Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

Resubmissions

22/03/2025, 15:54

250322-tcp83awvbt 8

22/03/2025, 15:52

250322-ta25vawtfx 6

22/03/2025, 15:45

250322-s66bpszmv6 10

19/03/2025, 16:38

250319-t5tf7asps4 8

19/03/2025, 16:34

250319-t24sraywgz 10

19/03/2025, 16:30

250319-tz5bhaywez 10

19/03/2025, 16:29

250319-tzg6zaywdz 1

19/03/2025, 16:26

250319-txvdhssns2 8

19/03/2025, 15:43

250319-s53jesysez 4

18/03/2025, 23:39

250318-3nfnfatky3 6

Analysis

  • max time kernel
    318s
  • max time network
    319s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250314-en
  • resource tags

    arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/03/2025, 15:45

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/Mobile_Legends_Adventure.apk

Score
10/10
wannacryaspackv2defense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwarespywarestealertrojanworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �
Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Disables RegEdit via registry modification 1 IoCs
    defense_evasion
  • Disables Task Manager via registry modification
    defense_evasion
  • Downloads MZ/PE file 4 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 2 IoCs
  • Executes dropped EXE 10 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 22 IoCs
  • Drops file in Windows directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
    defense_evasionprivilege_escalation
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 4 IoCs
    defense_evasion
  • Modifies Control Panel 4 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 17 IoCs
  • NTFS ADS 4 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 59 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    defense_evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/Mobile_Legends_Adventure.apk
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3300
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b8,0x7ffd8723f208,0x7ffd8723f214,0x7ffd8723f220
      2⤵
        PID:4512
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:11
        2⤵
        • Downloads MZ/PE file
        PID:5444
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:5424
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1884,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:13
          2⤵
            PID:3412
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3404,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1
            2⤵
              PID:2220
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:1
              2⤵
                PID:4480
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5108,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:14
                2⤵
                  PID:964
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5100,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:14
                  2⤵
                    PID:1912
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:14
                    2⤵
                      PID:4896
                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:14
                      2⤵
                        PID:748
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:14
                        2⤵
                          PID:1752
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:14
                          2⤵
                            PID:3884
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                              cookie_exporter.exe --cookie-json=1132
                              3⤵
                                PID:3328
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4676,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:14
                              2⤵
                                PID:3256
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5744,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:1
                                2⤵
                                  PID:2012
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:14
                                  2⤵
                                    PID:1048
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6712,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:14
                                    2⤵
                                      PID:2992
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6704,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:14
                                      2⤵
                                        PID:4816
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=2064,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:1
                                        2⤵
                                          PID:4496
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:14
                                          2⤵
                                            PID:880
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=3560,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:1
                                            2⤵
                                              PID:4356
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:14
                                              2⤵
                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                              • NTFS ADS
                                              PID:1968
                                            • C:\Users\Admin\Downloads\Launcher.exe
                                              "C:\Users\Admin\Downloads\Launcher.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:672
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6936,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:14
                                              2⤵
                                                PID:1880
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:14
                                                2⤵
                                                  PID:5412
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6420,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=2060 /prefetch:14
                                                  2⤵
                                                    PID:5172
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7036,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:10
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4792
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6400,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:1
                                                    2⤵
                                                      PID:3332
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7028,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:14
                                                      2⤵
                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                      • NTFS ADS
                                                      PID:5816
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4900,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:14
                                                      2⤵
                                                        PID:6068
                                                      • C:\Users\Admin\Downloads\butterflyondesktop.exe
                                                        "C:\Users\Admin\Downloads\butterflyondesktop.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4908
                                                        • C:\Users\Admin\AppData\Local\Temp\is-EUGRH.tmp\butterflyondesktop.tmp
                                                          "C:\Users\Admin\AppData\Local\Temp\is-EUGRH.tmp\butterflyondesktop.tmp" /SL5="$F0276,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Adds Run key to start application
                                                          • Drops file in Program Files directory
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious use of FindShellTrayWindow
                                                          PID:1872
                                                          • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
                                                            "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Adds Run key to start application
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SendNotifyMessage
                                                            PID:1392
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
                                                            4⤵
                                                              PID:2340
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
                                                                5⤵
                                                                  PID:3328
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3476,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=4628 /prefetch:1
                                                            2⤵
                                                              PID:428
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6952,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:1
                                                              2⤵
                                                                PID:1952
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6392,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:1
                                                                2⤵
                                                                  PID:5776
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3732,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:14
                                                                  2⤵
                                                                    PID:1384
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3520,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:14
                                                                    2⤵
                                                                      PID:3024
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=3408,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:1
                                                                      2⤵
                                                                        PID:1552
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7276,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7352 /prefetch:14
                                                                        2⤵
                                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                        • NTFS ADS
                                                                        PID:4652
                                                                      • C:\Users\Admin\Downloads\WannaCry.exe
                                                                        "C:\Users\Admin\Downloads\WannaCry.exe"
                                                                        2⤵
                                                                        • Drops startup file
                                                                        • Executes dropped EXE
                                                                        • Adds Run key to start application
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:1120
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /c 263391742658522.bat
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:1128
                                                                          • C:\Windows\SysWOW64\cscript.exe
                                                                            cscript //nologo c.vbs
                                                                            4⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:5904
                                                                        • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                          !WannaDecryptor!.exe f
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:1320
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          taskkill /f /im MSExchange*
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:1580
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          taskkill /f /im Microsoft.Exchange.*
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:5384
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          taskkill /f /im sqlserver.exe
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4632
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          taskkill /f /im sqlwriter.exe
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:2608
                                                                        • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                          !WannaDecryptor!.exe c
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:4536
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          cmd.exe /c start /b !WannaDecryptor!.exe v
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:3956
                                                                          • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                            !WannaDecryptor!.exe v
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:900
                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                              cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                              5⤵
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:5052
                                                                              • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                wmic shadowcopy delete
                                                                                6⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:2424
                                                                        • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                          !WannaDecryptor!.exe
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • Sets desktop wallpaper using registry
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:4984
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1052,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:14
                                                                        2⤵
                                                                          PID:744
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6680,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:14
                                                                          2⤵
                                                                            PID:1976
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7344,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
                                                                            2⤵
                                                                              PID:4920
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7196,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:1
                                                                              2⤵
                                                                                PID:2576
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=7184,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:1
                                                                                2⤵
                                                                                  PID:3124
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7508,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:14
                                                                                  2⤵
                                                                                    PID:2432
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7680,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7708 /prefetch:14
                                                                                    2⤵
                                                                                      PID:2524
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7676,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7708 /prefetch:1
                                                                                      2⤵
                                                                                        PID:2184
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7476,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7212 /prefetch:14
                                                                                        2⤵
                                                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                        • NTFS ADS
                                                                                        PID:5304
                                                                                      • C:\Users\Admin\Downloads\BossDaMajor.exe
                                                                                        "C:\Users\Admin\Downloads\BossDaMajor.exe"
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:4968
                                                                                        • C:\Windows\system32\wscript.exe
                                                                                          "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\D32B.tmp\D32C.vbs
                                                                                          3⤵
                                                                                          • Drops file in Program Files directory
                                                                                          PID:1112
                                                                                          • C:\Windows\System32\notepad.exe
                                                                                            "C:\Windows\System32\notepad.exe"
                                                                                            4⤵
                                                                                              PID:3728
                                                                                            • C:\Windows\System32\wscript.exe
                                                                                              "C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
                                                                                              4⤵
                                                                                              • Modifies WinLogon for persistence
                                                                                              • Modifies Windows Defender DisableAntiSpyware settings
                                                                                              • UAC bypass
                                                                                              • Disables RegEdit via registry modification
                                                                                              • Modifies system executable filetype association
                                                                                              • Drops file in Program Files directory
                                                                                              • Access Token Manipulation: Create Process with Token
                                                                                              • Modifies Control Panel
                                                                                              • Modifies registry class
                                                                                              • System policy modification
                                                                                              PID:5052
                                                                                              • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                                                                                                "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
                                                                                                5⤵
                                                                                                • Drops desktop.ini file(s)
                                                                                                • Enumerates connected drives
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • Modifies registry class
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:4368
                                                                                                • C:\Windows\SysWOW64\unregmp2.exe
                                                                                                  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
                                                                                                  6⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:2028
                                                                                                  • C:\Windows\system32\unregmp2.exe
                                                                                                    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                                                                                                    7⤵
                                                                                                    • Enumerates connected drives
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1016
                                                                                              • C:\Windows\System32\shutdown.exe
                                                                                                "C:\Windows\System32\shutdown.exe" -r -t 03
                                                                                                5⤵
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:5404
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6748,i,107184588941260349,3201455191337900114,262144 --variations-seed-version --mojo-platform-channel-handle=7492 /prefetch:14
                                                                                          2⤵
                                                                                            PID:3496
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                          1⤵
                                                                                            PID:3828
                                                                                          • C:\Windows\system32\vssvc.exe
                                                                                            C:\Windows\system32\vssvc.exe
                                                                                            1⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1768
                                                                                          • C:\Windows\system32\NOTEPAD.EXE
                                                                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HideSplit.css
                                                                                            1⤵
                                                                                            • Opens file in notepad (likely ransom note)
                                                                                            PID:3424
                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                            1⤵
                                                                                            • Modifies registry class
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:5788
                                                                                          • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
                                                                                            "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\SearchUndo.xml"
                                                                                            1⤵
                                                                                              PID:4412
                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SearchUndo.xml
                                                                                                2⤵
                                                                                                • Modifies Internet Explorer settings
                                                                                                PID:3420
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "file:///C:/Users/Admin/Desktop/SearchUndo.xml"
                                                                                                  3⤵
                                                                                                    PID:4232
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch -- file:///C:/Users/Admin/Desktop/SearchUndo.xml
                                                                                                      4⤵
                                                                                                        PID:1016
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
                                                                                                  1⤵
                                                                                                  • Drops file in Windows directory
                                                                                                  PID:1096
                                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                                  C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
                                                                                                  1⤵
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:5200
                                                                                                • C:\Windows\System32\PickerHost.exe
                                                                                                  C:\Windows\System32\PickerHost.exe -Embedding
                                                                                                  1⤵
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:4520
                                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                                  "LogonUI.exe" /flags:0x4 /state0:0xa398a055 /state1:0x41c64e6d
                                                                                                  1⤵
                                                                                                  • Modifies data under HKEY_USERS
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:3388

