Malware Analysis Report

2024-11-30 19:22

Sample ID 240305-rqjbkagg6t
Target sample
SHA256 ff8d3ec59cceb839b20716536d14a0b17999df6ddedebd70f0bdc0d59a5707fa
Tags
agilenet evasion ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ff8d3ec59cceb839b20716536d14a0b17999df6ddedebd70f0bdc0d59a5707fa

Threat Level: Known bad

The file sample was found to be: Known bad.

Malicious Activity Summary

agilenet evasion ransomware trojan

UAC bypass

Modifies boot configuration data using bcdedit

Downloads MZ/PE file

Checks computer location settings

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Enumerates physical storage devices

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-05 14:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-05 14:23

Reported

2024-03-05 14:54

Platform

win10v2004-20240226-en

Max time kernel

381s

Max time network

386s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\bcdedit.exe N/A
N/A N/A C:\Windows\System32\bcdedit.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\MrsMajor3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\MrsMajor3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\File Cache\Initialised C:\Users\Admin\Desktop\Spark.exe N/A
File created C:\Windows\File Cache\DLL.dll C:\Users\Admin\Desktop\Spark.exe N/A
File created C:\Windows\File Cache\IFEO.exe C:\Users\Admin\Desktop\Spark.exe N/A
File created C:\Windows\File Cache\Driver.sys C:\Users\Admin\Desktop\Spark.exe N/A
File created C:\Windows\File Cache\Spark.exe C:\Users\Admin\Desktop\Spark.exe N/A
File opened for modification C:\Windows\File Cache\Spark.exe C:\Users\Admin\Desktop\Spark.exe N/A
File created C:\Windows\File Cache\Spark.exe\:SmartScreen:$DATA C:\Users\Admin\Desktop\Spark.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{5F9A1598-40BE-43A8-AA81-B12A8739274C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 564446.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\File Cache\Spark.exe\:SmartScreen:$DATA C:\Users\Admin\Desktop\Spark.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 129838.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C45B.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2DE2.tmp\eulascr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\Spark.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C45B.tmp\eulascr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2DE2.tmp\eulascr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Spark.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Desktop\Spark.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\MrsMajor3.0.exe N/A
N/A N/A C:\Users\Admin\Desktop\MrsMajor3.0.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2768 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8099646f8,0x7ff809964708,0x7ff809964718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,11780033575539051329,8948345509297758277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\MrsMajor3.0.exe

"C:\Users\Admin\Desktop\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C45B.tmp\C45C.tmp\C46C.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\C45B.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\C45B.tmp\eulascr.exe"

C:\Users\Admin\Desktop\MrsMajor3.0.exe

"C:\Users\Admin\Desktop\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\2DE2.tmp\2DE3.tmp\2DE4.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\2DE2.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\2DE2.tmp\eulascr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8099646f8,0x7ff809964708,0x7ff809964718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,577006181204345045,3294131046071634035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 /prefetch:8

C:\Users\Admin\Desktop\Spark.exe

"C:\Users\Admin\Desktop\Spark.exe"

C:\Windows\System32\bcdedit.exe

"C:\Windows\System32\bcdedit.exe" -set nointegritychecks on

C:\Windows\System32\bcdedit.exe

"C:\Windows\System32\bcdedit.exe" -set testsigning on

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
GB 92.123.128.186:443 www.bing.com tcp
US 8.8.8.8:53 186.128.123.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.143:443 r.bing.com tcp
GB 92.123.128.143:443 r.bing.com tcp
GB 92.123.128.143:443 r.bing.com tcp
GB 92.123.128.182:443 th.bing.com tcp
GB 92.123.128.182:443 th.bing.com tcp
US 8.8.8.8:53 143.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 182.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 200.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 232.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 81.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 205.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 207.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 188.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0764f5481d3c05f5d391a36463484b49
SHA1 2c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256 cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512 a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

