6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365

Analysis

max time kernel
235s
max time network
237s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-02-2025 14:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Sorillas.jar
Size

10.0MB
MD5

7e3c3eadd00b0903f1fcc806536cf406
SHA1

efe17275ac9ffc91fb1ce25f579fbfa1f8dc6095
SHA256

6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365
SHA512

9dcd295c96f6beab8fb5af447fa759bbf7ff1154f345affeff1b06e2f205e561cd6eb31db23f3656e751d0892c4b766112684068b43bb4e70a075c1a909a2abc
SSDEEP

196608:ulloD+JyfJIFFM0rT/mpDni/Mcd8qAbPeGmeIWvhAn9QrmE:uHoz0FM02JiEQ/kGdeIWJC9Qrx

Score

10^/10

defense_evasion discovery evasion exploit persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\MicrosoftWindowsServicesEtc\\xRunReg.vbs\""	wscript.exe

Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1"	wscript.exe

UAC bypass 3 TTPs 1 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

Disables RegEdit via registry modification 1 IoCs

defense_evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1"	wscript.exe

Disables Task Manager via registry modification
defense_evasion

Possible privilege escalation attempt 4 IoCs

exploit

pid	Process
984	takeown.exe
3968	icacls.exe
2552	takeown.exe
4972	icacls.exe

Executes dropped EXE 3 IoCs

pid	Process
760	eula32.exe
4572	GetReady.exe
3148	notmuch.exe

Modifies file permissions 1 TTPs 4 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
984	takeown.exe
3968	icacls.exe
2552	takeown.exe
4972	icacls.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico"	wscript.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\MajorX = "wscript.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\xRun.vbs\""	wscript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
40	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\taskmgr.exe	cmd.exe
File opened for modification	C:\Windows\System32\sethc.exe	cmd.exe

Drops file in Program Files directory 37 IoCs

description	ioc	Process
File created	C:\program files\MicrosoftWindowsServicesEtc\majorsod.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\cmd.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\RuntimeChecker.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\bsod.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\data\eula32.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\data\fileico.ico	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\example.txt	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\bsod.bat	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\Major.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\majordared.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\majorsod.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\WinScrew.bat	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\CallFunc.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\GetReady.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\healgen.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\Major.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\xRunReg.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\DgzRun.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\fexec.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\NotMuch.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\majorlist.bat	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\runner32s.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\WinScrew.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\xRun.vbs	wscript.exe
File opened for modification	C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\checker.bat	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\data\runner32s.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\data\thetruth.jpg	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\majorlist.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\RuntimeChecker.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\breakrule.vbs	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\breakrule.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\clingclang.wav	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\data\excursor.ani	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\rsod.exe	wscript.exe
File created	C:\program files\MicrosoftWindowsServicesEtc\weird\GetReady.bat	wscript.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MrsMajor2.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eula32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GetReady.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notmuch.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 4 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani"	wscript.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Cursors	wscript.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani"	wscript.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani"	wscript.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "179"	LogonUI.exe

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico"	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico"	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico"	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp4file	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\inifile	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico"	wscript.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico"	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon	wscript.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MrsMajor2.0.7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MrsMajor2.0.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MrsMajor2.0 (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
2816	msedge.exe
2816	msedge.exe
4932	msedge.exe
4932	msedge.exe
4888	identity_helper.exe
4888	identity_helper.exe
4336	msedge.exe
4336	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
3764	msedge.exe
3764	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	984	takeown.exe
Token: SeTakeOwnershipPrivilege	2552	takeown.exe
Token: SeShutdownPrivilege	832	shutdown.exe
Token: SeRemoteShutdownPrivilege	832	shutdown.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2040	PickerHost.exe
4368	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 2620	4556	msedge.exe	81
PID 4556 wrote to memory of 2620	4556	msedge.exe	81
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 4828	4556	msedge.exe	82
PID 4556 wrote to memory of 2816	4556	msedge.exe	83
PID 4556 wrote to memory of 2816	4556	msedge.exe	83
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84
PID 4556 wrote to memory of 2744	4556	msedge.exe	84

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Sorillas.jar
1⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd42b13cb8,0x7ffd42b13cc8,0x7ffd42b13cd8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,12876276600119880038,13749384114520614904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:2268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Temp1_MrsMajor2.0 (1).zip\MrsMajor2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MrsMajor2.0 (1).zip\MrsMajor2.0.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2280
- C:\Windows\system32\wscript.exe
  "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\CA95.tmp\CA96.vbs
  2⤵
  - Modifies WinLogon for persistence
  - Modifies Windows Defender DisableAntiSpyware settings
  - UAC bypass
  - Disables RegEdit via registry modification
  - Modifies system executable filetype association
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Modifies Control Panel
  - Modifies registry class
  - System policy modification
  PID:868
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe
    3⤵
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\eula32.exe
      eula32.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:760
- - C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
    "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4572
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\116.bat "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe""
      4⤵
      Drops file in System32 directory
      PID:2804
    - - C:\Windows\System32\takeown.exe
        
        takeown /f taskmgr.exe
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Suspicious use of AdjustPrivilegeToken
        
        PID:984
    - - C:\Windows\System32\icacls.exe
        
        icacls taskmgr.exe /granted "Admin":F
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:3968
    - - C:\Windows\System32\takeown.exe
        
        takeown /f sethc.exe
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Suspicious use of AdjustPrivilegeToken
        
        PID:2552
    - - C:\Windows\System32\icacls.exe
        
        icacls sethc.exe /granted "Admin":F
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:4972
- - C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe
    "C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3148
- - C:\Windows\System32\shutdown.exe
    "C:\Windows\System32\shutdown.exe" -r -t 5
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:832

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a2a855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe

Filesize
52KB

MD5
57f3795953dafa8b5e2b24ba5bfad87f

SHA1
47719bd600e7527c355dbdb053e3936379d1b405

SHA256
5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725

SHA512
172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98

Download Submit
C:\Program Files\MicrosoftWindowsServicesEtc\NotMuch.exe

Filesize
122KB

MD5
87a43b15969dc083a0d7e2ef73ee4dd1

SHA1
657c7ff7e3f325bcbc88db9499b12c636d564a5f

SHA256
cf830a2d66d3ffe51341de9e62c939b2bb68583afbc926ddc7818c3a71e80ebb

SHA512
8a02d24f5dab33cdaf768bca0d7a1e3ea75ad515747ccca8ee9f7ffc6f93e8f392ab377f7c2efa5d79cc0b599750fd591358a557f074f3ce9170283ab5b786a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\38422a0b-f6dd-4699-affb-bbaab822dd11.tmp

Filesize
1KB

MD5
58988bb748ffd4f91a11f175ed6d9969

SHA1
4b1403616b9fa76693de7a1925ee15606c33b910

SHA256
2fdb9e90d818865bd89e478e0795b01347aef292fd5adc6a4127bb3d00700d1e

SHA512
b4df23d5f25ddf959ec7d1ebee8c9307b3f92bd255fbdb6b8d3ca4d16641f281c200047b501d69acef844fccd1bcbd32ac5c2002eb3054e5e53e2d62a5bbfe89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
06e32a5d1e2d387ce562ee7aede8192d

SHA1
67f9d64c29663f6865d0d134db189938a92503cb

SHA256
46ec4156584d2cfcd0ea2dd2eed85a0545ddf4e30a8c20c26b2ff3fc7c065317

SHA512
0d1de74efa671be757ac49d1b864ed89cca90bd56114d79432ab91407ef5987d4f4573ef3f2e307b32601ab335a43f8cd1860954f986dd5d887a02ae37ea0717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
37KB