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Reconnaissance

                                                                                                Resource Development

                                                                                                Initial Access

                                                                                                Execution

                                                                                                Windows Management Instrumentation

                                                                                                1
                                                                                                T1047

                                                                                                Persistence

                                                                                                Boot or Logon Autostart Execution

                                                                                                2
                                                                                                T1547

                                                                                                Registry Run Keys / Startup Folder

                                                                                                1
                                                                                                T1547.001

                                                                                                Winlogon Helper DLL

                                                                                                1
                                                                                                T1547.004

                                                                                                Create or Modify System Process

                                                                                                1
                                                                                                T1543

                                                                                                Windows Service

                                                                                                1
                                                                                                T1543.003

                                                                                                Event Triggered Execution

                                                                                                1
                                                                                                T1546

                                                                                                Change Default File Association

                                                                                                1
                                                                                                T1546.001

                                                                                                Privilege Escalation

                                                                                                Abuse Elevation Control Mechanism

                                                                                                1
                                                                                                T1548

                                                                                                Bypass User Account Control

                                                                                                1
                                                                                                T1548.002

                                                                                                Access Token Manipulation

                                                                                                1
                                                                                                T1134

                                                                                                Create Process with Token

                                                                                                1
                                                                                                T1134.002

                                                                                                Boot or Logon Autostart Execution

                                                                                                2
                                                                                                T1547

                                                                                                Registry Run Keys / Startup Folder

                                                                                                1
                                                                                                T1547.001

                                                                                                Winlogon Helper DLL

                                                                                                1
                                                                                                T1547.004

                                                                                                Create or Modify System Process

                                                                                                1
                                                                                                T1543

                                                                                                Windows Service

                                                                                                1
                                                                                                T1543.003

                                                                                                Event Triggered Execution

                                                                                                1
                                                                                                T1546

                                                                                                Change Default File Association

                                                                                                1
                                                                                                T1546.001

                                                                                                Defense Evasion

                                                                                                Abuse Elevation Control Mechanism

                                                                                                1
                                                                                                T1548

                                                                                                Bypass User Account Control

                                                                                                1
                                                                                                T1548.002

                                                                                                Access Token Manipulation

                                                                                                1
                                                                                                T1134

                                                                                                Create Process with Token

                                                                                                1
                                                                                                T1134.002

                                                                                                Impair Defenses

                                                                                                2
                                                                                                T1562

                                                                                                Disable or Modify Tools

                                                                                                2
                                                                                                T1562.001

                                                                                                Indicator Removal

                                                                                                1
                                                                                                T1070

                                                                                                File Deletion

                                                                                                1
                                                                                                T1070.004

                                                                                                Modify Registry

                                                                                                8
                                                                                                T1112

                                                                                                Subvert Trust Controls

                                                                                                1
                                                                                                T1553

                                                                                                SIP and Trust Provider Hijacking

                                                                                                1
                                                                                                T1553.003

                                                                                                Credential Access

                                                                                                Credentials from Password Stores

                                                                                                1
                                                                                                T1555

                                                                                                Credentials from Web Browsers

                                                                                                1
                                                                                                T1555.003

                                                                                                Unsecured Credentials

                                                                                                1
                                                                                                T1552

                                                                                                Credentials In Files

                                                                                                1
                                                                                                T1552.001

                                                                                                Discovery

                                                                                                Browser Information Discovery

                                                                                                1
                                                                                                T1217

                                                                                                Peripheral Device Discovery

                                                                                                1
                                                                                                T1120

                                                                                                Query Registry

                                                                                                3
                                                                                                T1012

                                                                                                System Information Discovery

                                                                                                3
                                                                                                T1082

                                                                                                System Location Discovery

                                                                                                1
                                                                                                T1614

                                                                                                System Language Discovery

                                                                                                1
                                                                                                T1614.001

                                                                                                Lateral Movement

                                                                                                Collection

                                                                                                Data from Local System

                                                                                                1
                                                                                                T1005

                                                                                                Command and Control

                                                                                                Web Service

                                                                                                1
                                                                                                T1102

                                                                                                Exfiltration

                                                                                                Impact

                                                                                                Defacement

                                                                                                1
                                                                                                T1491

                                                                                                Inhibit System Recovery

                                                                                                1
                                                                                                T1490

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  MD5

                                                                                                  81aab57e0ef37ddff02d0106ced6b91e

                                                                                                  SHA1

                                                                                                  6e3895b350ef1545902bd23e7162dfce4c64e029

                                                                                                  SHA256

                                                                                                  a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

                                                                                                  SHA512

                                                                                                  a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                  Filesize

                                                                                                  280B

                                                                                                  MD5

                                                                                                  19a88bad99bffbae6102e191cfedd75b

                                                                                                  SHA1

                                                                                                  df476b325df883b73eda1b2349bab45aa22e808d

                                                                                                  SHA256

                                                                                                  0d576dfbde1712b7288e4561e3eea75ffdad84dc50a77ceb57a6e9c37d60465a

                                                                                                  SHA512

                                                                                                  9ec5eb487d8c8fc8e283a94bd43afd740edc4df6a4509d83629416d040586bd42330eb0da6dd41ec1e5550bce9a6643319ff8584f8638a9cde9042fa406825fc

