chimera | hxxps://roblox[.]com[.]py/games/920587237/Adopt-Me?privateServerLinkCode=17640943130383313804710157710804

Analysis

max time kernel
711s
max time network
712s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2024, 04:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com.py/games/920587237/Adopt-Me?privateServerLinkCode=17640943130383313804710157710804

Score

10^/10

chimera discovery persistence ransomware spyware stealer

Malware Config

Signatures

Chimera 64 IoCs

Ransomware which infects local and network files, often distributed via Dropbox links.

ransomware chimera

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sk-sk\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-tw\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\en-gb\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\de-de\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-tw\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe

Chimera Ransomware Loader DLL 1 IoCs

Drops/unpacks executable file which resembles Chimera's Loader.dll.

ransomware

resource	yara_rule
behavioral1/memory/4508-2452-0x0000000010000000-0x0000000010010000-memory.dmp	chimera_loader_dll

Renames multiple (3306) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1616	butterflyondesktop.tmp
4436	ButterflyOnDesktop.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop	butterflyondesktop.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 27 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	ButterflyOnDesktop.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	ButterflyOnDesktop.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
376	bot.whatismyipaddress.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\pl-pl\ui-strings.js	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\ui-strings.js	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-400.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-lightunplated_devicefamily-colorfulunplated.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\es-ES.mail.config	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf	ButterflyOnDesktop.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-125.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\MedTile.scale-125.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200_contrast-white.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupSmallTile.scale-200.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-125.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-48_altform-unplated_contrast-black.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleMedTile.scale-100.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-40.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-80.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-30_altform-unplated.png	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sk-sk\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-200_contrast-white.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-150_contrast-white.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-32.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.scale-150.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\video.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-400.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-125.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Snooze.scale-64.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCache.scale-125.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-150.png	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-200.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\LargeTile.scale-100.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-100_contrast-white.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleAppStoreLogo.scale-100.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\ui-strings.js	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-16_altform-fullcolor.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-64.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-400.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Images\fre_background.jpg	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-default.svg	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\selector.js	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-256.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\WebviewOffline.html	ButterflyOnDesktop.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\YOUR_FILES_ARE_ENCRYPTED.HTML	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\id_arrow.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-60.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\share_icons.png	ButterflyOnDesktop.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\39.jpg	ButterflyOnDesktop.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ButterflyOnDesktop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HawkEye.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentTesla.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "670756449"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000262c84e5c2a8b24db398d3ff1cc7357000000000020000000000106600000001000020000000bb85322d6e4bee66286a56fbbd87c52c68793b5d563fdce7ed14e41c10bf32c8000000000e800000000200002000000032f5aae3261b0f81c72099135eca7e17000646889179bcaa66a38462936557cb200000000cf32cc6997b3d6a923e54729c910a52bca0383dd06e7e48f7190caf3134fb8940000000de82e8c31b27551f4ca289e296ce1acaa0798e2cd40db7a4e5a64ffa96bc0f969721ed63e0f03efe66ee2dd873ba2e515ce1a222d89a7c8d3adbc9f6fc63d6ba	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000262c84e5c2a8b24db398d3ff1cc73570000000000200000000001066000000010000200000006a4a7483c9325561de30f90f19fdb399ba6b1683a7da9e7d70c23218a8496dd0000000000e8000000002000020000000dee54a9a42b50443a5d3f811bc37e1abcb6d908cbef7514d33b56684a2f32c17200000009307dd67cc581e1ae268ece4b1a03c96ae8ca47e044e7c6ae7419ed93fa7cfe940000000a53404366b7d8ad8316d457ff3c01cb3c7f63d42cec509b85462fc21756e53a35bf71ba17fe31fb5c00294b171724899e667566680ff7815c15aff1541fc919e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0de752925e6da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31122981"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "670756449"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5394C7B8-5218-11EF-8D5B-D6586EC96307} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "672471463"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f023712925e6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31122981"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31122981"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{98F8F5D1-CA8E-48D8-B49B-3E9D442CB220}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4924	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
820	msedge.exe
820	msedge.exe
3400	msedge.exe
3400	msedge.exe
3408	identity_helper.exe
3408	identity_helper.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
2624	msedge.exe
2624	msedge.exe
3912	msedge.exe
3912	msedge.exe
1816	msedge.exe
1816	msedge.exe
2328	msedge.exe
2328	msedge.exe
2528	identity_helper.exe
2528	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4508	HawkEye.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
4436	ButterflyOnDesktop.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
1572	IEXPLORE.EXE
1572	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
4924	EXCEL.EXE
3984	AgentTesla.exe
5088	iexplore.exe
5088	iexplore.exe
1572	IEXPLORE.EXE
1572	IEXPLORE.EXE
1572	IEXPLORE.EXE
1572	IEXPLORE.EXE
1572	IEXPLORE.EXE
1572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 4684	3400	msedge.exe	83
PID 3400 wrote to memory of 4684	3400	msedge.exe	83
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 2724	3400	msedge.exe	84
PID 3400 wrote to memory of 820	3400	msedge.exe	85
PID 3400 wrote to memory of 820	3400	msedge.exe	85
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86
PID 3400 wrote to memory of 4872	3400	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com.py/games/920587237/Adopt-Me?privateServerLinkCode=17640943130383313804710157710804
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8540646f8,0x7ff854064708,0x7ff854064718
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1828 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2008 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1356 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,8396134408167759952,13266338399663132828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\RequestAssert.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1908

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Browser Hijackers\BabylonToolbar.txt
1⤵
PID:1728

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1376
- C:\Users\Admin\AppData\Local\Temp\is-1RHDM.tmp\butterflyondesktop.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1RHDM.tmp\butterflyondesktop.tmp" /SL5="$70226,2719719,54272,C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:1616
- - C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
    "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
    3⤵
    - Chimera
    - Executes dropped EXE
    - Drops desktop.ini file(s)
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SendNotifyMessage
    PID:4436
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Music\YOUR_FILES_ARE_ENCRYPTED.HTML"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:5088
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17410 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:1572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:2328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ff8540646f8,0x7ff854064708,0x7ff854064718
      4⤵
      PID:4512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
      4⤵
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:2912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:2836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
      4⤵
      PID:992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
      4⤵
      PID:1580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
      4⤵
      PID:1864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
      4⤵
      PID:4080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
      4⤵
      PID:2388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
      4⤵
      PID:3812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1568 /prefetch:1
      4⤵
      PID:2004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16081184330527334998,13554173123258428536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
      4⤵
      PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2724

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\HawkEye.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\HawkEye.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4508

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\AgentTesla.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\AgentTesla.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\YOUR_FILES_ARE_ENCRYPTED.HTML
1⤵
PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8540646f8,0x7ff854064708,0x7ff854064718
  2⤵
  PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

Filesize
3.0MB

MD5
81aab57e0ef37ddff02d0106ced6b91e

SHA1
6e3895b350ef1545902bd23e7162dfce4c64e029

SHA256
a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

SHA512
a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML

Filesize
4KB

MD5
74b74794778df0b9dcafd8cc2177635b

SHA1
6bcfd1ba421937a901eb4eff49f1207ed8746a40

SHA256
0cc910fcb00c0ce8d6646f65723528d1d1c3b5e33dfe8cfc07b0f59db3a97b8f

SHA512
91a947149d1851e4a916f1265a01dacc04f87b1861b18a530cb6efaae5f6b7f6e1952a57b30ffd23cd54b5ba615de358b0e06d3c5e00b38949d8ac74224b364e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
e092e332f5db3927f42a7d1ffd51e5fb

SHA1
74d3b17bb142711383e64e3bc5ddd07c8ed03d55

SHA256
84cd0a7b14201b54898bb5aa451c4c6574bbfff388d845d385e93d9f9f0d1e1c

SHA512
8a978ac99bd7246f5659b59ab39416ddfb72711355e3d47ee63978ae4c6bffcf4f459fae4563f344f48f96c5c45d2233533329b2d115011bfbd9fbf91b6dc42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc9fa19b1a9107796b09054828755461

SHA1
1f5b4b626dcdd4c7772c76ae34bfe2f3a296444e

SHA256
c0336458ad469ec8d9c2ef0dfc5a0aa3b4a50976cbe3e1e77989c24e3510df9b

SHA512
44b215fbcd11d16c8711704a97c7283b0d10102b020868dbf71cadf8dd9a3bef6b9bb674624d77a5ff80f5d74941aba382d9f1496e44da4600e8d1ad80cf967e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0bba87b6749d1e02b04f4d0f4afb85b

SHA1
c9bdb939b89f7c4dd0f1b24ac1ce5981f1d3f6c9

SHA256
1021264df35e45cfbf03740d6b1cd53f1b896fa17a7887dab8b5b0e2c34f5916

SHA512
342581aa160c807208797fcfe1b263cae01845d48d7b3ecb4ac2e463af200c6ba61d8a98a61413d4b66aef29f2d30ab88e59bae3ed91eff8cc32e40c1b6cc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0786883d-413b-4fa2-b025-785abd29f3b1.tmp

Filesize
3KB

MD5
18a2b6c707126fcaf6e3a23364a29c44

SHA1
68a98fa6a3a25821cbcba5ba0b74a3595f76ab21

SHA256
6197a66f44231938a0557dd25fd1aa52dacd3d6bc96cc1a3663e1d1df0120460

SHA512
fd815b3e185a039ec14875a69b449a7f748363d4379e807df3ef96b8ff03ca9c688cfcdfffa4de0a98a54492c68612b89b6eeb4d5fc4ad2f6b012786712d6046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\35693f6e-dfc2-495b-86fd-1e763cd71086.tmp