MD5
5873d4dc68262e39277991d929fa0226

SHA1
182eb3a0a6ee99ed84d7228e353705fd2605659a

SHA256
722960c9394405f7d8d0f48b91b49370e4880321c9d5445883aec7a2ca842ab4

SHA512
1ec06c216bfe254afbae0b16905d36adc31e666564f337eb260335ef2985b8c36f02999f93ab379293048226624a59832bfb1f2fa69d94a36c3ca2fdeebcdc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
6ff1a4dbde24234c02a746915c7d8b8d

SHA1
3a97be8e446af5cac8b5eaccd2f238d5173b3cb3

SHA256
2faaca6a253d69be3efb96620ba30e53ecb3de12d5285b83ecdba8cbc36e7311

SHA512
f117b822aeb0a434a0750c44cbf4cdf627bfebc0d59e266993a4fcb17a7a0519659e13b3bcf8706eed7d80d0ce33b0ce5915afe5872c37c010a401dd6bb1187b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
99c59b603e12ae38a2bbc5d4d70c673e

SHA1
50ed7bb3e9644989681562a48b68797c247c3c14

SHA256
0b68cf3fd9c7c7f0f42405091daa1dda71da4a1e92ba17dad29feb00b63ef45f

SHA512
70973ea531ed385b64a3d4cb5b42a9b1145ec884400da1d27f31f79b4597f611dc5d1e32281003132dd22bf74882a937fc504441e5280d055520bfca737cf157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
59KB

MD5
25b3d7b6beb44eb20ffd065656c15e1d

SHA1
59301a1a36a144715b51bdccde1eb2a328f7efd3

SHA256
00a88a411e1a1ba98f55fae99469271160c23d87b1f71f90f31a7810f063db9d

SHA512
8c71c4b268832f016dc20f68611abe976294421217f7834b5d409b53b0f0b137231c9364eaa84eb1afb05fbb121a0ebd263e52ba60cda157ae892219b462e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
55KB

MD5
c649e6cc75cd77864686cfd918842a19

SHA1
86ee00041481009c794cd3ae0e8784df6432e5ec

SHA256
f451a4a37826390ab4ea966706292ee7dd41039d1bedc882cbc8392734535393

SHA512
e9e779870071fe309bbde9b6a278d9627c7f2402b55ac4c0a48c65b1de5172cf9dad2992f8619d7e7aaf978e6ccd607620de88554aa963f3d45501913ed49f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
18KB

MD5
ec02df94928186d3c6b59ce65f9000a3

SHA1
ff25873724d5bee7c3a1b0f70853f3f4db93056c

SHA256
31d2638dfacb6328063cfadac99239427e0eee86cd28e2deddfe4daa39c55674

SHA512
69ddeb0dd61ed03bc060b9399504988ee0c72c4de46e3a6efc967bb3686a593dca9362121d9b5106e9f2e355238614c5d108cf28354b53e5aff6f5e2e112b873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
22KB

MD5
9b5558381a28d410bf93be576c4e1ec6

SHA1
67c25103d7e61f1b482a665fa0d86921876765d4

SHA256
0adaedd1b52daea4ac19cbe9c095eeab8d4f288c1eef838aa416308580cbc665

SHA512
aaf3b065030b0fb7c5a689d4c44d5cc2cb0ca6a79ce7cdeca3c745c01bf4f64e44de2ddf8e06cbb35eafe0e7a005a34178c4185a5d4cd4fdab6fdc20df44e0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
41KB

MD5
082c469b33a31285b4c182bbe6a1b499

SHA1
d2525c741034e1ea6002707ef528a270fbd2fed6

SHA256
09ea9ec8594cabda1edc0ca1ee990be1f5c564d0dac06e6a07ac03623e5f4f1a

SHA512
a731c121e9438f8d5cc0fd28939b0493f5bb37013b60e78054fa6c4e3f72d4cd52c5bcd9e3dee36903fdc7e06aa3af879d706f360eaf6ebf750ba74d595263b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
107KB

MD5
11341f03f951333b4309822a7ebb0907

SHA1
fc813cb6a262e6ef9991bfa2711ba75e7a0894dc

SHA256
99aa368241f22add83b34dd05541d726ab42a65f3e9c350e31c0129684b50c1a

SHA512
089cbd6d797f4e086e945dbb1345f4023fb0ef4daa9d47368ae7f253cbaea7b6236cfebf0d19741aba415ec4f1c3443050cabad756c55514ba2bc0bd7442bac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
16KB

MD5
686cd4e029335cb803ea8b47ea727bd5

SHA1
acb03acb24c943d81a8e4822466201cc4114692c

SHA256
785ffc242cb18f8e9ccb9ab96c37df3cdf1612a38a325a2a9bcf8164eac6488d

SHA512
a54e055ca8e021757102aa6c7f9045959fa32a7db215595cda8419ac96f75f44e1f5846037e14b6a20d0db51c4b1e974aff1718e16ff5d7650e0b667ca09721c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
34KB

MD5
d413a36141874ae917b386dc6519dd64

SHA1
89cbf31338d134c79cd6581d4b8a344d5a8bfc15

SHA256
2985db0cb277691840fb78dffe693ccd3a1afc2269688f9630fe4fe3d128581f

SHA512
0d0289ea45c78c4dd78810731b44307bbf6b084f156e43566fa790480688fd1c6834fa9a0829379325d8729b5bfedd622fabeb051fb613881120e0bc54192463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
31KB

MD5
23ee73460b5033d0b13b68be4e65f965

SHA1
faf1fc34ca256a92f52ab9c442085dc175ac58cc

SHA256
e623b2cf6511306a18a4d72a698a56f06ec7463619570e29e1d87d9e8d467086

SHA512
e9483ce238786049a069d059001e7d2f44278bd7ebc3c8e94bdbe4235bedffed38f3c5d8d115c70140311930fd237a7ca56a80eaf61b80320639eaa514b7577d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
23.9MB

MD5
64e729e2e23c35b80d08d91860bb86ef

SHA1
66d37ec7cdcccf5038af71588116870f554c4834

SHA256
dc5c6293ce32bb24af182f11a5b1acbef6d03f9bd02a73985a9e8c1db07ead32

SHA512
c5dec507a1f248346ad37f79dd7c4a89f92caf84bd09eabdfd38819ee3a992401142309ab07007d1357a802911e4c8d4c3f086176a057943bc8f08263f9132e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
acb723418516d55627cc761070ce2fca

SHA1
e6adad5cc1660b6f3d567c63b874dbbcad0ff4b9

SHA256
c6f75006e42a5bf8fe3b43c0c709c71f1059fa9ce7524bd40665ec9312388ac9

SHA512
000488baa851ca44b90e53cfe83f90b8df1d6da684222496d645d6e635fdbb5a0651f9edeb9044a6e77e6f343d51d8369238d78ad1fdb2b76015511e9deeaa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
c4e72988046f0551582fb5375ba8eeab

SHA1
8bda8b35166164e9610fd27fbfe563551e997d2f

SHA256
2ac359564bc3357c68089bdcfef35726aac62a53ed2d6a2d7a6cadfccf8723ee

SHA512
16a16b1aac7ad527540c36ce883e7b3c2952afdde9d38d601f2f9f3977602e134469bb87768998beff66b856db9450b318d368937dbded5db686eee068360214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\163cfbbbd670a71e_0

Filesize
4KB

MD5
3cbfbdf02ab66d7220668395a24cb0cf

SHA1
3bbc36bdd486312e71c788da20497f5a8a8e1195

SHA256
49bf3453f6453baa86774b10bc4842c54db1fefdfef6c55124f280f11be90f06

SHA512
8d3c16b67f5a247a7d29060f195a72112b77a6240f15dad951adada520d2109eca335bcedb93cb81081f77aed39ea50ec41b959b0b63b5af494b6fc9d5ea0088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16e441c9a28f68c9_0

