64a4f6dfe72850732fe5d906a9457fb933a6e7ad6ebbc55051ede8b2cc1b38133a9c100983aba1257cc54c28fba25ef59120a7818

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\socket.cpython-36.pyc

Filesize
21KB

MD5
08bea3901b7462fc2137d1d2c979fc9d

SHA1
9075d16bd4b72209fab09b4825e3e06e72c97678

SHA256
888fdb745ef4ef24327238de098e3a82d10d2dd5119a7d082622013cc557cfe7

SHA512
1aa6250256c4e1623bcc4e2f5111caf016e6a0e818320be04a9827c6c769f71a02f05ab84af7418d113a5c13aacc6009f83d9002ce65926c59ea0636682c1396

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\sre_compile.cpython-36.pyc

Filesize
10KB

MD5
df6c3fe302e899368ea926d6c3fdd925

SHA1
16f9aea3571d2923a7c5f2da5d464aa4d4fc4c99

SHA256
c22960a087c3a3e0151a3ea748437000b60e5bc9f7259871529a2465c8e9fa3d

SHA512
ad3b451979e6ca242eab5d2d447e083c078f9856e49bdbf67d3dbf75c1f048d79a557fff4539b7519ff02cfe1264aa61597a92adecdcd210dce3519fd8d711cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\sre_constants.cpython-36.pyc

Filesize
5KB

MD5
d64a2e7ceed42a109c5e5023e2b5e897

SHA1
78c9fa978579ffefc9b3a1b16c847f940a00fa65

SHA256
e4cb7f3430526527cc576f3788ac6363d965311b19163a09c2054936fd138d93

SHA512
1228e864f602fdb51eec903837d70aaa21fdeaf81596b5fa96601615df68a1ba178cefe14a08d463b85b935a9ccbb761907cdcadf8c2bda7fff4714c92df39b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\sre_parse.cpython-36.pyc

Filesize
19KB

MD5
196b44d2e52fbbb5a1999dfaf72bc936

SHA1
12714effecc50874c679da9fead821a687deed53

SHA256
f80f9119daa6a4dd8f0dd28175980f97674d417b6f674dd158a8b7b16219851f

SHA512
c2b5645ea5683d6e4adc16f407d6bcd4eeef5979b009ed144eaedaa1c5a83463b37f0522aba30ae122be8f348768094be1800897166a387d29c3d62236691132

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\ssl.cpython-36.pyc

Filesize
35KB

MD5
0490ceb83669bbc5751626ee0bbb01aa

SHA1
fefdfeff97392ac3b436b4ecd50617835b08fbd1

SHA256
3a007107eb3414d8bf7f5398a03b3307e2e4671d68a1f9de139fc3e359c95730

SHA512
40ecba3b87a7328679f42c9640e5f8398c9bb614d79e767a057c8c0e53f485741c91dcd2bbef110bc6b540c6f935d46fb32c6227b69c201595a6317058dcc507

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\stat.cpython-36.pyc

Filesize
3KB

MD5
fb43b2a104bd2236732f70e3e4394706

SHA1
0964b5078a896ec478ce10510e11610c6ad2a4fe

SHA256
68e95699c5b896bdcece8475cfdc87ae208a4d609977e46ddf6b859fd514d5be

SHA512
9b1ff4f5775d4c2c45827482f525dc34fd3bce4a49df01ffd003fc3eae59d2510b70ad3d22589bd2a719c642bd7fc0ae746b72a410d673e76833c1ddb8ee8d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\string.cpython-36.pyc

Filesize
7KB

MD5
ab5357a52b0d4dd964d114265ea46f4c

SHA1
df0e688e918a856b46acff35ec1c59528cd62429

SHA256
652b99b888c4b5d01713560a225b69973b04629f385ff9870532643f51cd2ebc

SHA512
e7e2fc332b1e1fe0e986550b04b62cf9f551960b1175adfc23334606f7df2825f90a8a6e741c604053c8eaed2e67c87020db435ddd25d5a02104c58b94caf399

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\stringprep.cpython-36.pyc

Filesize
9KB

MD5
b8192609e8ff299cc796318c2be9fc35

SHA1
a5f9e05733f538afa7c05e48d4c33e2d519fb982

SHA256
61722a3fb6ffa4977bf351d25a2877b7319856303c01562199de808bc8bd3024

SHA512
bf307bb39695ac08f207186f8f3293d9c2262e1c231fa841a238361960dc96fd72c530d24a25c67149f0415f0860c2bbf2a74c60bc3245f82c1ab25b038b93b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\struct.cpython-36.pyc