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log
                                                                                                  Filesize

                                                                                                  21KB

                                                                                                  MD5

                                                                                                  52067623a5b07fbaddbd74bb990566bf

                                                                                                  SHA1

                                                                                                  06931ae3e68518555aa09bad0e39f52ede18e3df

                                                                                                  SHA256

                                                                                                  fb38e9efbee23585fec4c019dbf1e7f2f774b5cad433b3388aea185589ac12b0

                                                                                                  SHA512

                                                                                                  02b4ab6a1ada571ab88dfb2fbb632a5c4497be8c818a4f7dba477430eaeca5aa9778e068f2e3ea2a6a5c8a7bc95d121426d4299fdbf50be9c70ca14bc8609bf1

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
                                                                                                  Filesize

                                                                                                  331B

                                                                                                  MD5

                                                                                                  c672e6498dd54bb005300e78e8656634

                                                                                                  SHA1

                                                                                                  1a19511ea34291fa5d71c54493a43101fb83a20c

                                                                                                  SHA256

                                                                                                  1ad07e58e6c1da09d53cb3f6df1005d83d1e1397c66496ed2e30170e46408da5

                                                                                                  SHA512

                                                                                                  19ce8a0c91d607fb0de9672ffa476ff974a6d015eab92d3dd7efb3e167790dc3755679c348b16cf99b478d6871bcd8ff50d22b293d7ef9d89aea2cb3b18a37a3

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  ee2ca320f552fa5b5750140bde0708f6

                                                                                                  SHA1

                                                                                                  b52e8ced97bd3ae97a0eb991834c06162af2e232

                                                                                                  SHA256

                                                                                                  558f1afb0d491519a2a2deaeda073a125b955405edbf03f654968de3d8a49e09

                                                                                                  SHA512

                                                                                                  9310f34a833d04aa6a3864b897cb12da7565e0a149f01f55c41d35c63bb6563c44fb57156d228a8830a05efec031613a4214b08515f84b05e56f44a75912670e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  a3f1772ccccb7ae58243685b8f32a426

                                                                                                  SHA1

                                                                                                  a5c63a8122ed4ca849fc2c425493591ccc587b64

                                                                                                  SHA256

                                                                                                  b5d5e80c1b4b62acb226d65d238fa41eab5d0c9b858a4712593cccac0e191058

                                                                                                  SHA512

                                                                                                  37f7911a9a511fea2615fcf33dc8c2245048e75afb10536a14d999107c14548eeca05c0760065bf582c4509c9b7a1c255058822d43c884c23a23ae08a3166cf4

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d33e.TMP
                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  ae5af7f6b53647cd484c8b008c972261

                                                                                                  SHA1

                                                                                                  6169a4dac805f8748da79fb63c404bbb505e70c3

                                                                                                  SHA256

                                                                                                  291cae2dfce760cf630e3e52f96ab6fe37fa4511cc21b440e699b42fb390548a

                                                                                                  SHA512

                                                                                                  13fb18ce5c81e9b3c7d719bd5ec9ad955a72e4f2fff7234de0833018a965b78f039f14f0618abc863977f0d4b77b7e920df3778c67724f608154df56b88d1c78

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                                                  SHA1

                                                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                  SHA256

                                                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                  SHA512

                                                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                                                                                  Filesize

                                                                                                  107KB

                                                                                                  MD5

                                                                                                  40e2018187b61af5be8caf035fb72882

                                                                                                  SHA1

                                                                                                  72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                                                                                  SHA256

                                                                                                  b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                                                                                  SHA512

                                                                                                  a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  13e7072abb37584b27b53cfd21807696

                                                                                                  SHA1

                                                                                                  485cdc47e165398db43a6a2fab9529fbab93019c

                                                                                                  SHA256

                                                                                                  99ad3fec17e508780f73e54ea01dafca02d61c6b9830a0b56f74314583de16e2

                                                                                                  SHA512

                                                                                                  00134d3235ec86df2c1b5fd680365e5643c9e1933b3a3ef447f670e983ba66a151096107f5801a044352bbee3a65d83ceb2dbe53c6f48a40fb09fdd9639d8954

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  ddfbb00672ea96f4fe4f00ac8dbdf26f

                                                                                                  SHA1

                                                                                                  1d246e02111951a56681c1bcee89a6796e03509f

                                                                                                  SHA256

                                                                                                  1538c0369eb5bd1745440a2b449dd1e634f83bae8de59062d5617dbe079c4116

                                                                                                  SHA512

                                                                                                  c7cce9bae1c6b1aad0c484192381e80d33f4047248be98ff8174a3e071247814dba02604236e1c6a8b46418038efaca1cce6b7c9f4e98b555174cf239759bbb5

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  c4bca36c3e609a6718487d949ee87182

                                                                                                  SHA1

                                                                                                  2ce4b4e2ff8e4022c0c28531e8f73ea919101917

                                                                                                  SHA256

                                                                                                  eb263500236afa00d9d15091907b32644293d935f60fe4ade82a58db44cb8815

                                                                                                  SHA512

                                                                                                  704eb8603d0b32b6b46bec2c0e3a60818a275eac2d96d9410c6363769727269bac4c14004a557b6490eb50cecc8c0fd7833768bb858456035794548c93a40a72

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  d751713988987e9331980363e24189ce

                                                                                                  SHA1

                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                  SHA256

                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                  SHA512

                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                  Filesize

                                                                                                  40B

                                                                                                  MD5

                                                                                                  20d4b8fa017a12a108c87f540836e250

                                                                                                  SHA1

                                                                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                  SHA256

                                                                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                  SHA512

                                                                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  18KB

                                                                                                  MD5

                                                                                                  efcde8297dc62f319888db97fb85c019

                                                                                                  SHA1

                                                                                                  f1336323e62bc4034cda8fd802998cc2349965b3

                                                                                                  SHA256

                                                                                                  9a25f298a6eb05937618ef70bf1aa9c2bd1b3f7139882237ac7e9d31b4fa245e

                                                                                                  SHA512

                                                                                                  83e2c21a2d7f052f2a2da40378110166eabff26ea101c404fecc3531ee307ef44d07a3757f2a49128984d8f216227f7c9e4821c8931601317cfc429d89507882

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  17KB

                                                                                                  MD5

                                                                                                  afa5dc4e9a83e4947e25dcaa80f35d6a

                                                                                                  SHA1

                                                                                                  a24c4d151b1f88c8757caf28a54aef105e03b88c

                                                                                                  SHA256

                                                                                                  10fab870d0c56c5d0a7baf71c8604d84b36cf62c4ead290b49275c1b39299df0

                                                                                                  SHA512

                                                                                                  fd5335078b07c9075a5d9cb702dcd7b41d79926b58a232b0d2631a724e3ed9657badf92b9c50e83d13ac3eb07c3e84a1b7b870e686c394707ae8ef74d5fe0565

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                  Filesize

                                                                                                  37KB

                                                                                                  MD5

                                                                                                  a5ca5ff559b135d4169b735525b1b21a

                                                                                                  SHA1

                                                                                                  99b3eb21ff5369a5bcd5b69cddaa2ef02a0ecb77

                                                                                                  SHA256

                                                                                                  293cfaeff4a53a2fadc8390199a258567182ec9f7853742f6c76adf780ab59c2

                                                                                                  SHA512

                                                                                                  8336c9a022ea8cca638597809828c6f40feaf6440c7a876b6e9e38c84c9695a085ed165ffc0448a8eda8cf53a5492b4957dd218bcc0021714a4ee5e2c1f643df

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                                                                                  Filesize