Filesize
202KB

MD5
1ac2725217dce196b6a117a9831fd134

SHA1
715d0bfbb601ab75007e2c12f9a0d8c460c8d8f5

SHA256
2bff4830d107111c805fcf1543895ef69bd14f56b3eabcdb199300672a07f613

SHA512
b7b999763fb8b05065a86a349042db7092aecc46543cc3f172c5b432eedfc0227518149c8e4947a4686d53749df5053c1e7807ed4787ad665fb12a07ad6d42c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
5KB

MD5
05ab5089ba6d283c9143445d31b721b2

SHA1
69c92625fa3b4a29d839e46614bce4a153d3eba7

SHA256
333f5af8a61cd10890377cf57649875d573c2dce6e2f5be708c56ab3a8b44121

SHA512
16ffa4ee35e7281ac5956e2b1c1a368b522b807b68181779ba99e71c6508d92a5aca4c749545ba709462c81c9a44daf44fdc79d489dcd5ac5c6f02f015bc85c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
4760162c962924d7dbd5c9f5416c15d1

SHA1
206641cc3fbf2aa4a87ecf993c3a46b742898102

SHA256
811c8d3f19d7940de6c6aa071d65a24f474795f4561f15c427b9382bd38658b2

SHA512
833c58293950c78edf522ab5f2de9f23cb1d1e68da2ae2b9789843ea9b43151cf680111e02407aa228f59f101a934d3936913ba3568ae88c05c857dbdd2ced08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
3KB

MD5
21ded391acf221658441de481699a367

SHA1
95111f158e29df4e3cb67ebed5ac1a51cdc0887e

SHA256
d076ae80631ca7ec7eb7e953ea0cc41ec78a4fbad7c8ee25a5e272a66b6b3bbb

SHA512
c8b5120391bd874970ff48b178db9c4f692bad7089b31029a61c59aa207aa1f82eab6d9897a60ec17cb5d38233ce8c8cef6f7aad59e01511fda608ff0d1dfeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
d913697584e369db27ad83eb5f6c201f

SHA1
5ac32c81acb69b29f711f459accf32eb0edeb3e6

SHA256
8b7886df433204e3fbb1a79300471e0ac72562f59b8159f33173f3dfa9e97e8a

SHA512
4c062b60e910a9b669eb73278edd71d31d6d3dd5f8d73c4f68b53fcc230c516d78eb64e097bb99bd9ea4d7bf2a9eebad2ef51f2fb9c2dad1d3f9506300088e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37249cca66fdcc12_0

Filesize
1KB

MD5
f17fa4c39e46641823c71ee8ccfa2d27

SHA1
7ddfebb2b6def6f77352cd3345a4c4f881913b21

SHA256
677eaa12906f33de28b579fe4d7c40576b340968bcf7f3b1720c3d0e5f147fcc

SHA512
60485a5e7ca0ad509851e254a15a097731d19ef5f3a742fab69c2804cf64b86c0505351527eca99760edd2b274d16ac67e68f267959dcfdf791bcd399350409e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
5135ab2fc3c30d263d8f0783d2411ee3

SHA1
1f44a9c46a601c00efc6b68fd29c5079a77f969d

SHA256
03d893b5fef2ffcf5748ef433f31713819d5155eece151e8f12e3936e6ba38de

SHA512
b1cbb0734b44053ba7b3b10ceebc9216749c40bf47034d3752fb9651b70f1c9c44ab69117751e8552930ea3a38dc2da1c695c261223c398b31c2d49d356abc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
db061e9649966095e285cb25341737e0

SHA1
3f121fbcbb610a28a54240e87d6737c01f07e957

SHA256
0a72295fc272484d527ccecaac0217168f479024b5416ef6f06198e516b77083

SHA512
3ae24b5c06b2a9626dbff11c47e04a717a959a2e9903dc4cf86cd475566e78159c61cceddc266f1130676da11e73158b099402357ed10003336d5232009d22c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d72d72aa68b3b6a_0

Filesize
291KB

MD5
0aaa36901b88237f5d9bca6b375fa29d

SHA1
3dbff2ed262dc57e749f683a5b18137093d35ff1

SHA256
096e6df06c998fde3068d93871839f9b260873e1dedf2a3c56f9df766f50b258

SHA512
5ba662d288f113e6a03b7acc945f0c63eeaa9a912736c014f7335d8d699741c377a518137e4c3a57734f79253007df8fdcb7089a87ce49089c9e9f23c17d74ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
5bb4bb2bb0afd39f3741518f19f76f9e

SHA1
6c63224aad753a1d0b64f9fe6f8a9829ed54d1b8

SHA256
8d71131e6c64e42b09f1db65cc6f47f6ff011cf9a259fa7f32d45c2b1061847c

SHA512
36875e3b6430feb923ea9cf65d337831172ec24c17b5a4f90ac4efbf02722c94f9afe8092b4d745051fcaca26e53f3833ce52f072d069c1ad67134afae96244e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
5e69a739373dc43a678320ac8dfe4bc4

SHA1
7bfd898960e91d7d133cd45c0b0fd60c9b21bc14

SHA256
5cc7684110acea26fee7a59c3ac27e215c2bd0bb56c601d28c7ce72f138e0ebc

SHA512
4ec3bbeea7b7823d020437357e5cfebe51305dc8af67d3c2466c0b699a1cc910d4faf62484983f5c1db396413c1e78ddba7f674a09fb78e512114432c05dda3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
6381fc66708c08c8dd5fd719851009bc

SHA1
cceae886cae7ca99af5fd62d6704a3a8d319a7a5

SHA256
6413e78419b43cf5b85e39926389368ceaddb64625c8601a12a6e698623e3bcf

SHA512
64580d4753a194076948aad9bad59b3b22f1ca3b25b8f0f9913705fd4b672361f90eba371ef6d906578d76abc71c32c786b2a4780f8b470d71ef184e32a35983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
2fc0690f557c95ff35868cc1c41b56c0

SHA1
a561f77b8be59f51e004dcb54d8159b51d248b6a

SHA256
a7079a3faf0fc6ae888b5a4e15b9e783a38847333d14f015803b604bf4739916

SHA512
944d436808cf0281eb74f22f3a6783884ecd9e0f8ab8fd92b631cedc51d1882f21ae2b7e34a8308886472ec2d7b6610880f57a8d77a88429ce3537320f1fc995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
652f9164dd61a5fabab34fa0c33027b3

SHA1
774f8d62ab6e7302ec330071702b1d3d6054208b

SHA256
431be334b78eb58f82e187b5d23dadc44269e94bd59f6c9f1ce7424ba37c71f6

SHA512
e581bc37358f2119a5f926ec53d531065c2bc8caf26ec06817e1f6cb8555dfc164b53b27143a492c262001ba8d18966f06ad05d20dc5077d46a18dc9f01caa7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
260de9f74fa8cc40dbc3f41b9a6d01a6

SHA1
9429019ee4340640ce56e8855443ce6e7e40b810

SHA256
3f52549d3e8c04aadabe209f76c1665baa00a1f4b286c35c431cf4b85271ba47

SHA512
58285f1497f107a79482d68650a3ff92addaafed7263e41659d9714c62d6ef9340a39b562b9aa299dcb1e698009dbf7f52bd27ee71ec0670a43919919345be0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\624c9bd517fc9c91_0