Filesize
10KB

MD5
90fad50ec6735546afca74d1d571efec

SHA1
c11dbe5113d6f6a4bbc07ef0996699af07ada990

SHA256
a30e46859f1365bf086d77c8bc6720e8b4afd90960b6141353a4e900ffaa1902

SHA512
28178094bc95aa25f31bcee04418b456aa06b1bd5978d5cbfe4fd1fa18b1e22e6ebf05928da40d9384238a86fdb247cbaeabcef85d25c935b8b65efd8ce95cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96a8d53a-bf43-4801-ac89-09f1696f7c78.tmp

Filesize
3KB

MD5
33d592282002c0c74cf6036aff652263

SHA1
de528dad1960bbbe61ffb270ea11437e1c34863d

SHA256
32a3e5596df00da662e20da88be49de16fce6329d4bcf1ce3789226ed397eacc

SHA512
a2b7e6c3d6209f6b999dbf98017313dac4f55541c0e9a913e263479a310513abdffeefba8177aa95e0049d4d943b5de038c1cacd8976bd7fbb07edcbbaa5edff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
26KB

MD5
767407f22a08344bd7de26ffb5b815b6

SHA1
bfd1bf7b8d11435efc7857309cf9a6d59656ec04

SHA256
8c5b73ca727286f64525c67604700c33585d5ab539e7b406ef7f2f910ab78814

SHA512
1dae1908f3eb9b9d288c5b66c6e61fac4be9bcefd31c699a72e8f2b67e29767e712b48848754ff70cf52f54c6f2866e1fcccdda702065d9ba7ca68804c7845df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
27KB

MD5
903acff81aec95fb624ad47960f14af1

SHA1
de8d7f3ae08621987d76e176118e1da6a7c2475f

SHA256
05d439f7aa4807ebfe90919429e6c6d352ea3816ce6a9592f4df42c2b22871d8

SHA512
c25bcf91200f1ddd174f17f2f95e3292cc8702884c3c0d79803a55effbddf66f43b7c243644c12e788cc1367d2f335ca67e07ec0053b066820719301693db767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
25KB

MD5
b7acbc2406a7f663f4fbe535b112d734

SHA1
602ffdcae76ca3911638870f244d16ee4522a11c

SHA256
5d3df9af4acbf8773676af0ea887e966bb0f8dcccc6f4f9040d9b6884d3ba51f

SHA512
6b20ee9771a2b9234bcb4ced194b1fe58fae7ae75a3815b740b0b72a9b2a58be77b1ed20b919ea8a9675eb8f708a1b4df37ed8c013549bb85e44118f1362350e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
17KB

MD5
e193b23290c93989184dd7c03d1457d3

SHA1
cd44c062f9f78ff3f837e88e38370b92e1d35ba2

SHA256
773fe3aa0ad02933d8a62dce0be695601e82cfeed9fd5619eebd179ee249a776

SHA512
f69c0c4d858d7ed1debad2707ab682b84467de7b4e38c5f4fb259e34693d32185c4b9763116a65f11387f90f964f4c9b14bd9e29017689b14d79e30a17cbfbbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
bb3cc1cff01bb1a05702615fecc200b1

SHA1
81150093d525ecd7af0c79926169c1bc416a85a8

SHA256
74b84616f5be24eab813423418de0ef4df7c5ca55ab908c35360d1ff12c3dfc5

SHA512
346286b19087edc40f7026c70f0e247a76926a385cf776785e25ef87eb9387850422753c284dcdd4ddd4fdf1d9ec86de7e8a0976ad72b6ab9815754de7c08689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\087a9ba7525de3eb_0

Filesize
122KB

MD5
38760e88d8d7d287e979c3add267ccf7

SHA1
2751a010c610f293b466622569f5af890f7b2fcd

SHA256
ebf8354acd85d9b51e8a03f781bbcd6ab1e729efa2ce48a344a664a7e1dd14a3

SHA512
7686fa92b0db9c473c4bf90ea1fc7809cbceb82b33ff938f54d74cfe6a26ab4accda7190917e2e5aa6f3d8b53dbcf99495c7b798ab5d4c0510202380fd7e9628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b866bae334b0587_0

Filesize
177KB

MD5
d68371e8e62a92542b83f8d4705272c3

SHA1
266aa28649c11b69bee7e65335202eeb620f3f2e

SHA256
d3b6c90ddb282b56908e690b53e276ec0c0b292676c76428af94a8f85644d4c9

SHA512
6c432684c64e9126ab00d2d1de02d63333ffeeb055d8d1f16c59b58ea5cf8230431ef8e161769b610c4c8ba2d93f297f7da11505d3b0d27e90225d84767b599e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
eaeb20f7b899a80d4c81b5f4c864b060

SHA1
f7be8cb739593ae16b304b01405c0cea73076fd0

SHA256
867c8defcad775c62db6e7f5b2788612888a40174f7a9512e565b376d60f5bd1

SHA512
292d9c3f410de5dd6395a659a6fdf5eb343bd04709e87aa344b86aa458d6bfd7d9930f13656bd93373415acae4ccb05b2992d6d3eb670e3cde5cde3249caf2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
3KB

MD5
fcecb4e151b91720a5f61c2241bfe43d

SHA1
a59cb8bcfeb994e032ce30261d46036c2a283916

SHA256
5407b09f44d80a66b07b26c976c51c6f453575a61c0ee4b9e2daf1f554982cee

SHA512
35b0fc0ce828dedbeb5597d6329b0f6d536d8bbe016e060bc7e3a882b362552d28759945b64f44f4b855508ffca81a0da28056aa6c076852fef50963e8cf8c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

Filesize
4KB

MD5
6c3dca5115c3077a03925bc377e14857

SHA1
30d304fa9151a5bd1c35e8d41ead08e5b5d88beb

SHA256
f3689e58012afa282dbddf0f0ea420544251a164b629e845a209006ba66815fb

SHA512
6f66780a0d39cddea708b9d02d28858c19e605fe1395023512bf2d75f20c8fe45b24ad6879c12ffc23a5e2787065e8b43130c3bd2ceb8aa4e676c29488376b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
3KB

MD5
d3c6d5bbc8dcfdd4320a946682fa9cf8

SHA1
a3c59c0f3c96f9215c366b21889efefcb17b70b8

SHA256
e570d2eb32a283235a1316a61a5eadfb9e752666c34ab13760fee09482a42d95

SHA512
dc650a86dc98ed5cd4d20924cd527119cc90a14ca8bbd379b91549ed7373bc052b0d7828072a2def47f7009c382b769b16461e04b3c367e8859b8a9149d36554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ab9b8c0929957e2_0

Filesize
175KB

MD5
aeeb151a772516a065959549f4e36f4e

SHA1
e2175f766ab9918952d9f78c6d9312cae4533ea1

SHA256
77906742d1d2bf5ed41bd11c3054dde5e89546386328c724750633deea6cd5fe

SHA512
fbabe2c5a68fc34e8db0a66d2925d2830a5d1bc449fc2287790220a41e68290beda401c74e6df1b3701adea5c26bb057916a803b09e940d73e7ee4bc0c5b8ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f003113425c0ab4_0

Filesize
262B

MD5
131b970087048ab16c08c182f2bf2425

SHA1
eb33dcab0ecf999b3a3dd3b33d374c29fc90b8db

SHA256
fd37ab9b5cb5ce492ad7ba1b05f051a47977871dc980c35897662566ecda4fc8

SHA512
3148cfde1dd27f4161da89334ad1d0cd583f080b7a6ad764b04491bfe7608a0fa0169e0b7ac50875d3aa424c301eddbef633ae86eaf452a44d339e768559a73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0

Filesize
31KB

MD5
e71a3d81a572a6dac2d4d6175e67df50

SHA1
cbb3a3228791b5b1281ff406b0fbed3196a9ea4d

SHA256
f7556a6df7bf681d3edac7895ce6513c9a45c29ceaf213ebc80a57c774a50358

SHA512
da0da665319c176379bdc6fefcdb42fba38eff1c16fde5580b7b0fc399fc71acb3b55c5564550d65791b2a695d576c240bdea0431e2ae0d19b745f4a2a427f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
2KB

MD5
1bbc14ac80e1a3f636f65b87f44e5e1c

SHA1
fd0b1e269bbcfca95d3518e5ad2defac8180a5c1

SHA256
6abc4f4aa91efa34dc0a262b37ab15a7d5190a2e1fd407a09beb1606453b9ebd

SHA512
49cdfb7e606157975f064d4207fd36db0cffeb4cd5d5c50c4e0780d3cec6cfbe847a49202315d7b11ab8e91f626763676aca42eadc9b9248d8cfcbea07647ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
f42749e71ebde98a9f058db6d052e38c

SHA1
2008d6e1616b62be799f7955e40b19055fdd1309

SHA256
547238e56e07db1f9d2601b1489b744b2a21dc78b04126aaac4b890bfee336e1

SHA512
b06d2d764e62f820507a6e04ef158ce06dd71d6d315cba6a165a2840ec74af8408bf35ef0ad8e3fd5c0e9b1d49a03c2cdbf7d63b979d69adcc5c69cc66cbc0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
b483364cc6f423f954bec752c8540c2f

SHA1
06401067977c58bbc5850d0518ed586cc739d06b

SHA256
e64f77200eecde18eb0be7e37fe71fa6e11b5d044e2f295f8730a0786122c850

SHA512
68d52e8ec180c5097f19799527b176504eb1d461431408c14fe6bfb2e34b7cae47d178b5ee44c131d3c79dc2fa4f8c214d9583926dba4f53b97f70076211465d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
937927dde5c7163bdea4054d36ba55c9

SHA1
958282eda8ba6cce085bae65a0025c6b1279be7e

SHA256
9768cff3177416df8a6b27e0939a028eed28ae40ebf7dd2a50426dab3665abe6

SHA512
5b5cb52d3049971a23dbd9f779c18749a049aa4285723708370eaceee80b06fd81b6f79ea5d01b46dae61f1c8b29060cbd93e26e05aa28ee96b2f00b8cc130c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