                                                                                                  22KB

                                                                                                  MD5

                                                                                                  69c478cd0118212447f7bb4699ed4d19

                                                                                                  SHA1

                                                                                                  b170c6ee08c220ce46e4b1db4b15093ab44e193d

                                                                                                  SHA256

                                                                                                  7563172a2d0bb6d765cde11e421fd6773f1ad129b44e031422f83555b5eec2af

                                                                                                  SHA512

                                                                                                  b38f3f3382d24162827b21bac3880b0340d7e557eb516cb38347bf5373f37d701ec1414490e150ca44d45d6b451d101ff00a540649eec2ef4ab2ce5c5db672a1

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt
                                                                                                  Filesize

                                                                                                  113KB

                                                                                                  MD5

                                                                                                  60beb7140ed66301648ef420cbaad02d

                                                                                                  SHA1

                                                                                                  7fac669b6758bb7b8e96e92a53569cf4360ab1aa

                                                                                                  SHA256

                                                                                                  95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

                                                                                                  SHA512

                                                                                                  6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\manifest.json
                                                                                                  Filesize

                                                                                                  53B

                                                                                                  MD5

                                                                                                  22b68a088a69906d96dc6d47246880d2

                                                                                                  SHA1

                                                                                                  06491f3fd9c4903ac64980f8d655b79082545f82

                                                                                                  SHA256

                                                                                                  94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

                                                                                                  SHA512

                                                                                                  8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                  Filesize

                                                                                                  469B

                                                                                                  MD5

                                                                                                  e166b59661f529267be984a03d306dc6

                                                                                                  SHA1

                                                                                                  aa6d143298cd9920683a326fb37bc1563334d90f

                                                                                                  SHA256

                                                                                                  91a6cb4a877a385f813bb7af82495e37d2e24588ce329252eea16b0be4e110a7

                                                                                                  SHA512

                                                                                                  af05239f1b4ce4e85de85f02c84605d3f13a621ba008b8701c7bf99c5301030e5282ab7a6d77ec5237afc261f4e3e26558137fdd0d567dcbcc7027158ba848ff

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                  Filesize

                                                                                                  22KB

                                                                                                  MD5

                                                                                                  77bce5f0fd0a5e520e0bd849f3b9b410

                                                                                                  SHA1

                                                                                                  32111240b77ae5895847813ca916b9387b59cc7b

                                                                                                  SHA256

                                                                                                  f79a3edd933ab31cb62de8e788e6effc642d957d10ae5f6581f8812d23a5bf9b

                                                                                                  SHA512

                                                                                                  2d1d1b6a511edb7a237bab5d36d7cf84c876fe2a6430b971d4900c3f0fb4bcac90d6918dd5aadba925c1a12b4cb4ce222d2dd8ba16da3d9f500fc80205c92a34

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                  Filesize

                                                                                                  904B

                                                                                                  MD5

                                                                                                  0976d34f7956fa0f1f16599da8be5111

                                                                                                  SHA1

                                                                                                  1a29d0b6456b2f28b6b4251421c896280056da96

                                                                                                  SHA256

                                                                                                  3c296221710f03762c349d20bc5ffe381f38e2d3d6738ee4716de726e88302fc

                                                                                                  SHA512

                                                                                                  7b5c164d42f2b2137a392ac0bf00eca93a3394a78bb314f8ddc9afc393b9b9a77914e6ca1ed75d4d916940d6bfdf23b7d0a23a8020273429c591fa11467ee652

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
                                                                                                  Filesize

                                                                                                  19KB

                                                                                                  MD5

                                                                                                  41c1930548d8b99ff1dbb64ba7fecb3d

                                                                                                  SHA1

                                                                                                  d8acfeaf7c74e2b289be37687f886f50c01d4f2f

                                                                                                  SHA256

                                                                                                  16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

                                                                                                  SHA512

                                                                                                  a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\auto_open_controller.js
                                                                                                  Filesize

                                                                                                  1.5MB

                                                                                                  MD5

                                                                                                  dfb6da5cef0b6a4a1014eab0a4fbca42

                                                                                                  SHA1

                                                                                                  06dcf1096ecc791887691f446438a6a303a5d813

                                                                                                  SHA256

                                                                                                  af15be2ca48b5fed56f16f64e966191320e8bfee8ce8d075f065846f91cb0f99

                                                                                                  SHA512

                                                                                                  c102fa2cbe2f86950803efb376769b2debd138364dac4ff8000f72bf54145a5cc92452a670e783b5ef6f000c187a29218660c5f834ad7af2f9f8353c85007cda

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\edge_checkout_page_validator.js
                                                                                                  Filesize

                                                                                                  1.4MB

                                                                                                  MD5

                                                                                                  83c9b1256f9cb731bba4ccadb7dc8505

                                                                                                  SHA1

                                                                                                  3c393d905d3c73719964ccb17a408900ef51706a

                                                                                                  SHA256

                                                                                                  3d5a44c3c553ce8f5f01f1f1114757c74ce178b76be617b5201c27e491141973

                                                                                                  SHA512

                                                                                                  578286e47090e8bd5d189bd303da310e462927721c4690cfad0e2c17004a81ccba22018253d9bc1cca16488a9263cf5046fe51540e07b9ec056c2d951fda6c6b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\edge_confirmation_page_validator.js
                                                                                                  Filesize

                                                                                                  1.4MB

                                                                                                  MD5

                                                                                                  626e4e44ba18dc0b2329a184c7be6291

                                                                                                  SHA1

                                                                                                  c878c25ea612eb3c0c5d9b581538b988dedadabf

                                                                                                  SHA256

                                                                                                  4101b282ff31c1674d7da596a0418da2af585994bcd3c089586bb5b511c93477

                                                                                                  SHA512

                                                                                                  c9a5f6e69541e1b68d58a77cf8e0c3ddc7228ad19870fcf0d356b5fe83300de8046cc58022d8407d9a8b8caddb8c9497106a77b4dec2806ba80b7736de0172f7

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\edge_driver.js
                                                                                                  Filesize

                                                                                                  1.9MB

                                                                                                  MD5

                                                                                                  59a905c5d1db83cd32156e20223a0def

                                                                                                  SHA1

                                                                                                  7c9aabbc2eb71dcd35111fb3e1cc50a4519cf12e

                                                                                                  SHA256

                                                                                                  55416ec0c28842af9d80d16ea5d622970ff40f5ab391edc7cdec916cd1e0a0b5

                                                                                                  SHA512

                                                                                                  23d6025b6c321fda47fbcae39d1878ad56c0bfaa4cab4a904c84e102e8facd53294cbf0e5f94db30d26fd39f2d5f576b5776c4a8899df6942812ffd5724427cb

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\edge_tracking_page_validator.js
                                                                                                  Filesize

                                                                                                  55KB

                                                                                                  MD5

                                                                                                  2e7bb058b9041cfec401451e7968375b

                                                                                                  SHA1

                                                                                                  5911e426e251e2ef1e296fe0060dcf6238bc7ef8

                                                                                                  SHA256

                                                                                                  642569b449ea2b09bef3b574f4e50b4996652b6f81b73744780f08ad7bb774aa

                                                                                                  SHA512

                                                                                                  379346e4fa09c2dbe8fc2d35bd2de1bd470f7ad972bc4104e694c1a2f2cd455dbc58580a8a1af932d19c87ab95fc752a197801ad9099469581667b1315d85028

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\product_page.js
                                                                                                  Filesize

                                                                                                  1.4MB

                                                                                                  MD5

                                                                                                  ae1229d80935bae416bdc5b6ab3c4927

                                                                                                  SHA1

                                                                                                  1979496963429ae84dafd82af103bc451337396d

                                                                                                  SHA256

                                                                                                  ba3c66ec19070494e1e4a1ae5b2af8d9209b85e8fd54826c52b774995bf0e2c3

                                                                                                  SHA512

                                                                                                  819d2c8933fdb90db25fb70dd6df9ae9f1b5486f1d8f8d84ed48fef2b17143d49ae3c539dbb3ef4f35de52947a5455e0f390e8d1d47b111d383ba566b1c674a4

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\shopping.js
                                                                                                  Filesize

                                                                                                  5.0MB

                                                                                                  MD5

                                                                                                  7d9f17e1eb30bc1ffb354fef63889b98

                                                                                                  SHA1

                                                                                                  cd44825883bacdf05663d2fd257f76528543fa06

                                                                                                  SHA256

                                                                                                  ff4fc545ca3b4e1306ea70ded491fb02d8d67723fdbe7fb8726399dd64be5348

                                                                                                  SHA512

                                                                                                  fd905d44e48725412dfa4d436f61845e4621e6cf57d1dafaa0193344efcb4b1aed6dd4bfa0ae6e132d4bc90254492bd9379e0cfa0f8c1f0ff7a3e404a1b874f8

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\shopping_iframe_driver.js
                                                                                                  Filesize

                                                                                                  12KB

                                                                                                  MD5

                                                                                                  893bb91220344ce92e1b46c4b0c3a548

                                                                                                  SHA1

                                                                                                  047fbd4df34727edf886a595bf69f88c8ab40336

                                                                                                  SHA256

                                                                                                  9e5df6e98f0cfb46aec92421b0a2b62f95c4f55f94ab5c198b374b121885ce91

                                                                                                  SHA512

                                                                                                  07de54cf63b95545cadd136dec991ef37954c3cb5de1d7cbc37848926d314def991a433233813e962e8726ce8c3a384000100b633ca824699f7d1c9b71e14b62

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.28.0\shoppingfre.js
                                                                                                  Filesize

                                                                                                  349KB

                                                                                                  MD5

                                                                                                  16d1409bab41547d1f6beb8109c005ec

                                                                                                  SHA1

                                                                                                  654edaedb43f14042697cd4715f7a7768cbe0dc4

                                                                                                  SHA256

                                                                                                  053494c396955abf183164c886251651b0f55ccefd85ec9f3bbdfb763cca53a9

                                                                                                  SHA512

                                                                                                  fe0d42140338697e8858faccc1e597ec56f39a5d60b91d5dddecd7b9a688fad29c4d601f0c81ace775f025e876bf9038cebc5afe76ff0ddaa2f92b94a28c0eba

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  8595bdd96ab7d24cc60eb749ce1b8b82

                                                                                                  SHA1

                                                                                                  3b612cc3d05e372c5ac91124f3756bbf099b378d

                                                                                                  SHA256

                                                                                                  363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

                                                                                                  SHA512

                                                                                                  555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-checkout-eligible-sites.json
                                                                                                  Filesize

                                                                                                  23KB

                                                                                                  MD5

                                                                                                  16d41ebc643fd34addf3704a3be1acdd

                                                                                                  SHA1

                                                                                                  b7fadc8afa56fbf4026b8c176112632c63be58a0

                                                                                                  SHA256

                                                                                                  b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

                                                                                                  SHA512

                                                                                                  8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-notification-config.json
                                                                                                  Filesize

                                                                                                  804B

                                                                                                  MD5

                                                                                                  4cdefd9eb040c2755db20aa8ea5ee8f7

                                                                                                  SHA1

                                                                                                  f649fcd1c12c26fb90906c4c2ec0a9127af275f4

                                                                                                  SHA256

                                                                                                  bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

                                                                                                  SHA512

                                                                                                  7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-stable.json
                                                                                                  Filesize

                                                                                                  81KB

                                                                                                  MD5

                                                                                                  2e7d07dadfdac9adcabe5600fe21e3be

                                                                                                  SHA1

                                                                                                  d4601f65c6aa995132f4fce7b3854add5e7996a7

                                                                                                  SHA256

                                                                                                  56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

                                                                                                  SHA512

                                                                                                  5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-tokenization-config.json
                                                                                                  Filesize

                                                                                                  34KB

                                                                                                  MD5

                                                                                                  ae3bd0f89f8a8cdeb1ea6eea1636cbdd

                                                                                                  SHA1

                                                                                                  1801bc211e260ba8f8099727ea820ecf636c684a

                                                                                                  SHA256

                                                                                                  0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

                                                                                                  SHA512

                                                                                                  69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  55KB

                                                                                                  MD5

                                                                                                  38f3b1c8aee2b51f8284c356fe47aebf

                                                                                                  SHA1

                                                                                                  c86c26302b9f8ddd702a1fe296cf51b04293d9de

                                                                                                  SHA256

                                                                                                  0b02c59b99af65c3e32619b636254195c9f21252232264c8bf53391964c56fa9

                                                                                                  SHA512

                                                                                                  0bbef6cdfb79dd9f3ab5767b1e5f65de0067db27a429b6b8c6ad1979329254d629092efee8614a644cb4a58f556300b2b0ec35dd628779d853d379421457c2fb

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  55KB

                                                                                                  MD5

                                                                                                  82d7100611be69a7c60785af096c052c

                                                                                                  SHA1

                                                                                                  3eae408d47638dbd2cd7b1f853d00a94a34879e1

                                                                                                  SHA256

                                                                                                  f6f53d2fdba0218ef59847652999fa9ba2dc66c8c6b07bbb8a0d0d7d1032249c

                                                                                                  SHA512

                                                                                                  fbb7c4bb8df23e2d585c9899d46d26dd26ef81a9de39daffed31f3b876110634225c06dc486c4eaa3e5b80251f923dab6572fe0ce0de28715d17a619033a2237

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  55KB

                                                                                                  MD5

                                                                                                  b9e728e120e6ef70689e3a3e429fa5e3

                                                                                                  SHA1

                                                                                                  cdd21c225109f6e40dbf966074fffa549f9d5aa2

                                                                                                  SHA256

                                                                                                  c82339a1838c32052d7d1f0631553721292ddf6edc2831ec2559d904c4a31330

                                                                                                  SHA512

                                                                                                  08ec5f1698adfc1e9dd93079241e628084353053a7321d901c8cbd48ef463d6b8fb1e5572481c630b02cf920759b8254403074ed31957cd787a500963b17a5b6

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  41KB

                                                                                                  MD5

                                                                                                  316281aa0d6ac6d2a08811479cc8c4fb

                                                                                                  SHA1

                                                                                                  bed9f3865155d147189c2f37bfdfb901d485235b

                                                                                                  SHA256

                                                                                                  93b26f7febbad9d66e9695f382adf9241840ae2914e8bc309b2240ca8bce91db

                                                                                                  SHA512

                                                                                                  54a82ca9a2bf455d0ff5362e5ca76a2fe86baeef784b74016d2af7c8e0631e21a0638eb7431579d1f006b7bb7716e510e11ae512ae71402f50575fc8391fd023

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  50KB

                                                                                                  MD5

                                                                                                  6348025a4f93b827ff39024dfebc3542

                                                                                                  SHA1

                                                                                                  e5480d1c385515fdb0762521f90afd9eb2a50694

                                                                                                  SHA256

                                                                                                  ac8367025cc7836b874d53d6c59a55472b2cc467a4ab67728aea2bc89b09f0e9

                                                                                                  SHA512

                                                                                                  c6ee0b6321c95c79407693f98cb82bd068415c7d502ad6214b780cc363d23c005a375d2b1935d2f113990963755e6c7f113c40d6067c3f84217496234636af91

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  55KB

                                                                                                  MD5

                                                                                                  07fe038a2059eeb7d04247c261782bde

                                                                                                  SHA1

                                                                                                  1e36aa59834c0e0c7878220901224de8c3b67e20

                                                                                                  SHA256

                                                                                                  a3fcf4db2f3c18f4d279e49daf027d30900d141171d6d3d4806a5549c3274b4a

                                                                                                  SHA512

                                                                                                  591d6c76b484e67773dde6beb54077c70319167daaaa199941fd6dd6969bb12671a3e08c8b572d74fd7ff52e273fe8df07c7fb0cf58d5270b83c581e1185f4fd

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  50KB

                                                                                                  MD5

                                                                                                  6c6c237ae19c95cd708bba8a6df015f8

                                                                                                  SHA1

                                                                                                  1e746b04e9eb274b8efda14b51aa8ef86ffc37af

                                                                                                  SHA256

                                                                                                  835a20c90d00e6e3dcb46e85efa4526302b51cf385806b3ec9ddb0330bbc95f1

                                                                                                  SHA512

                                                                                                  4cb56b413c8bc6c0b3901ec1d8396fb07ab71f8f97a4f99de6e5abc9d9656736dfd8e3ec3d1125d707889c2e457fc62e123d1dfc7385997cd37132578731500c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  50KB

                                                                                                  MD5

                                                                                                  9cee787a30f35c037b9702b86c524e64

                                                                                                  SHA1

                                                                                                  3dd5e70dd52bb79f82d9e7129c07a7e62d7c2a72

                                                                                                  SHA256

                                                                                                  94c88697839ed8216bbe4f7f64657825797d6c89fa460f374108347656c9c753

                                                                                                  SHA512

                                                                                                  2ccb01a32b67e3f3a964a32e0b0af5e3b917ca7f60e674b7b24520141345d502c528762b119f095a30404f497da676a53cb00463eb90e1e5ffc4f22d37e70470

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  50KB

                                                                                                  MD5

                                                                                                  9d66bd50bee34bda626298f66bcfcfa9

                                                                                                  SHA1

                                                                                                  4358fabe9e6388902cc6bc6e9701f83cb09c4d58

                                                                                                  SHA256

                                                                                                  5760f08ac85c1e306b0469c20c1bdc00a2db479d72d5f51f4c11b5c93c23a956

                                                                                                  SHA512

                                                                                                  3da6769a6aaa9a7bce24253dcff0929ef63d3af4937411b6d9546ce467de0ece1356c0f1d9c2c2efaeabbe3a2649a910eb03a89293f7afc01cefaa4fdb31cc2d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  e203b25318b3850223ca753b00f8dfd0

                                                                                                  SHA1

                                                                                                  88925bc1773ac9067f06b17e7d473ff62d3fe0a3

                                                                                                  SHA256

                                                                                                  24b093a853709c3722ba562cba590c0f7232827223e2748c02d205efec204aed

                                                                                                  SHA512

                                                                                                  a04ab104aaa10add5b1a5c298593bf8f488e66e65faeea6962dedbd3c2d572c973896828b8e672f0b96cbfbf7bab0d821a6414d6bdfb28af9c212f82b0ff6313

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  9149dce0705c06aade4baef027a584dd

                                                                                                  SHA1

                                                                                                  614d6e918977e5044012cb011c2e89a23c7dd344

                                                                                                  SHA256

                                                                                                  311cb95e47eb7bde11ac9cbbbde728cee3c4f44a850c72287d2dedec2d501d17

                                                                                                  SHA512

                                                                                                  3446b25d274fb669e0afbbfa6c529b2dee71cad0ddc144917836c1099ac32585d89ade7936cb390622406846d6b7dd2319ba7ba38054f13c1c49d4319c8f33a3

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  d70d8bdd225424d159296f73b196349e

                                                                                                  SHA1

                                                                                                  0ee82fe12bbf89e2553fc1b4b088be984eea1b9c

                                                                                                  SHA256

                                                                                                  6f439bab360f560e11b6e64823c96f23bdb6cfb7a1c336b1b1fbf67af305a269

                                                                                                  SHA512

                                                                                                  d03ee57cc2390f73b7abe509310d766a4fad815a8999d4c994d499f7a83c1b496c8a5cc0727835e5b5fec432a6eeb0f2f0376b19bbc173d34989b9582cb77d5a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  8df965854d1548cf71b1b72fc728a51f

                                                                                                  SHA1

                                                                                                  d4feae150f3e4c0a19b54b23d7ac0bac3396b135

                                                                                                  SHA256

                                                                                                  197c789178c36ba2b4efc46ffce1b8504846cb4556fb33d02e117e71bf7f3c10

                                                                                                  SHA512

                                                                                                  58352af037a56ab25aab99c618d792be4fc2258c904b61a6a8a37650b4d91198f9f30af62048ab3c2d48c33fe7e0a5526b7233ebe83e45950f0af7fa88c05e23

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  bddeaf3ef0d2a0ae94292cab1a20ed0d

                                                                                                  SHA1

                                                                                                  2454df6441894d4390da531eabf42c7452d4c97f

                                                                                                  SHA256

                                                                                                  7901d0e3d01df20120be17b0d3afe5488e9298879e547818839a9fcc657d40c8

                                                                                                  SHA512

                                                                                                  c1ed29ac65241ce72421dcaf20d73205b2fe984f7bae89bd5b7c62a675d0966ac7fd1811665da35b3cabdecd5b2c90005018d5ac7794b459311b19b29a416d81

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  45376e5540402b50a4e576729dd6719f

                                                                                                  SHA1

                                                                                                  587dc6a675f8433e55a8516b55b86e49e023e527

                                                                                                  SHA256

                                                                                                  b1ba7c739911dd313f3ede5c53b687ad92c37845e093930a99001b5560246250

                                                                                                  SHA512

                                                                                                  fae375cdac51d1a66733e961374d5142bf1d484e9dfea1258a2aadda36ebdfb67b348d9334125ad7058e630f6d1d93d07ecb0f8d28bc4af9e6738cbdad1b2b70

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  e4cdae0ea27adecbf363f524b56ba22c

                                                                                                  SHA1

                                                                                                  ba71a02c52ce6e4f45fb6d2646eb3273aa0a6c6c

                                                                                                  SHA256

                                                                                                  536576c6ad44b93c9c25f359243e10b03f67dcfddecd1b7809fb32cfefd24563

                                                                                                  SHA512

                                                                                                  03e7aa9a0787c90805730ef17a8e9beb826103791e830147d75175b2d13e3ccd4c5da47c3125b762e620c0b93cbd6e4bd5c1c9b5d864350cd1809af5a4a6bd63

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  03f174def6f50c70340c84063e1bb2f9

                                                                                                  SHA1

                                                                                                  6a2a0b3533c0756698af79c944a46084aa02ad29

                                                                                                  SHA256

                                                                                                  f33baa9ed86371f915a463b7353524f974f1554a6889760fcd2704fa0ed3ad24

                                                                                                  SHA512

                                                                                                  31eb8c4584a2b1542522faf4da4aacb26f9f93bfa337a9ca5a136c2ac910dbc1af4ea33347bc078dfe9ca48381033e8b5b4f1e66d5f12d1105640198640157c8

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  b77df42c3577d53bb5869639f2ce19fc

                                                                                                  SHA1

                                                                                                  344e32533e22955d03b0eae12e5853e5e50f615b

                                                                                                  SHA256

                                                                                                  d3e18e1d053d2b1b8a902d5f9c243677236f695c58717d61264b2be39851d205

                                                                                                  SHA512

                                                                                                  99896cbc82bcb35f0ca4e23996edb9df76b9b2ec879a9c6a8ef16d481891f136925934f33005c7eeaf91de0d5cd8bcbf64f95a909fc57b1bb5522790c927534f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe585743.TMP
                                                                                                  Filesize

                                                                                                  392B

                                                                                                  MD5

                                                                                                  9fe3c0ce7c142e09d7f2bfb112f16230

                                                                                                  SHA1

                                                                                                  5a45c80cc9c8e58ab47b6bad705eca2314630e3b

                                                                                                  SHA256

                                                                                                  8a17a7b29438e3b660b66ffdc0c21fa82ef3875a551b825e991539feab139c5e

                                                                                                  SHA512

                                                                                                  4277a06c97b62f23ddde05e0c43e99740e1ba0bdb970c540674d3ea785d083b4e8deba9288d55bd7b99d92c05ede18942bf0d784a5a1826b750fe28a0abb3fab

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json
                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  bef4f9f856321c6dccb47a61f605e823

                                                                                                  SHA1

                                                                                                  8e60af5b17ed70db0505d7e1647a8bc9f7612939

                                                                                                  SHA256

                                                                                                  fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

                                                                                                  SHA512

                                                                                                  bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db
                                                                                                  Filesize

                                                                                                  68KB

                                                                                                  MD5

                                                                                                  b732993fee92feef21e1c2e9aa1fcc0f

                                                                                                  SHA1

                                                                                                  b8bffce1a85e8f568ddcfcc7e0f66b29cfcce13b

                                                                                                  SHA256

                                                                                                  43bc697650b73e2fdd4b361e42fdf601afee195af55fbb6307bf3a08263f810a

                                                                                                  SHA512

                                                                                                  6c196ee8d757d793a4f37fd874126d1abbb99b28aded0f84d48d6fd59480079a0b8d8226acd02103fc9c08e84d29286698d91b8dd356e3793de380a04431054b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                                                                  Filesize

                                                                                                  576KB

                                                                                                  MD5

                                                                                                  120d9059fb41ae0f5265a2aa96f1eaca

                                                                                                  SHA1

                                                                                                  0caaad6a589cbaf6575ed1989b8e75f40faf2867

                                                                                                  SHA256

                                                                                                  8f6ab58a4067adc4431216e9284b525aeae46cd4f2fac31dface9fb07876bb1b

                                                                                                  SHA512

                                                                                                  6f0764c65dec9159f74d65ed4656b07f50b89132a72e159c5871cae48397a1adb84a93c56fba8a51cc3efdecccebfd6ddc4fac48c09155e5509b8a5864a82059

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                                                                  Filesize

                                                                                                  9KB

                                                                                                  MD5

                                                                                                  7050d5ae8acfbe560fa11073fef8185d

                                                                                                  SHA1

                                                                                                  5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                  SHA256

                                                                                                  cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                  SHA512

                                                                                                  a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-EUGRH.tmp\butterflyondesktop.tmp
                                                                                                  Filesize

                                                                                                  688KB

                                                                                                  MD5

                                                                                                  c765336f0dcf4efdcc2101eed67cd30c

                                                                                                  SHA1

                                                                                                  fa0279f59738c5aa3b6b20106e109ccd77f895a7

                                                                                                  SHA256

                                                                                                  c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

                                                                                                  SHA512

                                                                                                  06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt
                                                                                                  Filesize

                                                                                                  27B

                                                                                                  MD5

                                                                                                  e20f623b1d5a781f86b51347260d68a5

                                                                                                  SHA1

                                                                                                  7e06a43ba81d27b017eb1d5dcc62124a9579f96e

                                                                                                  SHA256

                                                                                                  afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179

                                                                                                  SHA512

                                                                                                  2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\!Please Read Me!.txt
                                                                                                  Filesize

                                                                                                  797B

                                                                                                  MD5

                                                                                                  afa18cf4aa2660392111763fb93a8c3d

                                                                                                  SHA1

                                                                                                  c219a3654a5f41ce535a09f2a188a464c3f5baf5

                                                                                                  SHA256

                                                                                                  227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

                                                                                                  SHA512

                                                                                                  4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnk
                                                                                                  Filesize

                                                                                                  590B

                                                                                                  MD5

                                                                                                  845a002c2024b93ab7eedd304736da69

                                                                                                  SHA1

                                                                                                  844bcfc5143ae51da3479411110201af8d68dbaa

                                                                                                  SHA256

                                                                                                  201b60339ea104545d1c90dfdc9e67afa655cde32c599981a8eff8e6efb055cd

                                                                                                  SHA512

                                                                                                  d7afee2609ff945c702b7c6a480d1841d61dbfc36f478fe23f6249cdba2fddc2545ef4b9bb44c2f55e93f0aaf0e9df713315efa1a82895d8c67a77f1b0c99eba

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\00000000.res
                                                                                                  Filesize

                                                                                                  136B

                                                                                                  MD5

                                                                                                  fa69ea2e9dd5c5e130edc64f9ce03403

                                                                                                  SHA1

                                                                                                  80bf1b469b3578302b2c9479a5fc55d3cf111db8

                                                                                                  SHA256

                                                                                                  8063c377854aa0f0b9cdbc63ba03cbcfc56f427f8fb5193a8e44e6d6adfdc58d

                                                                                                  SHA512

                                                                                                  674b47ef364263a75a72b354e84dd8dc5725d1a4e7f4201cd5c569bec04d3735f0339fbdfef98557653b39f493640054fcf0a2e340a7dff587f1a2c3a17030c1

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\263391742658522.bat
                                                                                                  Filesize

                                                                                                  318B

                                                                                                  MD5

                                                                                                  a261428b490a45438c0d55781a9c6e75

                                                                                                  SHA1

                                                                                                  e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e

                                                                                                  SHA256

                                                                                                  4288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44

                                                                                                  SHA512

                                                                                                  304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\Launcher.exe.crdownload
                                                                                                  Filesize

                                                                                                  197KB

                                                                                                  MD5

                                                                                                  7506eb94c661522aff09a5c96d6f182b

                                                                                                  SHA1

                                                                                                  329bbdb1f877942d55b53b1d48db56a458eb2310

                                                                                                  SHA256

                                                                                                  d5b962dfe37671b5134f0b741a662610b568c2b5374010ee92b5b7857d87872c

                                                                                                  SHA512

                                                                                                  d815a9391ef3d508b89fc221506b95f4c92d586ec38f26aec0f239750f34cf398eed3d818fa439f6aa6ed3b30f555a1903d93eeeec133b80849a4aa6685ec070

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\Launcher.exe:Zone.Identifier
                                                                                                  Filesize

                                                                                                  114B

                                                                                                  MD5

                                                                                                  d3b47a48c3b7f559bc8e46321da25665

                                                                                                  SHA1

                                                                                                  a1791533e6654858e455edd323412ee1af0efd13

                                                                                                  SHA256

                                                                                                  6f3bb495fd9d2bea40f9d7b7d1ecbb0ac095ecd70dff371fe474312aeb30e9d6

                                                                                                  SHA512

                                                                                                  0b582add6b07dd2e03b899e5fe6cf920a97247ce3e4051dbac4bcb9f7fa7adc4d734c44f3202b01bacc5b6850e552ea4f6bb3dd141b2eda3e9db8ec89dd635c3

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\WannaCry.exe
                                                                                                  Filesize

                                                                                                  224KB

                                                                                                  MD5

                                                                                                  5c7fb0927db37372da25f270708103a2

                                                                                                  SHA1

                                                                                                  120ed9279d85cbfa56e5b7779ffa7162074f7a29

                                                                                                  SHA256

                                                                                                  be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

                                                                                                  SHA512

                                                                                                  a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier
                                                                                                  Filesize

                                                                                                  26B

                                                                                                  MD5

                                                                                                  fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                  SHA1

                                                                                                  d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                  SHA256

                                                                                                  eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                  SHA512

                                                                                                  aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\butterflyondesktop.exe
                                                                                                  Filesize

                                                                                                  2.8MB

                                                                                                  MD5

                                                                                                  1535aa21451192109b86be9bcc7c4345

                                                                                                  SHA1

                                                                                                  1af211c686c4d4bf0239ed6620358a19691cf88c

                                                                                                  SHA256

                                                                                                  4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

                                                                                                  SHA512

                                                                                                  1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\butterflyondesktop.exe:Zone.Identifier
                                                                                                  Filesize

                                                                                                  127B

                                                                                                  MD5

                                                                                                  7ecd61c31175bbbb75c7968d1cdac087

                                                                                                  SHA1

                                                                                                  ef23b2e6017dd08924039f808abf749731530aaa

                                                                                                  SHA256

                                                                                                  c05eccf454b14781dbc9f9e3f8ef2522375999133dfdd9c61b764425bae4aa8c

                                                                                                  SHA512

                                                                                                  877a6306531d81777e9d3e9548ef824aa4d9c231b5f7fb0b84dd661fe4e760b2194adedf94bd8b3d0a5a2c455000d99d9ba71c2b69fc43071f82d6b8d6bb0474

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\c.vbs
                                                                                                  Filesize

                                                                                                  201B

                                                                                                  MD5

                                                                                                  02b937ceef5da308c5689fcdb3fb12e9

                                                                                                  SHA1

                                                                                                  fa5490ea513c1b0ee01038c18cb641a51f459507

                                                                                                  SHA256

                                                                                                  5d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1

                                                                                                  SHA512

                                                                                                  843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\c.wry
                                                                                                  Filesize

                                                                                                  628B

                                                                                                  MD5

                                                                                                  a7707009a659dcdbc35a3f1124aa6dcf

                                                                                                  SHA1

                                                                                                  9bcfa22a04c47f14123dcd043f2cc225e16dba37

                                                                                                  SHA256

                                                                                                  226a8502dd6437c9a3a2f5d39351f7e6dfbb063b3db3cc00294bf8c104f4fa2a

                                                                                                  SHA512

                                                                                                  35155493c12157c6c5b1cd441e4c1b078f7a4373c1a13016f39378d038f3a983d026d4b48b36d7bcda5c64c3684ec3231b50460a97a84a3118ef2242754bb46d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\u.wry
                                                                                                  Filesize

                                                                                                  236KB

                                                                                                  MD5

                                                                                                  cf1416074cd7791ab80a18f9e7e219d9

                                                                                                  SHA1

                                                                                                  276d2ec82c518d887a8a3608e51c56fa28716ded

                                                                                                  SHA256

                                                                                                  78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

                                                                                                  SHA512

                                                                                                  0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_190095612\LICENSE
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  ee002cb9e51bb8dfa89640a406a1090a

                                                                                                  SHA1

                                                                                                  49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                  SHA256

                                                                                                  3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                  SHA512

                                                                                                  d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_190095612\manifest.json
                                                                                                  Filesize

                                                                                                  85B

                                                                                                  MD5

                                                                                                  c3419069a1c30140b77045aba38f12cf

                                                                                                  SHA1

                                                                                                  11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                  SHA256

                                                                                                  db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                  SHA512

                                                                                                  c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_1917618936\Notification\notification_fast.bundle.js.LICENSE.txt
                                                                                                  Filesize

                                                                                                  551B

                                                                                                  MD5

                                                                                                  7bf61e84e614585030a26b0b148f4d79

                                                                                                  SHA1

                                                                                                  c4ffbc5c6aa599e578d3f5524a59a99228eea400

                                                                                                  SHA256

                                                                                                  38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

                                                                                                  SHA512

                                                                                                  ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_1917618936\json\i18n-tokenized-card\fr-CA\strings.json
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  cd247582beb274ca64f720aa588ffbc0

                                                                                                  SHA1

                                                                                                  4aaeef0905e67b490d4a9508ed5d4a406263ed9c

                                                                                                  SHA256

                                                                                                  c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

                                                                                                  SHA512

                                                                                                  bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_1917618936\manifest.json
                                                                                                  Filesize

                                                                                                  121B

                                                                                                  MD5

                                                                                                  7122b7d5c202d095d0f4b235e8a73ca5

                                                                                                  SHA1

                                                                                                  0cca47528a8b4fb3e3d9511d42f06dc8443317c2

                                                                                                  SHA256

                                                                                                  93b603f06d510b23b95b3cacd08c3f74c19dc1f36cd3848b56943f069c65e975

                                                                                                  SHA512

                                                                                                  ad6fba6e0710cc26149dcf7f63143891aad4ebba0cc45670d8885fade19dc1a50b542a15b10a7604b6b1be4b8e50fcd5514f40c59b83cc68bd10a15ab2a93c1a

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_196004219\manifest.json
                                                                                                  Filesize

                                                                                                  79B

                                                                                                  MD5

                                                                                                  7f4b594a35d631af0e37fea02df71e72

                                                                                                  SHA1

                                                                                                  f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

                                                                                                  SHA256

                                                                                                  530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

                                                                                                  SHA512

                                                                                                  bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_405455086\manifest.json
                                                                                                  Filesize

                                                                                                  1003B

                                                                                                  MD5

                                                                                                  578c9dbc62724b9d481ec9484a347b37

                                                                                                  SHA1

                                                                                                  a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

                                                                                                  SHA256

                                                                                                  005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

                                                                                                  SHA512

                                                                                                  2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

                                                                                                  Download Submit

                                                                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3300_442320215\manifest.json
                                                                                                  Filesize

                                                                                                  145B

                                                                                                  MD5

                                                                                                  ba1024f290acf020c4a6130c00ed59e0

                                                                                                  SHA1

                                                                                                  01274f0befca8b6f4b5af1decc4ade0204761986

                                                                                                  SHA256

                                                                                                  551b8c76c19c654049d2d8043a79b8edb3c03e1b695cabf76b4076ed4921ae28

                                                                                                  SHA512

                                                                                                  e55b871dd3500f30d639089cc42a4edc3bd4d26d2c4fd151322a363fd8edec82d5345751953f9b581e40f22b6a8976faa0ea7ec9fd286f73f747120c87ea7157

                                                                                                  Download Submit

                                                                                                • memory/672-631-0x0000000000400000-0x0000000000489000-memory.dmp

                                                                                                  Filesize

                                                                                                  548KB

                                                                                                  Download

                                                                                                • memory/672-591-0x0000000000400000-0x0000000000489000-memory.dmp

                                                                                                  Filesize

                                                                                                  548KB

                                                                                                  Download

                                                                                                • memory/672-620-0x0000000000400000-0x0000000000489000-memory.dmp

                                                                                                  Filesize

                                                                                                  548KB

                                                                                                  Download

                                                                                                • memory/1120-1009-0x0000000010000000-0x0000000010012000-memory.dmp

                                                                                                  Filesize

                                                                                                  72KB

                                                                                                  Download

                                                                                                • memory/1392-3945-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-873-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3922-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3615-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3658-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3636-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3639-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3587-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-885-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-2554-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-972-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3803-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3731-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-2494-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-3687-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1392-1001-0x0000000000400000-0x000000000070B000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.0MB

                                                                                                  Download

                                                                                                • memory/1872-797-0x0000000000400000-0x00000000004BC000-memory.dmp

                                                                                                  Filesize

                                                                                                  752KB

                                                                                                  Download

                                                                                                • memory/1872-790-0x0000000000400000-0x00000000004BC000-memory.dmp

                                                                                                  Filesize

                                                                                                  752KB

                                                                                                  Download

                                                                                                • memory/4368-3911-0x0000000004640000-0x0000000004650000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4368-3910-0x0000000008BA0000-0x0000000008BB0000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4368-3912-0x0000000004640000-0x0000000004650000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4368-3904-0x0000000004640000-0x0000000004650000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4368-3907-0x0000000004640000-0x0000000004650000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4368-3906-0x0000000004640000-0x0000000004650000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4368-3905-0x0000000004640000-0x0000000004650000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3649-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3657-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3650-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3653-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3651-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3652-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3654-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3655-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4412-3656-0x00007FFD56430000-0x00007FFD56440000-memory.dmp

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  Download

                                                                                                • memory/4908-743-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                  Filesize

                                                                                                  80KB

                                                                                                  Download

                                                                                                • memory/4908-789-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                  Filesize

                                                                                                  80KB

                                                                                                  Download

                                                                                                • memory/4908-798-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                  Filesize

                                                                                                  80KB

                                                                                                  Download