Filesize
1KB

MD5
99051e705319ad42dacbae2858b10695

SHA1
a4f801c69f85d759ebc1b8222e985a6d35b0021b

SHA256
ecaa2bcafef3f6098e392c8af9074e79f65b0e69527c22181d09d645474569df

SHA512
f2622f2a519a0b761b837090701a146f213f606767439c33f8eb7ad60e1a2761d13a1a10b8fc7145ede67a868766fe6a5f6e6b14144ef72f5366e47dcd90644c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
1bac95ae7ca2de6173132636bb4bff92

SHA1
6ac8f097ab986e3e07bb89dbc6d07ea5dbb4b93c

SHA256
a015e60611c894a75ed8dc56a6c6d55f1ce89a1051ea8200ce4ba08d96e7c9ef

SHA512
2eb00f1a3407b240c5c0f4e5bccf9c1bcec58198de7ec0f561f34f5fbdae796786c395c6a0512359e52bc50769eada1cbdb8b574635800de65a8e05b851aba83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7173d0a132b463f1_0

Filesize
75KB

MD5
2d4cfb8408853715d5680b2746d6f975

SHA1
e7271bead4c1f1762c08aca04b6bbe39dd6c7e1a

SHA256
bc475f2f3c941482489f5517d33ddfc94851f6cbe178dba42e9f3af3c6607ea4

SHA512
d7929d639b15de05f13e219979f4a152ba456155a9411ca0bdff37d64001cf87ba85c3ae3e392575de56e1e786054ece5da5608959d71176f87866794456445c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
e92ea37600670663a4bb907dac6db77e

SHA1
7e77817c1a029c3d71c493b730801fcae4c13d03

SHA256
a7a68015435d0e2ffa6a8fc5479d953ac38f277be38e9416ddd533aa230cd73c

SHA512
d89c2abf9f5cfd2e7d2b9a045f0b88c94e80b922cf0a4388be9261a817f18207f197e2b5aace10fc6f93a523e94a73fc3f326463ac1a03f2c5f108d29bcc3c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\760bfcd505af5f22_0

Filesize
1KB

MD5
451b3e37d0079729ecf002378449b026

SHA1
aae92557f64ab6fe4ed3b51431310ac26d447db9

SHA256
081f8db718bdb73428ed8fbf5e132165a627ed5782d53702489a1aee35bae5cd

SHA512
99a0a0cfe488f18599d79de1a1bb2ff6b2f9dcd60a57a72c8b81b9cec5dc783e3acc85c965ee584955aef238580bff745dabd19d961d7fcd73061d1b1dd4a7fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
c91a8292dc7d349bc3375e3a001f571c

SHA1
3719edd4f46a6ceca78245da7bfcc5bf62a75bcc

SHA256
16a1d1344cedfe0f22d37985868a472d3658e607380b606ca135b4043f9fd437

SHA512
76fe37723047db0bcb1d2a3ad4f43c8a21ae532d52d60d2317ff8e71c46abb6248d2ee56530f8f7b39424bc1c7f5b90bb9e862f4ce5b89663226147d926bf932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82af833e9b5cc26e_0

Filesize
2KB

MD5
5f4110724a8bc94fcfdfd822171ba392

SHA1
ec5f5f39e91cd8f4828a8fe4b669ce90c465252e

SHA256
71647c8e2999b90ab4f81b06bc90171c6cd9c826280d6120b8a819a742faa898

SHA512
65e2de0a042773dacbe0e8cc5481a95fccb1785b6b55196afb2afc9ccaa920a839ca538d9a40e0b44a8f64193f11f5d2405747d2675ec3162255d2f19c7a8b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
6f288d01e42b6d86284844e8e693be12

SHA1
38523792a6e2bde9f3a5b15433eb8ee5777a38c3

SHA256
04061a08e3aff16e8f1790c0a94b2ee4bbda5e512bb956cf53544678ef66a638

SHA512
af622cf2409c843ea7cc48988464e4123051409298bd0e8accde482e45c4b5f66aff20135b9782062c26667feefd0adb034f8854803ae76e1020b5f27ec0ba0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
2d4d8ade1355b07d24050b4db0946922

SHA1
aba74a9620148404a84d81cbf4c8b1dbdb147469

SHA256
2d34207c07c6ac02a674932bfe2a3330dc67b360ed7256b682519687a69b6f02

SHA512
f426b05270349ac730f77e740da3cb0b6fe9b30e044488239d50c3346c46c4f1a528fc7e2fc6b85f725a0f3385f2796d95afa4a248f0e97c6a22bc9fb3db1bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
a7e8d51c399b2842148c394bba04f2b1

SHA1
4442123335bade6a90b83811c1084b0441f1b2b6

SHA256
a161f3f5c18b8574fd70eaceddbbf4fad4c492471e9714ef31e484ae77aa3a71

SHA512
5bf2b0b0fa790865cae9ffa074bb8179fb57d343f83eeba4ab0545d5bc6e666289f6a8a15bb457cfb2aeb2b091d4afbe10914b089821d7d66cb00a246b751b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
968d576f122bc2cfedccce0b01fe3052

SHA1
bb02c1d116c89a0b8d183e58bad619d2a6172f7f

SHA256
4195a536ab3232b62581e3bbdac72ec8568637f3096355fc895201577d4db7cd

SHA512
a4359b11f06a749cb004cdaf65cbb13dd4ff3790e3eb653eecd86a2249e910311dc40b0aab16684732db567da42a8d9908f4a772c4e9fb590e0e6a2c424b5eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
1ba6263357bd84be00f522c871579991

SHA1
4942727850f2d9da2cce75b1c51e3b461f395617

SHA256
494bd99f035cc4a9a7ed35c81c338152451cd27371581a5d7d73bfa0d8cdb526

SHA512
5125e12d81f07b920ebd62da0d614f4fc0b26265fc05f8e2bf419f242d8f3d84588d1771a5c767ca353e553eafe8b4bc8229539b9ff7238d6878eb830c0dc49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3ba32a845c022ae_0

Filesize
175KB

MD5
1394eb20828083f3380efb92e227c858

SHA1
e707f82de36d938f71f4e2c9b2cd670a6c56ec9a

SHA256
8bbc441d209415c3e1e41b112c9423a8e65917371ab6eaeb6fdc61ec519486c4

SHA512
29f3729193ec6b5b71b23351228b3e9e19477f9cf05b7e1e04c133afc7144cb6078c8693348ff511902f4521453472f7cffd0faff3cbf96f445bcffe2f5b3e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0

Filesize
2KB

MD5
f9d8720ab1874188c7d529586d91513a

SHA1
fb6d52252eee9cceed121f64f95a5f4c7a1a33ab

SHA256
b3a3c13413d045974300bf9d92802c6eeec58cc99b5dd11127dd92ac6d3ba46a

SHA512
ceffa108bd8faca7ee5793a28ffe544427cbd30f90f1f26af24f2ddabee71ef44167a29d1747db8b7c6c3cf638bca5d09c21eabb9eb4385c4c1c758730c6f3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
0745aa55266cf0c53bd85d586edf8c73

SHA1
45ba9d2191243b0894601d6ab1b58f91cba69e60

SHA256
7700f6fd249b5dc58f67a4b024a63adabed06e5c1961063372a0b0c2c7754f4f

SHA512
8a1178f4c3d497c630c1fa6ae6e1c8faa6ea074e8f7d0a948e88d7c2be02bfe79c50b49f66c83ebdf73597e2e73238cf62634f35f61406d6bbaa0c41a59a352f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

Filesize
2KB

MD5
b0abab95fb4f0a94f97885a799dcffe0

SHA1
053b88f6978cc469af94a1acefcab5645be9eeeb

SHA256
6e2f9eeb07f48b82406437a50183837d939fafab245976d34e495ffc066156f7

SHA512
7c05ee65f4fddf678003c73967f284274f8870c1fde895a571ea5e91f3fba61c9c27abeb816295f9d73711b936661dba7d1ac327bc014b404ff4b73987a41180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
14b4c767044aa7acbdafc529915d7c53