\??\pipe\LOCAL\crashpad_2768_UBDXVATVZOQPHCYN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e494d16e4b331d7fc483b3ae3b2e0973
SHA1 d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256 a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512 016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8702223cfa6e2f76d34989423f5279d0
SHA1 e526251fa5da7f24901c77e69c968ada99c0e752
SHA256 e48c508dee504a0cdbebc4d0126298e1f08b45632797b6974709226aa885de12
SHA512 7e11e0604771f6c7659bf34dc545ca96cd5311a29445ad52d74edf645d39f9542b224aed4587b5acb2caebbf11baed624285a1ffaf5e6be187567262ff3365ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a65f5bd81f715a46ab0ebdc3de3a95e4
SHA1 908d78529dec6f920ea03698e36f067f4ad2a169
SHA256 ddc2f296c01c78728d431b9dedda2d07b45a82f055a8a451be22d699c5f6cf43
SHA512 98e261a3ce21e2ced21d0d6e0be55654ccce7e946c87be9941b6bec9b3ab9a6aea01b3112976e7137927b3ff7276192d8fdc62b20890c0b17771e883b8b07594

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1047f80350ff15cfbd77d559e86f918
SHA1 f82bbe45fc9382cf9d0c0ac307f15489caba20a8
SHA256 a80957844100b942ee52f910d39e43622f7e350241439f95c40e1c901d7b1362
SHA512 e71d3756f7f8037f5294157631f5baa1e9793e49f32714e34ad4dba53183d6d4396ea12ce0db842331e3c8b0370c95663335bfd1a4b345114fc0bf611be12ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c15b6223feb68c899cca9c001523edb
SHA1 0ce877f095d8b56d91ec73f63bd045df197ebe26
SHA256 0783212cb808cd97974052bb190bcfacc42e530df4c346ad8eab32477f3981ee
SHA512 c7613c9e52b5bc8c4b4a882c4a98fa977f9b08209a8eab36bfed26155c7fd07fa55dbc9418c758bdbcea89904f1d2fe7b19ceef942a0223c46345dcaa5b911f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5814ea.TMP

MD5 ac66354be831ad38713fed5fc0aa3564
SHA1 6d06e639251a211aa85aafd1c2711a9d3a1ec589
SHA256 d2a6c60a99479a3d06a580a5bfaf9a895fa6073528dbee5b146b67e16d54a785
SHA512 e561271d3f33334f1e86aa787d617374cf7ba2f946c206f17786d7586b3d293442a6a161284fbe090b32263db61874f6b09b8749be3ce5abe1617364de43b808

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc6afdb0d21f68021b9cef2db5221a2a
SHA1 4a73ea459dde5b71f638402c22a1be3fe62f3c0c
SHA256 b28a3c42d62541cc97363ab6bf81c29bb619ed2d72464898bb7f702ded6cb1ab
SHA512 4af063f61bfa46d789ea1fff10fb1fb8a98b6b353dafb8cef36581062ed9b91062d9b9e901d9db3a006eda67a419b68010aa00b93727a0f0a9677bc511139903

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48f0add106afa330305c7f4c411db29a
SHA1 b2ba4f4799b662866146da45aa908d20ce3a242d
SHA256 9c7ff11ecf505e3ba1aa8ba415b9acc6e6b1f50d39a488f213aee955df63fbaf
SHA512 3c65f3aeb6d9d753ebfa9a29295d0be40f807db5655bab0336500d7ee16118de5c0a1262ea550874a1a386fa0c5883273a3af780d7053c1b02ccad6508b2195b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 378f9010477167a5b2c8812751feb35d
SHA1 b22e423bfe5fa17f3ce861de8f2ed3ac55d44194
SHA256 62a32518f3d307e7c6037a1adbf0296609033274713228c79c3d5449289729fd
SHA512 28eae8301e647880c5077b44f93d3f5b84dfc9d2c4a92ffc1ddc0d97808563e572511b952ef89d3bed9c56e5084347a84bad32642fb40a47e58ee98b9383ce67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f8f0c2564e8b82f30b61d70b3132efbd
SHA1 e7591e5290c6c999991caa44fd7fbffac6aaec23
SHA256 2585728015ebb862b3839f18760e3012b0ae911293d5c4bf2ca32a4653ff6c99
SHA512 9a142e7ecec3d3db524535390b33be07b23a75d4e841f5c8e60f62015ee6a6d4ffc9db1c3ce58e82d5e61a56e0773b102a1870baa3cf4abf6269aa0c5c8814b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 951b7f31340a0fe010bfcc00f1af8ba3
SHA1 d7481bcf8ded26bd62aaf4cdf6adfb412c245265
SHA256 4513fabdbcb006d0f0d008d654a86d8a146ecf5ac576e6f2b237295f7a798356
SHA512 04140c609da94c65adb338147f67d12b805487173ce5837e4a1f99bbb3664121c70ed94c2b1f0862c2f8352eaf38042a8eaf0a57066ecb426dfb5e9b0835a354