Filesize
11KB

MD5
24134bebb702474119f13183f364561c

SHA1
54fddc1b0d1d54843edd7d54f72068da6a238254

SHA256
212e7886576a5b10a2fbbc83b569e33fe9c633d6f936760af529aaf6f289573f

SHA512
824de937b2e21bf7d9a52c345c6dac293b77f286d264db1eaa11f3ce74f863de2bfe16392e2a16950a7e05232b102e1728d98b4a7253757e95c3e90f2d44c709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

Filesize
9KB

MD5
f0e32e3a5df4a5fac5a5a59f69acd832

SHA1
92ec12d031ddb7df2898ee37dedb07e4b28eb715

SHA256
09a09e9aa3deabec923908863945fc7f85f1403687abafa50204ed08d39777f0

SHA512
ace83f0455414d75b1fbbc68ea90bbe8d0cc8cc18551341d0aafbeac55ea9a6a01e6df6bcb1eacda87ae76c69d9ae2e9a156e07b4da1b93d69266deaa7f95dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

Filesize
5KB

MD5
a2df560751d2c3c5dae60c277d57594f

SHA1
6fe89b16403fe467db352795165edbec880b3e67

SHA256
6d1be26fa0ef8c8888177d311866ee83c0040ef78cf7531d11c589b377a89e9d

SHA512
bc39ec88fd2773ec70ee120ed4d77e261c2429bafcfde5e84b48364f3c2f50f524de2efe161f8163b2fdb06712451440a5cc1e2810471f92f907ff4d636212c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
6KB

MD5
0a0172ff5cde672bc4e565697e03c4c2

SHA1
df4d4bc692ccef440619050be57fb08822a4fe1a

SHA256
610a6b1900ffd47d3a82fb4fde28de8d574a8249583ed9c9504815586aea635e

SHA512
e886ee9e337a5a4790a7b7eabf3a1517d7b94f56cce37a4155fcb3855502a6d00ea6197b14b8708b8e2e237c6ece179a171b45b8360ad8351c9ec1d869a603f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
13KB

MD5
576801a4f134a39d598eef4566c6a683

SHA1
d8309d84f7534241ec55919a4044a1c9c1309583

SHA256
6efc3bf9f7c44fb770cea73ce538efa5b0dfdd06c37d863de015701b2a32ba5f

SHA512
aa445b589534e1606c3d7315acdd94dca1bfcd0e61a1d752380a88b402f930dd75bbd4f7417a0366db8689bb0ed885521737f543b59fb4fecdbb59d3c1596bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
8a0350f09dda0bff69c9a1c564829172

SHA1
141d25e416095bb509d52238b364e2ef05fa8b43

SHA256
51539557e35048ff82ec2b6aaf3e631e8cfd3a155e4481225ceb647322b6ab93

SHA512
f7b304a995381284f6d23db10b9409b9a07d1e0224ea2a87a22d256ed8414839e6b3f4cd8956bf8c927837da79ea3fd1634401b84ddc39fe56af4cd326b661b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71e3fb1a25b5fdce_0

Filesize
433KB

MD5
d9555f23a96fa76fc03ae6734820cb28

SHA1
690d42013febf38bb1de67eadb3200012ff79330

SHA256
7fb82f8fd28e25be6594a43b90522240584c95a6c1ff7f4aeea4d7d6e6334560

SHA512
008bd4df507d8cf17eccc9e2cd4097ab9956f963af4331133115190d956409d5af3b6b0a0d32ca3ad1daa206b7cf44f0f069e4951a8892cfa715970afb760dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
6ad7fa31293fcdd9085346e1600e8293

SHA1
4f815032f4d39d1b70c5b0f262327821b3b998b5

SHA256
6629c9183b550d91b0a79d820cbe88b7548ae94385500b1cbf3791629638f130

SHA512
a21daea77efbc594ec7a8e7bc0acf7dfc198a7bac65a35ab192ff343b40e963a9576c881ad695adb195f4d158874aae8614355fbda87104ab8633586d6283a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
12KB

MD5
96758042f8bb0d1b3316c4901db70c61

SHA1
19ee94cd3c34022bbe5ce213463b077bc34de0dd

SHA256
6142fb87d2d3b25e01c04978729ee83475d270640750157b04de015f627e1738

SHA512
c0f2ebc9d4a9451b704483c32596828d5d9d01a1490e4a615ba1395ba3ec61450cb53f082e454b70a9cc51a3c15541516c93e47ffa8af719a0d26b28b0b99be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

Filesize
42KB

MD5
6abb37e6e465ddc47e01a9a43df2ff24

SHA1
3507626301f54f5f8f2a7e0a25c963a49882dc46

SHA256
86bd208f8a679d29d2c17e873afb0b7e401bc51cfab763d01abf3275a3de73a0

SHA512
e8b0974c6ca2831af21d99f1469b42c3d145814bc24c5c3f9424e08718534ba29bce4d03fa91d850590f4d7ccff4ca79c02012ac1adeb8bb2424bedc8c3e4c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e823ef9efae49b8_0

Filesize
5.1MB

MD5
c49699a12896143801d4c61ab513dbce

SHA1
468c84e296f46140a692efefbbc276b41b3aae64

SHA256
f8dc5ec825b6804f2fcf881d7f4fcf7b8e290ebc4e543755b09ec508c39aa411

SHA512
7e6e2f410178d98660f42f92277f8b93fd3969e074dee7d4cc7512889cc392b13be923bb1cc1043c837b8cb309ac7329903d7694e661da00281df4464a8d04eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

Filesize
6KB

MD5
d7f79e32eaa03765469c25e5216459e8

SHA1
d7ab82b2defcb3f50b1ba532dc5cf9673281f6c2

SHA256
377ad3d88b6f3dd123533f2635be4d0842ec02e2e2ef69f209584d8885c6f394

SHA512
771c51baf8e5122bc710cf230fd62929d57489fef964f07f988e7b2c441a1ac6d0decbce791edc3cba29daf3bf597745cee4990451ef55f25a9136937d14e89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
20KB

MD5
9ccbc68e91446dac474be514c3b61971

SHA1
4347d479a413fa433149a4eb09e25696b2fcc6e4

SHA256
134b6499ddecd361b6f67c4d8bbb16349ec4d4fdd388cc333c0452bb340b1456

SHA512
7bd40d8345c0f96e9914465cb5eec2d9f69f66262d196e72d76530a44b54497e063bf25801b2aeccf04cced9f508ae12d078b3c6be0e4520261c0aef6b2ae620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92f9577233dbdccd_0

Filesize
249B

MD5
1ed38b5c6f4a57b143cd150b8a67ffd9

SHA1
75033da5671cfd15436695e2c0429d56989efdbd

SHA256
a7ff4066e1588a7aa4faa166fdde46f6e0a1222d04218e0290184f758a45d683

SHA512
03562af6f7a5306b2d1a2694e6b6c072dd81022a564229a01504c53a87702843aaad77c7e74120754d8b2b604886e865fd13dd2315ddefd713f8a670f43fcdd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
cd28e67fda5f53581ff5e394f24990a0

SHA1
dadb84f11f8ceae190cbd94fd4ec9b03b90cd175

SHA256
d1809e4c7a48f415e2f6b661ee6d83f654ea4846cc486a13ac1027370b5f2d1c

SHA512
2f3b4920b8456a415791fb52642b3be023b931c2893d129e1b498ace17a716525b60c4c83d0ce5530295b075f1eb1cfe066fa22f58bed331ff07c3ee7ed153bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\957f3f4e0ae6e0a6_0

Filesize
77KB

MD5
33a8e3c715b12c935f883bef1bfc5183

SHA1
a0d982396898dec7eedc020d877e12375f84196f

SHA256
917749e55f8b29c171f866cefefbb5f4cdfa35c2a46caedc55b0a618bc33a4ef

SHA512
3ecc2bdd911e2706b310032447316c265b9654329e6af3d69f589a97dcc96ebec55223c65ba86d1bcb6a4a5d6cc1f33e9d6bcbe3a68e32f9573ad065bf17992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

Filesize
1KB

MD5
f7cb30c5d093aec53c3d33402b29589a

SHA1
49f67a5078c7a3d8f7c217d99decb15cc10f1a98

SHA256
5a225dbd57632d11aa66871fba33a5f6f6e44b218ff124d96d57da31f92972b2

SHA512
02c849f8eceb48dea92dd466c30a80c3d6561857c1453dd0a3041fd8c9aa316b502a9af8164f88423ed00bfb7ecbae5cc654286eef2ecb6af2df4e25d737e8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
d478b5058fd765d8ca584049bc7fe45a

SHA1
98997e44937b71ed3e296b1f47da0df43b8b4bfa

SHA256
583a43c13cfcaa5874edc34c476c817e3597d0224f673a93939e32883af43f09

SHA512
75bdc59569119e3ef4ac0c0a7970e286f144da7c0bb2bde6211b21a100efb7de0ff850439bb9a5e679a224c9eed89a80350c182f138faebf5a38d6ea7962d1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
19KB

MD5
de1aa31aa3ee82650284cf82b1d54650

SHA1
cfa71babe682db342e976d1977274faffa58c075

SHA256
31246c02c20d5885c330c29759dd5ce526bb0ffd4eba4f94646235999f5b9485

SHA512
659c2f7e97c3a2e4b1aa3c58a67bd5ffc5f5ff56e9cb3bd149ca2a87a5bc169998d4bccba1d0681b5e5674b45c21181300b1c84671aa68128a3cb4f87a567b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a51ef587dc6dd4bd_0

Filesize
7KB

MD5
0f78f7f3e4b66832cf3d44fc8b745779

SHA1
3f2ccc5c8e84a51ed577f20386c36b4a1dfc60a9

SHA256
b364ab857f9bf10b05a38102f80da3092419ed40f12da20e9314c1bbf22feb54

SHA512
7ec81d1f947d82c4aeeaf5e78ee6563e90d73068f571a0d0c4e575ed4ee7bd8de1d9e55cfe873242e4251ae05e1bd628d7f09ccd0f6e08ab9e15bf620fa58dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a614899219c1f2bb_0

Filesize
35KB

MD5
4be4a4c4a42dde3c4839ed5b236e208a

SHA1
363fa72c0268b9d898a3b3b9a4762d897ecca391

SHA256
60d84c341cb87f652d101869582d54a00ccfa25759cd4ea8d1b6943c23ad4e6f

SHA512
79e640f8075f9ece5bc6ca463f2881bb9e55d399a608e616f3a7cc49b3bb19ed6f20f8f0e5073073e41ebfec5610b6d5dc78553aab917f8e80e825ea728cac84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

Filesize
3KB

MD5
a688c6c1c8609f205bd5dc38c0c324e7

SHA1
80726302abaadd523875bfa5c42bbfbeb315b9da

SHA256
44d020681c4ae6c12ffb5e9d5de3642c6769856eb77de5548990d11dfb34b258

SHA512
85c9eb5f9e8be8cc5a365c296e3812b6e03473593050161e48b1c0f6d6b7746f8d985ddaeaea48b77f10d7b18017a18287324138cdebded5658e15f0840385ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
bea525240e63c2b1e39aff790415df50

SHA1
0f417a0c1f8f279886f1ec5f9dcff7c1ed51a631

SHA256
89e1ddc36142b1c7bf3e011edf068bfb148ba67f426cdf016443b356e9549930

SHA512
e508ed3ee6910e92f7d81cabcd257276502d72ff2547e0a9c77861222f4598078788cf740675c0c8086dd1c586d8a64d5d5510cb5adc054ccb7eaf79b0a0deec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
5KB

MD5
591b9d19ce8824b66a32d91e60c99bb3

SHA1
16ac88ad37653f9cb2c46e228ba828e6ed351785

SHA256
32228771eba17c68f55279563843ac25bb6fb1252ee92686db005475a4a1f74f

SHA512
fd7759577908e17b3b2c1771d4231fca1f4ab637294b9abc8902f6b596139fdfda8969bc0b314cc02b3601ba7974da0c6091f44c51fc3ad009308213d04d24e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
bca509a3d83d49f398b7cad4f27ff7f5

SHA1
8568f5860e2e9474d67d7a59a8f5482523779856

SHA256
488fd92fc2d3c5e02d45c0c2a228ebe65e13e18038446bf0699501aa9d7f62b4

SHA512
0c379457eafe6574ada5050aff70e02f6769bf8786664cec4ad85854933ccc54f8774b3d9eddf07f1128c65c78d41f20f1fe23dad1160331c855e3d139ee9561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2a2ea4987d45e0f_0

Filesize
26KB

MD5
cf479cd73b48404785f37779fe83caa9

SHA1
d587546c990b4453aa67a224bfcdd6f6b4ed6bd2

SHA256
067908ebed404427a9d44b2eb97cd5349bb492de2d99f6e04722099f11e675b9

SHA512
a2e6f5c8a718ccc0b330c8e5ec49c65a7ef6786ad21267034ac33059cca05303aabce70184e9ea87d370af9a1b96e44932e17c5179f80b71b403b27c969a49f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

Filesize
1KB

MD5
db8340bf56af07e1efedff7b08117c9f

SHA1
9f97c8c846975d651d1979832a001f197134fec6

SHA256
7c1cf79e6f469087c2fedec6ab4b03eeb9787cca397dcd18a2dfaf2a079c1f0e

SHA512
7f2e5946a5fd6beea7aa40e50cf1d557542130f085b678768cc5e7d073ed4824b7c3909daba67249bd8772124224bbce8789dc92d15e2bb90f8ec89e005b896f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
3KB

MD5
b3360cad73f3986a8e6edb393e08d24c

SHA1
d8c49ba9a69d5235c233228f8b4ef00574208f3f

SHA256
af16b9e140e08d87d5ef1d50152b77074a52c7ae0269b5c005ef89505925be86

SHA512
feb08ade377621c13bf3ff76f62c7fa33a6366d12360643f272aae0cd3456949fa7d52d585bad4bcef0cc9414c803ab0afbffeb5d99c02fad24e79d0e184a3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d0ba0553939563e1_0

Filesize
289KB

MD5
5bf99c2291c5fe5fdffe56cfafc24f56

SHA1
0f4bd30a4cf908a1c7aece0d56cf77ea71d713ce

SHA256
3ce8eb70e62ca03e4a307a40f265393c53f29459c6c82dedeea5c41609d7a904

SHA512
4dac9f743d53b9b8de8dd340a42e508dd17528f979bdd71c313eaa3e0e2299b258cdb6f1ef8ddbe7ac5337123332116f59b1035ee95df49bc025b4816ea8c1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
f27e9187032babd8865575e2b3415e16

SHA1
bad912668322c68c8a66f755c78f290ff122a536

SHA256
19f39fe00457b180e935ad7970968b78858478135a055421f91c5f50e781ad69

SHA512
aca8b90bc08daf21710c2f9ccb57f3d2c99448966c281f1b3fc9e5ac141aad18552ae5bef6089d4c24d89216977a415935e7cde318291c77650d3eed0de1552c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
5fa7db2168652b77d5c76da08795e6c1

SHA1
c9ab2eae11bd0fec48e3f443c4e311ac12d60202

SHA256
c733450713443a94eef9dc5c76c83decb4b0a6d8128d860ccb4b7e4944b5e1e7

SHA512
81a43760d4aad6f03e23902ae54b0290806e54b9b802918a0d25ea6c17e38f37750d507785385676750e6e72a970d43fc70136568022f6d12ed71348f0d944f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

Filesize
11KB

MD5
16a9df3b6875a7c48905bc0d7323ccc0

SHA1
fe458545807366a354ea9938332504b537362acf

SHA256
bbce1bcf2ecf39649284cf9a7550b89efabe5da160be1d49d3cc7d1084c2242e

SHA512
1059b3c8f7466c5b34385a8fed9c026e6c12805a23dd717a62fa0ccd1977ce007a4de76b1d6cb52282dee44912c94f2e77ac1027943580b2339f9255a748f951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
3KB

MD5
2429948b60d0309817c7a8d11c6338e3

SHA1
507ba4ea89e2c8cacefb5c84964e381c71d97805

SHA256
7fa257b0f4cf6dd52164aa79f8c05672be1a0c261a4fdb62db10bfed323b059c

SHA512
652c22f4225112c556189838dbea8a83c617b60f3d65cf02f9c5363844d0bf02510821250137e64890e237997e0d1c3b8b10380ca715dec8969458cc0e2493c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4384637ddacf994_0

Filesize
33KB

MD5
32fe708be7d1155ad99ab549c04f86fd

SHA1
79ec3c386d3e2ed7bd539c82d2c351069ad9de6e

SHA256
7e83fe02a5b10e31f15acad49e3b8b9d32bb2fc096ed04418cdf5a9f04a98d0a

SHA512
b69ec28813aa8b883bf70354b60ad170aaf4cdfc5c84389b9a73a95bb7ec19a1096332e969288993d7a816c9499c2c423041db87fee626dc338d5a2bd0c76359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0

Filesize
4KB

MD5
e1a987fe40ac8a665e476bb331071d24

SHA1
e5ac124eb97c026863242430e893102b29908217

SHA256
acec015b4639a57d7e714f5900c0336e358719adebe9c6d9874096c99fe4a96e

SHA512
5b3422ff1bbfd4c03a0c87c3202a7cdb6175fc9d4d385f07b126d49de5a2de1dd2dd7fc004a6456388dec51debce8ccfc4cc6c8305764dcda359587a6cfb44b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
d7f11f5b105a4b58b11fde9c8ee90d16

SHA1
03e8a5dc331f2f2fe4aeaec9cc2e4151a22ea6be

SHA256
0ffc3112e4c7ab3d3448fa6f764928c290741e52d4e6422a7b156cba22de2769

SHA512
830c455067d1a2ae50f3fea653693a5c7f51b1bade88eb79cdd1e859fe3b03bc8e7ff2cbbb5f5b0fb15dcb8153e55149fd0bacbe5329e732664d652955dfc963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

Filesize
7KB

MD5
0499fb69889f09d0213961e5b7c4dfe0

SHA1
5221e98afc179126a84bfdc930f24d6347a578b3

SHA256
537efaa843ca8301239561cbc6b2535b9f38927520b236a33742525d4fe2cdfb

SHA512
649d5cf278df700b53047f1d6c2f6116a7533ebe89781985cb7d1d521327724a44ad6a9287a1931063497831951be625f987f785d7cf4f9319f27fd54987e80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e910f91aa39d1383_0

Filesize
262B

MD5
f65eb48c2d0dfa076d46f536c746455e

SHA1
7429b6275809e2e9a13785c21f8b06a4320c4606

SHA256
cb2afcf28b2ad5eb85b7896f9da2676aff14036986ad298c291056edf3028b0f

SHA512
e62b1b21e3291361136553fca18658ee277692c3e7a30d4fa95ac318bcc142b27a937a25b7e6d8e517088478a28624c032769a90d892cdefe23fb67fc6c6a855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

Filesize
7KB

MD5
2a695c6e9651afc0d8c9ac804e5d356d

SHA1
e31a4200715477d950b9fe70d843039678ec7e19

SHA256
197cb1ff4b4a33106db309bf6085ec1dd68df9474245e8df1ac018b78b9eb883

SHA512
b30ab872e2ef980a3cf423689b7adad098275e1f8561c7ee13f64332397866658214a53054cf1105cf34ae77aabfb9e023587a6c550ff1d949f9a5a3802bc53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
c4582615cc1c9638a52f35e77edea497

SHA1
18ea1169c9f2138c48566f4a0c91310074da7ff8

SHA256
b713c0131560d325313ec90a8a927f3dc6a3a21cc8d25bca385a697177f74f2b

SHA512
f2afbdc13613b11f474d6b74956d169474ef9e90b690a7550e7277180fb99ab586ec5f06f4dee5d4733e271ee2c84ce50b4f8eb51ffddb856fb4634b2e0bef7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
3156cee28c12625a3b46cd9c0452c50a

SHA1
239b9b5ac1de88a9bcebb27f14801653c51afa45

SHA256
c56b71320557af95c82a2670919b11175cc7a800f0cc450aa08105b783dd6b1c

SHA512
1c8937e91d734e49824b9e3479060b6a750657dd85a9798a35bf738dfb7e31db37ba6a79bced063db94a131e43f6153de94255807c439c4345aed3c973c58e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f4cd1d1d887caff0_0

Filesize
262B

MD5
cc86a7d5d105b322e3ce0ad76918b297

SHA1
1ed8a4d8f98a043528e313f7d860485bc00aaac0

SHA256
a4d5f8c6cf87d95d1b5403fd0f6f1239d3f0b94435c5f83b64e629569e6ee43f

SHA512
622a3af56121983d796f51182c46519b894f5cd1960fcb55f3088dc83880730ba1bd5f1be8278f1b536df3469294e0a17802e1cdcae1f2db8141cc0581c24b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f54305a5be4c924c_0

Filesize
17KB

MD5
b91638cf5109009b67f8b5acde582a05

SHA1
f83135b46c722d50af2bb62f166aa1d398b51da6

SHA256
2c84ffe41c8cedd994cb1ca0575f8872d052eecd3ff51541b8c6656bdad50f11

SHA512
c15c76867c0169836f402645cadb091285c02d4be5b302274edcf3952aac9596f1a8aff1b0249b858c3d4b9b033f4c695e8c955687791a3f9915eb954f44f712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
dde657f8c9ad98fc3d17c8949eefd7c2

SHA1
35fe79ec27a28655b711fdb65db7fdc35ca19428

SHA256
62e3771ca96aebea8ccf4566470fe105eeb968bbabdcc2f867e1da1276e12a7a

SHA512
47ed3c546c51d60f9142c57c58d3d5a44db7425dbb365084a3106c944943c0ec8755cc791df7f2c6c151f6c04509b1bd1223d13b7700c837351d101d0cc7ea63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f62c9874921ef1_0

Filesize
4KB

MD5
57da689e0acdf1b01acf3659b6e58d25

SHA1
f02fe1f501156fae2ce62fdbff2e068bddab0f19

SHA256
3f32577aa04ea96be3472344c190cd1a2c65a80831ada0f84f109335bf050639

SHA512
b352ddd54c4b28e239cdba7bfaa6c701ce22c87a19279312dab7f65dd22f0e9bc1a93bc301c8e15c5c7f3258ce954a22074852d9a82e9ea8cf0b6e8547b5fb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
1efddd5e5bfc93ec32177b09b54b9ab0

SHA1
29a0df71c4213f72905db5c8b1939cb0468c3109

SHA256
5ff60e970dcf922392cd68fe38ab54348b0df058ea9c28037af1e14331f4551c

SHA512
66356ff5f9b52be96084199b922913dd2731f7bb651b6a3479b8430a6f720c12afc289797bd2cbaa403bfda12ea40680feb15dbc866468849d86d6e718863436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
852eca0f008e0fbc6362d3324ace44e0

SHA1
36233cdd359703022d3a7b6dca88b48174d8f313

SHA256
02b0ff5676350795ae26c88475894310afe29f033197cbe66e8e085b28c50528

SHA512
382a73581caa1e776f407ddef09f7dccc54f11a942231029f11be7610dadff2f801bfae4ebcbcd360a2e9e0b96c4f1018c08506e79c9a33d11403bbd76597f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b01f7db2f76e991bda448849e51a00b9

SHA1
a11870ca167dac6b7b08eef7a97b4d42940cbb01

SHA256
9e945fc3033b548473ccad61ee91a5c9f6942d9857083933217d1d1b1c454f62

SHA512
213fe3f79afaf7864d0fca14a60abff442307d0e370858277361b14882a3d22bedb54d552d9e14238e5dcc57935a25432c855e808d4638a18ff5ab9a8280d5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e09714dff205c93218b9e84e0c0172d3

SHA1
1f3ae63203275368ff2be1f3199d6645c1f85ee9

SHA256
8b55186a749fd7e92f87b9c4f0bc46dd8cbb75e0837066fded770872fc070f9e

SHA512
866192bb7cedcf2546077991518edd1abd1776a2d5622ba069d9db30e3f95f743ad623ddeb1ef4de2d87f5d89638a0bbf48d1f8c122286d2f4272fe4c37a5b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
cd845b6c601d81fc88e3710555c9bd8a

SHA1
057da60fafc50f5c27f4ce20ce5af4fb1ef89ff7

SHA256
8ee3d786b08cc984349637ac0f6f6df44147784daadec05a323e4396616babee

SHA512
c5356d00f413010c56bdc943bfced8594126a98a9cd071db31c60b58d59b961c15927a5bc4f35f2d42369c13f1f79d92e8069c23b46cd3d9e009aa6d984f49e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4e1ee25c0eece1f5cfadaa4d4d672fb8

SHA1
19669f3ff45aab68522c413ab7a25f2bd93a43ac

SHA256
682edb6bb1c221bec741e861d366b232a463146fbb68fc2409586379a11a52a5

SHA512
865449cd40092a2fb18eb8df897131dfaf5e8fe73b797b2896d5a7b07a5a95c4fb7ac58ce6757a98aa27391bbeac22bf037596a497e8afcb393dafe5b91c74af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
ba02ea0ebe408c059d237367c9d96dbc

SHA1
e498f9d7025b6cca8ebdc4c06346df44a7c52439

SHA256
7da39ebc49da79fb340e649d7ad3070897d06bdeee459a1c733e9a3d112bbb49

SHA512
9775e0eba46dd7744544dc25124186f5d37a72a2c7948ea5aa9c013280712ffcdd03b5e1b5ecd935604e69b28c98c8197cb1e6b9fe91b983fec8074c0299d031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
105abee6b6130ba5d26d1863a7eaba13

SHA1
cf914761451af2fafe6666922b22bcfd50ddcfff

SHA256
a73f9fa38df4f120ad457f5146939aa18e2c2d588a71ac45dee346f7d517d5ed

SHA512
b80d81710f9e468c3bd89e099c0e9cafd1d8e579df4c3ace0a956f8a86e16a502124fb1796618b514458a281c6ab0ed586c899dc199d51ffee0c74e514249a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2aac45a997e633ca0d8a3d62afdb96b8

SHA1
57a2843315b6abb5b43ebba1a622965de6b8be09

SHA256
8802c349ca4793916f2e8b6c6a1f987da599ada80e3272adefd3ecc41a5fcc8b

SHA512
e1a68312dd296aa7499ab77d9104b48a600daaa48a3076ddf6ef96b94a4b2d4dbf3b6a59af57bffe7e0f77d7130346facabb50351b219b7cc04b78ed16abcdc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0fbfe73b91e1374f32e2ba3caaca4986

SHA1
d15bcf6a0444a8f73a9c5a20a4afa1153d33420d

SHA256
b1a8ec4d80273007f3e90ed1f4eb47f647e361c19b948728510d17f06255d93b

SHA512
e7a503ae65ece0c382dcce9ddb526cc2c861b3d393646935063bb161924728753d9835e14a046257661f83a4489c10cfef968ed7ed6a3216deae6fb1ac27614a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
44KB

MD5
e837125549e37d9db801395a36ac7252

SHA1
c5a228d5c776aff737cf8b222015281de7506105

SHA256
cc6012bdf4c4f0112e8a4ae2f9ecaf2495b0473704d776f8ddf6009e893cca97

SHA512
5f985385474f94ca22b87ca0bc84d007a9a7495e97aa8569c2184c2fbfa2cb579bf58b871a5bfeba60ac94f2b5276d56d4330236cbda1a3c3f1bc84c044e9cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
e08727bd9a39d8840b9aedf4407ffe94

SHA1
748960b6280663e3f9354d45d4af5fa6df0b1ab3

SHA256
443f01b152a7c41fc3af37702a7a327daf4de7e6c17931e39497dce46aca9448

SHA512
83543da933a54ef54ccb2bedceac69e7df7ffaf7ef6868591f99ecf94b9ccb261d2d3dcf3767469ff87ce58f3112faf04760e36c928eeb08bb61f60210da0094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
9KB

MD5
3f632c6c7816dba5b802a9d54f6b2b7b

SHA1
c2ea7ffde64cb8b67ba3c7d00e624f72f4f7d407

SHA256
1facfcf1d29804c5ac2a6aabc79ebcabb21f76fed7788fd2df7a3bc6d3228cff

SHA512
a04a3f6c447e3229c08d72afd42c82496ba5e402dc36a16f3d87fe4b1dd336bfbf47e76b35d2c9811a03793f6e97336cd7b1014b99d45524c64b88f9499106df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
17KB

MD5
ff6cbd888ff793d0f7c49b92a08ce98e

SHA1
e22128e5965753291f92d7253bb1d24257cc83cf

SHA256
9fb059afd7e357214cb626426cd23b53fc17c9fb193f2ced6c4edefca6ae3218

SHA512
76dbf70477a0233016bfbad0e2dc6311b677a5791f7a58fdca4c0e659a625938a1e24816dbaf1d6eead009d20fd729ac9d7b0aae05def029695f3fa6925876dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
cf3266b95fc0ac678d72266c20ff1c89

SHA1
1af036be547cb3a05348a096db4ac01713339fca

SHA256
d6f2a6eebc42dd36ac8069fe5b3720120b97ed636859c57b71e945fca99f8e8f

SHA512
539bdbe32850d5a6e36b63eda454a420e46b6cc63008eec0c95bd4ca295e7702ef8dca09f46b6f5bb8e8a4f047359ec69f4aeddfad71c632ad256d0df736d005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
9d1494e6333ec6ed37edc189111b9391

SHA1
c2d6d374b5e860e77b891d7137c62593b43229f1

SHA256
ac36b5980a7217a5a66e635df7b6091ebd4a8237df82e6c4c3c02c9476920f84

SHA512
b113c1e2b948976ac4b04baa294d0efe717ded8ec651b91abaa12f0498181ee2211e9f8374111bfa732881983b882f3fd73150d65e33d96cc03a2651cfc2510d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6a513dd2a614dc8a4be4ea71c6333dee

SHA1
5dbee1327782a08afb4da175a2da492585ecd473

SHA256
e0695c1895c4e23a0d3ecd18057a889a8a40d559e1583133da5c8655bec0c180

SHA512
00d46816b6a345aa30916110a90234e684c208bcd274c8c9afafb656e9a4f2e1553736b5f1e7813e883641e3c65ab0b77c292afb446401445a26406e09620126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
912ab5e5c3d7485b50ef0494966df2f1

SHA1
11bb53047cde1caba9873ae668a4681119f4c7b7

SHA256
1f71386abdff63620420f90c044e94c4e4c1c44bc8f086346c5858e6060cff50

SHA512
3fb650aaef74b794371d2ef0e920305334d1e974e68d02193e9a3d54b9e54e58c4f34216347a26c009605350f096b638a2e0efafc450604ffe1231250c3ca645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
900cbf433ca53785688080931cf08019

SHA1
788d633fe32dca2fc3fb59036f1c7e7dfcb8f2c3

SHA256
34fe55291d5b159452f90790b1adc0dde2e7be191ef1a3eba5b11d3215240c62

SHA512
ac43b893e81183e26325c68df4998dc8ab584a1a723e747ad2239e62e2accd2f064bdfd266d00037ffc810fcf654bab1c069d848eb1bc6ceac39c3efdc9a2bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f390bfd9c1d1f92b346a9723f3981402

SHA1
2b8f3bf56dc67e01bd20011df5012904fd77c31d

SHA256
9910f78a8c74b749f908fc6c2f6bfa5c8becdd1e09984218d224b4b303921dd8

SHA512
6dfff0bf6c398684858bff36f8bef0d37c4a7caa85cb9fd28094ebf1b1e8d1b2ff0d5873ca6de5011597c126b593d92bce65d4a021a21ca8c6ab705195352082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
729663ef5add9b99ee8075c976e94a52

SHA1
1c35747c0a349844cdef0562b5682740b64852a1

SHA256
e46c662d303b72af7e52f7857b1f88ffdd4e1e6daffa5fc05dd0d58267bef01f

SHA512
95f0af97d0847dcb70c61e51ca7ce747ec0c018a81d1d4917d2c997141b4c638c65675887f5092b493886d223d5683bc7af19c257557133635d47ea9ef723958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04a5fe36e93c3d0f33757ca58883a7be

SHA1
a37ddcd5c218e760c17067369b8463ba0c32c6ed

SHA256
a409ddf52802b226da244f86302e6449ec47dd61d6fd72862d3a591ecb1189cb

SHA512
6c631952963d3d1073599c8bb1aff782135b94d1292999d8d0f6cb5656d815699e713bc4a4b92a73927be01b5d0a3bb893b6f6ceae04afce2177b407eaa27a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5dce0c5caa7cfdce2c51dc38c9cdd48

SHA1
ff3f47d128b670e096e99594cb80d223aa3617e7

SHA256
546a6ebe8b6b011515700d631fbf9f9af7258042beba4648c363c58078d5a492

SHA512
7907468e2bcc951c1d78334dd76c2ae310c68320547e6c8bb94950e3de1029e9db189ec704abec2b44565cc83e996d436b29e4afced50270e91f80c0a67a8a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f29c631c88ac988a7bf8596177af36b3

SHA1
37a185eb1a957166c1ed9afacaa59ab3bca3896b

SHA256
f19a162e55d5d3ba8a20507ca53176da476813d1102f4bef2078964a4cf8af85

SHA512
5c4471ce2413aee9acb44979946ea90e45581a3e7e29b3105a28468e3bcc6268b3a198329b0c78e3c258e4a6f9f7afe081d06e466607fd2ad2f142e1f2eedbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5729c4a45ea597c1614f51d56307fc0e

SHA1
ca3ce67294fba1a623022ba72e2ffcac74c33a38

SHA256
001b330865f6138e290ce9049b4ec56999cc4d50c16fccf89aa14bdfe65267be

SHA512
5c23f5e981abb393b30d46302546b22db0f9accf4e4c97084b1039a42abd937cfb61a3b7d649d6ec5aef4875c6ba96671677c3bc642377c7513e208e1e215099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e52a07155698802bcf2ea45f0bb89832

SHA1
d56481e30240a269b4e1e317d02ad72a49fb8530

SHA256
737d741ff72dc0ce2ddc4047bc5bb57798ffd7a9ff9a83e161ddc4c0d7c655d2

SHA512
0ddd1e956347c1a7f00cdb23d98112c40725b22f69eddec15b6af5ce4d84e06060d09c5a10f133f524a73e4eba1cc6c9302ac81d12c47f72c7a243be2104781c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a7f44eb65428bf52b7b319b8e9f74c80

SHA1
b8c765f27fa8fc2483259e173222bfba4b8c9f37

SHA256
b74276fb6d8fbf2cb8cfa65e86fe56582643dbdb9e84692e92091014e23b590a

SHA512
e4c423781f986e4126d1c8d6e6ec15494243d948db3373d9969641bf066e1c21dffaff2d9da9f95f89f7aa3084d58eb8ff50aca65079c0dc66c86e3724021e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
659b3f1b1d19e064a58e0b030d5ddf51

SHA1
9b09b044e081b3736e38d1bc2f0b834bddda8c5b

SHA256
26b60168dea7b0e00507c5ab8d7168001b561bc47ee57ad32821d9dbe711414e

SHA512
f21b5fb45b8098b84bf879f4e4b30cc1e5c02d78a9897de8202627825ddd3be646731d6c4c417b0e4bf5279854d4fab51135587f2f0c080044f6025e2ac90220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cb1c29a95d6322bf3f1c852bf50bfe4

SHA1
bf7dd4d0d3844ebde9c3650b0759aef95ec36e52

SHA256
581bd74454bd0075d6cf6bd7bbc6981bbcfdb243f4ff0a0a10328ac338c83ce6

SHA512
53a3f89d1c0ce5f04e9a3bab1182b8023b126d0c17ef17906eb53a2f63a0de9b13a1b40eb4635f1e3b95571e3755aac803c8bb2f806d0a60197fa6e2a9b35480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
54adfbb43d6551ff7b2ee72bf9b6a631

SHA1
2c13fa976f8eb1f0824ee9280e872d87b6948b6b

SHA256
fc4ed899dab9922e67b97324a811fedcda98e1488ab6e28e3566f56a1679414b

SHA512
55217aa364af1e28cc4a9860c58a349727b78fa3d6d04a9dda0f0938bc6208ec8af6a6e1510c117ef2415da0f54b8a08c89f66002817fd8ca3c1d5c561daaeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c0233667fed9d189f54c292017a69b1f

SHA1
ea45448c479db1b22ac63a6a6764bef8205469f1

SHA256
6f42cc8b794e1da943368485dccfdab8995a7e3aef9ba56a43e407add93593bf

SHA512
f71b10f3749120969b8996065ce7767a947ea70bd0325a9b0f07f09884f57aff0932f7bacecc1f40ab25b5ef541c2701b8719095a9732c6b62c875381fdbace2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
312231a4ea4e47b8a8c0370f6e13439d

SHA1
37dc07f6f02fe6d912696a52653fed947fad5ff4

SHA256
08c8173777f3aee1c158e6e3503281fbaab2fd562bdcfa5b396da065eb06bf06

SHA512
fde946d3c1a11514bec9500ce9e446659f9079932681611149ff96a3ac1f73d80743be5ef23f8375c30004a6c368248cae3919c2de84b36e9427f2a97b723aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
07015bb9aa13e060ccff760435febc0e

SHA1
f675cf0eb27503fab9b0805b386ab8326063e5a1

SHA256
01cf961259957a8f3b2ca762e92cc5abc6c4d6a8a67d4184f8a47c315b09eee4

SHA512
c221028ff981359247c786864c6baedd81f04335a7670f5f599813b0c67a3ba8a396abd060fd166a075463894894faee5ffff8e3c6965a3e5be87257c8203049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a661f588661b2084e3b6e81492bd62c1

SHA1
3f0639d8095948a672fe6303c58e58c42c2c6c19

SHA256
cc61fb956baf9e6242860b7a8d6c04d79233a992ccd6d7eb15e2e78b37c2e19c

SHA512
a90a8f802fa5e18071b98b1ede39b9f150dd4312366c428b74b522867d51e67ba08bf9e29d90b2e3ac8682e311186f3cf036b4524a703c6482682a4336b606e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a9555b88136eab04cbe506ab71379a31

SHA1
9a8582928c72c7ee86ee41fbb457d53db4d40b01

SHA256
a10fe749626b604bef7e1f132a360e1882fd5e4fba00e8ab3a57e5abef881324

SHA512
fdc18e2c1a583e794ddf1a093483971c7c7b057fa96b858e92eeeb9f1f6cf8fe13ad89ae25459b7a9fbb4f4d1ec613fdeb8344a8dadc339d2addbee06309b856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
bdf483debf9e8cb80010bcf889b938aa

SHA1
f3f04081f3e0c0091e40d8837efc09187c9d359f

SHA256
1a0effe3bf8d7c067f6ad0d19a03fa7d664673b7ca5c5096704fd47509933bfe

SHA512
ad46e7e92167f1d5c3721dc8bd7a8690cf8b2fb6e9555e79064dd60daa4a570522ccc32bbc985cbe9201cc5aa97b2d1b632d807ad92758fd9d8acd6f73c917e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a3dc62186936481e49426a3ade0fe078

SHA1
69e41823049ad3a22d54f6133e2148dff8cd3d1f

SHA256
fd10c55a6c2e50e6c0a76de9b2c5ce5d036961d1e9f2a74d4f8fb198a9825a41

SHA512
f33956a55f1528969ceab3cf6556d501792dd970b3fdd890d61272cb3422f92e6b0a3d3997ee558f5973c14e82b8cd1668d0c00f7af4bbf18083303217595536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5f219f4fe2d4bf05e857304255aa7190

SHA1
bfe6c46e7b56de53dfa26f775353a63bfc405165

SHA256
a326281ba7074f73ba0d9eec39347d30ba4d78849b222882340d0c5fe00f8906

SHA512
f76c0c66887854dc426ddf64f0dbaa0c84781ca19dd584de7cf4d42eb40e7390f564bde487a396bd149a59bf50eccf2fe7a374b200a4e42101cb4a48d9da41a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367217947157913

Filesize
42KB

MD5
35054d987e3b272049503af54b097a1a

SHA1
b6055f13ca139f4ab2462004efdd98d379550c46

SHA256
2740584520abf99679de9e344dc3627152044d5b92be44a97580dcf4f5a45e1d

SHA512
b3fe3fa0f1861ba2ac20a91395b2fd7e91af6e5afb9a93bf5f204fe07fbd1b8523a32f4aeadc3698dbf600399eb308e3109cb141065eab201c17e39000e5398f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
394B

MD5
4d18dc2e503a12bd15660d988b9500a2

SHA1
417a4d5824e42edb6a7ee2204b4c680b3d96a607

SHA256
acdf868898a62937a682f82982b2b9157093c4423a048033f90ccf32dec6569a

SHA512
e42907c599379ca1c62f444d4d1701b04e05bbad9f6ae391e7bc7cb394617124912c763a084d4e99ba5db100b14858c1a14d1804cde8a8184cc4361e823a3556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
274a9ccf2c5c8555bd691dcee54d2d08

SHA1
c163165d27d112bbe851aeb7275859c3256cabca

SHA256
de4a9c5dd55d573f026e7316713e47fd95103b90e9663dbd2d0acdbc005caf9f

SHA512
8e81e396fdef1dfb04f2247764050ea76574de2671c1834e97d3229bb2183b65d345d872c94497c47d281541feb6383cf174a06ffacd35ab21c0241d09aa0156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f566bbb998ed3318626b0fa0e82cf3ed

SHA1
dbbcdc5392d7458e6a5dfd4e6e54fa24583092ea

SHA256
980248f1f266731301912555f8630330f3ee6185975dc6d4a1dd4cd3b5c9b292

SHA512
1c372e90d2829d87e711b6366fa1d17c2c576f4c7e9d8eb0f190e7748530501648d7f7127652760fd590480a5bd5439fb2bd9a6c66029c632660b58fc0a3a0a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
c76559eca883ee877105937822e2f456

SHA1
cc3c6b8661da1c75e102bbee2afbee691ad2aad9

SHA256
d91da7694f2946f01b21649090cdc49f93aca505a83db149e0a03075a8103fb9

SHA512
a8ea99ea6fb289206ba6513f959a455920d90b3c05d1ba34c8fa35b136aa8cfcfcc42c2ad2daa5c6d9ef4b927a4cbf92bd95a0bfb3e4dc19940cf3f46982f27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e97b726a48477d9dd3639d4b14fb1f2b

SHA1
9c37f0aded9d7ec5afe4cd94473fc8508c7832c5

SHA256
d5b0ee8c293ce4c6cc8b55b72bf3c8ff723056fddb6528fbc08a53eae01158c1

SHA512
29a387ca29e5fa2690f537b229922695363520f775c50ce8eba4adafe6c85ffd88ff367588c575c2720780abda1562eb6854f7236865d60ddffee06253fafdc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b2527ffa68811fbc4712385e2b7a908

SHA1
6151385bc54ad06311a414b7586c7a9ad091f06e

SHA256
19aebfd89cf48b42b206df20ce54b8c9edcaa1486fe62968a0a3a999e80b6f56

SHA512
5af93729fb97acd64d2ce9ebba46da8adfca75d41ac5046bafd5d4a50e34b2097d64e769c17b5575d59f2b9ddeaff227b93d52636b1ed2959694c03ac3ab329f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8b4c7e4c6c45960e2d20e825c6b2c23

SHA1
0fe9231bfef609c8905badaf0b57ce0e0fda97c2

SHA256
66eef093a6a2722eb64d9d95b007a7ef50bfdd0ffc48cb1b862484e68fce68ff

SHA512
f6226b6575c5e77a8e452ab885d680e92719d0d6d07c776f3053e74d5fcb2f5a617d45a8a2f9bddc87d0cf6ff2c3f1f3fc8783b1d3431801e2d08d3c35308388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aee1aae452214eea39330cd457a3383f

SHA1
a1d9ebe8f4620901080436fa1d393c125ffe32c0

SHA256
dae3d9039410467ad0bd668dc4255088f5690e04d4b185c25fa0d3de2b5a6c88

SHA512
b4e41293b54076b0a053e6922d47fc4ac3544f306093b3caaf85339df820d786a4c972daa31d1d8b9924a61472d59a584d7182ddfa4cb8559ba045c9a5867769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5d491d1eba3b36e10a8ff41b1dbbd588

SHA1
2fcc68b7561f11834a99da43f7bb7cea4e90f6b1

SHA256
6091bfd1a490c747eeb4b64a208c4c2d0a73de5f9eef1846c7a7ea2ea50e5dc9

SHA512
636335ad2f9922ce2338bf265dd3f2c9600191ef7499d038c8d6d66aa463134e3a2634b5b4c96eb516e6133eacf180b9a863dea921ab644c9cc090864eb6736b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3ac995833a92fc43e774a679b42588f2

SHA1
ea0dfd5da3f5b15aabdbad9ec6857764239862b6

SHA256
30d3b6a8b292a92abbcaf5960fb69b4373df2d9d9e75f31237acad98332f21f6

SHA512
a56238ba569e489dd46cc40da2680c098c7c7a2376f66ffaa7d4068812b63374ba563bb0f105515127cf074ca9b6677ae3dc84e36d6c35ba0e30b0a0cf2ace5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9b033be926f58be1121be6fada42a69e

SHA1
66513cc2d900f29b7975a78ce6251083a4c63f28

SHA256
e57fa8e5a34f2c7f301214bb23f627befd40000a7bde53dee5c15fac4f4a08f3

SHA512
6f5533d47f53b9bf5114346babb6ee9448b8d57c09019be7c8f99181c270ad4e71e220f115638fedcdf1c4f4fc66d170d977eac1a19b587d9ddb206d8d8112f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e68745cec5a1036874e3014339389c9a

SHA1
9fc7b471179b34ba59a8a363d3e6c5ccd17862ca

SHA256
a65d8dd6915f48fff9a577d2c6a39aace47a78f738a678a6360a196352f71b34

SHA512
3b4d17d00b4a9d7ad61adeb001a44f2231fe0244e8aadc6c38c39d888cc2ddfd235112afa6caaa10aeba0cdd7d64974c4f25785c33e52ce2bfc2bed8e0b9d18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
79be8a672de5f2a01900a925a49659b7

SHA1
80d82ced41bdcfd8d6ad4d539dcbd1ce4ba76507

SHA256
1759e661d162a87575e3b426ff0903ffb095b7ba622f845ca698a55e9b038156

SHA512
6eb160f82c7621434802a08fdf5ae446ae75b39d0adac47dc518ce2ce7728040367a64c8015ef3cca25d97a95428ed8d4b21c16d2343bf925aa3c979312472f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
336e24d8d2b1dca32687c9ebca00052b

SHA1
b36486b876dcb147afc1a011a24ec7fb0031ab13

SHA256
d41c6ddc650a3e68eca50e3df4048784961fc6c193c33a3052c27053f60f75cf

SHA512
70126d09171917eb3f663c1ffac8189fc5cf2dedd3f644892f6e736bf9fde815e5e0af551b257ad3e3890acdd57d2684a3f60b8c96106c7fe649078a22e3c207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b179f2176ad3634030830eabd11c833b

SHA1
e638d2e48a466cfeb5564207ecf7263efb3589de

SHA256
522d7e41c46496e59cecc1dc865367f5fdbef224774d439e7e186de03bdec555

SHA512
5ba6d621f52f17ea7a8430d98c4c3d571b655f4516d4616a457e6710c158503e9e285198aeadedf8ec7638db7eef281bda8b8ae2ac29c508d89a80ddb4eb919b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
612b74209569640e822df683201597f8

SHA1
8f85ccda698952fe90737c27d0374d1243a28074

SHA256
b0d6e4cd7c040484bd97208981aceb692cc11189ecad7e5174e62e2a6ebd5443

SHA512
e5b3e8d4767308bcc988aa42260ed8a2a605577ad90e69da51516cc1bac9b0a2506ae97d348d18cf6b73c350ce2c1f8d805b11db229280a34a1b2c9435ed4f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
abb411134542387ac0523a3701ac4f1c

SHA1
10e0b2145dac36dfff2e6e50ba9a24c3179fb710

SHA256
a5dd00189e9443e2d20d836669155d9c8afc1e3de2f9ae3ba6ac7cffd4ad9fdd

SHA512
018f38dd4e5616eb18d36d9627cb3ec39fc1771eb77713a0fab0b6e170f443d2f3bd6e67ffae506ee14d4a4d6aa99465ece3613d1064630153aa7ea039712ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5bfe2965e54849e93eb6b9dbb5fbd8a

SHA1
d344eca57af558e8327a235c8f90e485e58a08f4

SHA256
a0641aec74ef536c64a19489c1cdfab0ca2b8dc17cd243f93670b5dee661905d

SHA512
45f4047dc0426f9b8af83f5d245fcdc40b896fcee209c0f2786c3ceb423972c17aaf1b5eca4b3233ea3de2542a4cc2c0d6a486ce1d55507fbc403858a41b82c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cdaf8339e886fdf546ca32296676afbd

SHA1
bb2654b093432181b8ea98372c0ff1d7aa00caca

SHA256
44f38393d139947c18a8cf05add1a0388779f0b3b1c4cbb970899aab179269cf

SHA512
5fca82a469e70174d050a46a3210ed4d98f9475346ad5a50e5f88fe6e8e39e13190e5b26d28cab6a2a6fd8a2e4a5772dc4a25b2c3b14cd39f33407ac0191d7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e35b.TMP

Filesize
1KB

MD5
93c3295f964208f20a39d14008bc6864

SHA1
de8f821845b6dfe26b77023ae23b01448216bebb

SHA256
64b597865a8ba6a516443c878bd646752e58cac912e190bdf8682bb738d80643

SHA512
b76526c279a7e5144b4aac9f256fe7753436c436bf79ce656dd9dbb0f3945ea559efb6b2433813d155a4439f2603b5da32f762d6098c36b7e741b0ac589a98a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b5066470578aba775a587c64e429a91d

SHA1
fea6db42504b52ce15caf7fac8926fc4343a3ffa

SHA256
8dd59b352031f377b4c6cc9108436bf522b4b7411d47a51de0c058b23267aa4f

SHA512
25d4d61b4ae3042a325999adaa48881812df1f8d9d5d88b497a673e5b98c2bcf4e66f6c6cdd3ad6d7c5c9398dc2c422b14fd9882c79860dc041e8cd29989e5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
1ae224fae4630a6b4b7674174f04c834

SHA1
da27a3e49ea9fcb1ec3a8f611170ae775bb323a1

SHA256
43038168297a244f3e6f9ef624a3ef29211b1f61969460775ab964a7f85e2df7

SHA512
419ac47aa2e3c7178646f5822c5c593e7b4c3cf77f7c308a21f82e412ce60d5d257f65eded10f20d0b00ad991b36fbef8290ed3d62df32766bfdc12d07dd1be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
132KB

MD5
a8c6b651ebfa6b36cfd079d60dcf3a00

SHA1
e1080c319256750915e15d30113254f984cae83c

SHA256
88d7750109c155a3ad97b96d6de97904a67a7c9c6c0974ec2f681a0b1f66488a

SHA512
31505a5a8fd068ddc01d87aefae522dc42c17dc9cf8e94706f9e00647081d925eda8a5694dd0951858c1195f6aab4e749618cbb05e7d06ae1ce17f0cd4af583d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a1cbaecff6ace5fd66117faa4eb98e9

SHA1
49beef01183e5c69344caf8c819ac6e62cec7212

SHA256
baac9f4f16319a5c73760cc88eefb7c70310297bb1ed08bf752677cd05e06010

SHA512
b42760cfb37c1cc15e117dacf1851081ec110be3edd34526698c0632f1f0cc9a17ebb3005a429478de388c2cec0468388d01f43f1a2293c27351af2e1c0269de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0b377df85f6c936d9422edd5f35eff67

SHA1
ac9316968d0892557943ccca08f7940ee67c2bab

SHA256
623652aac6148416cb46826b229421f4ea9a289747cd74f04d17cd92e11f3841

SHA512
17b13d35e4a9f8d6148e8df46088fac9b0e74da22e19eb13bd94bd98a81094c092d677017548052aa907e1d80c557cc16ea169935185b605e3d526e372e43009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c2244406b71612d5a31a16e7027ee2f1

SHA1
dabdfeab1128c3274e450fe3a7edf2385ce3009d

SHA256
67e0a3ccdd333c38144adf19f44ee487d16a20619bf554d00266ecf71f1a6069

SHA512
00394dd0a9f5fa3199142ab78881ac081395db6f94444f6f95b4b056c7a07d83f5233aaaaa7fe10fbc83763cc4ce8213ce2bd858bd6794901002b767a7f13231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
80bd1775d64ff78355d885992de65bb6

SHA1
534172d8bc1c74e593ffee5c602c318fa18d4bcd

SHA256
4523af6dbc712562f01a3fe257b88a51f03ff95de8fffc6e5b83427118e674f7

SHA512
d43c78517b39098ab3e3e80d5cd1d0866d6652fac6319654551d34fed19897ec6d58518b7d88f09c7e19dc1d38b22e41384e6dd996d7512822d34a0e74ad6acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0f81703fb6735b25250ac3ff1923920a

SHA1
e69310fee044ada5994bc94ed286eb158b6511a4

SHA256
241092adf40a40bbc5a7acf2f1df3b97c254b21cc593b3b9e356953c763927bf

SHA512
3860484db0d9ce087c0e479465300ca2e8b6ab81d51b272337c8c52e1ead6b593ebc097b5b27c9b3cb3037d3448725d9c3e4ae3e48570c260080cdec2c0989c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ee8c359804691709684fdf729b4d815b

SHA1
2ae1b84ad0c13e6cf05d32b9d33063d5963301ba

SHA256
ef747480464be760a5e0f6d6df572167b499f527d2c3b6cc54cc759bd814bd01

SHA512
9445360b5b13df1fcf4f627d14fc22c0de17c08be862e3ea33a21d2a2228a8a61147ccebbd6f2ec967399eeba7b143e62bd9b612d806c665f835ccf487242ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b22fa454c6ca3e4080378d73ba014492

SHA1
a832dac29307ecb9831ec6e23ffb8d5cbb99c327

SHA256
770ab826bdb12f1858e175f05becfc0016822848acf3187bc733b766a493d713

SHA512
1d8486dcb1e273e0fcb94c6abc122cb127d7144fa1c34ec906b28a028005a718a368f0d8b2ac82b95bbb524823f2aa6c08c08feb13170a609f91168734c8f31e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
73e3a70928618874870ed48f3266e0b0

SHA1
a17f721af5f541155db5d71f9706b8c9a2cc565e

SHA256
76037084ee6c54341f77ae3127c6f2ddd427a690c9bb5ec5abb2ea5ba24d82fb

SHA512
1c0d7dffdf53a0f2185d40ce4bc273d37957a82639b30ca7dac3d8e59b22230c27750528ae5418f1c26dbe295116356aac5dadb879aa2c4fd6da62896b4a353c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
66b943063860fa3e10f652589b483927

SHA1
dff12a346fc6fdd6f87b36feebf497ddb4f3fd8a

SHA256
d9e5aa019b7e1a901be445cba0eb02c18a6687a9f82ae4c40dfff8593aa7fc28

SHA512
4781347684a404a7de558d6448e93dfeed52388b0e6ccd57367b194f3786fab353d073ee61a9b16a4385889295a7f1f69fe405ac86427f01fa18148642018a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1RHDM.tmp\butterflyondesktop.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
330B

MD5
417903e659e09cf3f6be20c52b3a6d1f

SHA1
1dd8a9beb63d9ade655c93750dfb89431bbcaeb0

SHA256
57ae3b7f92846b56f6f4af1aaa516338019e9b58e145db73f7f0cfcbfb55da3a

SHA512
ec433f2e27051f2631f6c78e5040f61dbb77128d40b35bc4afa829e838d56277d0f5d72c4126fa0e2b4b3731e2e3a6776f0890ff522bc676608830f5e689d076

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
6825a736ec840b11e6a70eb12a99ca77

SHA1
5b1c9c075d79f127d01754dded5e30aae287ae2f

SHA256
a2681c93a82fdb15bc588cdf7d120b16af7099e51d41cb36753a25ee70dd474c

SHA512
86fc285b17eace33df73349366d64edcb93894c9d3c190e9ef6bc5e490f6950dd51a97d0ff933cf27825d5d9da97be6cb0b74f8ff13132f88a401bbfd79ba6f3

Download Submit
memory/1376-2298-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1376-2308-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1376-2337-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1616-2309-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1616-2311-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1616-2335-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4436-2458-0x0000000002BF0000-0x0000000002C0A000-memory.dmp

Filesize
104KB

Download
memory/4436-10618-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-2449-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-9862-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-2456-0x0000000002A70000-0x0000000002A86000-memory.dmp

Filesize
88KB

Download
memory/4436-10619-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-2464-0x0000000002BF0000-0x0000000002C0A000-memory.dmp

Filesize
104KB

Download
memory/4436-10492-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-10617-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-3061-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-10616-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-3234-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-6073-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-10609-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4436-10608-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4508-2452-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/4924-809-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-807-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-762-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-806-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-760-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-761-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-766-0x00007FF8202B0000-0x00007FF8202C0000-memory.dmp

Filesize
64KB

Download
memory/4924-763-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-764-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-808-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/4924-765-0x00007FF8202B0000-0x00007FF8202C0000-memory.dmp

Filesize
64KB

Download