SHA1
70f124375cc8f5eca898998aec73b8b8e94a2cbb

SHA256
0722c91bac43c0b7a7a8797f01793fefd157d4171f98bc128f409979c363be2e

SHA512
a18ec8c55b06075012616488b43824b3ba5d7ae967df03a447e3cf858a21d0d9c0fa80e35607352ee5be231535a835f44de91042d425182d9ca307e6d554bafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce003bafb7f85a78_0

Filesize
262B

MD5
0895945be142c15e01aec7edd1c492f9

SHA1
7cec5dba714dad2f0ccd019d6714844e0c7bb792

SHA256
c3a85699b9a20eab2479a99c4688028830dbc57ed808c5b4132295e33b113143

SHA512
67b4a8c1d436eebcee2ac3ae48384b0053e6fe1a0e00fdb95f3b46cb83b10791f6c9aee7d8c1ec710c78fbf922776e8dacda0382d5d889134a415f6b961c4edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
11967e1147f3ba50e2ed0ad67f8f5e51

SHA1
a0c2f4149373cce82cba9cf5ed35be8d2159c543

SHA256
029988b9d701525ffeda7a497577ea2c764ada25d73c6ef8ec6fc9bf56c6b7d7

SHA512
e8a93da206b4f91089135d5d4c1b90cde274e53597bbcea77d5b44276669c5558340c266d7aff51ce272f6c9c50a08dc230d53ea5d85a99c1680e94dd322acde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9875f4e92689106_0

Filesize
294B

MD5
0506f8489fd1dcce0f7043b4b51b9170

SHA1
b3d750bcac1ed13a3be590044accfcac0051518e

SHA256
4f59dfef79ac217d27dc00635f4e3bdfcdfd5cc3649b31c749f6cbf2e2cbd8d8

SHA512
45c349c759877406947141bb01db70000e782edd56c87b06237f93962ef0be75d80a955f2c37455af5ef80cf00b91f3ca10157fa59ae3dd30871c1a518679a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
d043d1864fa6329f512991e2a617a958

SHA1
9e146e8c34443c02fd498e13114d924d46109074

SHA256
e16a35983659eb0f3e5f2b5335b5b9834de62d297e7f6a37ef2f10d0e041433e

SHA512
95d54977132aeb9ec1361778e2b2c9c481806422f4049b8ece86d9d1d10babbf0c36b3ebac58db3777bf7e3c19501cda3481c48659f08a4a4467a004dc3ffb06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e18532de58fe3a53_0

Filesize
22KB

MD5
bae10187a0b3525003bccd93b81ea2d6

SHA1
4f644b9866183f17372284029d22f25e534b77ba

SHA256
fd02c5f69aefa164835f68a1ed4b7c2a230ecec1ec203e9a9819e41c3685b622

SHA512
ff847ff9017771fae03a3f3c299447d3ca86116de94d0ae0b76ed964e3ce2df46f815dfd20c92b268b91b23e0d674ab5bb2baf34a23f4ae94c315e2994388c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8c8218aef51a783_0

Filesize
3KB

MD5
f8ad9cce9a24a7dbf13740383ff8c347

SHA1
bce79d3ecd96f1e9236b5b9a2d8553235bee7414

SHA256
135be2cde676563c742fe90322dccd1b081fedf23569faeaacb03b4f47198102

SHA512
75c5852e675657c11df74cf6f9633da149ea1b4ea8f84ad0a08c5c00b408dd59bea1c0885c2f84ca66a6fa1f9c5fd5df4dcc65e7a77a7b7e7739545c0ed8aaa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
14a730f729e1ac6efb5d946b96d28776

SHA1
cc1e72fbb756b848e52188c023d0e93522f44cf5

SHA256
b92000445da46ce09dee1c3086e1d4e47a72d7a1ec6fc465b60b8c4a86e499d8

SHA512
88d83f585b351e0a904944923e82bc770e033c82ba61e573958c8c050150b34760a375d3de42bdbabbe50cb2149328a331617e120cb997c325517eeb6562bdf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
625bb13e035bf3cd8dc68e057aaef5f3

SHA1
bbb480a1a9adebc48d6a9f1e0ea26fe1d12d8bda

SHA256
123369cffa246d43192c082f08a31416b28784d19db1083839ee2e7c47abf97c

SHA512
f4b26507ced0466432f4481262f8f96aada1afd1c1816a6bc0fad092c97a2134642961502a23e79435c6ef59b2af308bfaf38ff5353efc593edb3f4d56cc717d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
8e334bab50845ffa8d31f0baa54c4e7c

SHA1
8eb8e7954cec5709e33c00e90552bf7ac55859f5

SHA256
0d9cc44d87d3cdd2d82d16ebeeda7246402b6f816a8befabfd9d2c0a5337b880

SHA512
47f82e06e54b7c24f2c9d4de5064f484f09fac0e8f517453f6e6c59bb907a19b36b9d5b3de783d0fda9e5c51ac445d676e65f57d3df4f814bb3c68c494653d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d2ac33238f0028cf701ec3da7fc7340d

SHA1
27e724a94fdddffbc5baa85883c37b39b9840c0f

SHA256
8d8cad5ac75e766395b473d4a6684cb8b490f8b951ae8b91896399397d840917

SHA512
52d73db5b335885f9629f57a0166ad84014437026cad2816cb96e9475de211ad1c18da667aa6452f8267b92461a51b5216d5f3c270d82bddec7b7ca2d61b0387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f5db0d987a81f2c4b52a42fd38df55f8

SHA1
0fcc32286b85c572dc613ecf86b8b9c9741471e8

SHA256
0b4b712a099d704ad38e7057c5b4f46d8feca46d23898d8f4f2aa6882b0dc92d

SHA512
28cf1d6d23f9c7897ab81411210e75ee1e80e72a2e8a310b5cff39f8736c927897e1d8d34d743ea31b4329bd8c57582046aac704ee9399678e3c583f26ec4eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fabc1f876a49abafd0c9948625edf0bb

SHA1
06d512271b5443e1d96ded3171aab21b4c7e9902

SHA256
2307675d82037c65719fff7498a6a29a8402167f7f6ed651a0911a0fdcf68984

SHA512
04843ae9dd4b6ce2512dde7bdeffaf19e19590f31a62d0771d711c5ef756aceb97cae98a6c8972eb6e02ab638941ec9f63d8ab358f39ae53bdf999ede040dc29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8fe005702cd976d948bf2515c56f5d6d

SHA1
cb28f42c5fbed80989ba3e39fd7a98bb57e31aa7

SHA256
949e612b8bf0d30d719ad7e12dd58fb68a180ea6a643bd40502c0cb3230df5d5

SHA512
761e1ba57caa4ce81d6b20e2cbc7369c8e0402ef8809f77e958e7bea45a0ab889477b3fc00137f091f2f891db4e20e562a88b1e503ba3b20a7ccc9c97db12c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
945B

MD5
e1c27f4290ef22f384abecc0ddce9fe6

SHA1
ac6fde19c58cb7f23bee13484f7bc0d37978fed0

SHA256
be46efb5e22a2ba89a62986beff2fd8cb94234d00b0fa69fd72e80d5433587e6

SHA512
ba1f43fc899394adf4ec476b6f4d306885a0791bb30505da326d1d7d1f0bf6b7aa967aad8bc84e67c8fface0d23a886e5b53c08f81ee7da302ab32a80dc67d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c03664d5e74331c8722b7c57da18ac23

