hxxp://google[.]com

Resubmissions

12-08-2024 12:06

240812-n953wszgnm 8

12-08-2024 11:55

240812-n3wwmszekl 8

12-08-2024 11:35

240812-nqgaesyhql 10

Analysis

max time kernel
520s
max time network
521s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2024 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 11 IoCs

pid	Process
5968	butterflyondesktop.exe
4624	butterflyondesktop.tmp
4952	butterflyondesktop.exe
4344	butterflyondesktop.tmp
5544	butterflyondesktop.exe
2788	butterflyondesktop.tmp
6040	ButterflyOnDesktop.exe
2400	ButterflyOnDesktop.exe
4552	loader.exe
3744	loader.exe
2312	SyncInfrastructure.exe

Loads dropped DLL 6 IoCs

pid	Process
3744	loader.exe
3744	loader.exe
3744	loader.exe
3744	loader.exe
3744	loader.exe
3744	loader.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000236aa-1306.dat	upx
behavioral1/memory/4552-1307-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp	upx
behavioral1/memory/2312-1329-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx
behavioral1/files/0x00070000000236c0-1330.dat	upx
behavioral1/memory/3744-1336-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp	upx
behavioral1/memory/4552-1335-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp	upx
behavioral1/memory/2312-1337-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx
behavioral1/memory/2312-1360-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx
behavioral1/memory/3744-1403-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp	upx
behavioral1/memory/4552-1405-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp	upx
behavioral1/memory/2312-1510-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx
behavioral1/memory/2312-1552-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx
behavioral1/memory/2312-1765-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx
behavioral1/memory/2312-1942-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx
behavioral1/memory/2312-1963-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop	butterflyondesktop.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Driver Utility = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\CloudStore\\driver_utility.exe"	SyncInfrastructure.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\SyncInfrastructure.exe	loader.exe
File opened for modification	C:\Windows\System32\SyncInfrastructure.exe	loader.exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Butterfly on Desktop\is-GOCGH.tmp	butterflyondesktop.tmp
File created	C:\Program Files (x86)\Butterfly on Desktop\is-LUA1Q.tmp	butterflyondesktop.tmp
File created	C:\Program Files (x86)\Butterfly on Desktop\is-84NTE.tmp	butterflyondesktop.tmp
File opened for modification	C:\Program Files (x86)\Butterfly on Desktop\unins000.dat	butterflyondesktop.tmp
File created	C:\Program Files (x86)\Butterfly on Desktop\unins000.dat	butterflyondesktop.tmp
File created	C:\Program Files (x86)\Butterfly on Desktop\is-1G0TT.tmp	butterflyondesktop.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ButterflyOnDesktop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ButterflyOnDesktop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterflyondesktop.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{7155B489-250D-4CFD-8A42-C7980C8BB345}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 939591.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5628	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
3660	msedge.exe
3660	msedge.exe
804	identity_helper.exe
804	identity_helper.exe
1900	msedge.exe
1900	msedge.exe
5784	msedge.exe
5784	msedge.exe
5196	msedge.exe
5196	msedge.exe
5196	msedge.exe
5196	msedge.exe
5548	msedge.exe
5548	msedge.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2540	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeRestorePrivilege	3364	7zG.exe
Token: 35	3364	7zG.exe
Token: SeSecurityPrivilege	3364	7zG.exe
Token: SeSecurityPrivilege	3364	7zG.exe
Token: SeDebugPrivilege	8860	taskmgr.exe
Token: SeSystemProfilePrivilege	8860	taskmgr.exe
Token: SeCreateGlobalPrivilege	8860	taskmgr.exe
Token: SeSecurityPrivilege	8860	taskmgr.exe
Token: SeTakeOwnershipPrivilege	8860	taskmgr.exe
Token: SeSecurityPrivilege	8860	taskmgr.exe
Token: SeTakeOwnershipPrivilege	8860	taskmgr.exe
Token: 33	8860	taskmgr.exe
Token: SeIncBasePriorityPrivilege	8860	taskmgr.exe
Token: 33	7008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	7008	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
6040	ButterflyOnDesktop.exe
2400	ButterflyOnDesktop.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe
8860	taskmgr.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 1596	3660	msedge.exe	84
PID 3660 wrote to memory of 1596	3660	msedge.exe	84
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 1380	3660	msedge.exe	85
PID 3660 wrote to memory of 4528	3660	msedge.exe	86
PID 3660 wrote to memory of 4528	3660	msedge.exe	86
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87
PID 3660 wrote to memory of 4244	3660	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee21a46f8,0x7ffee21a4708,0x7ffee21a4718
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5784
- C:\Users\Admin\Downloads\butterflyondesktop.exe
  "C:\Users\Admin\Downloads\butterflyondesktop.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5968
- - C:\Users\Admin\AppData\Local\Temp\is-7RK5H.tmp\butterflyondesktop.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-7RK5H.tmp\butterflyondesktop.tmp" /SL5="$70070,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4624
- C:\Users\Admin\Downloads\butterflyondesktop.exe
  "C:\Users\Admin\Downloads\butterflyondesktop.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4952
- - C:\Users\Admin\AppData\Local\Temp\is-EHA7A.tmp\butterflyondesktop.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-EHA7A.tmp\butterflyondesktop.tmp" /SL5="$30256,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4344
- C:\Users\Admin\Downloads\butterflyondesktop.exe
  "C:\Users\Admin\Downloads\butterflyondesktop.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5544
- - C:\Users\Admin\AppData\Local\Temp\is-40FKQ.tmp\butterflyondesktop.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-40FKQ.tmp\butterflyondesktop.tmp" /SL5="$201C8,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:2788
  - - C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
      "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SendNotifyMessage
      PID:6040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
      4⤵
      PID:6020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffee21a46f8,0x7ffee21a4708,0x7ffee21a4718
        5⤵
        
        PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9948 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10092 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10832 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10468 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11188 /prefetch:1
  2⤵
  PID:6368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11344 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11576 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11744 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10812 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12056 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12116 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12372 /prefetch:1
  2⤵
  PID:7012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12516 /prefetch:1
  2⤵
  PID:7080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12644 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12656 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12984 /prefetch:1
  2⤵
  PID:7216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13108 /prefetch:1
  2⤵
  PID:7224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13236 /prefetch:1
  2⤵
  PID:7232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13368 /prefetch:1
  2⤵
  PID:7240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13488 /prefetch:1
  2⤵
  PID:7248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10612 /prefetch:1
  2⤵
  PID:8028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13752 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14492 /prefetch:1
  2⤵
  PID:8044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14704 /prefetch:1
  2⤵
  PID:7948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13964 /prefetch:1
  2⤵
  PID:7980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13872 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12928 /prefetch:1
  2⤵
  PID:7892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14876 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10656 /prefetch:1
  2⤵
  PID:7960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15200 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15324 /prefetch:1
  2⤵
  PID:8228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15000 /prefetch:1
  2⤵
  PID:8408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1
  2⤵
  PID:8472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13648 /prefetch:1
  2⤵
  PID:8480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15596 /prefetch:1
  2⤵
  PID:8504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16000 /prefetch:1
  2⤵
  PID:8768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14744 /prefetch:1
  2⤵
  PID:8776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11944 /prefetch:1
  2⤵
  PID:8784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15896 /prefetch:1
  2⤵
  PID:9052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:9128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15036 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16144 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15572 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  PID:7720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14947771647458003362,2810978103903025943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
PID:2400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4828