Filesize
331B

MD5
57b5451582ed4527729f03939bbc575c

SHA1
8f80fe20d8f8d1d351accf75b839007a7301c907

SHA256
ee109b89859d276f9eb6da511f26a9c11a9a7326962c4200bbf6cdff5117ddac

SHA512
1f2f678a9953de6d92a075edeb6360a9b8a5b07c60ffe93e18a2525ea433fb59763a51c4f1614ec57b3b97704dfb96dcf68080e3aafd58305616931b0099d8a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\subprocess.cpython-36.pyc

Filesize
34KB

MD5
f205b1eaca7d408ddf8bac114cc02590

SHA1
6a9b48cdd3cddba6cb977a3097d82d5112e2a64d

SHA256
4d3d9ff2d9d8a99f57a812b835e10b9ed01eea3ac40864bc4c56c996c89a3be5

SHA512
2ea5d806912b28883749e053fa454b9a0c038cb074a48dbcdfe69d3da44ee3c3bc8565a20bb27676a79a76fa67c0c7d21cbd3b9d7097c811eda069a8ca69f66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\sysconfig.cpython-36.pyc

Filesize
15KB

MD5
64c59fcae21ddd27c720a2d75c43d689

SHA1
c39d7775e22fb06b7fa092f2094b5d9d401ce011

SHA256
ecd54b2d8aac91e7e2ccef7682626dd1d6bc754197a32aa005cd4a02f8299922

SHA512
6c391204fe99b8942016852e46b53adbcbb28d1b631c73324b34903b3c92dd31ae080325fd4f184eef315208ee39ce56090b4998582f0901726fa3625e997708

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\textwrap.cpython-36.pyc

Filesize
13KB

MD5
abe4901610d98addd7bfae096a1f8b23

SHA1
e1d3960b5b9189a53772f2d910e0df5beabaead8

SHA256
6ed0be98460cd58a30844283915bfcb817e6829e5cea640db30af7221f029598

SHA512
a7d4c43d51b869677f729334b3f457b7ec1a44fdf5d3dbd9213c3b7682e6b7354c78f56fd5fee873d95713075f89b87e5f382534285e0394532b67a4728ea250

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\threading.cpython-36.pyc

Filesize
36KB

MD5
31f432b0d71c2923e040e6d64d928bf8

SHA1
a69eff23950e8a293c77dfa638863c8646b842c2

SHA256
5b8c7b076e7458b7bc285b125733e84e86e1d2fca33ff3e43f0154402020725a

SHA512
cce14e0f7fd08a3f4f26a10bb5c8b43c1840dfb42b021d38e77e90e5fa3b88c08b5756cffed0cd0f5f8cdb9afe5d4a3471eb081083630d5efa04441736ef95c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\token.cpython-36.pyc

Filesize
3KB

MD5
38ae33fea22443c05e3fe9fb8f446085

SHA1
e360dce7c422ab91d2242d26c9b03b9485a12b01

SHA256
7a0ff57a437086549aad0a4ce58afdc010428a4ade9cee403d4185b02440df0e

SHA512
3c69159a917d25f1f7bab87944e27f6f1d1d26cea86ba2661bce700b18b3fa44d7dfa54602b1c4c3e717520360242ab850bb2b23cc4e14c8024efa7ccb85b594

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\tokenize.cpython-36.pyc

Filesize
18KB

MD5
67f293b360305e8974570f256f002f2f

SHA1
4d83480c6fa050a1ccfe51628fa1398c4676c4fa

SHA256
e828a44a7899e75673898d6637710e0d05defd4f330f4c374820932688f8f01a

SHA512
7195a907ac4859f5595e8cf40c6c0e37477ea80c09f61e5fcc6fab1d85c3012d9e610bc2272b9ba2ba46139c33a7546f204ce0b86ab883573e5cd47cca631edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\traceback.cpython-36.pyc

Filesize
19KB

MD5
706673687df16120389a0fdd540020ac

SHA1
cda67b4dd3fe788897d6894b0dddef31c68da748

SHA256
b26bb82180624dae783f4aef6c55eef064c8dccbbc144588861c6ffe30a4c315

SHA512
6d09cf1d507a728c04caa1d8b8c2060e487025a699e96a63965269a2ac931d6f1239ed1d6eae76820c43c9a534301c20b3a92140d90d74d849520c30ba046907