SHA1
f3a153e3f015b6b8dc63446649279c3c487712be

SHA256
95934e793a155679a85cd8ccc49751702d4970128bdf5a40c7590dc66ffd27b0

SHA512
27d7b11d6939079b8317636ec49c73dce7743f5cab5c6eab525708450de82fa4326c4b792d44b1935e4005b06c5936be643fefdab8f8b3b9d2fe8fe70353e9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d433cb7b4e06e0d41cc50dac9c988a2

SHA1
8a0b32ba39bb4a04ae2027e67ad19702dbfa6464

SHA256
ddf72efbbf880c77e60967a376c9156feea0e22f587072cd0eb8a14831eaa8d7

SHA512
6b05f7f35bf8e8a6d7f17992bd258f9089d9c3e4720dd3c1bd48b51c90691514c81535a04c844e6cec3fc6b1a1d577305c5903de272b39fe9b4a7ec819371262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d2bcc27b4b29d114084cc6806d88c468

SHA1
08803e7f0b95a85d7c63f5810989ebb25fecc0f2

SHA256
408642e1bf49e7eaa3e5d38ba50cb21bef4bce99f94d5829c1ac9a0018fc32dc

SHA512
087e584bbb1f68a65b9fdd32dba92eed38e62c4c2f16bd3528bb11e1bc1344c6b2783a10510e047cd7ae005ab9ce4c935f92bb7d8de0ab3ab5ef184e15b9357f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2f4c157efcd7ba674f308562cd61401f

SHA1
8b1abd617997e74c75f422f9dd00d52ce8a711ee

SHA256
b37b875c88da0ff07ddedd62c7521fa26e61bbbd989d795fa91180518431cf3a

SHA512
cb542a6822c6eecb7e65aeeb8f5dbd560f80f54bd1dae36396a2356829b2e56136a5372a187fb8c222e15947964fa8788e9ae9d574166a27c7cc51aa34ffe866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d49877564b56449dbb2c0ddc04993ca

SHA1
42f634815e8700b853f81375cf9f91abb0ad4278

SHA256
6e9e37a25f049f68cbbc405740b641accbab626a13fa483516632af4097730b5

SHA512
e0e5682d72047bd29dd0ec804b56e54a6b0343747d51d1072f6c9a5b64b57f617d7c43e94e357a439eb0a27a1aa068a06b26ced0c4fb07af29645ec151ecf01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60a926fc458e3f273a1d8624d2eafadf

SHA1
6282cbd5a301f6c116d2e7354df3be535c65216e

SHA256
b5b7796ec6b4fb94baff34a0922e7283e24def2f8d2bf7907588aa6361812bf3

SHA512
1618db119038f9543f061a0b9b12bc147625b5f49eb79f93533c31debb3c539e098ea28a152c3131a082200a3e347d9b667c2a5b57d7ef14bc720febe25673a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a019b4c8bf459adadc37d935800a23d6

SHA1
955bb992d0b1907ca62ce6b5d46882e7fe315bca

SHA256
3aef22ba89967a35d0740b3a4827357b49384f10b85c10bfec6863a51793bd71

SHA512
f162e33856b9e7e4e97201c8c9b555e8d446d6c53b1898254467ff20f6145b958a0882af56a27c97a54d85c9284449fddefb73eedfce5e6173b0da9db7e2f701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f533f83f43da4cdec7db33e0eee6d120

SHA1
f7967c25aab5f73519d7307e8bd7fc3e19c99c26

SHA256
a251300001aab03af1da1d75e2a2bbdf1dff79410ea8c056b1127d1e87c0fd42

SHA512
eb2c7645c9b1d61f089ec7622a7a5d56fb7874f582d3b0e05ba48ac173182aec383bd6243eb874e0973616062df28c6a578a3e499895f6bff429562d1d430a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bc98831c7d70950778e833e6f417358

SHA1
d7cbb185072a9e3bc6d406c620ca2f8a90a5d4a6

SHA256
0dc20a13c016fdebbae5f32badeb2f41748839c063ee6362873212eacd3ed60c

SHA512
ae6a0ad45119f6a509b83abe0357bc7322f6b1b3c198424eff0d4847ad7c214d44dabd02da92836d6111b670f1c3cb06c44dac40d1b808d57fd7a893b570f804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db3cb29e74b9b265131a09d675013e5a

SHA1
fcf240c3d9c192078bb177cffbd46a0edcf3f2bf

SHA256
b4f466c027e95fdb54caf67da61e0860f0c0f40c234442281b91c1570febf213

SHA512
30d753416031d324efae232b54b19fb8bc038970f42366240a24ba1db11ea522762a8cc7b8a5aa0fb57bc31f9f41d0ff65456b0ac9a7474e48cd065fc47786b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a7a151fb37aa4c38f2c7c44e17a2f95

SHA1
f19f873088adecbf79513778af095ed9c84f9796

SHA256
dd9f3aa560112e43cf514178bf5b37a6d35c651b0eeb0930a20475883772fa70

SHA512
2a83e96ce2a4cad3774edee0345f19df6ce6538ee5003ff0e837ce220c51a9073cb3839033ff4eca3a00cdd0c1f2a9bf09886822edfaba5660a28349d8fc6992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2bcfb9dc1cc88b9822f06a9e7482d0ad

SHA1
c9c239d17540041db93aee41713c9456f3fa6cfa

SHA256
61478f358870d3deea7fa9875e912c46efb202cb30ae0e004f83dfb5164f47c8

SHA512
83103bce82b81f8bd976ad5df8191975828e79060d1e10d37f13563ef16049f1c10340a6c2d67b4e0d144547ff8a6d40d7f672810df5695514a41168429f7176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
b75b0f3a3179386771ad9396ef28f48a

SHA1
425b575737980f0c94bb9cd598377615964e97f0

SHA256
e0bd9b2e70c6d909232a2cb37fc031b32d56282fa9bbefa5202f5fc234da1859

SHA512
2bd81745c559a1f87d7bed2d14f6eb6d38bc182d30e444307fae940fb139de4ec9d205012203fd7765a15f58d2b716f7f180e49ea5e34583a23b49ddb5105408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7db723995dc242051b69a4035b3c5255

SHA1
50bd2dc47075388910f88be0e5e9eb7479dd2a59

SHA256
7e56945d843c5d29bf86926a2ee17f826fd3d8cb213fff2df190c4dba8e28b91

SHA512
16a542a831c661fdf2c5dc3adeb5ca917a853cee719fbb01bd66e794c0025d5c1883fdc12336470312cf2ef1dc45b2a0d26c82d91bbd5910ed4550fee9fa25cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
225c3e27aa4b3166d0cab84a116f454d

SHA1
2affdc96cbbce0ea080e4d341884c3a22186592c

SHA256
97082698d223f65ff0e57e24812c9d8fadcc1221bd84f55f35dd91e71b211b38

SHA512
ca5553a0307998acb10702bade443e71621efbe1c8fbe5f150c448193dffc26999d40822b9f7440d79d991c91db082ef6ee3ccb7da68d95d32534ac96875b290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
595237391cbb2dd0681ce1eaee3702e8

SHA1
1b03ec8320a1b03d4620de9c3b37cd5218e9664c

SHA256
188239cf2a3382b9aa76f4bec6129e9ea79739a24b0faa72955e02bd0077a12f

SHA512
87bf1349612d217483af3a0a45364ab5da062d2d1e5b63f6edbd7c0c00649dbe0a0e8a8df282d401a3bc0d4f28a868314d43ff047b859e9ae054e6de677b1323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4b1d0e38efcc521fce97efa3b455545