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c09553fe8cc569ab0319cf81e6adf2c1
SHA1 689bb6bbbd7661413a87444d55caad25cc5e8c4b
SHA256 98bdbc9582875e3760c6cca97b1d7a5d127d1fd4a72aec76934a2e33a85f23b8
SHA512 80742597666bc1a44df5c47efd3d0bfcbea4ef983556d87bedd41a908041a46d8472fb9b8260bbc16ad4d6d4f3393a8500e5432124132697b305c173ba252636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d358f828cbedaafb794e215a1a0e663
SHA1 b1f19c0923215b8f1e87859c2951c5322f64dccc
SHA256 1e8a8c7ad281e56574cb4644d6c3fa3166d3433bc066cf97a1e7ca691dca2f41
SHA512 4bd3bae092e69e9dd0b9bbfcbcc3c91b5cc4db0bb5ea3868b24bb3168fa8a0e1db53faac91b18d1d81e36fe0affedcbe523a09783ff38e9c003724c96b192905

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 afe49baf47e696eef74c2b1734912fdc
SHA1 83602f2a6ef7255457c3c35d86f07c058c94fb74
SHA256 1e246f4437a9d6bfcf5372c46b07ab63997baf2754ea0743b3280c2e669ba852
SHA512 1974fe8b157c06b495e16ecb735ef2444404d631455e688c0d10d50f76048b70c5006f91105bc89a04f2a9e8fb7836e73abfeeecbc0f0a277d50522c59c94448

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c84c7f15b910873c343c115554a3c9bb
SHA1 169c54fab2a8edcf321a683fb163290f132d7be8
SHA256 b848cd5c26c59921181127c23a207f23082f4f468e682629f10152f408194e53
SHA512 d1289bede7225aa95e7c2f3db2d685ef9a56e694b9896645177db925d79f53d20f11a7579d287a6f7bc1a88331361c8837f65a0f2667269f5880ebfa331a489a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb5ba9cb3c5f5a9009757750617226e1
SHA1 6dc569f567a36257854118e944d4f59130e3b678
SHA256 fb45d33d7a1173ec05b69df5cba427a27b7276601c81b6df79506d670be7744e
SHA512 afe6972a11ec6479124c92bcc784f8f276706771f7895067e9ab600683774adc0a8907e63c1bfbbd24594db1f3fcb28b2bbe52bd58773c5434d3aad8e77d2aa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a636f45e5429bde6ae1bbe9b4df5dd37
SHA1 afd27e6a9dd2b5cf66e4ff16ef81bf3015723f7f
SHA256 039cbc3d2b22d4ee84d3390c877d4423ffd6a5a7e3067ac4466548c9dc8805eb
SHA512 7eb0d6c28d169d71939f5ac4ead8ea3daf98d110411d408320c23620f8b083e66f0ab6385bb223c76430d21adb5189872effbecfe7f3b5cb3b7536246388bc99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7074e41833fad01709f23af362409217
SHA1 f32adde2414dc905e149f1aebc87a072ca1ea10a
SHA256 37bd01d0c373c5b0068e9e7e564ac27058a2bc04eac2e4122c631c432b78eb01
SHA512 c969cd36f32572ea6ad1e89d774385e512f5a6479c280663bc5bf0809aaa2d2abb5bdb35d662b33c593d6fd3ac806e14b08d9d8164d69e3ca31afc90564979c3