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\types.cpython-36.pyc

Filesize
8KB

MD5
72f19f1b3a942d0cd24bf582a7c9a0d6

SHA1
fcd3cdff3214220e6a7d859ae66331c07aed0bf5

SHA256
6fc18e222012e6f591387a78e69647d62f20bf176be4412e3edc74c189d30618

SHA512
140e55a923fc71a9d1000d24715526e1aa952faae5d4b4edd5e378caef5fb892a2e9349914af63876149da27c318ae7c2e8bdcc2f02957a3eba432f2e1cd3e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\warnings.cpython-36.pyc

Filesize
12KB

MD5
b671500cad6fa9a23217328b64a426a0

SHA1
802052a660c8d17c72a27085804fac266be14447

SHA256
4e7d7cfded1e2e88d309be887611f7aaa8fa82819d79c095a36df0df37cb9636

SHA512
1d1f5c4a9d421696304864fe3551a8d3e7228a720f076a5197345d72b985913f9aa131154c3d6f4499983e8b37427a50c238b04b73e747e74c70ff4de815603c

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\weakref.cpython-36.pyc

Filesize
18KB

MD5
413543aacbc896e58bf165b7b18c770b

SHA1
4c1314e07372a23e82824e158eb6bf1666789db7

SHA256
2c35b9c68e64812fbd4aa53d3336cb20596bb2b0ea732937b57a7d1d7511ac10

SHA512
82a8b3d4cedfa7fcc652840f50b3194771298eaa128d46cdc112597ddd35ddd028099d30b2700c6a8fb2c7263635e254d2e5d96c9dc420be7a3b2afcccd56697

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\__pycache__\webbrowser.cpython-36.pyc

Filesize
15KB

MD5
fe46f43291dcadfc50739d33102e3e4a

SHA1
7a670756daeaa7a783d3af239038d4db6c71027a

SHA256
0f32452bd6ce251169baa410568c1985845e9524b667f76d15cc91f78825fdb1

SHA512
0475cef2a727c8036589aac56f346ab077c97ba49e404b669c416f9383cb27028af6e72bc28fb897650ebb9e48e7817fdb3d19d33aaa373774713c9ef4414a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\collections\__pycache__\__init__.cpython-36.pyc

Filesize
44KB

MD5
df50910e5da0211ae3ff11c7f3076583

SHA1
adc760403f5a6926161f7f9cfac573dc67b3f18f

SHA256
af002a14b830e7d70f95ec876c20fa2d5e65f225a68ca064793aab48cb79006a

SHA512
4a5926ece71ded75b9826b70301e9b04c9fce49e468e0fcc48e6f8c1185be7a7be885f3463458968f63c9579199c3c81fa2f50f9d1d3a5879b98ff4f449d7ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\collections\__pycache__\abc.cpython-36.pyc

Filesize
202B

MD5
23e38f3963e29d2b09e04df5cb2f7a17

SHA1
4c4b2b3ed76b67788e14e9450e143087cce1c6c7

SHA256
9e958c71d066add9442af78c8bfa0daca6f9b01703ec76dd40b902989e8b9953

SHA512
10aeab5f66560475f89e52a03c63680af4c77e437d1cf25baffcd779d15fd29bf6a23867f87b74c94ee11b8a4c99c76b4310b5ce07401ce8328085400cc69358

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\ctypes\__pycache__\__init__.cpython-36.pyc

Filesize
15KB

MD5
f2bdd3b9a1d9c8c669e1ed234d3c942c

SHA1
45d1e3b4f8ec6bf288854e7c7e26e98086f1b053

SHA256
4acdd7faad728ab925b4734e7f9c55bc3a587c25030494ded98c2252fa10961f

SHA512
9916599639874575fb38f0ebb9e36354a48997084fe81b3b7a6aadfdbe961617b26174f72b5364257397ad5753521184164cac7c90b636371709e5ed47aee43b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\ctypes\__pycache__\_endian.cpython-36.pyc

Filesize
1KB

MD5
e97ca7b8a2052f98e4c94a84ad030ba2

SHA1
4c20ab430a46187428541e015a2b304cc4138dcb

SHA256
abef2c40f092a84952903f7897bfb0b4146e1d5357ebed399472e80863212386

SHA512
df8062f260876e690939a35062ba29e133edaa6263ec978b7bcc076a7e5dbc8af2b10576f9a4261e937a9247f8f3faa19eca70628e40b8d199910cb04aac7639

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\encodings\__pycache__\__init__.cpython-36.pyc

Filesize
3KB

MD5
bb8a482e06e4bcbe0206d581d8a3b0f7

SHA1
1feb625657d93950a807899107bfa471887c2288

SHA256
8cffd9c71f4ef286eff389369f2b6aa98cd3461320a7883c2643497849f8da5a

SHA512
5f85288ea5e95beb1bdecf26769429811279387d70366382908768d5e9212a179443055d5a9fa5023762b5b94affc093f674ee3ebbfb691e7801862d21c0ec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\encodings\__pycache__\aliases.cpython-36.pyc

Filesize
6KB

MD5
0a38e6392fea8c13405e7b445cc4e4df

SHA1
8e16c0cb839e91c9abbf4696c2355d3e6a2b4892

SHA256
0eda755573385268f10df6785783bd6844d200a31feb20e1bbabfbfd75cec38b

SHA512
cb5eafc10d081f6cee2a150f9319e97afed823a47125387fd30ea8053e6f821021a59c6d64401faf662a0f5f4c8c02890a13910874040cdced74db5f65b6c63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\encodings\__pycache__\idna.cpython-36.pyc

Filesize
5KB

MD5
5b8b458321a461e13be8b2d9a957816c

SHA1
b8645de288dda79d2dd841528d7c3449e8d7f76c

SHA256
a4ee0c65755a3d93578d23c4f3283d38d9488ca430fa1bdb0404b02548d5be84

SHA512
c90b327c581b44615277df0cc9f9a56a4ecb0a1908918f136c1a84be6b57b8af23e19a7baba4033bcd550bcf91f82081d6340251c5c6d1b61d6b28c0b7b03ece

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\encodings\__pycache__\latin_1.cpython-36.pyc

Filesize
1KB

MD5
3b6f4f566f0606a0e3ede4603a64b4c8

SHA1
9caa4196cc7ad1d9139a9e97cbca1bd5c581f583

SHA256
17245657e63742cd5b6e8c5b265dd0f881487549c9970c610900dd54f4b0179b

SHA512
8a37f655d1b1a9ec3817eb8864e8126a9bba9f80b0f6427e1d903e4c092a10fdcda289ca7b0c7e93ddd04bb03bbed282de0530f73f9d750222903fc70127f210

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib\encodings\__pycache__\utf_8.cpython-36.pyc

Filesize
1KB

MD5
8846a08820da30680c30f95b3648de0a

SHA1
258be6db3638b11aa57ed6a555696836f3e22299

SHA256
2e502a916a1559387d1febfecdb3810e48ccb2be1b9c5551240c9404e5992d25

SHA512
0a0e63d735f2e028e528876127c50421488d043f39f5594a473757b893ebf69ec07cc84ff4b7350160ef7fa25a2eaf3cc59d3b7498262ec02fa06024536bf686

Download Submit
C:\Users\Admin\AppData\Local\Temp\{53202C14-F303-4048-94DA-F7A2FB5BE730}\.cr\python36.exe

Filesize
817KB

MD5
2d13b705faf7270b2860105a04a87d65

SHA1
b5fde184a3198619190740cec0be79fba0f14fb1

SHA256
118cea1828eeb67e93ce0d30588b9280eef609d3d498d3c2d56a44cc30c3d156

SHA512
9c6a238f9e820add15b7fbb56f01eb3a2597739ddea20e927a669e0aa2e7e2fc8d90a0c779ee4c6d8048fc08948a37cf3042fc5d577a153e2a344255aa5656ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8F902A9E-8499-4ED2-BD06-13E680B10ED9}\.ba\PythonBA.dll

Filesize
565KB

MD5
cf68168f96345851e641a6cd2840aeb3

SHA1
3f8bb6bd19645fb10e1bbb985a5d629011ed7227

SHA256
dae80265cba9a41709c80aadbad6c81ea13c4f498af54c3e510f604fcb567074

SHA512
6a4bdce0a4d2dfcbbcefadf1fa7957d2867282b91631fc7adbe0930e5f30b30afc652ce76797dfc8c5588d7641b046f2de1f448fbd75282f4b1b830c01244c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8F902A9E-8499-4ED2-BD06-13E680B10ED9}\.ba\SideBar.png

Filesize
56KB

MD5
ca62a92ad5b307faeac640cd5eb460ed

SHA1
5edf8b5fc931648f77a2a131e4c733f1d31b548e

SHA256
f3109977125d4a3a3ffa17462cfc31799589f466a51d226d1d1f87df2f267627

SHA512
f7b3001a957f393298b0ff2aa08b400f8639f2f0487a34ac2a0e8d9519765ac92249185ebe45f907bc9d2f8556fdd39095c52f890330a35edf71ae49df32e27a

Download Submit
memory/2600-91-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/3400-90-0x0000000003B10000-0x0000000003B11000-memory.dmp

Filesize
4KB

Download
memory/3980-257-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download