SHA1
240af7b0552cb3ea99007256761d866642847d70

SHA256
9de6e0a4626f25ac53deedc08b9c710a6eb611f24c00774fb7022b9b78502fe7

SHA512
c9ad2c910e69296cc770d41a55cf98c34b5fd400d3b1791bc3d5659f0f7e7b2dc755a652a7369f69bac18b2b3e160aac11da8c9492e6db2d204775442113174f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a69f1190b2a24b06d680f0b8a8789ac

SHA1
c1d76545497d6e9160565de3c80debade4b1a79d

SHA256
cf924975a3a0b4d887f64c467bc9f371deaa432e74ab164b53a45e76f925ad3c

SHA512
b6640256c5b2ad74a66839cabf1cb128764a95be2e82417daedf351a5028548776df9e52885d731de6bfd5a5e518c371afdfc380bffa01f915de13740d20fb17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7b9c05bc25be9d3f59aa1a62e7a4617

SHA1
b8ff2f40b2dc30134848aef93e37f9a6f4225f5a

SHA256
73eaf3275e748a631b53fd1bb8134977c6d5b3ed674eda8d08764a5c415d0c03

SHA512
7e8f37e2bd6769bbd45f36f3d9f960496f455904995b85cfea26531d8cee740e3be2503501b7174cba8930416a0be9dd7fb161d983bb2d95d7fcc6bcb7258fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c0455e5359320d1cd855021dcb187bc

SHA1
c04a1bfaa194b467c5882b9973a03dac26857ab0

SHA256
e8a7ab56e1b7a3898af5e629afd68efa5ead6c264a0bf741f4bea8be4261292c

SHA512
351a3d8347d4a6a1f0a9dae0597eb30eb0b62fc1d7f04c8ab83deb2a6e1189fad6dd1ede0f5048a52625e7f4890915fc68c0ea8014d8b6b059b15e379db6e7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586cfd.TMP

Filesize
1KB

MD5
217e2cf10ff623fbbb6fea0d00f89421

SHA1
5a90b919bda6beb8f66393b6e7fb0a7195696cb8

SHA256
e712b4bf9ff9f1d59a69a68dfeab66ba2cb3a0388abf3a5e7e9dc7b6a26c2227

SHA512
b673641aa1498c205ff4770dc9ba3c8197f34562893e12a32797867bba3defbecbbad85660064ab74860ce0b9853b1f977174ed77ec6942633500e2924f65c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\d3546d08-8478-4cf5-a98a-042ce4443b8c\0

Filesize
17.4MB

MD5
1073e757fc71b26db6ab725bb7d2498c

SHA1
caec5dfc64b5826042bdedba20adc228bfa5b657

SHA256
2b2fbdc7cec2c59c3e7c512a76e827e6121bdea176488d44a9783d90d0d444de

SHA512
cd2e5868004a7aa44b202104face31910a0629d89146b779826957e716775e638defcdb2da21ed3fd2a83b88f08d8db28086888f97388f969c11b27fe972f69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\d3546d08-8478-4cf5-a98a-042ce4443b8c\1

Filesize
18.9MB

MD5
9ec31e3102ca73e55fb1aeb96fd09308

SHA1
e7dc5adbd1588be144d9b95c438960a638a6995d

SHA256
e0d5919656f3d625c13e80c4dad2e55f899777b54547deed9a2a2f76360c1390

SHA512
306972d1b0ba312c3b95564b1e6d3ef4f3649b2f636cb5e8ff265278f990d339137edc79ee80439b952a097f9429b23f2642cff5392fff3b78f7dff909cdafe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
46e6d3958a8dbece3b6d711e32744a5d

SHA1
0922c3f95f41322673f30c1465555657634f92e2

SHA256
66d25f3ecf88423d8d844ca9d14a1d0ea4aa6b4fcb262eb53a94087b5bb0adb6

SHA512
752f1e4d68c099efd977d3d4d5be5b48c757376d39f0700173b90e59c5df7ee39b0e40be46ee4ec2da1f6db6c8f6ae35fcb5e0bc6e908ffa68ea5fbc16162bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2061ec65ba10caf1f4fd295c60113833

SHA1
47a1e907dfd458822f4ea97bdf0fc0d26b0901f8

SHA256
a06c48deec61fc41cb968b9bb53b56a7e553f999f8ccddf71691c7f990d9053d

SHA512
5512a9ff7f223b8a149710fcf6c3ba5a468e56fdf594650ee79a1b44f78172d375b552be08ff23723fbee0cc73e24bb254f96d1339a95edf1a1291180f229a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ad6d2d7c52bea4bfb8aba22282a11fe

SHA1
c476fa327f7a22ae5e51f0d0761b15df426afde6

SHA256
19e9e7bde9f92739f88827f27503e656e34796a31cf64dad06bfd376e0fa2074

SHA512
20c5d0c06f18b550640efe64f29ceaf989846801496951efaf739bc56379a63706e8ab657a64098cdad5280562ae988c9fcddf7d70366ca64bae43e041a20690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c643b36ce9f630f7384282ca9eac1327

SHA1
0241c911fa985eb489846514c9a5a70f7bc089fd

SHA256
869ba77d4a202b8e1528868c37f7107edcafa38d975fbcb50cc1facfe7de86e2

SHA512
7dcce1a481f45f73ed977d0bb8b33ab3d4b40c79dbb95c39f3eb303e6c98a8973500208f5410be4ab354ac753ffa4942c5c80fc077efde2bfab59a0803376d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\CA96.vbs

Filesize
2KB

MD5
fd76266c8088a4dca45414c36c7e9523

SHA1
6b19bf2904a0e3b479032e101476b49ed3ae144a

SHA256
f853dddb0f9f1b74b72bccdb5191c28e18d466b5dbc205f7741a24391375cd6f

SHA512
3cd49395368e279ac9a63315583d3804aa89ec8bb6112754973451a7ea7b68140598699b30eef1b0e94c3286d1e6254e2063188282f7e6a18f1349877adeb072

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\AppKill.bat

Filesize
671B

MD5
d4e987817d2e5d6ed2c12633d6f11101

SHA1
3f38430a028f9e3cb66c152e302b3586512dd9c4

SHA256
5549670ef8837c6e3c4e496c1ea2063670618249d4151dea4d07d48ab456690c

SHA512
b84fef88f0128b46f1e2f9c5dff2cb620ee885bed6c90dcf4a5dc51c77bea492c92b8084d8dc8b4277b47b2493a2d9d3f348c6e229bf3da9041ef90e0fd8b6c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\CallFunc.vbs

Filesize
388B

MD5
5f9737f03289963a6d7a71efab0813c4

SHA1
ba22dfae8d365cbf8014a630f23f1d8574b5cf85

SHA256
a767894a68ebc490cb5ab2b7b04dd12b7465553ce7ba7e41e1ea45f1eaef5275

SHA512
5f4fb691e6da90e8e0872378a7b78cbd1acbf2bd75d19d65f17bf5b1cea95047d66b79fd1173703fcfef42cfc116ca629b9b37e355e44155e8f3b98f2d916a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\DgzRun.vbs

Filesize
341B

MD5
a91417f7c55510155771f1f644dd6c7e

SHA1
41bdb69c5baca73f49231d5b5f77975b79e55bdf

SHA256
729f7540887cf32a5d4e1968a284c46cf904752821c734bd970ecd30a848477a

SHA512
f786699c1ab9d7c74dd9eb9d76a76728980b29e84999a166a47b7ee102d8e545901ed0fcb30331712490a36de2d726115b661ad3900cdc2bfcfc601d00b76b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\Major.exe