C:\Users\Admin\Downloads\Unconfirmed 129838.crdownload

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae161fc6f0df3e94789360d4ea08637d
SHA1 9e533957a1ce373477adebad4df4c74854cdfaa6
SHA256 0981979dc8c187e4a37fc8f3f56494b1e2cd4dc7f55e535695d3ee20131d1257
SHA512 5cbab1af48d63c4f0912f1e2b555a27400a82d9567b0c2e615c6311365cb80daacd5119df3f9f4cf2331ba5f71459642445e608102124faf544bc52e8d03ba23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4f930b21206ac7b4d2c19c40441792ac
SHA1 361a03ffa057d96aaf7daaef5e8d9efde0dfbe11
SHA256 d2a26bb185dabe9bb9e9ee4d730fcbca0761739c072095a4dc26254323400dfd
SHA512 7607bed244173d02aedcd4c1ef6c9af2ec6777cf2e021312b239abfbb24fd370a339357fad57d221302dd40fa51b2acd0de4aa1d6774a797ec0e410baa770e01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e2529c479f0962ba90d0e84de9fd976
SHA1 bda5127e94b9384ffcd456045ff6518a6505f118
SHA256 b9164d805b7f8b778fe1caf8ee246f1aec58d519bb508b5f0bfcb9733008e4c7
SHA512 fea43b23f027693ec5cd290919177f5fb7ea16cbde171f497af0cebfacde897f67da21b75b24487bf9ed21f5052d81a9d9f8c3fa978d7038a8e3715ad241d297

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4824cf4e4867fdb43752d6c91c3f997
SHA1 9ad5594487c3486eeb1a20f0c8cbe677aa41b88b
SHA256 57cc8322468adceb03807b6fba9148765a4d2df9a3ba897603770ce426379ea3
SHA512 c675a362b8f407a8397146c92c3562197a91a15f9d4b430f36de25bf665018dc156b872928b0dba5a89d3e9d23479710884ae21f5978baa4ce8da7283338c2de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 17da409127d8c9d7ba13b26de30c8434
SHA1 5f61272559aaa6a3a5ad2e169b867d682981b916
SHA256 be6574cd08e693e2a4326931993f3febfadcc60708db73b5e79de97929ae7afa
SHA512 02456f127e7edc947a9e8897a2c980635eec7be757555ae7f3cc2fbc86cea46334180fe6a6ccdf875e929ed817a60d9c1f7194f58e87d26d5948f9dea719eb74

C:\Users\Admin\AppData\Local\Temp\C45B.tmp\C45C.tmp\C46C.vbs

MD5 3b8696ecbb737aad2a763c4eaf62c247
SHA1 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5
SHA256 ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569
SHA512 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb

C:\Users\Admin\AppData\Local\Temp\C45B.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

memory/2412-698-0x0000000000B70000-0x0000000000B9A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/2412-706-0x00007FF808C10000-0x00007FF808D5E000-memory.dmp

memory/2412-705-0x00007FF808D60000-0x00007FF809821000-memory.dmp

memory/2412-707-0x000000001B740000-0x000000001B750000-memory.dmp

memory/2412-708-0x000000001B740000-0x000000001B750000-memory.dmp

memory/2412-709-0x000000001DBB0000-0x000000001DD72000-memory.dmp

memory/2412-710-0x000000001E2B0000-0x000000001E7D8000-memory.dmp

memory/2412-712-0x00007FF808D60000-0x00007FF809821000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log

MD5 8b325485d0cc4762f87c0857e27c0e35
SHA1 1514778327d7c7b705dbf14f22ff9d8bdfdca581
SHA256 c18709d3ab63bebbbeba0791cd188db4121be8007c896a655d7f68535026cadf
SHA512 9bf9da14e50301d68246dc9f3a21319a8fbfc866d5b57ee44cd9ed96c1a6dfecabcec06b66be5ec5625ff708d460e23d00849c581957ab84c4f2941cee07ff33

memory/1964-725-0x00007FF808C10000-0x00007FF808D5E000-memory.dmp

memory/1964-726-0x00007FF808D60000-0x00007FF809821000-memory.dmp

memory/1964-727-0x000000001B290000-0x000000001B2A0000-memory.dmp

memory/1964-728-0x00007FF808D60000-0x00007FF809821000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 43902c13e69607c072a7ca8096239ace
SHA1 de2f768f1d4bb7eabfb7d55dcd951532d2385198
SHA256 9ffa5263a7f62aaea2d53b6093635834cdeabe1b8064b96f23f8619233c76324
SHA512 0c65cde02efc82b1835d636e6fd608edf98b015e530a71b3252d610b1f34b8dc5f3dadc1cea0e00ca3a415e08fd12aa0d67b2d708d4072b3b59a515373e6ff73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 1369a3b9e401ae9775dfc52dad0e1364
SHA1 5f24e03124a9beeb2223257e03e92199f4e40c0a
SHA256 8dbe32b41874999487903f69acba18cc66d479fed7229fe78f1bc1f33ef36aff
SHA512 05d98b00529e0b3697bfa9eac7b56db9419978015cd518d38746017a3e09eec0037eb75ec5d79d49fd241186bcc97c90f09683b3fc554a2670a7b12f9c439c2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 d99023ef70ecc9281ea08022b2eb8528
SHA1 c57ad189e6f9a1134e2a5878b25024eed7eb9e04
SHA256 a0d5642f6d579d2fc3644a5cae3ad8ddff85b0846553bf6b930e1eae16878095
SHA512 ab432b353c807dfe6dfcb6ff8bb5350a26a0f6af4bcc802f6699dab235d5c415648731f2e0781496a2fb4cb611872a114a3b2c958a31727b234718fa5de2d8a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 e5503575591de0d45e9fb84de50dea10
SHA1 bf560704e841e5368403641a623e341e87b609b8
SHA256 41418614ee75e68a679e24050ce3bfee6c37f4d24512bcc6af2f56ec588c08e6
SHA512 0ff812e44e9ac17424eccc146a59f92f88c0d06219100fbd701d65cd60ebdc4c6949eb0d6b5ac454a17a2137fbd84e500339ce88099c38ae4fb8fb954f30a130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 3d29e18c14cff09a74762660ac7de60a
SHA1 6e393c454d5f48412093b4611d78626de49ff22b
SHA256 39014fd9dbec062d5d7cd8ed7048e60335b4c6a55153590c2ff458ab69a99409
SHA512 7374a7c398483ad08126e81ca875dc149bb8b17eb417f745392424a4c53ac21f65a4119e109ae24693ee83fc89287f83fcb41f6f0b5558745620ca88991fa340

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e79f3de42e348a44ade1535a3d9cfe6a
SHA1 6296b5d1a50ba63064bab0c0646d540a103f3fcd
SHA256 4a762a3b6bde7a865b66283ee03cbdd5b3b07c58e7b96e9ce01e0fca8fe215af
SHA512 54823bd8cf638a912d9723178a130529d34908a68e0f86bc82ab02ac68a710a4abdd7fdeda5ef3574baa83b86a4a1355620ddd750026eb0d248dd1d91c649677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 f569fddab239dc0678d15217b8b5d271
SHA1 05e857f6ee13ac87020df6ad3df69e1329abc194
SHA256 4a6288df4b086a1ca81d186fb301c147a7488d349e27b0b70180c04f1b443f6a
SHA512 72b2c7ecf43e01190295118da3f66c6f5d4d3ff8fa4d22008f55deb664832e167cfba2cfcb403a5654aa779f1e695bd7a7ba6eda9499f62437ddda34e2cf671b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 8a8f4386f9e5e426ecebaa548cce1635
SHA1 22415e72f7d712524b5e5a97edc12b6f5ecd313b
SHA256 5c4f6b707e7bf54418a9b6b93755b5972a0c265a616930fd09e16344c388a202
SHA512 5dc5f7f64bd0f1992cd80e17238e086d48db998b5898c477ed78858ec2261c7c60410d4e8a11ad9d4b0c6795a7cbf3230a801e8078df8fd0d6c75d0b747c8318

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 711d984c230f037f6c99ec002e5882c1
SHA1 81d356e3c004f851368a733ea4f3aa9e00013753
SHA256 4b05f6a53bbda44cefef5a73a5b96c316a664f3ac72c9f1fb503e3591cc7cc92
SHA512 020cc30eb77da3fec11f05ffc6eae043e9eea3e1fc144775f8ad57259ece018676210ad1c5576ed55313fea3e0212d3ae6709fae3f1fea41e3eba48258b317d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 637227ccc99a5d12e565dd684d2f5469
SHA1 c4aaa7e3fd833d632049adb55a5a64171369b60c
SHA256 c7c9caae2cc208447fe28451c1c2cd2071797b26daa19730fc261c3377f323ae
SHA512 a3a1f6714591b9903ae1069fe79f7d7350a1c9fc513d8b131779a326542546837cb2877d3ff1e5d3a6ce0d24cc805c2ccb3d5e2ec2c316553af4e65d7c451b22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13354122244403001

MD5 e91fe5d40257b9e97a1c5b1101c9e364
SHA1 40f3ca10c1798c5271452956b0690fa93ec0654e
SHA256 d510beab5149499d12b5526739d8a5c6076dca857556556119b6e6232e874584
SHA512 5d2aeb82c112437602f1e0baec315084d9470f2e30b3aa0a08d0f0b1a80e5909d08bc5f36f63dbd744595436ebac703b465eaa71483871164a811148c925fe07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 358605888cc2276446b20fe6a93a10aa
SHA1 5c5e07ec17e305c71c1823989b19fab0f5a5afa8
SHA256 f640adf2c13240732795419966481ffe283a32b8da2439e3efd70c8295ca4201
SHA512 c921d54df26b93d7cf376fb2f01a698b7f7f65b61e091986f48afa0f4a8c876236d341b450340f89f6532654c62fd78ff956df7ce6765713b44d168610618b32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 13c704961257ca48ed4c9e29488d9115
SHA1 f1fd86030b794f6156b4c58daec500ab4303b423
SHA256 35f26ee7140ee2cffedacdcb07f16f1c38f2eecbda5ae1e941c471142a315e7e
SHA512 ed5c7112cef57385d53bf1ff931df8007c8ad70c05b4ba7dfc6029ac2fb09371e16cc2a6d1b4a78b36d76883f8550e41dbdd19c7984fdf4d9a2001ab087db482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 941b99a7dff561011f4465b490cc2bca
SHA1 1e288e016e326b20d3eb633ef1815e88f36206e3
SHA256 d345b6849ba3410b5996e833317cea83da289824eb337c276b0e2e4b6e22f880
SHA512 00ed834f158ce7db88acd6fa637fecca780ec20a7b26f03803c46f2d5bc6a5448b1f7ba8c1a2f5f2937e1cbb3342d8219195d2e172b20069a499f26f69d85b6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 c646ba81062d1dace0f520f2a8c3e8ef
SHA1 58b5df0e9e3374de005da912d935a768fb223cdc
SHA256 678645e09dfe96eb8093db19526497a10f527365abe2f16d9d2fb7cc4502e26b
SHA512 65e5be7b7c8a3ab14fd8e612a437fb7110781d6778716dc376d1a31c50284035d14765975d2f67811020f9b4777a1870d02557aed0fa1b9ccd29f226afe5ad58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 113320db8978e7d2e4f3c3060233e26c
SHA1 1e4a648cf9467839f9f6b9adee8569841abdb5ae
SHA256 1fc5686c32fe317efbeae8a8f3605358cbdd6071526f84698bba3891fab73467
SHA512 224e5c52690b6096809b14e7b15eed25a65fe6e9eb87835a6e438fe7ecb19f02dec0448800575062a7b9f1132de37071eb0aa3f5ed750217601c5e305a2f00f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

MD5 f55234db88c6538e3f4ad45c114435f1
SHA1 c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6
SHA256 bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a
SHA512 8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 392f3efc0c5b77095e476882894d5d7e
SHA1 cc179878c243a46cbdf0ba5187cfe05aa5902b7c
SHA256 d2ba49a8335355f9edaa87aafe68d9a7cfb12c123f85d4ac44411d42d74fa281
SHA512 b3d408ba9a5a7567d2905c6c574b97274b947ff17f25ac964f70abcbba8a52117b2966f9d102da0ea1f62b09c0a8e8c66f16533145eaa94911fc93cb48c793a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 695410c8cad8d1dc05b59e9824c38191
SHA1 7729d4a6ae772ee3571a57036d5396c23bf0e102
SHA256 9c187d29ccfaa52549788659688dfe75724ec162707923c1b09299df35e80ecf
SHA512 71c86a25dcb7d460ac62f04824841062b04cc465f825b4239f171ff28fb6e91057a0d7b2ebbab9092346b0c6ceefe44c151dfeb6a0a3c2b62f88456610ceee45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce6f97f9786f7d6b05709e3aac358a62
SHA1 f29bdeefe212e0d8855c75d0327747ba2b506827
SHA256 598f091ec9edcb87de41e0b5c0951afc1a8fefd5858612a704d20969157f9464
SHA512 941ec83f03a2cf6b474e6fd40b31a7711e67f1129214a2b05ac2d989c5bf328e949e12063417aa6e8228b20ee7b34e964c5dbcfd0ed36bbc6acae0fff3ea77a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cb78b65d9cf64298fe05a310f8046110
SHA1 c1d1e0e14908bc6a0f60a833627670a277604641
SHA256 ef92d07231fa3ad8455cc5a7e4d61ce68abf3d72304e562f6057d9a54e7cb64d
SHA512 83e6bd821116761c14b578fcaf44243fc231ca3ce8160056ec61c4b830ae8e9a9c625febae19db998dd81faec07d050cea605d9afe66575aee1e2077e156bc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85bbde4137e2641a3883c97fa1e9cb17
SHA1 4022ae4826052820844bdaa48054194714c9763c
SHA256 dd4fb6a41545b1fd65c841db874200b577135f93b25034db30c32035045dc739
SHA512 8fcaf99c7adf72a609cd7daf8742881264c401985be5ab963886e86acfefe4adc6477e820281738e94bbb17f210954e2f49979acd44da65c26d5ff2251a321c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a73fbc2393e4ae230c116e68171b0806
SHA1 5ac2d5a37d5535cccf4428bf2d043a615564ff28
SHA256 2e73d42539ffd7b36a82174121c057b0de829597c7de22ac1a60277fa2bec743
SHA512 a4202fd2dfc8e1062cdd89e564c6a3753062bfe8f9064b95be16bc4d7d6232ff1c5a494ab7ee66f5c79596e1e0bff5ab212f6227ccb01f0582d019aed5b85d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ad9ad2f3f52dc29ba78652e5c8e9bec
SHA1 ddde0ddf50e6a630f7ba228f5b54f074e9248779
SHA256 597ff6705c7fc295b9f7e9ea22dd2c37e73dc9c00b009c513f95ba6944ab66ff
SHA512 006a261b122910d0cf79fe0dcff396d045797ae87302af0bb6e8d2b5dfdec594d56aaa21f4c159d039dfca4820245d9b45f40988475a1733dd8e675bd863c74e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b8f2fa154427a08aae47b65658e8c9fa
SHA1 b809981429059a4f5cf80d726e86de1a19321957
SHA256 b72cb37cc5e82ce60d90cedce8c4fa52c3f83e6615c89f92984deafa896b6d32
SHA512 7e80e89e9e27c2e25dd583a7613c18548a7ad7522c34e650ec207a9c14fde9d0a6e5d622aee2822083e3d378c10930ace6c080eb2bd15dc52883b82e41c3ce06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d12d5aadd3d0fc02f8fec4d6d93fbadf
SHA1 8715d7edf68c8e639af88e0ef14f290dd61bd06f
SHA256 eddbbf5037967b40b839f2d9ce85febe7c86dce976aafb10067bfabbee67ea8e
SHA512 0b0135b8bd162ee41f95317feb9d24bc46301bc35d424b39a7e815e35eaef35a1e6a81628d226fd547da69ccc4b6e30444889dff49b209ea743c88423c013849

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 311beecaeb0794274efc403e229ace7d
SHA1 8ab97f05da4d3f290a139fa56d41a6c4c42e95a4
SHA256 bc1ffc58e923f1b20a316cfe68bea1c7ff2c0d2e63c92913d6798233360ad8c4
SHA512 4287536d4f55f55dfd8687564f49e375455ec3dd26b99c60022b54685552079bde3531084537057f8dc314b5dc88fb81486b2a971b08a91dd8c8bcba195669c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f784952aefb29e435f76fc34e67255d2
SHA1 e0d44b96e0c180b1d02498094c0e506e3300769f
SHA256 550ba7050913edbcae18625c4fd9e8cf67bcb975c0be2d67ceeac8d8b540c6f2
SHA512 5739df761aed3e589808d8e416f8176f8178d7b38cdd03aba57d9bd5871c3985ba2190147ade014a5c20b90c2de91a89f15002d37c761ccededf3543aecc05d5

C:\Users\Admin\Downloads\Unconfirmed 564446.crdownload

MD5 181ee63003e5c3ec8c378030286ed7a2
SHA1 6707f3a0906ab6d201edc5b6389f9e66e345f174
SHA256 55bfcb784904477ef62ef7e4994dee42f03d69bfec3591989513cccbba3fc8fe
SHA512 e9820f60b496d6631e054204c6fc5b525527d40a578faac1d5cdb116abcb4a35aacf4f4354ff092a2b455c5d9c2e0f29a761d737d9c9ad3d59d70b51d0583d92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a4009f914a1f473dff6877838ad1cb3
SHA1 a80d08f286756f3680e09090fc769d91c574ce13
SHA256 c1cb3f7c11b47ec966114508e7bc7ad350ccb6a0ec9380d640e5e153fadd9b7e
SHA512 eaf82f6a14286903aa74de8ae43ac0137fef1748a9a520a29bd9d5d006d2c79f661397f5ed5b8a55e5e2cdbba96cc09078821089663aceb0034456e8d487cdb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5f4787e20631375b58527cb102bf534
SHA1 f161ffad59cf00c08bf81997f2e17c79e4fda3d6
SHA256 a3a7a74b87f13d7e902714f69be4fa071d148d64488dac71f6de491fdf458783
SHA512 4545b4809a97eedc2fcb197c7acf59848f3159ab0cd912e896dfcbcc448ae8c01736d274f8f075e37363fd925b0ab2044b7e8de7763d48d4fb707f06982fa590

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95a7830d2337aabc2321e116d991e0b8
SHA1 3908864111c4fdfef6dd81dbe6b92efffce66571
SHA256 c0f36722bf6cf87a7c001f1701a4290c20fc85781f42e81dfb582cf9064b14a7
SHA512 8913271f8a6e6ab35cb31f7182e51af218eac32a5e3f7a029257017cb2fc75f6dec6f4a21c3d74fbb4c1f9ff217ed665a3ec26fa99f5292fbf4f04e42a76cdc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3b0cc84840959378e1ec6080913ef3a2
SHA1 af0570a7dde0b2e47712a731d44e24b27cbdf122
SHA256 61c0ffcd5bb3d4100305e0385b1a4cc091665c29136a3257e256baf184fb0e8e
SHA512 c9fc18c92ee4a90159e61e70b1d099b66a837bd67eb6293b49dec11aac78218cbcac78e2bb487adb466fbea850bcaf5183bf88fe19eb5faa9d7afc1268677997

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 169982697da362f0bcb04ef0b334243f
SHA1 f9e9073b881a45c03c60e7bb3876667e2b2ace4d
SHA256 e979b1993ddcb10d64384b137a01de79d036ab1d1d78b5b9d6f70f5e7ff35d2a
SHA512 e65dd3c0d3dd8faf2fdc1498fb93e7ca2df0d045ba2f0e301b58b4ce5e477dbe9e0f4fc0a3cf77339f3c58eebe0f966d857a024626a1b22e40fa6eafd76cdad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 43fdb749015b46f1bf1adcca937c021d
SHA1 64e4c9b9e7dfbce6ee73f2c6ee732d5ecb4f0c11
SHA256 8bdb92f4339aebb0a794f47bb655dae0085ca5f65f6e05f294be35c7d5ead718
SHA512 223595c2ffa1123acdc910ae490f64571bc999c0894fe02fe2dbd17e592dc611bb0ef67f503a9a0c886a584eb277691a3ba944c1755ee46f7ff1512cb6f2a5ae

memory/3008-1115-0x0000000074FF0000-0x00000000757A0000-memory.dmp

memory/3008-1116-0x0000000000E30000-0x0000000000EB0000-memory.dmp

memory/3008-1117-0x0000000005C60000-0x0000000006204000-memory.dmp

memory/3008-1118-0x0000000005910000-0x00000000059A2000-memory.dmp

memory/3008-1119-0x00000000056A0000-0x00000000056B0000-memory.dmp

memory/3008-1125-0x0000000009620000-0x0000000009674000-memory.dmp