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release\" -ad -an -ai#7zMap17879:76:7zEvent22742
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3364

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2540
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Release\Release\dlls\fortnite_undetected.dll
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5628

C:\Users\Admin\Downloads\Release\Release\loader.exe
"C:\Users\Admin\Downloads\Release\Release\loader.exe"
1⤵
- Executes dropped EXE
PID:4552
- C:\Users\Admin\Downloads\Release\Release\loader.exe
  "C:\Users\Admin\Downloads\Release\Release\loader.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:3744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\SyncInfrastructure.exe"
    3⤵
    PID:5160
  - - C:\Windows\System32\SyncInfrastructure.exe
      C:\Windows\System32\SyncInfrastructure.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:2312

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:8860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x46c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

Filesize
3.0MB

MD5
81aab57e0ef37ddff02d0106ced6b91e

SHA1
6e3895b350ef1545902bd23e7162dfce4c64e029

SHA256
a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

SHA512
a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
51KB

MD5
d9c570f168891aa1cea502fdf37a078d

SHA1
2920fdb69815eb420fc6aa898476957c1d860062

SHA256
3d317012017a1c4325f287f24b0e9b267d4f870fe3f7a863233a451773d6135c

SHA512
5d728c4e9bf5d5170f4a4160a02422f4373bb708df41fe85930ad3dcb5a1bf662e77940423355de4932feba54ab308a1c37bfd73a5850c340618b53eac7778a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
142KB

MD5
d94284264ce459d88de7ed2e8455ae68

SHA1
6c56f3777a590687d3b92da516400063a1c5fcef

SHA256
c75ab1f846b9a09b48ce42425dd87f478247fd196d415acdd09d376de8c2a018

SHA512
bad676f3c812e633a23907f23582f5e743173071242319495b48c613e09372814cf47277a25dbbb3f416805d8b1c538799f090101d104f92a14416c1629e52b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
85KB

MD5
15f5b07a91e52461c26c0659532ebf6a

SHA1
94242eb14cb472f1a96fe792e2754bc6f8e84480

SHA256
cb9b260e256abcaf240c01c2274a1bc3b2c720dfcb7ef9abd20d6a67aad21e10

SHA512
b8926e3f4fec7798c4e0658f28e0a599c3c2a5e5fdc29dcd721bac82568d10161872cfe892df84fed132f7c96f8c0d8e6f5f79d1263d3d58f3442154f67bf299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
63KB

MD5
67e59a06ec50dcd4aebe11bb4a7e99a5

SHA1
5d073dbe75e1a8b4ff9c3120df0084f373768dae

SHA256
14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe

SHA512
6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
20KB

MD5
af076fce47d859d009c16f2192bc94b3

SHA1
2f56c334cd6338b69a0f39c3edd6ea0a5b21bbd8

SHA256
d36457358687310d026665a3aca628637697a703adde698287a3ea25ed49497e

SHA512
d89b829f8292c2ce770b54c86eeeacb0f59e251134c17fba214649b132a10b99adf120b45b6c3c939b1846ada1626b683cabcd6313748c6fe62e1e72086f1a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
98KB

MD5
8939c0049d9db967e9a1637ede4d0760

SHA1
b986c5bbaaeb230ac44873ea7a907ec43931beb1

SHA256
2530a25bcd47428dca57ee0f93f6ffa33907590dc67d0ac253a169ebfb50c53a

SHA512
e8ac91970fc2419dc37c394ed821478758be1be5b05a2d353d829e0b7d089eaedda2fba595e5c50f26bbf8239d41cfce33dd739a51cf7c31fab5315f882e7ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
32KB

MD5
bf899cc5ba60c522341e4d712a5246bf

SHA1
2c92c54c9919c8b81b4e77a97bfd4d8f202e1a6a

SHA256
4f8b9bf1630c24cf17444ec093052451c370c9371212db74b4bf8b4fd71a2817

SHA512
05a5de1ea4be9424070376fcc53916ab8bae10c239a5d1ed2c533b889b067daae83e9d8386ce0390adcd9ced1c14a436eaa7f19287f23bba8273afce87ce9968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
101KB

MD5
b2ee0708e9f07d9ca4722af6570a21b9

SHA1
df4d12ac984db52e02fbf202b17dfc245b7c7e04

SHA256
8b2140e6c362a3e5692e153141c512676904976ec3a86a4df533c02c9502adc8

SHA512
29d00a31817a20975a0d6826db1578e5cd35e2086663e4e1e0bf7b84327de783898e4569eea4aee0a672bb33b753f53d6ebd503e152997aab8e6c557505250ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
74KB

MD5
dd8a2ce9e59ea656a5035f057b3acad3

SHA1
3019551543c721933aa6acc6090299d9bf171ab0

SHA256
c88625ac53be3f1f0b9da48bef848b2e54c6e7e521942c41534545e6b6b4399b

SHA512
85aab7433a4fc569ea24121c168a3716af5033054cf3278c35fc480ba00225900c7816f82473a1f7a06a7e745dc679fb308e81c078b3f53050d1bcd1e20892f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
31KB

MD5
c2aecb43599b1b07c3f7a9ec3e7663bf

SHA1
80a934e404a92b5a2dafadfa5fcf1b642e69b246

SHA256
1c2b511f085208c920c104f94e3d8e94c6393a8500e7c5809d1e58c20f796066

SHA512
b69e8a9e2b46c2b9d90b49d83d5bdd82607d39f1aef7480790f8eb12713b51b2352bb5a1f4a383982247ad746f3d023eed5589f014950091d6abcef605c70e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
25KB

MD5
c0cf3ee0d8e9c832cbeafbee996bed47

SHA1
15d36c5263f4a999e8c2f6626a979540dff85ff5

SHA256
c210000720eff4a9cc08da70cfe3120e13e222664f8dc9a7c277bbd2e56ba6b6

SHA512
bc97fc0d6bcbc55f5663ec12aef8642f1f4b23ee818ba13c4fe35d593443c51327e14226ac957895bb6f9b2f79bbac7cfb6a487ae972f4cfc5a454303bf8196c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
58KB

MD5
7ee9e9b29e483b6bf85abff653c68b38

SHA1
604ba15a9b00c92411a831235b6cd503fbbc4375

SHA256
68c13bbe5e1cc37b18823158adc33857eb0fb5b706e1fc7debd96f28bac8f568

SHA512
76a99b66d124272ffc0944e990fb6cdf173cb832f54e11f8af0445dd9b73ec7aa289b9a8342d56deacff9ca0e397314d7d7aac6540e1343258abd66596fe57ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

Filesize
230KB

MD5
00be450e53be4c6908de198044d0d123

SHA1
8791756b3cc3becb7a8daa77d0df718571256c14

SHA256
95675e664f3a169ccdc99be73c4fe4a1217d8ff21373ba7d6839c3d72f8ad8dd

SHA512
8d758753acc6ed7d26c5d770d55c88aa6fbf4e84bc71ed56b64b0342c17bb02164e26cc7d91049061fbb02c5563fde21c8f0ad3312fc35454524abc980c5f8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

Filesize
47KB

MD5
fd1f79856510e1cddd8141f1d82aff4f

SHA1
659aa5c13b63adfb1480856cf8da6acd4fa624f4

SHA256
d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4

SHA512
7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
20KB

MD5
53863885a9f602118eb10a04cb830a94

SHA1
4326899ab24ac5df27cd25ace9e41d0e906736d5

SHA256
b75c1d4bf4c9cc73096ad045864df101768049445406c726f6c535df17585b36

SHA512
533322cb4938f537fd692c981c612cf63ecd541d64764f4f2c2afbe6248a1daf3b67a98816b4d8b68218a3404a3c82013c518b55ff51e479b9863bc627525471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

Filesize
748KB

MD5
dcd507c2d15f5727bb68cd49cd21537b

SHA1
11e3182ae9e2930bd4aaca34bd4eb9d24fb0e891

SHA256
25faa783118dc4161f9fc728dd6fe91e83b37a533b4d698d8a7a154e1d2b0890

SHA512
56a73e8a8ae795f7d8b6fd8b7561cfc5de14c78e0fbfcd0e01785b63d10d2218a8157aae205ec1112f298efedac7a94f68333f2660af5a7aaa7d0bbe8c98329e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

Filesize
32KB

MD5
26d51f80be8b4eba2f2bfd0bf12fd8e1

SHA1
34b25b9da6aa0418b734dfc3ac5303d31bfbb37f

SHA256
a962b42006d54887e66690312ab151780b57640a341e70e3374990d2e96e4a46

SHA512
5b6e3f1a5336bdc3ba4c2793c046c2bcd3a3adddb30c3587dd2ab544ea5e5836df780c3c1ab2c9b2670f1eaba6bf7f619dd646f5b8d58551a48f7f79d2c22c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

Filesize
32KB

MD5
bdcf1dd416d169d87ad5f73b2fb38bb2

SHA1
f6f595a5d88f84b54533e34be969f3871ed9942f

SHA256
ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd

SHA512
335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
4dfc24a363df0c4802dca09a94e401be

SHA1
64d9f18e97e4d46e35c5e4590ebbb9214cfa825d

SHA256
b29cfa65f4d0032eac3b23c4d49294d41396c76360a4851ce99a38cb74656905

SHA512
07735898879254c67d727f715358e2a507ab16127ebcd2bd18bb35b778298f0c25cd79d16da4e3def6c5e299c3e2c2c026aa42fecca63f094eff2e39c71f3f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f228f430b34b94c5ac86c632eb99f3ea

SHA1
a15f01043ba173531392b3afc7488fea8d3ad555

SHA256
9a2aa6b05a3c056b2cfd6b23ee257eb12c7d9d5e2f468bb4d99a0e7df2171be0

SHA512
ff9a2e8cb212022d243a0f21b660f1ff6cea74fd69df526c77d0a9b4c3cde2012552d23c3553ca25bb56b78cec6f384810e769611ba90ab0f946cd26a6b5bdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
e767c225a078ffd2cc9b96fe8e18b338

SHA1
ce86c5835b5fd836a7c65f4429e5694767245379

SHA256
841a77eef313ff10f1858f7859f83be86309255724140d4edadd7e5fc857f232

SHA512
7aebdf50d4b60855153d4524b98be14d0cc78f661951e45b1f3183addc49f9f4212ff37d2fef9f632dfd9790f48b783f7d2d4eb7d3fd4f3a5e31699b4a30cf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ba9a32cba18e94020d6fe63f5d381766

SHA1
063e9cf0b24c669edddc2c55046a28cbd97eff65

SHA256
f9cfc4a1a3c0744291557ca4d6584404d4d3d01396684c57e82b263d762b3e28

SHA512
5e5af17397fe80197fa0cf9fe68534cc7b5e6f08231dc72e8e89d5efe51ae8aa39ecf406783cc3c02a9406c061ddd31bc380cb44e69b32973d94b477ea097151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
2bf67752328be41c81d922710f58b676

SHA1
c79fae84fd81c52c0f0dad535180a39869e8f99b

SHA256
304ad2cbfe01cf7b5a57249bb198f76655b076abdc02be128ea67e8912606ca2

SHA512
ef261ce3861338874750f9e3796195be4261ac0d40b0e1275f0a7e2fa635d8e732cb386cedfcb525de76041a57027e541cee09c653520c1a679b0cff28c69759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
210010fd1efec8d04fe2190a3afad67c

SHA1
1312a18151935380cc1f788f5d8fd9c24e2f377e

SHA256
1b6c1e626d79c97713b55a4d9e2c3c7a155c256a95bdcc6fb903c264c6391ad8

SHA512
95ba205cdff1a9c816ca24387c395e7aad695113e5bc4f2fd1aada50ae886013b2892982d68c6d0175006b274b0bb7578761917d70bee3da34c32e1b8dc74792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8ea2f56eb4d52b023de7212d1e512e5d

SHA1
5d54488eb4755d52cb2cd073868fa86bdb4e7012

SHA256
563bd1b98438a42b5ee1fd4d41007008fabeb56dd87b5683220e57f3dadf6c7d

SHA512
79760f8e1f9d9646dcf07baca9d6e203ad899abb88f51d240ed4cf9f02e5c61ce29d0a5789b6264a40ed2add1bd6d10b3ce1b85e3a6122b534b1a16b275219a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
beac46f272d68debbffd35da3cdfb464

SHA1
0d876903cb7373ffb0c9b0e46363247afb4badb8

SHA256
09cc97e12bc251f408ad51f16e42d932985b58ffba5c613c139a0cdd5786641f

SHA512
91317ccb8bd76ca038f3e4cdf844956f3351431becfffcd9b6cd8682f806d282d724bd254a75b7dab72202120a3c37bbed258804020ec5ef09dc4ff6f210688d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
17cd3a203f296261cbc6335cecbeec7d

SHA1
98b450d38c2f6ee0bb682f93156108bc4f51ab11

SHA256
c37ac923a3197288c3eac2a88b25e12d69e1053c195470ff0867852b8ffa3389

SHA512
06f0d36ee5ebcdc91d9e7cfb88330866a8fb0435c14c48fb58bef81263ad5e290f877dabb4513aa686438bdb98b48f596bdb387ef59aa6e1cd1372f8ba12562f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
082fb3ad3458ecbabc9f31fb7db0c6e8

SHA1
e2aa090a63e95472c6199aecbf2ac195b5a823e6

SHA256
2ddb17afc6805b84eb30c18601d3f82f8bb6a9de4d965662815dd407cbe3eb6e

SHA512
6ed3c846855ea4718c77522837017bf049341ef90cf708c14bacbebe46af08f458bd5a4996e4775f67a6eb8e1270a211fc70a51ae3a7946a1603de9ff64ade36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
498bf81e33bb5049c3debae62c74efcc

SHA1
20fc55b2876f333c499eef8df85ec60bc4fafad3

SHA256
152ca232dedd61889b962d524343a9329370ad1acc9c07dd5367b6609f43219c

SHA512
e276eeaf375f516ae7960607d82f63ff8bf4006da87813036612026c5816ed39d41ee09200516ca511f32410c6d87a30cb2eaffc4184467ae4f3722e293a1a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4cec3308d2337863184a8d5a4ab81b03

SHA1
86a4f75c8955ffa09edcfa97e182e957d6de3c95

SHA256
b1f61827d746dfc92d4a0139935dccf90b85506858294be4eeb28c62d756fb6f

SHA512
6542aac5842974e704c889676d2cbec760eebde5cacfb694109f9e58d3dce14b1473d3093c19ceb929caeb5dd7dfe2c988752bc7260145f41121b724a9cc32e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40bb90bbc5e52ae621c3ebf5aa3df073

SHA1
d364f61132fe144b294b81daaada768ee03a5fd0

SHA256
9b8608de00b19655f850022532a42653d655527e9645510517971cb8b908b1f7

SHA512
7eace16d2b4cd5b7a5363ac8946b1a4c29fcb2fea09f86465da2d10774e84e87edd6781883a75443180f2824f6841a759e44319d4e09367a479bbd9088dd2c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62c7b1f9e975fcb51b3e8bd45bf450bc

SHA1
7e5047146831bfb4e2645b4794598c5e9a5f9858

SHA256
9df5d8ee5960260f096f97006dbbe9037e8f69b801be418ec23ba2d544296a71

SHA512
614ed6b80f1c6274bade74a31e54cfb4a58db20f54a16eacfba2fd0af5ff2444128c0b22c98213e136c50965b6c7cbe33c32f5c8e805bc83e4f9b82dade8a278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
69eec8134748e9e23b730a7603a832c0

SHA1
13508061114cb36093afa826a9ca961f04089d21

SHA256
86e633a8a3ad5bf62912e25e1442be325d3a7d59fbf2c2ea4c97e76009a5f297

SHA512
23e85e6841d21f5c9ec9903534ac223c8847365026abc1b2ebe1e1dd5c5d3f804906f821f20df7963c3f7ef86f7be123e627c4db02a216c439bb92e98d5d3fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1e424ddf722ac32756ca8b6225a91e2a

SHA1
5f298a23c6c596ad4dde942ef63ab425dd0423a4

SHA256
ff791c7fcbd8d02e0d60d9510403d1f243a686137b897930e626e87ab6eaeec0

SHA512
7a28f5c3df459385aada61b87d354ea0a276eff80cff749e992a0dce01ede8273f94ffcb9d1692d05f64fbe9f69af94b125848577d24c929d00ff1a3fef98a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9b8aa0c50bfa5f861fb94881e7d6e0d5

SHA1
28175ae9fbf0b9939aa4cc66e98aabc7611e1bc0

SHA256
302c8b8f0518fce9944aa13bab471a8dd87f8d12ce2cb54ca50a342b0ad0f726

SHA512
6b18a31e4c14cea7c1dece0e9b1493995c7b5dd6e1b7d090111c78dac55ccba8a153eb657b90f7747cdea72b012290b714fdc856ffb0c841b7903feec164aed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8a65d76ba88d70c2ca6359b087b647ff

SHA1
806a327f7772f5a757ea6e3ef16b7ec03f59be4d

SHA256
632f0a0a92ddcc455acb5e2dd9f52c87d70e61266f499b7ef526b79b9e1786f0

SHA512
9d8928b12f4493aa534c96819349f3c0b071199d9fae5f4cd928a79e5c38fa54ebf55b3dc1f12b5ebf6c0b7e803a81e77de66ffad14513512ca830c81162fd91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3722e6c5cd063a41c53e0c05a0d01f20

SHA1
d2cbe3321f8b8ba3a343c77e082eda8c91b6f3ac

SHA256
dbd011d1c8683dff75851bd47578b4cf13872cc498ca58074a382781a6da909c

SHA512
fec5fa38c11530e780ea29bc274924c6f9db399a267db921107f00b5e5f376746ce36a34ca93aa6659dd72d0354aa0d82cf6c2d64f67be45820852bf778104d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
c477bf81ba4217b45ad18a53e4e6dbce

SHA1
8c2939bd7f064851df7a2fb04d8121eaaceb1418

SHA256
844bacc14bd3a4a7a9fa42af754a700ebd40256341c3bdf1bf1bb60bb74dca30

SHA512
102508ea88c35f094115a30a88e33a3411679a6872f15eb29bbc6960f172d9f83c4a373a5b593d07f481867a3c38cbf2b3150a08137162d0516d15b36a2b8736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a3cfba1fb9b21a08e482cd63ef3e6d97

SHA1
7977990e3a7d504f29cc90ddda612e11fa345dd4

SHA256
99fa612614d18ac241823ab8a85aaf6f6fa81f751accb7896fa70f3431e9d6c0

SHA512
1a1cca4842ce8578a15295bd4e082f44b4402a72c2b5ae87a2470730ad6ea1c6259ad8e9204a15f50a61448aa56964c771f33e66bca8a6061210937483c86946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65582bd15f3ec70ee1b4c557484c5f88

SHA1
44dffce4c161232746a42a4bf61a90723d9bb846

SHA256
4243919aca6b2b5bc7ae22dd0eaa6eb728814f3a537e491be5d5f8c3d7f5d181

SHA512
1ec6ce27b90261154c5cdcd7cba7425464ae0d5e1c40e1dbb9842bd9ebc73891b05a59ba20caa9d3743c26e4849bed4fdad56bfe969b6889fa4befac19d0e996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8be6a04ab9b369332e56f45dc3029593

SHA1
0d701df6d15e34fe2b82ba5b1b28052f6d28a050

SHA256
d2eda6045aaa0c6fd38494a676c44313de92849c672d613d00f64620631ac96e

SHA512
1dc3798412773ac91f54330ed38f224f01a08ceaa63dbac44153888c294cd6b56bbb03fb2c1d3ecf3297cf3096a1ebdf6fef511b1e82cedffddfd15494fc6b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4390f18d46ea4019954aaf18074a50da

SHA1
813ce861572f6e62730ade091b2966f53af54151

SHA256
880b3384db8417a4b9f723279e192bacf47b1ae53b7705534bbdc469f547f103

SHA512
e573a54479d36a2391dd6556db40a847a359d014ac836d7e3190372b1a90a7b2553e0912e3161320ef3e980ea696826077c531a0552c60b4e65ce79d4ff6abc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
478608b75fe8fde4e25be80fdeb63dc4

SHA1
0acb5c14724e5a91a5660ddb7df78a1d229e098e

SHA256
bd1ead8fc5f3d5856dac3061161a29109cbc16fc727ad2ae90057785d0e2d309

SHA512
a596d2ddda427566a9b31711c522597d24e37d08b17988b59d43c398efda150d5767696314c3b1c3a92a2e60ed8d625e2779dc3cfc69b0919cf5cf964ab0bec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
dedd10c54dadad2a781092fda628d27f

SHA1
2dc77b44da152f44131cf40330dda6990f3b7335

SHA256
7fde3e57de93e1816dcf9ac052bc082e8fabb4cb19f78fac5c19524e7415f590

SHA512
d4e555ac2c2f6ed21be59f5463dc28f28b841555ff68731c130cfb1aca86a1da14c004c7a2f051cf0a49e1e362c0f068009cd6d7d0be7e6588b16d4ae6015cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
ee3c12204f19e9bae02ca151be8a30b3

SHA1
d874f99ce4895569e9c135010030a282f264d7f2

SHA256
b868b8b1ab15e5dd55fded2e1d3e0f965d2f20a115fdeefa3d89b9b7be4fabfb

SHA512
9d0926c5ed4a392a87e770100ced6cfcea2631a46d5a122f6e6a448fb7da3116227e87cf4037533943f5ee327ca8fc07e810b1b165c420dd4dece86a9bc03ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
915571b6ceebf3a22c766ca6e3dce9e7

SHA1
b0f9242723a8ea75eb1d6bef257eb6a42e94fcf4

SHA256
d6b301d2ab015c23eacceee1fab97c3e75e133696ae91986b39c7499afc9963d

SHA512
2b4fef7b919c829a29a16920cdf23795520744d30f4a28aff51666fb8b395faef43df9f818810c0d4624bb725fc15b7cd3c3ea8b7bd6804f89faee30c458bc62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\13fcf51f-2188-405d-8849-3311aefa7a2a\index-dir\the-real-index

Filesize
72B

MD5
545df0cc24ff43d797a2d9a889f3a151

SHA1
bbb09b22644e78723fa96d152d326be6689222d7

SHA256
e7871806a1a79e3e2dea059887d60b9ce82adc546b7c1712575497e945fd0a29

SHA512
d0a9b88b02f0d060d96a12879285fe4189165f4b0d6e8daff48e3444ea74e4c6e5d4506e368ab225bab415712cab87842923e797dfbdcd914c424ae3a54f4935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\13fcf51f-2188-405d-8849-3311aefa7a2a\index-dir\the-real-index~RFe5bb775.TMP

Filesize
48B

MD5
aaf88e2196ae9dacaf93459e7c4b033a

SHA1
1185456828832a95e5aebeb62a52e0489760ce81

SHA256
465a678bd255dfcf45897a49027f5bb0f3164ddd504e5f18306c948b87dd59f7

SHA512
918a56409da94e02bbfee79924b523b89c995ebf05e782a891852a3d8919f50b2d3e268699d4d186df99e49b98cbc70df528b21670360458ad5d8b6431781014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\index.txt

Filesize
76B

MD5
4f8b7df9d6efc8f9c06362e0eeddd9c6

SHA1
b010b23b1ada10031ffe376b62654f056846bc5c

SHA256
e4ba10e6569a6cfcb0331984e8c6fe65f4400c372adcaf3bfcc61457f24fb2de

SHA512
671834eaa0f8a511e585e39adc1b7b39658d9ea580e14c6bc93cd5a1d3585e46074865968b1c194f6e0af0b0ab795d3542398b9a3716cdc94e1770c2f38d85dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\index.txt

Filesize
70B

MD5
2eed3cb0935a68f75f385f96295a2d12

SHA1
88c33816b060b01f8188662b6d119b1ed53124c6

SHA256
ce5729bbdeaf5264fb2b0bf00de9a540d48c10b797a0c65f41ffab77d628d410

SHA512
9bdd9cced25a68b2c3b32e6e094a1b83e0b25ff5355389b4fe6668f715587e66b0400d397e7bc96ff4d017793530cf6872334e3cce6176091f942e2adf0ccfa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e089370d-58e5-43af-b0eb-9cc9711b9a3a\e969d77e575a9dd3_0

Filesize
2KB

MD5
3ff7f4569137f2c3dc1c831e8fceed5e

SHA1
dfafe2ccabad5244f51e8cf560aa99ebc7c81d53

SHA256
6efe08358eebe77c9982c190933aa01706a3c893e8ddba116b152edaaf2a3c86

SHA512
1ba3c68b197f59b31f5eded20705edb33c2a0b7ffe0d500df20d87f3b12732cda9a3eddfa30bd80644e750c86f3b04f5198afbf2f512045427d55c6bafefae3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e089370d-58e5-43af-b0eb-9cc9711b9a3a\index-dir\the-real-index

Filesize
624B

MD5
592a700798d90bb20204270c7eb7c815

SHA1
ad5b6882aa7729559e142eac0dc79162d8587ef7

SHA256
1db191d79ec6c60167174881a7699b8732f8688c1f46d7f6b274338d930ba538

SHA512
971c1ec29d3c51d90957660667f2f91e828113c9b61e9aa2775157c72d817876ddc1d0a12b23e92091c13092e8d9d737926bec912546f5bf65a5664c2a77b6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e089370d-58e5-43af-b0eb-9cc9711b9a3a\index-dir\the-real-index~RFe5ebb01.TMP

Filesize
48B

MD5
a019ec5d9b7ef90c1325d93a2d185ced

SHA1
a72a2ab7f02f5e98dbcf3aa9b23318173781e0e9

SHA256
009503267cc997adcd0fe61a8f7c50a1aac4103e0bb659e74020b9a70f4ac369

SHA512
8d347f1265f85723c13654ca97d3fadc036d6b20235ebb9d7db56261949fb5f13bbfc14f2ce23933bd8a23031488203ce912212f846175dda14cbbedfacf0ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f20ff62e-0db1-4fa8-8650-956f44d1f2d3\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f20ff62e-0db1-4fa8-8650-956f44d1f2d3\index-dir\the-real-index

Filesize
2KB

MD5
886264d7cfa7145e612f13ce446b9b61

SHA1
42bc9d85a5ebb4bcc645c3ce5d2700c9e479de34

SHA256
22ff1726d870a54aa3632f42a9cabeaf54fc30299a1d3a3a338663c3b71ee312

SHA512
78e38a052e54b73e833071bec0f2816877d47c55564bf856ae182cef77f4566865f0ada38457ef4af5e64025f9bdbc35187a7674cc19f63141561de319ed5dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f20ff62e-0db1-4fa8-8650-956f44d1f2d3\index-dir\the-real-index

Filesize
2KB

MD5
5c293f8a61006ce4ffa369fdf0cbb899

SHA1
091efb15c7cc7c341313c1934e4c3ef4ea39a3a4

SHA256
e7f85f2a2f5275d3007f43ca9d7f660136208dba7718d3d52b17ab2ced0c79cd

SHA512
331dea84ccc57db9bed9a1cd8b278eb822c1de7704e7d2fb79a778a0af64b2115afd91f2dad7618649901dba32417af5a932411b63e4fc389998f9ec69ed57dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f20ff62e-0db1-4fa8-8650-956f44d1f2d3\index-dir\the-real-index

Filesize
2KB

MD5
9e7be6e416b75e28d4891e4e145cfff0

SHA1
c9eec8e24ba889cc7d95262fd2e6b5fa2784359a

SHA256
ab0b87efc00fe671a134d348d5a4849b4a2317c9715ef4a1034df47042615003

SHA512
5a928dd470f0aab2410418e071c49bcd26af09910d19c829dc0ac82020f2a07b357a345fccfece24bd3a85f9fb30e051573d8dc6edbd22fec96686c9c00a7990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f20ff62e-0db1-4fa8-8650-956f44d1f2d3\index-dir\the-real-index~RFe5e5d60.TMP

Filesize
48B

MD5
f28728859d4364438776312e34e32c43

SHA1
8993e549b43616e6e2db587ccc5b4e7c8c0f93c8

SHA256
bfdaa76cab4f133dda81cc5643705260dc7b03e2f00ebf708a19f96637a4fd65

SHA512
0e5692cfbd48a9259e03088225214be8b5a7e7216206142ec5ab79b215369208f3771abfa6cb9e2e19435249c2a9d93eec0cf06ec5243a124ce88d2ca8bc8cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
d82a289324bf35555a634acfb49cb369

SHA1
af8f622f40bf8cabee7804ed9db085ced9541f37

SHA256
ca558e5809f2e1cb0f2f6b614fbbf9fa3bf7fc635e4690828403f06b0e534345

SHA512
183b62c69e47fa02e319fdec3aa93634face3b25c84f9776b9be7a9673710bcf6b3d0514414b0a0b56ba779bef3dbae56190c4c1df5dfaffe5bcea583e0fc14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
3dcc19f106dc72c698aaafd530334da5

SHA1
fe50f93802db999b11b6b63e3c44385417c66b54

SHA256
b89df6023b748cf40d4b5d02ed5fdc69ec13e62d74a57bff71d221a027c5434f

SHA512
1a4cb84375308e770bb5be2de7a85909e2c17118975c329c8ac9ab131c79007dcec143c1a22b83fa7443f6ef7c86831b756eac59709d8ede9251a565b1adaab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
ebd850b6131f2d5184f06e11ff855ef0

SHA1
314fe65f0fe1ecd3eb0af8f74a25fc8e56f41839

SHA256
6d98aaf007d7efccfc58086e88916b9e43b1c3d760a7015920d77df8780dc5c0

SHA512
c33ec7e679a354300c28b8beb5cfd1aa34bef98f127e9ea96b7cbaaf0ccf738890633b20296d2a8b4c5141b2770f7e704d6596e75b066fe7808018b032852545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
b9b50f375a59ec182fab378ae432c625

SHA1
d81a54b0f4bc80dc164c7fb2f16b69b36150c08e

SHA256
639f9db88c2d7a8090b18f4fd5996ab003fbddd71c12fdfd802c5b01058235e6

SHA512
4b59a45cb091b2f63d908e7c729d78ba2f1922a48129f38b5b0927e053283dad0742c8dc0185c3b467e41ebf0c7ec172c8abb31a48f45f37100ffd0da2b8e4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e9c157ab67b86b4b3f197b3fe9a00695

SHA1
8fd1e70128f53b8e4d393982ba4df88ed7120c87

SHA256
5e62f34a549e524db306fbfc5a1fa5eaaaa984efb891704a483134e576c29cd1

SHA512
3fbc884ebdbf107c2c2aaa89e69138d3c9a86e44aca17a1b5ff32974ea7831954fa029fab9ed1ff016d4f099673ea33603c9c55eb188b544ca5c34822e3d2cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
bb44efc5034668804f6143180e53458b

SHA1
0f1ba6c16ba9ad68ce6b5bdc29114f7fa251fa34

SHA256
15dc05846ab903f45df16e3acd2bc61ed823f17a5a12c40a9ab1b55700e71135

SHA512
09f25c9d797f5802f89c354b819030aef2ccdbdd5bb64836386396885ab5e32e619fb685312855c800c88ab4e97b6fe52ac257891d325a234dfdd253cbf35865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2ff645fffdb0d278222f33bfb44b483f

SHA1
c52fdbe31ee355b03680cae2dd436164f0f36eb8

SHA256
e4a0c0e7a5cbc675ae0d544c07c967d7a6a56148a9f0900bb3cc95ada3847582

SHA512
7e8686079d43e0064b9b75e73b70cd487d657eba91be86d3d52f21d44c01b9c7c20fe44c9215e3c3792694ba6945c1940b8dc5cfc35b3d7d24b6e27c12a1d5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5e4da1.TMP

Filesize
89B

MD5
638ea96196ce10275351ffbaeba84456

SHA1
3fa2b99e915f91172a7c2043b3f4b11a1868f4c1

SHA256
26664d3ddf2a81b811903432df8f3fb076eeb13c750dac65dbb85ec09f18ca69

SHA512
da701223644b8eb078de78a2484b9de7d8b72d52c26ce044e70c48b904d890cc6c819351df97ad589ecc468223b8699886f3af20dad82b13788c882daa13a24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
b287a148a3c656d03f27ef4d57b7645a

SHA1
b5caafc8796893927fd4d11cf43549d0cfb8345d

SHA256
842e230960f9830004d4b2cd7125ee68c01851d61f85bd475228372eb5a6183a

SHA512
91a05ff3b78a1d22500a5a16a5cd0dd0ef4b7fdbfc208a62c1b3ea2f8dbc9421294ebe95e1e5a105cbfa9eb391424e25f8e9cee8af89d43a3603bd12ecdcccd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
11595f717e81e21c6c3d0228f521926d

SHA1
f7d42bf7286066905ad6522acf1bac00479e3cd5

SHA256
0e2bc21f2b2682d7913fce9bdfe624cf37a4b9e6c13487e2a1c58d31054393b6

SHA512
b03cb27a08ba197ca4d9ca0b3ce5570603eb4f88b8c84cd14474451175c4fef180016383998c9c5096a5fd65695966bc93ebfc19412cf2d801ee9fc89be5b439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bf4cc.TMP

Filesize
72B

MD5
5db9e57297ca9c7e4192b9f3708e5dc3

SHA1
494972bbbae49b85b9bf0b93e3aa6a06270730fd

SHA256
ad5e798538e8c5e83a30fbec5c96d6aa33f38ec0715d5615e5f4a79095602e7a

SHA512
12c495e7f3d985b0a443b822a0334f1e897460232bd7a85dcb688895eb48b8a70adda48ec6a7cb1969cf42a8aa96efbc492575678590367a0c21101b72abcc21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9baac56fd148588431f586191c86870

SHA1
d9a490a1dff4d69f273681103608b1cd6058a524

SHA256
36c74af63092e1f4881d389706ca81df70af9cb5c6ec964b4a8fd46c17d13472

SHA512
7359e4f996bf42890316b6218b7f6ec8360b0f633ad22909aa5d0503ef363102c5e599df0aa2155893c1cc924b0a6063a1748220e95c76eec14a3d08c6f17d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a295b4707d63e2fa831b2a3ce2558083

SHA1
53a0a5a8d6cec3f2af21e793e9befd72627a663f

SHA256
0e36806708ca2971b0d117e8a70fca1988e758bd03b26fbcd3386efa2298d897

SHA512
62b2ac1eee0eb1a5f06e0ee2b8c40a273ed70812633e9c1160c2c4211df9a22672ba8a8d262c70159dce5ac388e259cb57b5352e5c60f120ac40b5f5967ac21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
677d2e3f509e8e0dc6a335196fa5380d

SHA1
dc16c0040e40cdd0e91794cdbc0da2389eaba90e

SHA256
42a0b5af22828e7c71f2826a7ffbf09a713c3f4ad01a6069c7884e7ae0384a05

SHA512
4ea00135a22f24d7092564ff8a5f4742be8def657e5ece09d9932c1d50e5c2238b97577b3bfa0ffe4f7497975f81cd5a94c45b5bec640ea24fc5ff0813da724b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
79eff00173f2b629fd1a0a89c88bdf4c

SHA1
c952cc52ec887c254b82ce6a6e61e3378f456f0f

SHA256
7403e1e167a9c340a15ee370ec960958c1803e32d42276433f3ecde696213035

SHA512
848306bb1ae0904f8e2332a1ef8ce7fc8347e516de29f2a5fafde8da919a2b20865a7677ceee048d56925939e360e9c1cd117f474346e3083436767267445754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
690a4b532e71a940faf1710c4e67c40c

SHA1
a7b6d343e9dedb0a3b7d74f5cacb26db6f5dd054

SHA256
ac8e4ec07692de9bed62377d731e58489e124166e91959545bad0cc0c82c26e2

SHA512
f6d92363094e79f4748e8aa945e462e1d62d223fc100aa414c28ca86369426631b4fbae0ac9dfc962295af3eb9949f8bcf3a89027acc5bef70cafa8c9b6a6979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d2476de48b0261b9d077548468738b2

SHA1
ad48144354ea81a96cbab090a608a61ea3847cdf

SHA256
ac90d45101d0c168e9a6189990bce9b64f28708f90691e9e008b764e033b4568

SHA512
331e853690e6bc95f5d4b2603235babbba627d2cb79d0eec8653175919f4cfc709973d4c74498be0ecabe886c506ae0f75bd78d5ff0252c8a7d156f0fd808a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
49cf38d4fc08faa81d89beb9cce0447d

SHA1
f48890e283c10f2ad6b4cc45cae6ccf6d12376ac

SHA256
aaa71d881609f0a9d65a57a23c5467c248d5e8031d16cb8374a1f1fd34555dc0

SHA512
0077013e6822fcbaf66fbee88843b2983214cd285fff79e92679ee80ffb0b239edcde61f5b3d0205561839038765e21a0a51d3482a4151830c51b42c18d25843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
b28546b5ac3ec3d17c6deac54a7d6256

SHA1
c6df6e00f08b05a9ad35a039c10dd4ab8cf44384

SHA256
60f69d92fe70fc540c764634ebe74760133c1b2c173bb882079b5b57c55d5dd1

SHA512
f545b106e49b7a224c3df87b9570ebeca1d35c58331ef2d1d04db20c4fc81581629cf911c4b76cdaa05f3e512bebdfcebf311d98e0cdb71f1ef66695cb532881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
471b3298011f7ce09c0e82f465690e76

SHA1
d112c60e87479c50f4eac8ff021e98c1d7ada79c

SHA256
e6051cb840e7198a6ad7fe272d87442cd02386115b6037144dddb19266b2bef8

SHA512
d01b299008a06257d17c42adb5cd8c0df933a1d0d626cd855a8d22dfdd964b0632c307bf051ad6a3f2b0c240878a17e38c085ea8c92a53ce2483489c6e777774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cc8f1f5babcbb0c5ff3d023addbe773e

SHA1
dad0241ba66edbd7168a3fea0a5596bcc153264e

SHA256
025c698aad97d84aa503a4f59836420b9bd199c69e99b455e496d268637405e4

SHA512
c27ed265cb6c52aca16c933550bb70c09b584fef8d84f9877be5006407635c2cd76789f46592a8b2b92c994cf8be80a9bc415e42345ba058c7792fa5e1b762e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
91e7fb31a4bbbe9b357975df823a0262

SHA1
8f0535bdd6cb13e5d22be4f7442ca1316d4f88ec

SHA256
aae447955f2a8705b53b46ffbebd94573f12698c3816aff547441a07fce0b48b

SHA512
00bf73e5857a7ae668b133c8522b7634ea3d432fe7cd0b29889cab0d6f561665c9b93811cee17df77f652995bd1b0c3890985a7ac262b3909cd8212c60852117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
6c0b8f280ebb75833c74d7b50941795e

SHA1
1f291fdc09dfb78bd752d5a007aeb6a754c4a833

SHA256
fca8cefb1e05c0a48fa60d6a3b60c0e6cf6f96dced3a5d2a1a1b242872e469bf

SHA512
63709115f9da012f67367ad2e844771c86142a27d5b135f632c41252950613a284393c830a99e2d67c16fb35859038a4b861fe8f0e9e44cd1dfd7e8bc13fe054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
459327312e5509db07d82628b585f5e3

SHA1
4fb2990d7caaf9a3e17efbe10566f59a3cef424f

SHA256
ffbfea0a7f5b5358b6e8fdec168149b5885c918a90fd118a5f8985ec5c5bfb56

SHA512
aaf7a1cb7e18cf15a90dad7e1e84982a4be7d1a6032b688c48e9646ec06a586444e26008f8930f5dca23d16b8a815077e91584a6afa9e259db5b4a011c428ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
d2732d0f68be69fa5e511cd0c830bf10

SHA1
897ff46cd1cc955620eb51242150b1757c45fba1

SHA256
8e2db95cb36913aa29abc70b2217d97e484f2c3220f198bdcd563b00499abbab

SHA512
cddd605b829f58ea5efd79b0bc82031ac081a5a85b953d15be68427357b7a6a3cdfc3a56e9f68611ce1d7e38a3f55882af7d5cf5258f9ddbecb42908fbcaf977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
bb6f231a8b39ee31aea7f33a748e504d

SHA1
3b8176caa0a6180e67708dffd3502cdf5b389b9f

SHA256
e2ccb874b66e4a311e45efefa57436d428fecaa3cc6c017e9db2219ad91fc8a1

SHA512
987026eb6218e4b520bddc38f01e9de427a1de97a1fea62e151a23e6bb5b8bf3066e5166352832a410fdc3dd88b497d46266a0af7478d55f1c7031598038c863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a46253af7ba196d104e262271ff98838

SHA1
f2897c7e712fb3180cdf4afe191630f1ca96003e

SHA256
83ba6a29f8a76393405e65b428349344d8e294baed739d5d6f2c7db2cda2086d

SHA512
9b928c260c4469a9bb183bd5ecaad3797a257d64123733a4d92562622be89cf8a82f929756962bd26f5faea041a64d39a17fa573f47f857cd24750a1657cfc19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ccc.TMP

Filesize
538B

MD5
ea9c6822bf761ee4dc7cd39b39660e44

SHA1
218fe828608e2822e3d38c649144b67ffc958d35

SHA256
126202eea53468c1850ebef33fc55a3d66e9c94c7d0c24abe65089bd38f48aca

SHA512
ad11503d89113d40b9daeef98924dafd7e9cabbaf226af2ae62ffd6279773a2affdcd11947bf039f409440e07049b7ebec37b3c07ead9301cc4f6f5ec43d37da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c12a0379-c13e-4564-bd22-fd20e4cc6ad6.tmp

Filesize
6KB

MD5
a0298d65c411ff2d1d3a2d233f1876a1

SHA1
4c9396744e8a904ca74e7df6ed60cd71532571b9

SHA256
4f3d6c9da4a97b562b72f6300ce8f763bd3c51b8fb81f868277e307886d9a5b5

SHA512
0a5fd3ea73a9cf62f3584c036972d3a4de495fda4c8a38db88894558aa9cc129db2965ae952d9c3c90eaf894b9b90fb7522092620476879f063dc7328adecd74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1343cc0acc18584eeec776f53143e38

SHA1
4b691efa78ed81723372814b951827b132ff8755

SHA256
6e027e191d8221ae8ff38ffe7f495489908b2fea90e0f506d8269568623176d9

SHA512
1e33f9a39c92a3e012aefaf4931e5f437c513749eb3ed28db6e9cd128bc0608b8396a2bb5d702c1e17d8d359c3ef455a1f3bd5ad78bf67bbfd6791bdcabfa795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c95c11ee7d548efa33218c683d175c48

SHA1
634d48321e94d491de6e54d2ef72627207af823a

SHA256
9679a79605bc14109ced1a83d6f433dcedeec062f04f6cddbb5e84033c6db234

SHA512
a021a4e4ca9fc3c576fc0a58ab47c1c8b1abbe5170836f8f75efca065e901e2e5f44fe28346d8e53483ea54135ca94b8c64c05f2eb884830bc965af5a322debe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3156932940cf30f6a3e1cfacc4147ca6

SHA1
d654011dcf976480d3b6d0e5d6b0ca8cc5c43eec

SHA256
6c8fb965794593f66e9c20a1e4c8a37155b62b264e528ad876082cc463e5c66f

SHA512
c295b15c09954de42fb8f03b15303f8f3693cede32078c3c627949b67bb01aa3854878404f93720ee4f2689a45b07f7bb310506f96906c0b69bea55966844eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
50886ab0e158d8dc109e64e4d41ea19f

SHA1
894469f7657357979a275fbaf01041d1e9050b0f

SHA256
09686c6b577ae800bd7945ff40f4035410621c610328854fdf7342bb9cdf4e32

SHA512
639502a9f4f357a266c5814d7be8e8648b41b84feba56d5c3cc9777a62c2f7f80eef56af55495735e176074e8def735787b2ccd3ab11033f97d437215590d333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0b073fdf8d288c427e5cbddd3d9972b5

SHA1
36f523afbd94894ff793cfd5623ccb86ca493d38

SHA256
ac38aceb6883af778228e2c8aaad8563d317aec213575db554500f3b5ebda797

SHA512
aa2f0cadc16b1d82e4277787624d3f79a352edda9a92bca29dd19a7ba9fbf219d5ded63a8a726782f22a854e3d78e5078fcd09b78827e3a4bfd40b044b0afbcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7RK5H.tmp\butterflyondesktop.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\CloudStore\driver_utility.exe

Filesize
1.3MB

MD5
5170df27b1aca07eed9ae0d8a2522af8

SHA1
afbaa8a2c2f14752cf54fb79de447e576744a2f0

SHA256
86d82a797944a04f68c4c05c9debde1172dbeaba94230f692eb27f8f8aa17add

SHA512
f622b5f302799511c5f2ff842d3f0b7493b2c9e8475cd0d73b215d3719704551302a772dfec2bea995bc31d7e5acf304decfd30371a6c7a7dbae96f2101f3ae1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
28a844a8a041815de817fa587127185a

SHA1
b54365121f9b9e378d37a737ca7114f72a737815

SHA256
7164a8b264dda91325b76497ad1484aa0d3279f7ce2d1a086663dd60c334a9b3

SHA512
2e90dd5cdf2472f92ed163655422c0fcd7a49db8d260326e7bb1dbb66552b382c707e99c66b9492e71be2128721ea8630426f770dff10e793f159c08eae32194

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f8ddab6dc821a8f0f6c17547f5e571d3

SHA1
6c71feaccac4aeda3c499c5344a01ccd53273674

SHA256
9f9d8355c287d726bcc2c382595b65444f2ea18c7797f9b936f75254af0d741a

SHA512
5b21065c8af15dae09d40d2e2bc1ef75049a41b32273da8b5e4c81171d5c9994041bd87ed8a2a54ffc952169ea780ff5b4218e29242f29f70d7a204c57b6daf0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a3426d8f68c11f50d62bf6ad59e3de5a

SHA1
098583e6ba30842ed62381c6bbadaf703dc76e45

SHA256
5f7c732d7178899095451d3c938826540444e1fdeef2c996aa3894e88ad6ef6f

SHA512
90a4d449c2a44c73a1676d8f709df0e2fb4ef80e3cf2b9e60f87743e0ea2777d779ca27ae8376910bc8175b057305bc47abcb2b23afebc27110a3dcea463f5ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
aee90a65435b580342279385f2a973ea

SHA1
80feb4be8fa7f444416f2eeebdfd54c6c855726e

SHA256
29a21e943fbfc26bb8f44bb3b841da15111d3d93c4e5dbcd311524d9fcce4e1e

SHA512
fd47193e818d89c1cb639d1117041c461065a4515b46cc482d6788ca8ec3fe7cbb5969075d2025ab27b7e74f0aa69f9663129ed9f00f117d701927c278b39e5d

Download Submit
C:\Users\Admin\Downloads\Release.rar

Filesize
6.7MB

MD5
c6355db74fda9ffce0e01eddbb5274fb

SHA1
1da2003b84f95afe52f8879327b8f85840eb71d1

SHA256
2c554758c8c01d147e940e6a4cbd6ee44e0d8fe22351938df800d2d76bd45f7d

SHA512
a0a1cf5e92d32f9ae600456382ceb7e4cfaba84854be4a5a396f33b9524bf8bfa900c8a2abbb455779e502d6c78fabbe2b0561f2b28ba57ebca6601548e77e7f

Download Submit
C:\Users\Admin\Downloads\Release\Release\dlls\fortnite_undetected.dll

Filesize
609KB

MD5
81b84eebbfa9bdadc4f657863ce35e7c

SHA1
c3be75fdc41791679cf073ba652123b63d26c416

SHA256
a3d2ffc09ef0582cd4e72cd2117cf647a190d2bfb8dc3f36dd6ad72a3161c155

SHA512
8127427064f5695c349ce69838a6916c6f792192a5e692eff8f53fdaa4943f4245d173c95838b10e91542bd264f9638f869fb76669b2af8be2e134687545a073

Download Submit
C:\Users\Admin\Downloads\Release\Release\loader.exe

Filesize
6.5MB

MD5
5640e7c7fbbfa0134b74865a6d4737ea

SHA1
82cb4c4440e9e3baab6b75994d94041e66830b3c

SHA256
55ec88ada55c35967781c12ac60757e8e8f6257357cf5508cf17eca7a8acc123

SHA512
3acea538d5910aee2faa1c954e927eefa9c606eb35637072e3f06601c5fe91cf95e8d3ca176ae5ecec8b1a1f017da867408a29b0a9e0d4c47085d439ce8a1342

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 626763.crdownload

Filesize
4.4MB

MD5
28442108928cc27a53e3f6884c9b8116

SHA1
c6a200a3ceb16543c94ec60449b85afc37e15afa

SHA256
3c255eb3a09999d5bb2a1edd40b2092273091ade22c62ce84357b316c748dd91

SHA512
c1b820f0fd28d8a5d05ccb2e1f990b8b5dc7c07bfb47921b1758bb4f509573e6c31ebd40bd9725a71eeccf95fc3382e0bb583c507f2d1e9468413b4e61115c85

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 939591.crdownload

Filesize
2.8MB

MD5
1535aa21451192109b86be9bcc7c4345

SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c

SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

Download Submit
memory/2312-1765-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1510-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1360-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1963-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1337-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1552-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1942-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1329-0x00007FF6E7210000-0x00007FF6E76FC000-memory.dmp

Filesize
4.9MB

Download
memory/2400-1278-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1665-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1342-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1204-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1962-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1551-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1301-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1334-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1914-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1425-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1271-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1224-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1290-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1303-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1256-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2400-1305-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2788-1000-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2788-996-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3744-1403-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp

Filesize
500KB

Download
memory/3744-1336-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp

Filesize
500KB

Download
memory/4344-1053-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4344-994-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4552-1405-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp

Filesize
500KB

Download
memory/4552-1335-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp

Filesize
500KB

Download
memory/4552-1307-0x00007FF7B71D0000-0x00007FF7B724D000-memory.dmp

Filesize
500KB

Download
memory/4624-992-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4624-1057-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4952-926-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4952-993-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4952-1054-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5544-995-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5544-933-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5544-1003-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5968-991-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5968-1058-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5968-919-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/6040-1304-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1102-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1333-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1237-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1641-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1525-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1149-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1302-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1270-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1214-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1913-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1277-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1943-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1300-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1391-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1289-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/6040-1338-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download