Filesize
60KB

MD5
d604c29940864c64b4752d31e2deb465

SHA1
c1698ea4e5d1ba1c9b78973556f97e8f6dbbdef3

SHA256
da0233f5e5e9a34e8dd4f6911444ca1f3e29bb9cbd958a9f4508ac7d72ccd55d

SHA512
89a4a14574ba19fe319c766add0111feeb4320c08bf75f55a898d9acc783d5a862a6433758a413cc719b9179dcf873f1c850d1084851b8fc37aa1e3deabfcf54

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\breakrule.exe

Filesize
58KB

MD5
bcb0ac4822de8aeb86ea8a83cd74d7ca

SHA1
8e2b702450f91dde3c085d902c09dd265368112e

SHA256
5eafebd52fbf6d0e8abd0cc9bf42d36e5b6e4d85b8ebe59f61c9f2d6dccc65e4

SHA512
b73647a59eeb92f95c4d7519432ce40ce9014b292b9eb1ed6a809cca30864527c2c827fe49c285bb69984f33469704424edca526f9dff05a6244b33424df01d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\bsod.exe

Filesize
1.2MB

MD5
8f6a3b2b1af3a4aacd8df1734d250cfe

SHA1
505b3bd8e936cb5d8999c1b319951ffebab335c9

SHA256
6581eeab9fd116662b4ca73f6ef00fb96e0505d01cfb446ee4b32bbdeefe1361

SHA512
c1b5f845c005a1a586080e9da9744e30c7f3eda1e3aaba9c351768f7dea802e9f39d0227772413756ab63914ae4a2514e6ce52c494a91e92c3a1f08badb40264

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\checker.bat

Filesize
151B

MD5
f59801d5c49713770bdb2f14eff34e2f

SHA1
91090652460c3a197cfad74d2d3c16947d023d63

SHA256
3382484b5a6a04d05500e7622da37c1ffaef3a1343395942bc7802bf2a19b53f

SHA512
c1c3a78f86e7938afbe391f0e03065b04375207704e419fe77bf0810d1e740c3ef8926c878884ad81b429ec41e126813a68844f600e124f5fa8d28ef17b4b7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\clingclang.wav

Filesize
13.1MB

MD5
1c723b3b9420e04cb8845af8b62a37fa

SHA1
3331a0f04c851194405eb9a9ff49c76bfa3d4db0

SHA256
6831f471ee3363e981e6a1eb0d722f092b33c9b73c91f9f2a9aafa5cb4c56b29

SHA512
41f4005ec2a7e0ee8e0e5f52b9d97f25a64a25bb0f00c85c07c643e4e63ea361b4d86733a0cf719b30ea6af225c4fcaca494f22e8e2f73cda9db906c5a0f12ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\data\eula32.exe

Filesize
1.2MB

MD5
cbc127fb8db087485068044b966c76e8

SHA1
d02451bd20b77664ce27d39313e218ab9a9fdbf9

SHA256
c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9

SHA512
200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\data\excursor.ani

Filesize
17KB

MD5
289624a46bb7ec6d91d5b099343b7f24

SHA1
2b0aab828ddb252baf4ed99994f716d136cd7948

SHA256
b93b0cb2bb965f5758cb0c699fbc827a64712d6f248aaf810cde5fa5ef3227eb

SHA512
8c77696fe1c897f56ea3afdecf67ad1128274815942cd4c73d30bf0a44dd1a690d8c2f4b0be08e604853084e5515020c2e913d6e044f9801b6223c1912eec8f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\data\fileico.ico

Filesize
38KB

MD5
a62eeca905717738a4355dc5009d0fc6

SHA1
dd4cc0d3f203d395dfdc26834fc890e181d33382

SHA256
d13f7fd44f38136dae1cdf147ba9b673e698f77c0a644ccd3c12e3a71818a0cd

SHA512
47ffac6dc37dac4276579cd668fd2524ab1591b594032adbeb609d442f3a28235a2d185c66d8b78b6827ac51d62d97bdc3dffc3ffbaa70cf13d4d5f1dc5f16c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\data\runner32s.exe

Filesize
58KB

MD5
87815289b110cf33af8af1decf9ff2e9

SHA1
09024f9ec9464f56b7e6c61bdd31d7044bdf4795

SHA256
a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4

SHA512
8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\data\thetruth.jpg

Filesize
483KB

MD5
7907845316bdbd32200b82944d752d9c

SHA1
1e5c37db25964c5dd05f4dce392533a838a722a9

SHA256
4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476

SHA512
72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\healgen.vbs

Filesize
302B

MD5
8837818893ce61b6730dd8a83d625890

SHA1
a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614

SHA256
cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb

SHA512
6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\majordared.exe

Filesize
8.8MB

MD5
570d35aabee1887f7f6ab3f0a1e76984

SHA1
ae989563c3be21ee9043690dcaac3a426859d083

SHA256
fa24bc7bc366f2ad579d57a691fb0d10d868e501221df0c32a98e705d2d61e43

SHA512
9b68a8acacba451bbf028656c181fae29c5bcaed6a7ff4c1fc26ab708b62ca4be7bba9c777c598926d23331570617d20a0ce439f014461eccd8c3f595d21a54f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CA95.tmp\MicrosoftWindowsServicesEtc\majorlist.exe

Filesize
51KB

MD5
230970ec5286b34a6b2cda9afdd28368

SHA1
e3198d3d3b51d245a62a0dc955f2b1449608a295

SHA256
3cdafc944b48d45a0d5dc068652486a970124ebe1379a7a04e5cf1dcf05c37c8

SHA512
52912b6b2ba55c540316fcfc6f45d68771d1c22ddf4eb09c2cc15fb8ddd214812c18fd75cd61b561c29f660e2bf20290a101b85da1e0bbf8dfbf90b791892b57

Download Submit
C:\Users\Admin\AppData\Local\Temp\xRun.vbs

Filesize
93B

MD5
26ec8d73e3f6c1e196cc6e3713b9a89f

SHA1
cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa

SHA256
ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0

SHA512
2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195

Download Submit
C:\Users\Admin\Downloads\MrsMajor2.0.7z

Filesize
22.4MB

MD5
81041a562190fe49c0fac248638b2d04

SHA1
755d8426f18e3f0ad8e28d4655468d8cfdac67bf

SHA256
0d64e4fe519291c901b67944d9215f6254552c7ea5d12cc4fc930ab58c7ca268

SHA512
e482702b08e401de88c67a703cb1612831f0cbc9365eb2e634602712bed6ad6cfae30dd820d96001c49100420bc457af083e7c09d79d825e87fe231cc0646eb2

Download Submit
C:\Users\Admin\Downloads\MrsMajor2.0.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/760-1865-0x0000000005510000-0x00000000055A2000-memory.dmp

Filesize
584KB

Download
memory/760-1863-0x0000000000930000-0x0000000000A6C000-memory.dmp

Filesize
1.2MB

Download
memory/760-1864-0x0000000005A20000-0x0000000005FC6000-memory.dmp

Filesize
5.6MB

Download
memory/760-1866-0x00000000056C0000-0x00000000056CA000-memory.dmp

Filesize
40KB

Download
memory/3148-1898-0x0000000000F00000-0x0000000000F24000-memory.dmp

Filesize
144KB

Download
memory/3340-18-0x000001EBD09F0000-0x000001EBD0C60000-memory.dmp

Filesize
2.4MB

Download
memory/3340-12-0x000001EBCF1E0000-0x000001EBCF1E1000-memory.dmp

Filesize
4KB

Download
memory/3340-2-0x000001EBD09F0000-0x000001EBD0C60000-memory.dmp

Filesize
2.4MB

Download
memory/3340-17-0x000001EBCF1E0000-0x000001EBCF1E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads